Files
stoatchat/crates/delta/src/routes/admin/meta/revoke_token.rs

40 lines
1.2 KiB
Rust

use revolt_database::{util::reference::Reference, AdminMachineToken, Database};
use revolt_models::v0::{self};
use revolt_result::{create_error, Result};
use rocket::State;
use rocket_empty::EmptyResponse;
use crate::routes::admin::util::user_has_permission;
/// Revoke a token. Must be your own, or you must have the ManageAdminUsers permission to revoke other's tokens.
/// You must have the CreateTokens permission.
#[openapi(tag = "Admin")]
#[delete("/tokens/<token>")]
pub async fn admin_revoke_token(
db: &State<Database>,
auth: AdminMachineToken,
token: Reference,
) -> Result<EmptyResponse> {
if !user_has_permission(
&auth.on_behalf_of,
v0::AdminUserPermissionFlags::CreateTokens,
) {
return Err(create_error!(NotFound));
}
let token = token.as_admin_token(db).await?;
// only own user and those with ManageAdminUsers can revoke a token
if token.user_id != auth.on_behalf_of.id
&& !user_has_permission(
&auth.on_behalf_of,
v0::AdminUserPermissionFlags::ManageAdminUsers,
)
{
return Err(create_error!(NotFound));
}
db.admin_token_revoke(&token.id).await?;
Ok(EmptyResponse)
}