6 files changed, 57 insertions, 15 deletions

diff --git a/.sqlx/query-873b8b58360d717ea2099272b013b1ac76a28471e63d0492132b9c12c63a1f9c.json b/.sqlx/query-873b8b58360d717ea2099272b013b1ac76a28471e63d0492132b9c12c63a1f9c.json
new file mode 100644
index 0000000..edd3825
--- /dev/null
+++ b/.sqlx/query-873b8b58360d717ea2099272b013b1ac76a28471e63d0492132b9c12c63a1f9c.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "\n                update token\n                set last_used_at = $1\n                where secret = $2\n            ",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "873b8b58360d717ea2099272b013b1ac76a28471e63d0492132b9c12c63a1f9c"
+}
diff --git a/.sqlx/query-73f26168299574e17f0a21da5b6914e66b5ceeec04ffc2f5bf7d170b7dd3a1e9.json b/.sqlx/query-df84b2afcb1493b3643a83b68a8abceb822eb5db2e7dd8e509d4f79c106f8561.json
index eb1bae1..c788557 100644
--- a/.sqlx/query-73f26168299574e17f0a21da5b6914e66b5ceeec04ffc2f5bf7d170b7dd3a1e9.json
+++ b/.sqlx/query-df84b2afcb1493b3643a83b68a8abceb822eb5db2e7dd8e509d4f79c106f8561.json
@@ -1,6 +1,6 @@
 {
   "db_name": "SQLite",
-  "query": "\n                insert\n                into token (secret, login, issued_at)\n                values ($1, $2, $3)\n                returning secret as \"secret!\"\n            ",
+  "query": "\n                insert\n                into token (secret, login, issued_at, last_used_at)\n                values ($1, $2, $3, $3)\n                returning secret as \"secret!\"\n            ",
   "describe": {
     "columns": [
       {
@@ -16,5 +16,5 @@
       false
     ]
   },
-  "hash": "73f26168299574e17f0a21da5b6914e66b5ceeec04ffc2f5bf7d170b7dd3a1e9"
+  "hash": "df84b2afcb1493b3643a83b68a8abceb822eb5db2e7dd8e509d4f79c106f8561"
 }
diff --git a/.sqlx/query-011ebe4604fb41aeec4330f5b66862611e6db9fd855fe12046a5c0576ca53d62.json b/.sqlx/query-fb41b6c3faaf20424f1b914ca95d73b98061793f07e8ed62dd01ced5b56f0757.json
index 51462ff..b91b18b 100644
--- a/.sqlx/query-011ebe4604fb41aeec4330f5b66862611e6db9fd855fe12046a5c0576ca53d62.json
+++ b/.sqlx/query-fb41b6c3faaf20424f1b914ca95d73b98061793f07e8ed62dd01ced5b56f0757.json
@@ -1,6 +1,6 @@
 {
   "db_name": "SQLite",
-  "query": "\n                delete\n                from token\n                where issued_at < $1\n            ",
+  "query": "\n                delete\n                from token\n                where last_used_at < $1\n            ",
   "describe": {
     "columns": [],
     "parameters": {
@@ -8,5 +8,5 @@
     },
     "nullable": []
   },
-  "hash": "011ebe4604fb41aeec4330f5b66862611e6db9fd855fe12046a5c0576ca53d62"
+  "hash": "fb41b6c3faaf20424f1b914ca95d73b98061793f07e8ed62dd01ced5b56f0757"
 }
diff --git a/migrations/20240912013151_token_last_used.sql b/migrations/20240912013151_token_last_used.sql
new file mode 100644
index 0000000..0b45cd9
--- /dev/null
+++ b/migrations/20240912013151_token_last_used.sql
@@ -0,0 +1,6 @@
+alter table token
+add column last_used_at text
+	not null;
+
+update token
+set last_used_at = issued_at;
diff --git a/src/login/extract/login.rs b/src/login/extract/login.rs
index b756fa6..405aea8 100644
--- a/src/login/extract/login.rs
+++ b/src/login/extract/login.rs
@@ -27,14 +27,14 @@ impl FromRequestParts<SqlitePool> for Login {
         //
         // let Ok(identity_token) = IdentityToken::from_request_parts(parts, state).await;
         let identity_token = IdentityToken::from_request_parts(parts, state).await?;
-        let requested_at = RequestedAt::from_request_parts(parts, state).await?;
+        let RequestedAt(requested_at) = RequestedAt::from_request_parts(parts, state).await?;
 
