patrick
/
memejoin-rs
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases Wiki Activity

reuse api key on login (this enabled sessions on multiple devices with the risk of worse security)

pull/12/head
Patrick Cleavelin 2024-06-09 19:50:03 -05:00
parent fbc6b6f457
commit 6d60ad57ef
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/routes.rs
View File

@ -139,7 +139,6 @@ pub(crate) async fn v2_auth(
error!(?err, "auth error");
Error::Auth(err.to_string())
})?;
let token = Uuid::new_v4().to_string();
// Get authorized username
let user: DiscordUser = client
@ -162,6 +161,15 @@ pub(crate) async fn v2_auth(
let db = state.db.lock().await;
let needs_setup = db.get_guilds().map_err(Error::Database)?.is_empty();
let token = if let Some(user) = db
.get_user(&user.username)
.map_err(Error::Database)?
.filter(|user| user.api_key_expires_at >= Utc::now().naive_utc())
{
user.api_key
} else {
Uuid::new_v4().to_string()
};
if needs_setup {
let now = Utc::now().naive_utc();