nix: wrapper to launch ezidam with env variables

nix: copy assets in docker, need to finish env
ezidam: config via env variables
2023-11-20 22:31:38 +01:00 · 2023-11-17 22:33:50 +01:00 · 2023-11-17 22:32:46 +01:00 · 2023-11-17 11:24:00 +01:00 · 2023-11-17 11:23:50 +01:00 · 2023-11-17 01:16:26 +01:00
106 changed files with 3226 additions and 2693 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,3 +9,6 @@
 # os
 .DS_Store
 # nix docker
 /result
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -8,7 +8,7 @@ members = [
 [workspace.dependencies]
 thiserror = "1"
 chrono = "0.4"
-sqlx = "0.6"
+sqlx = "0.7"
 url = "2.3"
 serde = "1"
 serde_json = "1"
--- a/crates/database/.sqlx/query-06cfa74715f3725e99e63aa206f1be5d26cb26924d53dc5a68ee4ea48d6bbbfd.json
+++ b/crates/database/.sqlx/query-06cfa74715f3725e99e63aa206f1be5d26cb26924d53dc5a68ee4ea48d6bbbfd.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update settings\n\nset business_logo = ?\n\nwhere id is 0\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "06cfa74715f3725e99e63aa206f1be5d26cb26924d53dc5a68ee4ea48d6bbbfd"
 }
--- a/crates/database/.sqlx/query-0b60c7829e95dde4145b7f207b64df7006c1fde2faaca0f7952a009d6cda90a3.json
+++ b/crates/database/.sqlx/query-0b60c7829e95dde4145b7f207b64df7006c1fde2faaca0f7952a009d6cda90a3.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update settings\n\nset business_name = ?\n\nwhere id is 0\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "0b60c7829e95dde4145b7f207b64df7006c1fde2faaca0f7952a009d6cda90a3"
 }
--- a/crates/database/.sqlx/query-13c26aaf556d259535afb95f5c53b4c594f373084c73000bc7865a280df74fdd.json
+++ b/crates/database/.sqlx/query-13c26aaf556d259535afb95f5c53b4c594f373084c73000bc7865a280df74fdd.json
@ -0,0 +1,62 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at      as \"created_at: DateTime<Utc>\",\n       updated_at      as \"updated_at: DateTime<Utc>\",\n       label,\n       redirect_uri,\n       secret,\n       is_confidential as \"is_confidential: bool\",\n       is_archived     as \"is_archived: bool\"\nfrom apps\n\nwhere is_archived is 0\norder by created_at desc",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "label",
        "ordinal": 3,
        "type_info": "Text"
      },
      {
        "name": "redirect_uri",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "secret",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "is_confidential: bool",
        "ordinal": 6,
        "type_info": "Int64"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 7,
        "type_info": "Int64"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      false,
      false,
      false
    ]
  },
  "hash": "13c26aaf556d259535afb95f5c53b4c594f373084c73000bc7865a280df74fdd"
 }
--- a/crates/database/.sqlx/query-184d704e75f00513082dd2c6cc3ae5c3f58b57b222ba4333216b5c50c3c58c71.json
+++ b/crates/database/.sqlx/query-184d704e75f00513082dd2c6cc3ae5c3f58b57b222ba4333216b5c50c3c58c71.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update apps\n\nset label           = ?,\n    redirect_uri    = ?,\n    is_confidential = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 4
    },
    "nullable": []
  },
  "hash": "184d704e75f00513082dd2c6cc3ae5c3f58b57b222ba4333216b5c50c3c58c71"
 }
--- a/crates/database/.sqlx/query-1e2edc8cf28832344dbfa0878ac01361b6f97c552d6af8477da12cddb03d4865.json
+++ b/crates/database/.sqlx/query-1e2edc8cf28832344dbfa0878ac01361b6f97c552d6af8477da12cddb03d4865.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update apps\n\nset secret = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "1e2edc8cf28832344dbfa0878ac01361b6f97c552d6af8477da12cddb03d4865"
 }
--- a/crates/database/.sqlx/query-2d562e7b19d7d8303a0e79d143d25fd68743ae30d1ec0b0ca5c7dfc367fdf357.json
+++ b/crates/database/.sqlx/query-2d562e7b19d7d8303a0e79d143d25fd68743ae30d1ec0b0ca5c7dfc367fdf357.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update apps\n\nset is_archived = 1\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "2d562e7b19d7d8303a0e79d143d25fd68743ae30d1ec0b0ca5c7dfc367fdf357"
 }
--- a/crates/database/.sqlx/query-2ee77458d93ae79d957e03e6ca50c1bf690f40b6cc6ec5f008eb0e928f376659.json
+++ b/crates/database/.sqlx/query-2ee77458d93ae79d957e03e6ca50c1bf690f40b6cc6ec5f008eb0e928f376659.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update roles\n\nset is_archived = ?\n\nwhere name is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "2ee77458d93ae79d957e03e6ca50c1bf690f40b6cc6ec5f008eb0e928f376659"
 }
--- a/crates/database/.sqlx/query-32d35bdd1f4cf64ce0ff7beb7a11591e0f35eab7211692bcde8230c68e4cedf3.json
+++ b/crates/database/.sqlx/query-32d35bdd1f4cf64ce0ff7beb7a11591e0f35eab7211692bcde8230c68e4cedf3.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update users\n\nset password_recover = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "32d35bdd1f4cf64ce0ff7beb7a11591e0f35eab7211692bcde8230c68e4cedf3"
 }
--- a/crates/database/.sqlx/query-37000307a757b4912ca300c346b5bd8ee5d50331d94abeee076ae4db46215a56.json
+++ b/crates/database/.sqlx/query-37000307a757b4912ca300c346b5bd8ee5d50331d94abeee076ae4db46215a56.json
@ -0,0 +1,98 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at  as \"created_at: DateTime<Utc>\",\n       updated_at  as \"updated_at: DateTime<Utc>\",\n       is_admin    as \"is_admin: bool\",\n       username,\n       name,\n       email,\n       password,\n       password_recover,\n       paper_key,\n       is_archived as \"is_archived: bool\",\n       timezone,\n       totp_secret,\n       totp_backup\nfrom users\n\nwhere email is (?)\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "is_admin: bool",
        "ordinal": 3,
        "type_info": "Int64"
      },
      {
        "name": "username",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "name",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "email",
        "ordinal": 6,
        "type_info": "Text"
      },
      {
        "name": "password",
        "ordinal": 7,
        "type_info": "Text"
      },
      {
        "name": "password_recover",
        "ordinal": 8,
        "type_info": "Text"
      },
      {
        "name": "paper_key",
        "ordinal": 9,
        "type_info": "Text"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 10,
        "type_info": "Int64"
      },
      {
        "name": "timezone",
        "ordinal": 11,
        "type_info": "Text"
      },
      {
        "name": "totp_secret",
        "ordinal": 12,
        "type_info": "Blob"
      },
      {
        "name": "totp_backup",
        "ordinal": 13,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      true,
      true,
      true,
      true,
      true,
      false,
      false,
      true,
      true
    ]
  },
  "hash": "37000307a757b4912ca300c346b5bd8ee5d50331d94abeee076ae4db46215a56"
 }
--- a/crates/database/.sqlx/query-37681902a5f5d87492812a525a6488e75d20c1c436a3ba2c5aa3f54da62fe861.json
+++ b/crates/database/.sqlx/query-37681902a5f5d87492812a525a6488e75d20c1c436a3ba2c5aa3f54da62fe861.json
@ -0,0 +1,62 @@
 {
  "db_name": "SQLite",
