tksadik92/wrenn-releases
1
0
Fork 0
forked from wrenn/wrenn
Code Pull Requests Activity

v0.2.0 (#50)

Browse Source 
Co-authored-by: Tasnim Kabir Sadik <tksadik@omukk.dev>

Reviewed-on: wrenn/wrenn#50
This commit is contained in:
Rafeed M. Bhuiyan
2026-05-24 21:10:37 +00:00
parent 4707f16c76
commit 05ddf62399
203 changed files with 15815 additions and 9344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
internal/api/handlers_users.go
View File

@ -11,19 +11,21 @@ import (
"git.omukk.dev/wrenn/wrenn/pkg/audit"
"git.omukk.dev/wrenn/wrenn/pkg/auth"
"git.omukk.dev/wrenn/wrenn/pkg/auth/session"
"git.omukk.dev/wrenn/wrenn/pkg/db"
"git.omukk.dev/wrenn/wrenn/pkg/id"
"git.omukk.dev/wrenn/wrenn/pkg/service"
)
type usersHandler struct {
db *db.Queries
svc *service.UserService
audit *audit.AuditLogger
db *db.Queries
svc *service.UserService
audit *audit.AuditLogger
sessions *session.Service
}
func newUsersHandler(db *db.Queries, svc *service.UserService, al *audit.AuditLogger) *usersHandler {
return &usersHandler{db: db, svc: svc, audit: al}
func newUsersHandler(db *db.Queries, svc *service.UserService, al *audit.AuditLogger, sessions *session.Service) *usersHandler {
return &usersHandler{db: db, svc: svc, audit: al, sessions: sessions}
}
// Search handles GET /v1/users/search?email=<prefix>
@ -158,6 +160,10 @@ func (h *usersHandler) SetUserActive(w http.ResponseWriter, r *http.Request) {
if req.Active {
h.audit.LogUserActivate(r.Context(), ac, userID, user.Email)
} else {
// Disabled users must be kicked out of every active session.
if err := h.sessions.RevokeAllForUser(r.Context(), userID); err != nil {
_ = err
}
h.audit.LogUserDeactivate(r.Context(), ac, userID, user.Email)
}
w.WriteHeader(http.StatusNoContent)
@ -215,5 +221,14 @@ func (h *usersHandler) SetUserAdmin(w http.ResponseWriter, r *http.Request) {
}
h.audit.LogUserRevokeAdmin(r.Context(), ac, userID, user.Email)
}
// Invalidate cached session blobs so the new is_admin flag is reflected
// on the user's next request without waiting for the Redis TTL.
if err := h.sessions.InvalidateCacheForUser(r.Context(), userID); err != nil {
// Cache is best-effort; the DB is authoritative and requireAdmin
// always re-reads it.
_ = err
}
w.WriteHeader(http.StatusNoContent)
}