reuse api key on login (this enabled sessions on multiple devices with the risk of worse security)

src/routes.rs

@@ -139,7 +139,6 @@ pub(crate) async fn v2_auth(
             error!(?err, "auth error");
             Error::Auth(err.to_string())
         })?;
-    let token = Uuid::new_v4().to_string();
 
     // Get authorized username
     let user: DiscordUser = client
@@ -162,6 +161,15 @@ pub(crate) async fn v2_auth(
 
     let db = state.db.lock().await;
     let needs_setup = db.get_guilds().map_err(Error::Database)?.is_empty();
+    let token = if let Some(user) = db
+        .get_user(&user.username)
+        .map_err(Error::Database)?
+        .filter(|user| user.api_key_expires_at >= Utc::now().naive_utc())
+    {
+        user.api_key
+    } else {
+        Uuid::new_v4().to_string()
+    };
 
     if needs_setup {
         let now = Utc::now().naive_utc();