  "query": "select\n    -- info\n    token,\n    ip_address,\n    user,\n    app,\n\n    -- timings\n    created_at as \"created_at: DateTime<Utc>\",\n    expires_at as \"expires_at: DateTime<Utc>\",\n    used_at    as \"used_at: DateTime<Utc>\",\n    revoked_at as \"revoked_at: DateTime<Utc>\"\nfrom refresh_tokens\n\nwhere token is (?)",
  "describe": {
    "columns": [
      {
        "name": "token",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "ip_address",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "user",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "app",
        "ordinal": 3,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "expires_at: DateTime<Utc>",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "used_at: DateTime<Utc>",
        "ordinal": 6,
        "type_info": "Text"
      },
      {
        "name": "revoked_at: DateTime<Utc>",
        "ordinal": 7,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      false,
      true,
      true
    ]
  },
  "hash": "37681902a5f5d87492812a525a6488e75d20c1c436a3ba2c5aa3f54da62fe861"
 }
--- a/crates/database/.sqlx/query-3c8e31ffa5cbfd4dded8a272777cb320fb51fd2e53ed25054d24e9801df0c358.json
+++ b/crates/database/.sqlx/query-3c8e31ffa5cbfd4dded8a272777cb320fb51fd2e53ed25054d24e9801df0c358.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update refresh_tokens\n\nset used_at = CURRENT_TIMESTAMP\n\nwhere token is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "3c8e31ffa5cbfd4dded8a272777cb320fb51fd2e53ed25054d24e9801df0c358"
 }
--- a/crates/database/.sqlx/query-44cc12d7659e618fcb44a82697d60da940bdab3c87690ee42569ae3da1a8e791.json
+++ b/crates/database/.sqlx/query-44cc12d7659e618fcb44a82697d60da940bdab3c87690ee42569ae3da1a8e791.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "insert into roles (name, label)\nvalues (?, ?)\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "44cc12d7659e618fcb44a82697d60da940bdab3c87690ee42569ae3da1a8e791"
 }
--- a/crates/database/.sqlx/query-46caa546db24d2c1e8192f9e699202be5129c74a5569b2dc7bf95761fe09a6a3.json
+++ b/crates/database/.sqlx/query-46caa546db24d2c1e8192f9e699202be5129c74a5569b2dc7bf95761fe09a6a3.json
@ -0,0 +1,32 @@
 {
  "db_name": "SQLite",
  "query": "select user,\n       role,\n       created_at as \"created_at: DateTime<Utc>\"\n\nfrom permissions\nwhere role is (?)\n",
  "describe": {
    "columns": [
      {
        "name": "user",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "role",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false
    ]
  },
  "hash": "46caa546db24d2c1e8192f9e699202be5129c74a5569b2dc7bf95761fe09a6a3"
 }
--- a/crates/database/.sqlx/query-520fe30e21f6b6c4d9a47c457675eebd144cf020e9230d154e9e4d0c8d6e01ca.json
+++ b/crates/database/.sqlx/query-520fe30e21f6b6c4d9a47c457675eebd144cf020e9230d154e9e4d0c8d6e01ca.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "insert into users (id, is_admin, username, password)\nvalues (?, ?, ?, ?)\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 4
    },
    "nullable": []
  },
  "hash": "520fe30e21f6b6c4d9a47c457675eebd144cf020e9230d154e9e4d0c8d6e01ca"
 }
--- a/crates/database/.sqlx/query-52c16bb0e76dd1726d151b69d1ba3b89948ee6ac5116e442faef8512c1a615c0.json
+++ b/crates/database/.sqlx/query-52c16bb0e76dd1726d151b69d1ba3b89948ee6ac5116e442faef8512c1a615c0.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update users\n\nset is_archived = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "52c16bb0e76dd1726d151b69d1ba3b89948ee6ac5116e442faef8512c1a615c0"
 }
--- a/crates/database/.sqlx/query-545f19b0373c7ffe16864eb242c15a0092355e120c5cbe006c877afdfc4a4e8c.json
+++ b/crates/database/.sqlx/query-545f19b0373c7ffe16864eb242c15a0092355e120c5cbe006c877afdfc4a4e8c.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update users\n\nset username = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "545f19b0373c7ffe16864eb242c15a0092355e120c5cbe006c877afdfc4a4e8c"
 }
--- a/crates/database/.sqlx/query-5567f75b47f739e85da3469bec0202be315c42dfc820d3c37bba498b1b783811.json
+++ b/crates/database/.sqlx/query-5567f75b47f739e85da3469bec0202be315c42dfc820d3c37bba498b1b783811.json
@ -0,0 +1,98 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at  as \"created_at: DateTime<Utc>\",\n       updated_at  as \"updated_at: DateTime<Utc>\",\n       is_admin    as \"is_admin: bool\",\n       username,\n       name,\n       email,\n       password,\n       password_recover,\n       paper_key,\n       is_archived as \"is_archived: bool\",\n       timezone,\n       totp_secret,\n       totp_backup\nfrom users\n\nwhere username is (?)\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "is_admin: bool",
        "ordinal": 3,
        "type_info": "Int64"
      },
      {
        "name": "username",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "name",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "email",
        "ordinal": 6,
        "type_info": "Text"
      },
      {
        "name": "password",
        "ordinal": 7,
        "type_info": "Text"
      },
      {
        "name": "password_recover",
        "ordinal": 8,
        "type_info": "Text"
      },
      {
        "name": "paper_key",
        "ordinal": 9,
        "type_info": "Text"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 10,
        "type_info": "Int64"
      },
      {
        "name": "timezone",
        "ordinal": 11,
        "type_info": "Text"
      },
      {
        "name": "totp_secret",
        "ordinal": 12,
        "type_info": "Blob"
      },
      {
        "name": "totp_backup",
        "ordinal": 13,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      true,
      true,
      true,
      true,
      true,
      false,
      false,
      true,
      true
    ]
  },
  "hash": "5567f75b47f739e85da3469bec0202be315c42dfc820d3c37bba498b1b783811"
 }
--- a/crates/database/.sqlx/query-56a9c0dff010858189a95087d014c7d0ce930da5d841b9d788a9c0e84b580bc6.json
+++ b/crates/database/.sqlx/query-56a9c0dff010858189a95087d014c7d0ce930da5d841b9d788a9c0e84b580bc6.json
@ -0,0 +1,44 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at as \"created_at: DateTime<Utc>\",\n       revoked_at as \"revoked_at: DateTime<Utc>\",\n       private_der,\n       public_der\n\nfrom keys\norder by created_at desc\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "revoked_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "private_der",
        "ordinal": 3,
        "type_info": "Blob"
      },
      {
        "name": "public_der",
        "ordinal": 4,
        "type_info": "Blob"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      true,
      false,
      false
    ]
  },
  "hash": "56a9c0dff010858189a95087d014c7d0ce930da5d841b9d788a9c0e84b580bc6"
 }
--- a/crates/database/.sqlx/query-58e0626629a768c33783bbc926c3d1477ad7e4e983b61ede013e5b066940eb5c.json
+++ b/crates/database/.sqlx/query-58e0626629a768c33783bbc926c3d1477ad7e4e983b61ede013e5b066940eb5c.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update users\n\nset timezone = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "58e0626629a768c33783bbc926c3d1477ad7e4e983b61ede013e5b066940eb5c"
