From 5c13cffe083a7a2a1c04a0fa25b812b51dcb210a Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre.git@communiquons.org>
Date: Tue, 18 Nov 2025 15:09:27 +0100
Subject: [PATCH] Send broadcast message when an API token is deleted

---
 matrixgw_backend/src/broadcast_messages.rs               | 8 +++++---
 matrixgw_backend/src/controllers/auth_controller.rs      | 9 +++++++--
 matrixgw_backend/src/controllers/tokens_controller.rs    | 9 +++++++--
 matrixgw_backend/src/matrix_connection/matrix_manager.rs | 2 +-
 matrixgw_backend/src/users.rs                            | 8 +++++++-
 5 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/matrixgw_backend/src/broadcast_messages.rs b/matrixgw_backend/src/broadcast_messages.rs
index 423114f..e31174e 100644
--- a/matrixgw_backend/src/broadcast_messages.rs
+++ b/matrixgw_backend/src/broadcast_messages.rs
@@ -1,10 +1,12 @@
-use crate::users::UserEmail;
+use crate::users::{APIToken, UserEmail};
 
 pub type BroadcastSender = tokio::sync::broadcast::Sender<BroadcastMessage>;
 
 /// Broadcast messages
 #[derive(Debug, Clone)]
 pub enum BroadcastMessage {
-    /// User is or has been disconnected
-    UserDisconnected(UserEmail),
+    /// User is or has been disconnected from Matrix
+    UserDisconnectedFromMatrix(UserEmail),
+    /// API token has been deleted
+    APITokenDeleted(APIToken),
 }
diff --git a/matrixgw_backend/src/controllers/auth_controller.rs b/matrixgw_backend/src/controllers/auth_controller.rs
index 42d759f..d9332b0 100644
--- a/matrixgw_backend/src/controllers/auth_controller.rs
+++ b/matrixgw_backend/src/controllers/auth_controller.rs
@@ -1,4 +1,5 @@
 use crate::app_config::AppConfig;
+use crate::broadcast_messages::BroadcastSender;
 use crate::controllers::{HttpFailure, HttpResult};
 use crate::extractors::auth_extractor::{AuthExtractor, AuthenticatedMethod};
 use crate::extractors::matrix_client_extractor::MatrixClientExtractor;
@@ -113,14 +114,18 @@ pub async fn auth_info(client: MatrixClientExtractor) -> HttpResult {
 }
 
 /// Sign out user
-pub async fn sign_out(auth: AuthExtractor, session: MatrixGWSession) -> HttpResult {
+pub async fn sign_out(
+    auth: AuthExtractor,
+    session: MatrixGWSession,
+    tx: web::Data<BroadcastSender>,
+) -> HttpResult {
     match auth.method {
         AuthenticatedMethod::Cookie => {
             session.unset_current_user()?;
         }
 
         AuthenticatedMethod::Token(token) => {
-            token.delete(&auth.user.email).await?;
+            token.delete(&auth.user.email, &tx).await?;
         }
 
         AuthenticatedMethod::Dev => {
diff --git a/matrixgw_backend/src/controllers/tokens_controller.rs b/matrixgw_backend/src/controllers/tokens_controller.rs
index 997fbca..ce50d82 100644
--- a/matrixgw_backend/src/controllers/tokens_controller.rs
+++ b/matrixgw_backend/src/controllers/tokens_controller.rs
@@ -1,3 +1,4 @@
+use crate::broadcast_messages::BroadcastSender;
 use crate::controllers::HttpResult;
 use crate::extractors::auth_extractor::{AuthExtractor, AuthenticatedMethod};
 use crate::users::{APIToken, APITokenID, BaseAPIToken};
@@ -41,8 +42,12 @@ pub struct TokenIDInPath {
 }
 
 /// Delete an API access token
-pub async fn delete(auth: AuthExtractor, path: web::Path<TokenIDInPath>) -> HttpResult {
+pub async fn delete(
+    auth: AuthExtractor,
+    path: web::Path<TokenIDInPath>,
+    tx: web::Data<BroadcastSender>,
+) -> HttpResult {
     let token = APIToken::load(&auth.user.email, &path.id).await?;
-    token.delete(&auth.user.email).await?;
+    token.delete(&auth.user.email, &tx).await?;
     Ok(HttpResponse::Accepted().finish())
 }
diff --git a/matrixgw_backend/src/matrix_connection/matrix_manager.rs b/matrixgw_backend/src/matrix_connection/matrix_manager.rs
index d75cab6..759d694 100644
--- a/matrixgw_backend/src/matrix_connection/matrix_manager.rs
+++ b/matrixgw_backend/src/matrix_connection/matrix_manager.rs
@@ -67,7 +67,7 @@ impl Actor for MatrixManagerActor {
                     }
                     if let Err(e) = state
                         .broadcast_sender
-                        .send(BroadcastMessage::UserDisconnected(email))
+                        .send(BroadcastMessage::UserDisconnectedFromMatrix(email))
                     {
                         log::warn!(
                             "Failed to notify that user has been disconnected from Matrix! {e}"
diff --git a/matrixgw_backend/src/users.rs b/matrixgw_backend/src/users.rs
index ad1e410..26f1f17 100644
--- a/matrixgw_backend/src/users.rs
+++ b/matrixgw_backend/src/users.rs
@@ -1,4 +1,5 @@
 use crate::app_config::AppConfig;
+use crate::broadcast_messages::{BroadcastMessage, BroadcastSender};
 use crate::constants;
 use crate::controllers::server_controller::ServerConstraints;
 use crate::matrix_connection::matrix_client::EncryptionRecoveryState;
@@ -246,9 +247,14 @@ impl APIToken {
     }
 
     /// Delete this token
-    pub async fn delete(self, email: &UserEmail) -> anyhow::Result<()> {
+    pub async fn delete(self, email: &UserEmail, tx: &BroadcastSender) -> anyhow::Result<()> {
         let token_file = AppConfig::get().user_api_token_metadata_file(email, &self.id);
         std::fs::remove_file(&token_file).map_err(MatrixGWUserError::DeleteToken)?;
+
+        if let Err(e) = tx.send(BroadcastMessage::APITokenDeleted(self)) {
+            log::error!("Failed to notify API token deletion! {e}");
+        }
+
         Ok(())
     }