Add the user_id directly on oauth2_sessions and make the scope a text list

2025-11-20 12:02:22 +03:00 · 2023-08-29 12:32:22 +02:00
parent feb59344f3
commit 438a10332a
21 changed files with 186 additions and 127 deletions
--- a/crates/handlers/src/graphql/mod.rs
+++ b/crates/handlers/src/graphql/mod.rs
@@ -196,15 +196,12 @@ async fn get_requester(
            .await?
            .ok_or(RouteError::LoadFailed)?;

-        // XXX: The user_id should really be directly on the OAuth session
-        let browser_session = repo
-            .browser_session()
-            .lookup(session.user_session_id)
+        let user = repo
+            .user()
+            .lookup(session.user_id)
            .await?
            .ok_or(RouteError::LoadFailed)?;

-        let user = browser_session.user;
-
        if !token.is_valid(clock.now()) || !session.is_valid() || !user.is_valid() {
            return Err(RouteError::InvalidToken);
        }