 }
--- a/crates/database/.sqlx/query-5a365b761ada7d5f67e5ad3ff9a1a89d96383e28b15186576f90ff59f309196c.json
+++ b/crates/database/.sqlx/query-5a365b761ada7d5f67e5ad3ff9a1a89d96383e28b15186576f90ff59f309196c.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update totp_login_requests\n\nset used_at = CURRENT_TIMESTAMP\n\nwhere user is ?\n  and used_at is null",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "5a365b761ada7d5f67e5ad3ff9a1a89d96383e28b15186576f90ff59f309196c"
 }
--- a/crates/database/.sqlx/query-5e148a43d9f64c73296b2b70deef07d2c863a93fff693aec1b47378c44bf77de.json
+++ b/crates/database/.sqlx/query-5e148a43d9f64c73296b2b70deef07d2c863a93fff693aec1b47378c44bf77de.json
@ -0,0 +1,38 @@
 {
  "db_name": "SQLite",
  "query": "select name,\n       label,\n       created_at  as \"created_at: DateTime<Utc>\",\n       is_archived as \"is_archived: bool\"\nfrom roles\n\norder by created_at desc\n",
  "describe": {
    "columns": [
      {
        "name": "name",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "label",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 3,
        "type_info": "Int64"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      false,
      false
    ]
  },
  "hash": "5e148a43d9f64c73296b2b70deef07d2c863a93fff693aec1b47378c44bf77de"
 }
--- a/crates/database/.sqlx/query-5f946348ad62389fab3c97a1563d1592cbc5180abbba6d5abd44326bf0862669.json
+++ b/crates/database/.sqlx/query-5f946348ad62389fab3c97a1563d1592cbc5180abbba6d5abd44326bf0862669.json
@ -0,0 +1,44 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at as \"created_at: DateTime<Utc>\",\n       revoked_at as \"revoked_at: DateTime<Utc>\",\n       private_der,\n       public_der\n\nfrom keys\nwhere revoked_at is not null\norder by created_at desc\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "revoked_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "private_der",
        "ordinal": 3,
        "type_info": "Blob"
      },
      {
        "name": "public_der",
        "ordinal": 4,
        "type_info": "Blob"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      true,
      false,
      false
    ]
  },
  "hash": "5f946348ad62389fab3c97a1563d1592cbc5180abbba6d5abd44326bf0862669"
 }
--- a/crates/database/.sqlx/query-62c75412f673f6a293b0d188d79c50676ec21cf94e2e50e18f9279c91e6b85c8.json
+++ b/crates/database/.sqlx/query-62c75412f673f6a293b0d188d79c50676ec21cf94e2e50e18f9279c91e6b85c8.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "insert or ignore into settings(id)\nvalues (0);",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 0
    },
    "nullable": []
  },
  "hash": "62c75412f673f6a293b0d188d79c50676ec21cf94e2e50e18f9279c91e6b85c8"
 }
--- a/crates/database/.sqlx/query-645f583812c4d71570d1e84b866e85c5a012d71cd745494049a8d9bebab3ed61.json
+++ b/crates/database/.sqlx/query-645f583812c4d71570d1e84b866e85c5a012d71cd745494049a8d9bebab3ed61.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update totp_login_requests\n\nset used_at = CURRENT_TIMESTAMP\n\nwhere token is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "645f583812c4d71570d1e84b866e85c5a012d71cd745494049a8d9bebab3ed61"
 }
--- a/crates/database/.sqlx/query-657fdc2b228b14a6aba717e5083daf48204274ab62d73ec8968bcd0c7568b157.json
+++ b/crates/database/.sqlx/query-657fdc2b228b14a6aba717e5083daf48204274ab62d73ec8968bcd0c7568b157.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "vacuum",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 0
    },
    "nullable": []
  },
  "hash": "657fdc2b228b14a6aba717e5083daf48204274ab62d73ec8968bcd0c7568b157"
 }
--- a/crates/database/.sqlx/query-68cfa3d135eb4cdbdbcb3b943518b4ac09c371af689c444eb439a37f91ecf7a5.json
+++ b/crates/database/.sqlx/query-68cfa3d135eb4cdbdbcb3b943518b4ac09c371af689c444eb439a37f91ecf7a5.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update users\n\nset paper_key = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "68cfa3d135eb4cdbdbcb3b943518b4ac09c371af689c444eb439a37f91ecf7a5"
 }
--- a/crates/database/.sqlx/query-693c8c3de266cb3a8fc98bdea8e3b87de0dcb78316628d48f0e6efc0f8103040.json
+++ b/crates/database/.sqlx/query-693c8c3de266cb3a8fc98bdea8e3b87de0dcb78316628d48f0e6efc0f8103040.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update roles\n\nset label = ?\n\nwhere name is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "693c8c3de266cb3a8fc98bdea8e3b87de0dcb78316628d48f0e6efc0f8103040"
 }
--- a/crates/database/.sqlx/query-6fa3c48b9e93fb9ec6807f7547a8f999fc55a6fb8ad4abe7af89ec52e0d10a0e.json
+++ b/crates/database/.sqlx/query-6fa3c48b9e93fb9ec6807f7547a8f999fc55a6fb8ad4abe7af89ec52e0d10a0e.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "delete\nfrom permissions\n\nwhere user is ?\n  and role is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "6fa3c48b9e93fb9ec6807f7547a8f999fc55a6fb8ad4abe7af89ec52e0d10a0e"
 }
--- a/crates/database/.sqlx/query-6ff12f357d884a50035d708577a7f3109a07a1ca193cb3082d13687af65c6de0.json
+++ b/crates/database/.sqlx/query-6ff12f357d884a50035d708577a7f3109a07a1ca193cb3082d13687af65c6de0.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update users\n\nset is_admin = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "6ff12f357d884a50035d708577a7f3109a07a1ca193cb3082d13687af65c6de0"
 }
--- a/crates/database/.sqlx/query-71c74369dc5d374d8ec5aa347b5f599728b74e545df3e986e3e7e66882f73ba0.json
+++ b/crates/database/.sqlx/query-71c74369dc5d374d8ec5aa347b5f599728b74e545df3e986e3e7e66882f73ba0.json
@ -0,0 +1,98 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at  as \"created_at: DateTime<Utc>\",\n       updated_at  as \"updated_at: DateTime<Utc>\",\n       is_admin    as \"is_admin: bool\",\n       username,\n       name,\n       email,\n       password,\n       password_recover,\n       paper_key,\n       is_archived as \"is_archived: bool\",\n       timezone,\n       totp_secret,\n       totp_backup\nfrom users\n\nwhere id is (?)\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "is_admin: bool",
        "ordinal": 3,
        "type_info": "Int64"
      },
      {
        "name": "username",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "name",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "email",
        "ordinal": 6,
        "type_info": "Text"
      },
      {
        "name": "password",
        "ordinal": 7,
        "type_info": "Text"
      },
      {
        "name": "password_recover",
        "ordinal": 8,
        "type_info": "Text"
      },
      {
        "name": "paper_key",
        "ordinal": 9,
        "type_info": "Text"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 10,
        "type_info": "Int64"
      },
      {
        "name": "timezone",
        "ordinal": 11,
        "type_info": "Text"
      },
      {
        "name": "totp_secret",
        "ordinal": 12,
        "type_info": "Blob"
      },
      {
        "name": "totp_backup",
        "ordinal": 13,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      true,
