diff options
Diffstat (limited to 'src/repo')
| -rw-r--r-- | src/repo/login/extract.rs | 2 | ||||
| -rw-r--r-- | src/repo/token.rs | 14 |
2 files changed, 6 insertions, 10 deletions
diff --git a/src/repo/login/extract.rs b/src/repo/login/extract.rs index a45a1cd..e808f4b 100644 --- a/src/repo/login/extract.rs +++ b/src/repo/login/extract.rs @@ -27,7 +27,7 @@ impl FromRequestParts<App> for Login { let secret = identity_token.secret().ok_or(LoginError::Unauthorized)?; let app = State::<App>::from_request_parts(parts, state).await?; - match app.logins().validate(secret, used_at).await { + match app.logins().validate(secret, &used_at).await { Ok(login) => Ok(login), Err(ValidateError::InvalidToken) => Err(LoginError::Unauthorized), Err(other) => Err(other.into()), diff --git a/src/repo/token.rs b/src/repo/token.rs index 5674c92..a2393e3 100644 --- a/src/repo/token.rs +++ b/src/repo/token.rs @@ -1,4 +1,3 @@ -use chrono::TimeDelta; use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction}; use uuid::Uuid; @@ -61,19 +60,16 @@ impl<'c> Tokens<'c> { Ok(()) } - /// Expire and delete all tokens that haven't been used within the expiry - /// interval (right now, 7 days) prior to `expire_at`. Tokens that are in - /// use within that period will be retained. - pub async fn expire(&mut self, expire_at: DateTime) -> Result<(), sqlx::Error> { - // Somewhat arbitrarily, expire after 7 days. - let expired_issue_at = expire_at - TimeDelta::days(7); + /// Expire and delete all tokens that haven't been used more recently than + /// ``expire_at``. + pub async fn expire(&mut self, expire_at: &DateTime) -> Result<(), sqlx::Error> { sqlx::query!( r#" delete from token where last_used_at < $1 "#, - expired_issue_at, + expire_at, ) .execute(&mut *self.0) .await?; @@ -87,7 +83,7 @@ impl<'c> Tokens<'c> { pub async fn validate( &mut self, secret: &str, - used_at: DateTime, + used_at: &DateTime, ) -> Result<Login, sqlx::Error> { // I would use `update … returning` to do this in one query, but // sqlite3, as of this writing, does not allow an update's `returning` |