From 4f86dce569e4a0ab52da89a2a80052d174568be5 Mon Sep 17 00:00:00 2001
From: z1glr <z1glr@pm.me>
Date: Sat, 11 Jan 2025 17:31:18 +0000
Subject: [PATCH] added persisting tokenID after password changes on changing
 session

---
 backend/pkg/db/users/users.go            |  8 ++++----
 backend/pkg/router/user.go               | 16 ++++++++++++++-
 client/src/Zustand.ts                    | 25 +-----------------------
 client/src/components/Event/AddEvent.tsx | 14 +++++++------
 client/src/lib.ts                        | 20 +++++++++++++++++++
 5 files changed, 48 insertions(+), 35 deletions(-)

diff --git a/backend/pkg/db/users/users.go b/backend/pkg/db/users/users.go
index 72928f1..1975c18 100644
--- a/backend/pkg/db/users/users.go
+++ b/backend/pkg/db/users/users.go
@@ -70,10 +70,10 @@ type UserChangePassword struct {
 	Password string `json:"password" validate:"required,min=12"`
 }
 
-func ChangePassword(user UserChangePassword) error {
+func ChangePassword(user UserChangePassword) (string, error) {
 	// try to hash teh password
 	if hash, err := hashPassword(user.Password); err != nil {
-		return err
+		return "", err
 	} else {
 		execStruct := struct {
 			UserName string `db:"userName"`
@@ -86,11 +86,11 @@ func ChangePassword(user UserChangePassword) error {
 		}
 
 		if _, err := db.DB.NamedExec("UPDATE USERS SET tokenID = :tokenID, password = :password WHERE name = :userName", execStruct); err != nil {
-			return err
+			return "", err
 		} else {
 			refresh()
 
-			return nil
+			return execStruct.TokenID, nil
 		}
 	}
 }
diff --git a/backend/pkg/router/user.go b/backend/pkg/router/user.go
index 6411389..ac2a530 100644
--- a/backend/pkg/router/user.go
+++ b/backend/pkg/router/user.go
@@ -51,10 +51,24 @@ func patchPassword(args HandlerArgs) responseMessage {
 			response.Status = fiber.StatusBadRequest
 
 			logger.Info().Msgf("invalid body: %v", err)
-		} else if err := users.ChangePassword(body); err != nil {
+		} else if tokenID, err := users.ChangePassword(body); err != nil {
 			response.Status = fiber.StatusInternalServerError
 
 			logger.Error().Msgf("can't update password: %v", err)
+
+			// sign a new JWT with the new tokenID
+		} else if jwt, err := config.SignJWT(JWTPayload{
+			UserName: body.UserName,
+			TokenID:  tokenID,
+
+			// if something failed, remove the current session-cookie
+		}); err != nil {
+			removeSessionCookie(args.C)
+
+			// set the new session-cookie
+		} else {
+			// update the token in the session-cookie
+			setSessionCookie(args.C, &jwt)
 		}
 	}
 
diff --git a/client/src/Zustand.ts b/client/src/Zustand.ts
index acb8f64..65100bf 100644
--- a/client/src/Zustand.ts
+++ b/client/src/Zustand.ts
@@ -4,16 +4,10 @@ import { create } from "zustand";
 import { persist } from "zustand/middleware";
 import { apiCall } from "./lib";
 
-export type Task = string;
-
-export type Availability = string;
-
-export const Availabilities: Availability[] = ["yes", "maybe", "no"];
-
 export interface EventData {
 	id: number;
 	date: string;
-	tasks: Partial<Record<Task, string | null>>;
+	tasks: Partial<Record<string, string | null>>;
 	description: string;
 }
 
@@ -70,21 +64,4 @@ const zustand = create<Zustand>()(
 	),
 );
 
-export async function getTasks(): Promise<
-	Record<number, { text: string; disabled: boolean }>
-> {
-	const result = await apiCall<{ text: string; disabled: boolean }[]>(
-		"GET",
-		"tasks",
-	);
-
-	if (result.ok) {
-		const tasks = await result.json();
-
-		return tasks;
-	} else {
-		return [];
-	}
-}
-
 export default zustand;
diff --git a/client/src/components/Event/AddEvent.tsx b/client/src/components/Event/AddEvent.tsx
index 9486591..15e71a2 100644
--- a/client/src/components/Event/AddEvent.tsx
+++ b/client/src/components/Event/AddEvent.tsx
@@ -1,6 +1,6 @@
-import { useEffect, useReducer } from "react";
+import { useEffect, useReducer, useState } from "react";
 import { Add } from "@carbon/icons-react";
-import zustand, { getTasks, Task } from "../../Zustand";
+import zustand from "../../Zustand";
 import { getLocalTimeZone, now, ZonedDateTime } from "@internationalized/date";
 import {
 	Button,
@@ -16,12 +16,12 @@ import {
 	Spinner,
 	Textarea,
 } from "@nextui-org/react";
-import { apiCall } from "@/lib";
+import { apiCall, getTasks, Task } from "@/lib";
 
 interface state {
 	date: ZonedDateTime;
 	description: string;
-	tasks: Task[];
+	tasks: string[];
 }
 
 interface dispatchAction {
@@ -50,11 +50,13 @@ export default function AddEvent(props: {
 		}
 	}
 	const [state, dispatchState] = useReducer(reducer, initialState);
-	const tasks = zustand((state) => state.tasks);
+	const [tasks, setTasks] = useState<Record<number, Task>>({});
 
 	// get the available tasks
 	useEffect(() => {
-		void getTasks();
+		(async () => {
+			setTasks(await getTasks());
+		})();
 	}, []);
 
 	// sends the addEvent request to the backend
diff --git a/client/src/lib.ts b/client/src/lib.ts
index 267fcaa..d5b9323 100644
--- a/client/src/lib.ts
+++ b/client/src/lib.ts
@@ -90,3 +90,23 @@ export function vaidatePassword(password: string): string[] {
 
 	return errors;
 }
+
+export interface Task {
+	text: string;
+	disabled: boolean;
+}
+
+export async function getTasks(): Promise<Record<number, Task>> {
+	const result = await apiCall<{ text: string; disabled: boolean }[]>(
+		"GET",
+		"tasks",
+	);
+
+	if (result.ok) {
+		const tasks = await result.json();
+
+		return tasks;
+	} else {
+		return [];
+	}
+}