      true,
      true,
      true,
      true,
      false,
      false,
      true,
      true
    ]
  },
  "hash": "71c74369dc5d374d8ec5aa347b5f599728b74e545df3e986e3e7e66882f73ba0"
 }
--- a/crates/database/.sqlx/query-73bdbde04fca37f2411e7a9e1b6dbccc0dd4d12ebcb933024d9867f07bba3eb8.json
+++ b/crates/database/.sqlx/query-73bdbde04fca37f2411e7a9e1b6dbccc0dd4d12ebcb933024d9867f07bba3eb8.json
@ -0,0 +1,32 @@
 {
  "db_name": "SQLite",
  "query": "select user,\n       role,\n       created_at as \"created_at: DateTime<Utc>\"\n\nfrom permissions\nwhere user is (?)\n  and role is (?)\n",
  "describe": {
    "columns": [
      {
        "name": "user",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "role",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 2
    },
    "nullable": [
      false,
      false,
      false
    ]
  },
  "hash": "73bdbde04fca37f2411e7a9e1b6dbccc0dd4d12ebcb933024d9867f07bba3eb8"
 }
--- a/crates/database/.sqlx/query-7b7f2430b2a719b3d5ce504c0a9302731b3ff82da99ba7771c2728d88aee642a.json
+++ b/crates/database/.sqlx/query-7b7f2430b2a719b3d5ce504c0a9302731b3ff82da99ba7771c2728d88aee642a.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update keys\n\nset revoked_at = CURRENT_TIMESTAMP\n\nwhere revoked_at is null\n  and id is not (?)\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "7b7f2430b2a719b3d5ce504c0a9302731b3ff82da99ba7771c2728d88aee642a"
 }
--- a/crates/database/.sqlx/query-7f26b73408318040f94fb6574d5cc25482cef1a57ba4c467fa0bc0fdf25bf39c.json
+++ b/crates/database/.sqlx/query-7f26b73408318040f94fb6574d5cc25482cef1a57ba4c467fa0bc0fdf25bf39c.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update authorization_codes\n\nset used_at = CURRENT_TIMESTAMP\n\nwhere code is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "7f26b73408318040f94fb6574d5cc25482cef1a57ba4c467fa0bc0fdf25bf39c"
 }
--- a/crates/database/.sqlx/query-87906834faa6f185aee0e4d893b9754908b1c173e9dce383663d723891a89cd1.json
+++ b/crates/database/.sqlx/query-87906834faa6f185aee0e4d893b9754908b1c173e9dce383663d723891a89cd1.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update settings\n\nset url = ?\n\nwhere id is 0\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "87906834faa6f185aee0e4d893b9754908b1c173e9dce383663d723891a89cd1"
 }
--- a/crates/database/.sqlx/query-8c131e1f73ffa01fc3e5e08071a786b85f23b9638d1c7eaa7b633c052703c911.json
+++ b/crates/database/.sqlx/query-8c131e1f73ffa01fc3e5e08071a786b85f23b9638d1c7eaa7b633c052703c911.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update users\n\nset name = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "8c131e1f73ffa01fc3e5e08071a786b85f23b9638d1c7eaa7b633c052703c911"
 }
--- a/crates/database/.sqlx/query-8c37375b0694df02b7f1b6678e4e2c3ffbc590c0f305ff5a8f44350fba3eaec7.json
+++ b/crates/database/.sqlx/query-8c37375b0694df02b7f1b6678e4e2c3ffbc590c0f305ff5a8f44350fba3eaec7.json
@ -0,0 +1,32 @@
 {
  "db_name": "SQLite",
  "query": "select user,\n       role,\n       created_at as \"created_at: DateTime<Utc>\"\n\nfrom permissions\nwhere user is (?)\n",
  "describe": {
    "columns": [
      {
        "name": "user",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "role",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false
    ]
  },
  "hash": "8c37375b0694df02b7f1b6678e4e2c3ffbc590c0f305ff5a8f44350fba3eaec7"
 }
--- a/crates/database/.sqlx/query-93b15a942a6c7db595990f00e14fde26d6d36b8c8de9935179d41f6c7c755978.json
+++ b/crates/database/.sqlx/query-93b15a942a6c7db595990f00e14fde26d6d36b8c8de9935179d41f6c7c755978.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update refresh_tokens\n\nset revoked_at = CURRENT_TIMESTAMP\n\nwhere app is ?\n  and revoked_at is null",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "93b15a942a6c7db595990f00e14fde26d6d36b8c8de9935179d41f6c7c755978"
 }
--- a/crates/database/.sqlx/query-9784afe2dcff4db86908175d4e3145baf72b3361f43e4127350a14a183ef63f7.json
+++ b/crates/database/.sqlx/query-9784afe2dcff4db86908175d4e3145baf72b3361f43e4127350a14a183ef63f7.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update users\n\nset password = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "9784afe2dcff4db86908175d4e3145baf72b3361f43e4127350a14a183ef63f7"
 }
--- a/crates/database/.sqlx/query-979c7ba41dac5ea5593fc169ea95b68d2311c5ae05c1e18db43424c8ed2f2e4e.json
+++ b/crates/database/.sqlx/query-979c7ba41dac5ea5593fc169ea95b68d2311c5ae05c1e18db43424c8ed2f2e4e.json
@ -0,0 +1,98 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at  as \"created_at: DateTime<Utc>\",\n       updated_at  as \"updated_at: DateTime<Utc>\",\n       is_admin    as \"is_admin: bool\",\n       username,\n       name,\n       email,\n       password,\n       password_recover,\n       paper_key,\n       is_archived as \"is_archived: bool\",\n       timezone,\n       totp_secret,\n       totp_backup\nfrom users\n\norder by created_at desc\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "is_admin: bool",
        "ordinal": 3,
        "type_info": "Int64"
      },
      {
        "name": "username",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "name",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "email",
        "ordinal": 6,
        "type_info": "Text"
      },
      {
        "name": "password",
        "ordinal": 7,
        "type_info": "Text"
      },
      {
        "name": "password_recover",
        "ordinal": 8,
        "type_info": "Text"
      },
      {
        "name": "paper_key",
        "ordinal": 9,
        "type_info": "Text"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 10,
        "type_info": "Int64"
      },
      {
        "name": "timezone",
        "ordinal": 11,
        "type_info": "Text"
      },
      {
        "name": "totp_secret",
        "ordinal": 12,
        "type_info": "Blob"
      },
      {
        "name": "totp_backup",
        "ordinal": 13,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      true,
      true,
      true,
      true,
      true,
      false,
      false,
      true,
      true
    ]
  },
  "hash": "979c7ba41dac5ea5593fc169ea95b68d2311c5ae05c1e18db43424c8ed2f2e4e"
 }
--- a/crates/database/.sqlx/query-9a3aef02e55fc436e9c09c1ee6d29477c2746765f6e7d5679058ec6525ee7253.json
+++ b/crates/database/.sqlx/query-9a3aef02e55fc436e9c09c1ee6d29477c2746765f6e7d5679058ec6525ee7253.json
@ -0,0 +1,38 @@
 {
  "db_name": "SQLite",
  "query": "select name,\n       label,\n       created_at  as \"created_at: DateTime<Utc>\",\n       is_archived as \"is_archived: bool\"\nfrom roles\n\nwhere name is (?)\n",
  "describe": {
    "columns": [
      {
        "name": "name",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "label",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 3,
        "type_info": "Int64"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false
    ]
  },
  "hash": "9a3aef02e55fc436e9c09c1ee6d29477c2746765f6e7d5679058ec6525ee7253"
 }
--- a/crates/database/.sqlx/query-9dc379b0f3a3c944a33ef01dc40489b29b2a61b9f73f6ca4b5df7e9fb9bccf90.json
