···33type symmetric_jwt =
44 {scope: string; aud: string; sub: string; iat: int; exp: int; jti: string}
5566+type session_info =
77+ { handle: string
88+ ; did: string
99+ ; email: string
1010+ ; email_confirmed: bool [@key "emailConfirmed"]
1111+ ; email_auth_factor: bool [@key "emailAuthFactor"]
1212+ ; active: bool option
1313+ ; status: string option }
1414+[@@deriving yojson {strict= false}]
1515+616type credentials =
717 | Unauthenticated
818 | Admin
···8797 true
8898 | _ ->
8999 false
100100+101101+let get_session_info identifier db =
102102+ let%lwt actor =
103103+ match%lwt Data_store.get_actor_by_identifier identifier db with
104104+ | Some actor ->
105105+ Lwt.return actor
106106+ | None ->
107107+ failwith "actor not found"
108108+ in
109109+ let active, status =
110110+ match actor.deactivated_at with
111111+ | None ->
112112+ (Some true, None)
113113+ | Some _ ->
114114+ (Some false, Some "deactivated")
115115+ in
116116+ Lwt.return
117117+ { did= actor.did
118118+ ; handle= actor.handle
119119+ ; email= actor.email
120120+ ; email_confirmed= true
121121+ ; email_auth_factor= true
122122+ ; active
123123+ ; status }
9012491125module Verifiers = struct
92126 open Util.Exceptions
+9-1
pegasus/lib/data_store.ml
···165165 let get_revoked_token =
166166 [%rapper
167167 get_opt
168168- {sql| SELECT @int{revoked_at} FROM tokens WHERE did = %string{did} AND jti = %string{jti} |sql}]
168168+ {sql| SELECT @int{revoked_at} FROM revoked_tokens WHERE did = %string{did} AND jti = %string{jti} |sql}]
169169+170170+ let revoke_token =
171171+ [%rapper
172172+ execute
173173+ {sql| INSERT INTO revoked_tokens (did, jti, revoked_at) VALUES (%string{did}, %string{jti}, %int{now}) |sql}]
169174end
170175171176type t = (module Rapper_helper.CONNECTION)
···224229(* jwts *)
225230let is_token_revoked conn ~did ~jti =
226231 unwrap @@ Queries.get_revoked_token conn ~did ~jti
232232+233233+let revoke_token conn ~did ~jti =
234234+ unwrap @@ Queries.revoke_token conn ~did ~jti ~now:(Util.now_ms ())
+1-1
pegasus/lib/xrpc.ml
···1111 match%lwt auth init with
1212 | Ok creds -> (
1313 try%lwt hdlr {req= init.req; db= init.db; auth= creds}
1414- with e -> exn_to_response e )
1414+ with e -> log_exn e ; exn_to_response e )
1515 | Error e ->
1616 exn_to_response e
1717