Allow deleting current session by explicit ID

GrantGryczan · GrantGryczan · commit ea022c83df91 · 2025-06-03T03:30:51.000-04:00
diff --git a/backend/api/routes/v0/sessions/session.rs b/backend/api/routes/v0/sessions/session.rs
@@ -72,45 +72,38 @@ type PathParams = Path<SessionQuery>;
 #[debug_handler]
 pub(crate) async fn delete(
     Path(session_query): PathParams,
-    token: Option<AuthToken>,
+    AuthToken(token): AuthToken,
 ) -> impl Response<DeleteResponse> {
-    #[expect(
-        unused_assignments,
-        reason = "This will fix itself once the TODO is resolved"
-    )]
-    let mut response_header = None;
-
-    match session_query {
-        SessionQuery::Current => {
-            let Some(AuthToken(token)) = token else {
-                return Err(api::Error::ResourceNotFound);
-            };
+    let token_hash = hash_without_salt(&token);
 
-            let token_hash = hash_without_salt(&token);
+    let response_header = match session_query {
+        // The user requested deletion of a session other than their current one.
+        SessionQuery::Id(id) if id.as_ref() != token_hash.as_ref() => {
+            // TODO: Implement signing out specific sessions in the account settings.
+            return Err(api::Error::AccessDenied);
+        }
 
+        // The user requested deletion of their current session.
+        _ => {
             let sessions_deleted = db::transaction!(async |tx| -> TxResult<_, api::Error> {
                 Ok(sqlx::query!(
                     "DELETE FROM sessions
                         WHERE token_hash = $1",
                     token_hash.as_ref(),
                 )
                 .execute(tx.as_mut())
-                .await?)
+                .await?
+                .rows_affected())
             })
-            .await?
-            .rows_affected();
+            .await?;
 
             if sessions_deleted == 0 {
                 return Err(api::Error::ResourceNotFound);
             }
 
-            response_header = Some(SessionCookie::expired().to_header());
+            Some(SessionCookie::expired().to_header())
         }
-        SessionQuery::Id(_) => {
-            // TODO: Implement signing out specific sessions in the account settings.
-            return Err(api::Error::AccessDenied);
-        }
-    }
+    };
 
     Ok((
         StatusCode::OK,
diff --git a/frontend/components/DefaultHeader.vue b/frontend/components/DefaultHeader.vue
@@ -36,7 +36,8 @@ async function signOut() {
       signOutLoading.value = false;
     });
   } catch (error) {
-    if (getApiErrorCode(error) !== "RESOURCE_NOT_FOUND") {
+    const errorCode = getApiErrorCode(error);
+    if (!(errorCode === "AUTH_FAILED" || errorCode === "RESOURCE_NOT_FOUND")) {
       throw error;
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,8 @@ async function signOut() {`
`36`	`36`	`signOutLoading.value = false;`
`37`	`37`	`});`
`38`	`38`	`} catch (error) {`
`39`		`- if (getApiErrorCode(error) !== "RESOURCE_NOT_FOUND") {`
	`39`	`+ const errorCode = getApiErrorCode(error);`
	`40`	`+ if (!(errorCode === "AUTH_FAILED" \|\| errorCode === "RESOURCE_NOT_FOUND")) {`
`40`	`41`	`throw error;`
`41`	`42`	`}`
`42`	`43`	`}`