+++ b/crates/database/.sqlx/query-9dc379b0f3a3c944a33ef01dc40489b29b2a61b9f73f6ca4b5df7e9fb9bccf90.json
@ -0,0 +1,98 @@
 {
  "db_name": "SQLite",
  "query": "select u.id,\n       u.created_at  as \"created_at: DateTime<Utc>\",\n       u.updated_at  as \"updated_at: DateTime<Utc>\",\n       u.is_admin    as \"is_admin: bool\",\n       u.username,\n       u.name,\n       u.email,\n       u.password,\n       u.password_recover,\n       u.paper_key,\n       u.is_archived as \"is_archived: bool\",\n       u.timezone,\n       u.totp_secret,\n       u.totp_backup\nfrom users u\n\n         inner join settings s on u.id = s.first_admin\n\nwhere u.is_admin is 1\n  and u.is_archived is 0\n  and u.id is s.first_admin\n\nlimit 1",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "is_admin: bool",
        "ordinal": 3,
        "type_info": "Int64"
      },
      {
        "name": "username",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "name",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "email",
        "ordinal": 6,
        "type_info": "Text"
      },
      {
        "name": "password",
        "ordinal": 7,
        "type_info": "Text"
      },
      {
        "name": "password_recover",
        "ordinal": 8,
        "type_info": "Text"
      },
      {
        "name": "paper_key",
        "ordinal": 9,
        "type_info": "Text"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 10,
        "type_info": "Int64"
      },
      {
        "name": "timezone",
        "ordinal": 11,
        "type_info": "Text"
      },
      {
        "name": "totp_secret",
        "ordinal": 12,
        "type_info": "Blob"
      },
      {
        "name": "totp_backup",
        "ordinal": 13,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      true,
      true,
      true,
      true,
      true,
      false,
      false,
      true,
      true
    ]
  },
  "hash": "9dc379b0f3a3c944a33ef01dc40489b29b2a61b9f73f6ca4b5df7e9fb9bccf90"
 }
--- a/crates/database/.sqlx/query-9f1885c4786f73335b4d614f562bb7cad49c91bfe7f084d8c25c6c571673ab90.json
+++ b/crates/database/.sqlx/query-9f1885c4786f73335b4d614f562bb7cad49c91bfe7f084d8c25c6c571673ab90.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update refresh_tokens\n\nset revoked_at = CURRENT_TIMESTAMP\n\nwhere revoked_at is null",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 0
    },
    "nullable": []
  },
  "hash": "9f1885c4786f73335b4d614f562bb7cad49c91bfe7f084d8c25c6c571673ab90"
 }
--- a/crates/database/.sqlx/query-a0dd1ddcc7d58fad78ed6c5027a9559428be9d0d59df6409ca9ec7cd728f6001.json
+++ b/crates/database/.sqlx/query-a0dd1ddcc7d58fad78ed6c5027a9559428be9d0d59df6409ca9ec7cd728f6001.json
@ -0,0 +1,44 @@
 {
  "db_name": "SQLite",
  "query": "select\n    -- info\n    token,\n    user,\n\n    -- timings\n    created_at as \"created_at: DateTime<Utc>\",\n    expires_at as \"expires_at: DateTime<Utc>\",\n    used_at    as \"used_at: DateTime<Utc>\"\nfrom totp_login_requests\n\nwhere token is (?)",
  "describe": {
    "columns": [
      {
        "name": "token",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "user",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "expires_at: DateTime<Utc>",
        "ordinal": 3,
        "type_info": "Text"
      },
      {
        "name": "used_at: DateTime<Utc>",
        "ordinal": 4,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false,
      true
    ]
  },
  "hash": "a0dd1ddcc7d58fad78ed6c5027a9559428be9d0d59df6409ca9ec7cd728f6001"
 }
--- a/crates/database/.sqlx/query-a2bf546b2cf6a53a3a127c08fbb7f3dfcf0fe7a30364b1fb57c3e6b757093578.json
+++ b/crates/database/.sqlx/query-a2bf546b2cf6a53a3a127c08fbb7f3dfcf0fe7a30364b1fb57c3e6b757093578.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "insert into totp_login_requests (token, user, expires_at)\nvalues (?, ?, datetime(?, 'unixepoch'))\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 3
    },
    "nullable": []
  },
  "hash": "a2bf546b2cf6a53a3a127c08fbb7f3dfcf0fe7a30364b1fb57c3e6b757093578"
 }
--- a/crates/database/.sqlx/query-a55b17a3a70e6445517f19536220f0dafc78a0e8b69221dee4715f84841839da.json
+++ b/crates/database/.sqlx/query-a55b17a3a70e6445517f19536220f0dafc78a0e8b69221dee4715f84841839da.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "insert into authorization_codes (code, app, user, expires_at)\nvalues (?, ?, ?, datetime(?, 'unixepoch'))\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 4
    },
    "nullable": []
  },
  "hash": "a55b17a3a70e6445517f19536220f0dafc78a0e8b69221dee4715f84841839da"
 }
--- a/crates/database/.sqlx/query-a9e910eedc27c495262571520627363290640b3af7d177a024cad06220a770f0.json
+++ b/crates/database/.sqlx/query-a9e910eedc27c495262571520627363290640b3af7d177a024cad06220a770f0.json
@ -0,0 +1,32 @@
 {
  "db_name": "SQLite",
  "query": "select user,\n       role,\n       created_at as \"created_at: DateTime<Utc>\"\n\nfrom permissions\n",
  "describe": {
    "columns": [
      {
        "name": "user",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "role",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      false
    ]
  },
  "hash": "a9e910eedc27c495262571520627363290640b3af7d177a024cad06220a770f0"
 }
--- a/crates/database/.sqlx/query-aae93a39c5a9f46235b5ef871b45ba76d7efa1677bfe8291a62b8cbf9cd9e0d5.json
+++ b/crates/database/.sqlx/query-aae93a39c5a9f46235b5ef871b45ba76d7efa1677bfe8291a62b8cbf9cd9e0d5.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update settings\n\nset first_admin = ?\n\nwhere id is 0\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "aae93a39c5a9f46235b5ef871b45ba76d7efa1677bfe8291a62b8cbf9cd9e0d5"
 }
--- a/crates/database/.sqlx/query-adcbc32e2c284b59eefb79fd2ff33d4ff1c2e250b2d103d8500fae203fb18a6d.json
+++ b/crates/database/.sqlx/query-adcbc32e2c284b59eefb79fd2ff33d4ff1c2e250b2d103d8500fae203fb18a6d.json
@ -0,0 +1,56 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at as \"created_at: DateTime<Utc>\",\n       updated_at as \"updated_at: DateTime<Utc>\",\n       business_name,\n       business_logo,\n       url,\n       first_admin\n\nfrom settings\n\nwhere id is 0\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Int64"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "business_name",
        "ordinal": 3,
        "type_info": "Text"
      },
      {
        "name": "business_logo",
        "ordinal": 4,
        "type_info": "Blob"
      },
      {
        "name": "url",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "first_admin",
        "ordinal": 6,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      false,
      true,
      true,
      true,
      true
    ]
  },
  "hash": "adcbc32e2c284b59eefb79fd2ff33d4ff1c2e250b2d103d8500fae203fb18a6d"
 }
--- a/crates/database/.sqlx/query-afc08ba1fd47656c7d987e3817941004f988e683d28df2f533ff6272bc71b356.json
+++ b/crates/database/.sqlx/query-afc08ba1fd47656c7d987e3817941004f988e683d28df2f533ff6272bc71b356.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update users\n\nset totp_secret = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "afc08ba1fd47656c7d987e3817941004f988e683d28df2f533ff6272bc71b356"