         let token = identity_token.token().ok_or(LoginError::Forbidden)?;
 
         let db = State::<SqlitePool>::from_request_parts(parts, state).await?;
         let mut tx = db.begin().await?;
-        tx.tokens().expire(requested_at.timestamp()).await?;
-        let login = tx.tokens().validate(token).await?;
+        tx.tokens().expire(requested_at).await?;
+        let login = tx.tokens().validate(token, requested_at).await?;
         tx.commit().await?;
 
         login.ok_or(LoginError::Forbidden)
diff --git a/src/login/repo/tokens.rs b/src/login/repo/tokens.rs
index 3ec3d63..39505f1 100644
--- a/src/login/repo/tokens.rs
+++ b/src/login/repo/tokens.rs
@@ -21,7 +21,7 @@ pub struct Tokens<'t>(&'t mut SqliteConnection);
 
 impl<'c> Tokens<'c> {
     /// Issue a new token for an existing login. The issued_at timestamp will
-    /// be used to control expiry.
+    /// be used to control expiry, until the token is actually used.
     pub async fn issue(
         &mut self,
         login: &LoginId,
@@ -32,8 +32,8 @@ impl<'c> Tokens<'c> {
         let secret = sqlx::query_scalar!(
             r#"
                 insert
-                into token (secret, login, issued_at)
-                values ($1, $2, $3)
+                into token (secret, login, issued_at, last_used_at)
+                values ($1, $2, $3, $3)
                 returning secret as "secret!"
             "#,
             secret,
@@ -63,14 +63,17 @@ impl<'c> Tokens<'c> {
         Ok(())
     }
 
+    /// Expire and delete all tokens that haven't been used within the expiry
+    /// interval (right now, 7 days) prior to `expire_at`. Tokens that are in
+    /// use within that period will be retained.
     pub async fn expire(&mut self, expire_at: DateTime) -> Result<(), BoxedError> {
-        // Somewhat arbitrarily, expire after 90 days.
-        let expired_issue_at = expire_at - TimeDelta::days(90);
+        // Somewhat arbitrarily, expire after 7 days.
+        let expired_issue_at = expire_at - TimeDelta::days(7);
         sqlx::query!(
             r#"
                 delete
                 from token
-                where issued_at < $1
+                where last_used_at < $1
             "#,
             expired_issue_at,
         )
@@ -81,8 +84,29 @@ impl<'c> Tokens<'c> {
     }
 
     /// Validate a token by its secret, retrieving the associated Login record.
-    /// Will return [None] if the token is not valid.
-    pub async fn validate(&mut self, secret: &str) -> Result<Option<Login>, BoxedError> {
+    /// Will return [None] if the token is not valid. The token's last-used
+    /// timestamp will be set to `used_at`.
+    pub async fn validate(
+        &mut self,
+        secret: &str,
+        used_at: DateTime,
+    ) -> Result<Option<Login>, BoxedError> {
+        // I would use `update … returning` to do this in one query, but
+        // sqlite3, as of this writing, does not allow an update's `returning`
+        // clause to reference columns from tables joined into the update. Two
+        // queries is fine, but it feels untidy.
+        sqlx::query!(
+            r#"
+                update token
+                set last_used_at = $1
+                where secret = $2
+            "#,
+            used_at,
+            secret,
+        )
+        .execute(&mut *self.0)
+        .await?;
+
         let login = sqlx::query_as!(
             Login,
             r#"