mirrors/nadeko_invidious
1
0
Fork 0
mirror of https://git.nadeko.net/Fijxu/invidious.git synced 2025-12-20 18:08:54 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Move DB queries related to session tokens in a separate module

Browse Source
This commit is contained in:
Samantaz Fox
2021-12-02 23:57:13 +01:00
parent c021b93b5c
commit 92eea3b18b
8 changed files with 140 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/invidious/routes/api/v1/authenticated.cr
View File

@@ -312,7 +312,7 @@ module Invidious::Routes::API::V1::Authenticated
user = env.get("user").as(User)
scopes = env.get("scopes").as(Array(String))
tokens = PG_DB.query_all("SELECT id, issued FROM session_ids WHERE email = $1", user.email, as: {session: String, issued: Time})
tokens = Invidious::Database::SessionIDs.select_all(user.email)
JSON.build do |json|
json.array do
@@ -400,9 +400,9 @@ module Invidious::Routes::API::V1::Authenticated
# Allow tokens to revoke other tokens with correct scope
if session == env.get("session").as(String)
PG_DB.exec("DELETE FROM session_ids * WHERE id = $1", session)
Invidious::Database::SessionIDs.delete(sid: session)
elsif scopes_include_scope(scopes, "GET:tokens")
PG_DB.exec("DELETE FROM session_ids * WHERE id = $1", session)
Invidious::Database::SessionIDs.delete(sid: session)
else
return error_json(400, "Cannot revoke session #{session}")
end