 }
--- a/crates/database/.sqlx/query-b3936ae237f02cc048ca084372f7975921c79aef8fcd6d15a4d63c10f2377d24.json
+++ b/crates/database/.sqlx/query-b3936ae237f02cc048ca084372f7975921c79aef8fcd6d15a4d63c10f2377d24.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "insert into refresh_tokens (token, ip_address, user, app, expires_at)\nvalues (?, ?, ?, ?, datetime(?, 'unixepoch'))\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 5
    },
    "nullable": []
  },
  "hash": "b3936ae237f02cc048ca084372f7975921c79aef8fcd6d15a4d63c10f2377d24"
 }
--- a/crates/database/.sqlx/query-baaae9952348da17e2f4d099c6903c50bc90daed80ee2df1fd0dc1d9d2c67b26.json
+++ b/crates/database/.sqlx/query-baaae9952348da17e2f4d099c6903c50bc90daed80ee2df1fd0dc1d9d2c67b26.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update users\n\nset totp_backup = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "baaae9952348da17e2f4d099c6903c50bc90daed80ee2df1fd0dc1d9d2c67b26"
 }
--- a/crates/database/.sqlx/query-c00e5fce25caebdeeb24db20880e6c2210f583cddb0d478075f78124258712dd.json
+++ b/crates/database/.sqlx/query-c00e5fce25caebdeeb24db20880e6c2210f583cddb0d478075f78124258712dd.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update refresh_tokens\n\nset revoked_at = CURRENT_TIMESTAMP\n\nwhere user is ?\n  and revoked_at is null",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "c00e5fce25caebdeeb24db20880e6c2210f583cddb0d478075f78124258712dd"
 }
--- a/crates/database/.sqlx/query-c28c88869239edc02c073f461645eca82d816650fabe65464e2059d5908d8a28.json
+++ b/crates/database/.sqlx/query-c28c88869239edc02c073f461645eca82d816650fabe65464e2059d5908d8a28.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update users\n\nset email = ?\n\nwhere id is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "c28c88869239edc02c073f461645eca82d816650fabe65464e2059d5908d8a28"
 }
--- a/crates/database/.sqlx/query-c3dcd38a2d4ff391aed4a2ac3f393646319950334494ecb5fa7effe9806d07ab.json
+++ b/crates/database/.sqlx/query-c3dcd38a2d4ff391aed4a2ac3f393646319950334494ecb5fa7effe9806d07ab.json
@ -0,0 +1,50 @@
 {
  "db_name": "SQLite",
  "query": "select code,\n       app,\n       user,\n       created_at as \"created_at: DateTime<Utc>\",\n       expires_at as \"expires_at: DateTime<Utc>\",\n       used_at    as \"used_at: DateTime<Utc>\"\nfrom authorization_codes\n",
  "describe": {
    "columns": [
      {
        "name": "code",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "app",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "user",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 3,
        "type_info": "Text"
      },
      {
        "name": "expires_at: DateTime<Utc>",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "used_at: DateTime<Utc>",
        "ordinal": 5,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      true
    ]
  },
  "hash": "c3dcd38a2d4ff391aed4a2ac3f393646319950334494ecb5fa7effe9806d07ab"
 }
--- a/crates/database/.sqlx/query-c6157ec3928527ec0ac5f493a5a91faff7e3668204a179e827a87d6279a02c40.json
+++ b/crates/database/.sqlx/query-c6157ec3928527ec0ac5f493a5a91faff7e3668204a179e827a87d6279a02c40.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update refresh_tokens\n\nset revoked_at = CURRENT_TIMESTAMP\n\nwhere token is ?",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "c6157ec3928527ec0ac5f493a5a91faff7e3668204a179e827a87d6279a02c40"
 }
--- a/crates/database/.sqlx/query-c724c273f9d99bde48c29d7a0e65198a1ddd775cd1bda10f6e4a8acfbca64b72.json
+++ b/crates/database/.sqlx/query-c724c273f9d99bde48c29d7a0e65198a1ddd775cd1bda10f6e4a8acfbca64b72.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "insert into permissions(user, role)\nvalues (?, ?)\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 2
    },
    "nullable": []
  },
  "hash": "c724c273f9d99bde48c29d7a0e65198a1ddd775cd1bda10f6e4a8acfbca64b72"
 }
--- a/crates/database/.sqlx/query-ca7d100a9440fb7854a27f9aafd91ce94d1df9fa1ccd65b549be92d16741f9d2.json
+++ b/crates/database/.sqlx/query-ca7d100a9440fb7854a27f9aafd91ce94d1df9fa1ccd65b549be92d16741f9d2.json
@ -0,0 +1,98 @@
 {
  "db_name": "SQLite",
  "query": "select u.id,\n       u.created_at  as \"created_at: DateTime<Utc>\",\n       u.updated_at  as \"updated_at: DateTime<Utc>\",\n       u.is_admin    as \"is_admin: bool\",\n       u.username,\n       u.name,\n       u.email,\n       u.password,\n       u.password_recover,\n       u.paper_key,\n       u.is_archived as \"is_archived: bool\",\n       u.timezone,\n       u.totp_secret,\n       u.totp_backup\nfrom users u\n\n         inner join refresh_tokens rt on u.id = rt.user\n\nwhere rt.token is ?\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "is_admin: bool",
        "ordinal": 3,
        "type_info": "Int64"
      },
      {
        "name": "username",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "name",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "email",
        "ordinal": 6,
        "type_info": "Text"
      },
      {
        "name": "password",
        "ordinal": 7,
        "type_info": "Text"
      },
      {
        "name": "password_recover",
        "ordinal": 8,
        "type_info": "Text"
      },
      {
        "name": "paper_key",
        "ordinal": 9,
        "type_info": "Text"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 10,
        "type_info": "Int64"
      },
      {
        "name": "timezone",
        "ordinal": 11,
        "type_info": "Text"
      },
      {
        "name": "totp_secret",
        "ordinal": 12,
        "type_info": "Blob"
      },
      {
        "name": "totp_backup",
        "ordinal": 13,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      true,
      true,
      true,
      true,
      true,
      false,
      false,
      true,
      true
    ]
  },
  "hash": "ca7d100a9440fb7854a27f9aafd91ce94d1df9fa1ccd65b549be92d16741f9d2"
 }
--- a/crates/database/.sqlx/query-cf12bd3112b2047f263118649ba89800509d94f3a858be99fb7ce8c8bc05d8b7.json
+++ b/crates/database/.sqlx/query-cf12bd3112b2047f263118649ba89800509d94f3a858be99fb7ce8c8bc05d8b7.json
@ -0,0 +1,98 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at  as \"created_at: DateTime<Utc>\",\n       updated_at  as \"updated_at: DateTime<Utc>\",\n       is_admin    as \"is_admin: bool\",\n       username,\n       name,\n       email,\n       password,\n       password_recover,\n       paper_key,\n       is_archived as \"is_archived: bool\",\n       timezone,\n       totp_secret,\n       totp_backup\nfrom users\n\nwhere password_recover is (?)\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "is_admin: bool",
        "ordinal": 3,
        "type_info": "Int64"
      },
      {
        "name": "username",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "name",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "email",
        "ordinal": 6,
        "type_info": "Text"
      },
      {
        "name": "password",
        "ordinal": 7,
        "type_info": "Text"
      },
      {
        "name": "password_recover",
