sam/pronounscc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(backend): add DELETE /users/@me endpoint

Browse source
This commit is contained in:
Sam 2023-03-08 10:32:18 +01:00
parent c4b8b26ec7
commit ff3d612b06
Signed by: sam
GPG key ID: B4EF20DDE721CAA1
9 changed files with 162 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

6
backend/server/auth/auth.go
View file

@ -18,6 +18,9 @@ type Claims struct {
TokenID xid.ID `json:"jti"`
UserIsAdmin bool `json:"adm"`
// APIToken specifies whether this token was generated for the API or for the website.
// API tokens cannot perform some destructive actions, such as DELETE /users/@me.
APIToken bool `json:"atn"`
// TokenWrite specifies whether this token can be used for write actions.
// If set to false, this token can only be used for read actions.
TokenWrite bool `json:"twr"`
@ -48,7 +51,7 @@ const ExpireDays = 30
// CreateToken creates a token for the given user ID.
// It expires after 30 days.
func (v *Verifier) CreateToken(userID, tokenID xid.ID, isAdmin bool, isWriteToken bool) (token string, err error) {
func (v *Verifier) CreateToken(userID, tokenID xid.ID, isAdmin bool, isAPIToken bool, isWriteToken bool) (token string, err error) {
now := time.Now()
expires := now.Add(ExpireDays * 24 * time.Hour)
@ -56,6 +59,7 @@ func (v *Verifier) CreateToken(userID, tokenID xid.ID, isAdmin bool, isWriteToke
UserID: userID,
TokenID: tokenID,
UserIsAdmin: isAdmin,
APIToken: isAPIToken,
TokenWrite: isWriteToken,
RegisteredClaims: jwt.RegisteredClaims{
Issuer: "pronouns",