feat(backend): add max invites to /users/@me responses, use token ID for DELETE /auth/tokens/{id}

backend/routes/auth/routes.go

@@ -77,7 +77,7 @@ func Mount(srv *server.Server, r chi.Router) {
 		// tokens
 		r.With(server.MustAuth).Get("/tokens", server.WrapHandler(s.getTokens))
 		r.With(server.MustAuth).Post("/tokens", server.WrapHandler(s.createToken))
-		r.With(server.MustAuth).Delete("/tokens", server.WrapHandler(s.deleteToken))
+		r.With(server.MustAuth).Delete("/tokens/{id}", server.WrapHandler(s.deleteToken))
 	})
 }
 

backend/routes/auth/tokens.go

@@ -7,7 +7,9 @@ import (
 	"codeberg.org/u1f320/pronouns.cc/backend/db"
 	"codeberg.org/u1f320/pronouns.cc/backend/server"
 	"emperror.dev/errors"
+	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v4"
 	"github.com/rs/xid"
 )
 
@@ -53,8 +55,17 @@ func (s *Server) deleteToken(w http.ResponseWriter, r *http.Request) error {
 	ctx := r.Context()
 	claims, _ := server.ClaimsFromContext(ctx)
 
-	t, err := s.DB.InvalidateToken(ctx, claims.UserID, claims.TokenID)
+	tokenID, err := xid.FromString(chi.URLParam(r, "id"))
 	if err != nil {
+		return server.APIError{Code: server.ErrBadRequest}
+	}
+
+	t, err := s.DB.InvalidateToken(ctx, claims.UserID, tokenID)
+	if err != nil {
+		if errors.Cause(err) == pgx.ErrNoRows {
+			return server.APIError{Code: server.ErrNotFound}
+		}
+
 		return errors.Wrap(err, "invalidating token")
 	}