        "ordinal": 8,
        "type_info": "Text"
      },
      {
        "name": "paper_key",
        "ordinal": 9,
        "type_info": "Text"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 10,
        "type_info": "Int64"
      },
      {
        "name": "timezone",
        "ordinal": 11,
        "type_info": "Text"
      },
      {
        "name": "totp_secret",
        "ordinal": 12,
        "type_info": "Blob"
      },
      {
        "name": "totp_backup",
        "ordinal": 13,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      true,
      true,
      true,
      true,
      true,
      false,
      false,
      true,
      true
    ]
  },
  "hash": "cf12bd3112b2047f263118649ba89800509d94f3a858be99fb7ce8c8bc05d8b7"
 }
--- a/crates/database/.sqlx/query-cf624c4e122477228e3bab09f7cd0dedf4776f73e7a86f19e06772a0adf83406.json
+++ b/crates/database/.sqlx/query-cf624c4e122477228e3bab09f7cd0dedf4776f73e7a86f19e06772a0adf83406.json
@ -0,0 +1,50 @@
 {
  "db_name": "SQLite",
  "query": "select code,\n       app,\n       user,\n       created_at as \"created_at: DateTime<Utc>\",\n       expires_at as \"expires_at: DateTime<Utc>\",\n       used_at    as \"used_at: DateTime<Utc>\"\nfrom authorization_codes\n\nwhere code is (?)\n",
  "describe": {
    "columns": [
      {
        "name": "code",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "app",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "user",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 3,
        "type_info": "Text"
      },
      {
        "name": "expires_at: DateTime<Utc>",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "used_at: DateTime<Utc>",
        "ordinal": 5,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      true
    ]
  },
  "hash": "cf624c4e122477228e3bab09f7cd0dedf4776f73e7a86f19e06772a0adf83406"
 }
--- a/crates/database/.sqlx/query-d166553746afb2d3eaa1ddcb9986b7b9723258f4051bce8287038e3dd1ac928a.json
+++ b/crates/database/.sqlx/query-d166553746afb2d3eaa1ddcb9986b7b9723258f4051bce8287038e3dd1ac928a.json
@ -0,0 +1,44 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at as \"created_at: DateTime<Utc>\",\n       revoked_at as \"revoked_at: DateTime<Utc>\",\n       private_der,\n       public_der\n\nfrom keys\nwhere revoked_at is null\norder by created_at desc\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "revoked_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "private_der",
        "ordinal": 3,
        "type_info": "Blob"
      },
      {
        "name": "public_der",
        "ordinal": 4,
        "type_info": "Blob"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      true,
      false,
      false
    ]
  },
  "hash": "d166553746afb2d3eaa1ddcb9986b7b9723258f4051bce8287038e3dd1ac928a"
 }
--- a/crates/database/.sqlx/query-d6d3a401f5563ce339099ccbdedec1ac248865810cafafd5d78d6cc3f74d5237.json
+++ b/crates/database/.sqlx/query-d6d3a401f5563ce339099ccbdedec1ac248865810cafafd5d78d6cc3f74d5237.json
@ -0,0 +1,98 @@
 {
  "db_name": "SQLite",
  "query": "select u.id,\n       u.created_at  as \"created_at: DateTime<Utc>\",\n       u.updated_at  as \"updated_at: DateTime<Utc>\",\n       u.is_admin    as \"is_admin: bool\",\n       u.username,\n       u.name,\n       u.email,\n       u.password,\n       u.password_recover,\n       u.paper_key,\n       u.is_archived as \"is_archived: bool\",\n       u.timezone,\n       u.totp_secret,\n       u.totp_backup\nfrom users u\n\n         inner join authorization_codes ac on u.id = ac.user\n\nwhere ac.code is ?",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "is_admin: bool",
        "ordinal": 3,
        "type_info": "Int64"
      },
      {
        "name": "username",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "name",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "email",
        "ordinal": 6,
        "type_info": "Text"
      },
      {
        "name": "password",
        "ordinal": 7,
        "type_info": "Text"
      },
      {
        "name": "password_recover",
        "ordinal": 8,
        "type_info": "Text"
      },
      {
        "name": "paper_key",
        "ordinal": 9,
        "type_info": "Text"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 10,
        "type_info": "Int64"
      },
      {
        "name": "timezone",
        "ordinal": 11,
        "type_info": "Text"
      },
      {
        "name": "totp_secret",
        "ordinal": 12,
        "type_info": "Blob"
      },
      {
        "name": "totp_backup",
        "ordinal": 13,
        "type_info": "Text"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      true,
      true,
      true,
      true,
      true,
      false,
      false,
      true,
      true
    ]
  },
  "hash": "d6d3a401f5563ce339099ccbdedec1ac248865810cafafd5d78d6cc3f74d5237"
 }
--- a/crates/database/.sqlx/query-d8517e5faa5292da25d21a85fcb2f676dce0f67275466566d5bbedf0f4b7f4f5.json
+++ b/crates/database/.sqlx/query-d8517e5faa5292da25d21a85fcb2f676dce0f67275466566d5bbedf0f4b7f4f5.json
@ -0,0 +1,62 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at      as \"created_at: DateTime<Utc>\",\n       updated_at      as \"updated_at: DateTime<Utc>\",\n       label,\n       redirect_uri,\n       secret,\n       is_confidential as \"is_confidential: bool\",\n       is_archived     as \"is_archived: bool\"\nfrom apps\n\nwhere is_archived is 1\norder by created_at desc",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "label",
        "ordinal": 3,
        "type_info": "Text"
      },
      {
        "name": "redirect_uri",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "secret",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "is_confidential: bool",
        "ordinal": 6,
        "type_info": "Int64"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 7,
        "type_info": "Int64"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      false,
      false,
      false
    ]
  },
  "hash": "d8517e5faa5292da25d21a85fcb2f676dce0f67275466566d5bbedf0f4b7f4f5"
 }
--- a/crates/database/.sqlx/query-e22ba816faac0c17ca9f2c31fd1b4a5f13a09cece9ec78e0b6e018950c91facb.json
+++ b/crates/database/.sqlx/query-e22ba816faac0c17ca9f2c31fd1b4a5f13a09cece9ec78e0b6e018950c91facb.json
@ -0,0 +1,62 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at      as \"created_at: DateTime<Utc>\",\n       updated_at      as \"updated_at: DateTime<Utc>\",\n       label,\n       redirect_uri,\n       secret,\n       is_confidential as \"is_confidential: bool\",\n       is_archived     as \"is_archived: bool\"\nfrom apps\n\nwhere id is (?)\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "label",
        "ordinal": 3,
        "type_info": "Text"
      },
      {
        "name": "redirect_uri",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "secret",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "is_confidential: bool",
        "ordinal": 6,
        "type_info": "Int64"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 7,
        "type_info": "Int64"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      false,
