@@ -20,13 +20,15 @@ use mas_storage::{
2020 personal:: { PersonalSessionFilter , PersonalSessionRepository , PersonalSessionState } ,
2121} ;
2222use oauth2_types:: scope:: Scope ;
23+ use opentelemetry_semantic_conventions:: trace:: DB_QUERY_TEXT ;
2324use rand:: RngCore ;
2425use sea_query:: {
2526 Cond , Condition , Expr , PgFunc , PostgresQueryBuilder , Query , SimpleExpr , enum_def,
2627 extension:: postgres:: PgExpr as _,
2728} ;
2829use sea_query_binder:: SqlxBinder as _;
2930use sqlx:: PgConnection ;
31+ use tracing:: { Instrument as _, info_span} ;
3032use ulid:: Ulid ;
3133use uuid:: Uuid ;
3234
@@ -311,15 +313,38 @@ impl PersonalSessionRepository for PgPersonalSessionRepository<'_> {
311313 clock : & dyn Clock ,
312314 session : PersonalSession ,
313315 ) -> Result < PersonalSession , Self :: Error > {
314- let finished_at = clock. now ( ) ;
316+ let revoked_at = clock. now ( ) ;
317+
318+ {
319+ // Revoke dependent PATs
320+ let span = info_span ! (
321+ "db.personal_session.revoke.tokens" ,
322+ { DB_QUERY_TEXT } = tracing:: field:: Empty ,
323+ ) ;
324+
325+ sqlx:: query!(
326+ r#"
327+ UPDATE personal_access_tokens
328+ SET revoked_at = $2
329+ WHERE personal_session_id = $1 AND revoked_at IS NULL
330+ "# ,
331+ Uuid :: from( session. id) ,
332+ revoked_at,
333+ )
334+ . record ( & span)
335+ . execute ( & mut * self . conn )
336+ . instrument ( span)
337+ . await ?;
338+ }
339+
315340 let res = sqlx:: query!(
316341 r#"
317342 UPDATE personal_sessions
318343 SET revoked_at = $2
319344 WHERE personal_session_id = $1
320345 "# ,
321346 Uuid :: from( session. id) ,
322- finished_at ,
347+ revoked_at ,
323348 )
324349 . traced ( )
325350 . execute ( & mut * self . conn )
@@ -328,7 +353,7 @@ impl PersonalSessionRepository for PgPersonalSessionRepository<'_> {
328353 DatabaseError :: ensure_affected_rows ( & res, 1 ) ?;
329354
330355 session
331- . finish ( finished_at )
356+ . finish ( revoked_at )
332357 . map_err ( DatabaseError :: to_invalid_operation)
333358 }
334359
0 commit comments