+ token := creds.Tokens[0]
+ tokenSecret := token
+ var tokenUuid string
+ if strings.HasPrefix(token, "v2/") {
+ tokenParts := strings.Split(token, "/")
+ if len(tokenParts) >= 3 {
+ tokenUuid = tokenParts[1]
+ tokenSecret = tokenParts[2]
+ }
+ }
+
+ var retrievedUuid string
+ err = tx.QueryRowContext(ctx, `SELECT uuid FROM api_client_authorizations WHERE api_token=$1 AND (expires_at IS NULL OR expires_at > current_timestamp AT TIME ZONE 'UTC') LIMIT 1`, tokenSecret).Scan(&retrievedUuid)
+ if err == sql.ErrNoRows {
+ ctxlog.FromContext(ctx).Debugf("expireAPIClientAuthorization(%s): not found in database", token)
+ return nil
+ } else if err != nil {
+ ctxlog.FromContext(ctx).WithError(err).Debugf("expireAPIClientAuthorization(%s): database error", token)
+ return err
+ }
+
+ if tokenUuid != "" && retrievedUuid != tokenUuid {
+ // secret part matches, but UUID doesn't -- somewhat surprising
+ ctxlog.FromContext(ctx).Debugf("expireAPIClientAuthorization(%s): secret part found, but with different UUID: %s", tokenSecret, retrievedUuid)
+ return nil
+ }
+
+ res, err := tx.ExecContext(ctx, "UPDATE api_client_authorizations SET expires_at=current_timestamp AT TIME ZONE 'UTC' WHERE uuid=$1", retrievedUuid)