Revoke OAuth session on code reuse

crates/storage/src/oauth2/mod.rs

@@ -12,6 +12,31 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use mas_data_model::Session;
+use sqlx::PgExecutor;
+
+use crate::PostgresqlBackend;
+
 pub mod access_token;
 pub mod authorization_grant;
 pub mod refresh_token;
+
+pub async fn end_oauth_session(
+    executor: impl PgExecutor<'_>,
+    session: Session<PostgresqlBackend>,
+) -> anyhow::Result<()> {
+    let res = sqlx::query!(
+        r#"
+            UPDATE oauth2_sessions
+            SET ended_at = NOW()
+            WHERE id = $1
+        "#,
+        session.data,
+    )
+    .execute(executor)
+    .await?;
+
+    anyhow::ensure!(res.rows_affected() == 1);
+
+    Ok(())
+}