      false,
      false
    ]
  },
  "hash": "e22ba816faac0c17ca9f2c31fd1b4a5f13a09cece9ec78e0b6e018950c91facb"
 }
--- a/crates/database/.sqlx/query-e977ca16c7bd7ec4125725ff5e42d3c547634e2b608d6be91814bce657e07b65.json
+++ b/crates/database/.sqlx/query-e977ca16c7bd7ec4125725ff5e42d3c547634e2b608d6be91814bce657e07b65.json
@ -0,0 +1,20 @@
 {
  "db_name": "SQLite",
  "query": "select page_count * page_size\nFROM pragma_page_count(), pragma_page_size();",
  "describe": {
    "columns": [
      {
        "name": "page_count * page_size",
        "ordinal": 0,
        "type_info": "Int"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      null
    ]
  },
  "hash": "e977ca16c7bd7ec4125725ff5e42d3c547634e2b608d6be91814bce657e07b65"
 }
--- a/crates/database/.sqlx/query-eaf0744f65a1de803fa8cc21b67bad4bdf22760d431265cf97b911e6456b2fd8.json
+++ b/crates/database/.sqlx/query-eaf0744f65a1de803fa8cc21b67bad4bdf22760d431265cf97b911e6456b2fd8.json
@ -0,0 +1,62 @@
 {
  "db_name": "SQLite",
  "query": "select a.id,\n       a.created_at      as \"created_at: DateTime<Utc>\",\n       a.updated_at      as \"updated_at: DateTime<Utc>\",\n       a.label,\n       a.redirect_uri,\n       a.secret,\n       a.is_confidential as \"is_confidential: bool\",\n       a.is_archived     as \"is_archived: bool\"\nfrom apps a\n\n         inner join authorization_codes ac on a.id = ac.app\n\nwhere ac.code is ?\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "label",
        "ordinal": 3,
        "type_info": "Text"
      },
      {
        "name": "redirect_uri",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "secret",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "is_confidential: bool",
        "ordinal": 6,
        "type_info": "Int64"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 7,
        "type_info": "Int64"
      }
    ],
    "parameters": {
      "Right": 1
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      false,
      false,
      false
    ]
  },
  "hash": "eaf0744f65a1de803fa8cc21b67bad4bdf22760d431265cf97b911e6456b2fd8"
 }
--- a/crates/database/.sqlx/query-eb1a0153c88b0b2744ed1b71df04a91a129a0173fbbc3e2536f52d41e8dc99c4.json
+++ b/crates/database/.sqlx/query-eb1a0153c88b0b2744ed1b71df04a91a129a0173fbbc3e2536f52d41e8dc99c4.json
@ -0,0 +1,62 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at      as \"created_at: DateTime<Utc>\",\n       updated_at      as \"updated_at: DateTime<Utc>\",\n       label,\n       redirect_uri,\n       secret,\n       is_confidential as \"is_confidential: bool\",\n       is_archived     as \"is_archived: bool\"\nfrom apps\n\nwhere id is (?)\n  and redirect_uri is (?)\n  and is_archived is 0\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "label",
        "ordinal": 3,
        "type_info": "Text"
      },
      {
        "name": "redirect_uri",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "secret",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "is_confidential: bool",
        "ordinal": 6,
        "type_info": "Int64"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 7,
        "type_info": "Int64"
      }
    ],
    "parameters": {
      "Right": 2
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      false,
      false,
      false
    ]
  },
  "hash": "eb1a0153c88b0b2744ed1b71df04a91a129a0173fbbc3e2536f52d41e8dc99c4"
 }
--- a/crates/database/.sqlx/query-ebe28f418d28303b2efe1fe192a63538d29d75c57b67d5eac1ac4ceaa1472a5c.json
+++ b/crates/database/.sqlx/query-ebe28f418d28303b2efe1fe192a63538d29d75c57b67d5eac1ac4ceaa1472a5c.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "update authorization_codes\n\nset used_at = CURRENT_TIMESTAMP\n\nwhere user is ?\n  and used_at is null",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 1
    },
    "nullable": []
  },
  "hash": "ebe28f418d28303b2efe1fe192a63538d29d75c57b67d5eac1ac4ceaa1472a5c"
 }
--- a/crates/database/.sqlx/query-ed27954feb3e21b5c519ccd0312526e68fb3d88a1feb28bdafb414e990da55e8.json
+++ b/crates/database/.sqlx/query-ed27954feb3e21b5c519ccd0312526e68fb3d88a1feb28bdafb414e990da55e8.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "insert into apps (id, label, redirect_uri, secret, is_confidential)\nvalues (?, ?, ?, ?, ?)\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 5
    },
    "nullable": []
  },
  "hash": "ed27954feb3e21b5c519ccd0312526e68fb3d88a1feb28bdafb414e990da55e8"
 }
--- a/crates/database/.sqlx/query-f705411720bd037562f7e3622832262ac4c0a8fc0921fbd934d2b98146d3f413.json
+++ b/crates/database/.sqlx/query-f705411720bd037562f7e3622832262ac4c0a8fc0921fbd934d2b98146d3f413.json
@ -0,0 +1,12 @@
 {
  "db_name": "SQLite",
  "query": "insert into keys (id, private_der, public_der)\nvalues (?, ?, ?)\n",
  "describe": {
    "columns": [],
    "parameters": {
      "Right": 3
    },
    "nullable": []
  },
  "hash": "f705411720bd037562f7e3622832262ac4c0a8fc0921fbd934d2b98146d3f413"
 }
--- a/crates/database/.sqlx/query-fb35faa6eb7349f783d0053509225216693532c7233a3bf61674b64c2fb3dad7.json
+++ b/crates/database/.sqlx/query-fb35faa6eb7349f783d0053509225216693532c7233a3bf61674b64c2fb3dad7.json
@ -0,0 +1,62 @@
 {
  "db_name": "SQLite",
  "query": "select id,\n       created_at      as \"created_at: DateTime<Utc>\",\n       updated_at      as \"updated_at: DateTime<Utc>\",\n       label,\n       redirect_uri,\n       secret,\n       is_confidential as \"is_confidential: bool\",\n       is_archived     as \"is_archived: bool\"\nfrom apps\n\norder by created_at desc\n",
  "describe": {
    "columns": [
      {
        "name": "id",
        "ordinal": 0,
        "type_info": "Text"
      },
      {
        "name": "created_at: DateTime<Utc>",
        "ordinal": 1,
        "type_info": "Text"
      },
      {
        "name": "updated_at: DateTime<Utc>",
        "ordinal": 2,
        "type_info": "Text"
      },
      {
        "name": "label",
        "ordinal": 3,
        "type_info": "Text"
      },
      {
        "name": "redirect_uri",
        "ordinal": 4,
        "type_info": "Text"
      },
      {
        "name": "secret",
        "ordinal": 5,
        "type_info": "Text"
      },
      {
        "name": "is_confidential: bool",
        "ordinal": 6,
        "type_info": "Int64"
      },
      {
        "name": "is_archived: bool",
        "ordinal": 7,
        "type_info": "Int64"
      }
    ],
    "parameters": {
      "Right": 0
    },
    "nullable": [
      false,
      false,
      false,
      false,
      false,
      false,
      false,
      false
    ]
  },
  "hash": "fb35faa6eb7349f783d0053509225216693532c7233a3bf61674b64c2fb3dad7"
 }
--- a/crates/database/Cargo.toml
+++ b/crates/database/Cargo.toml
@ -8,4 +8,4 @@ thiserror = { workspace = true }
 [dependencies.sqlx]
 workspace = true
-features = ["sqlite", "macros", "migrate", "chrono", "offline", "runtime-tokio-rustls"]
+features = ["sqlite", "macros", "migrate", "chrono", "runtime-tokio-rustls"]
--- a/crates/database/sqlx-data.json
+++ b/crates/database/sqlx-data.json
--- a/crates/ezidam/Cargo.toml
+++ b/crates/ezidam/Cargo.toml
@ -4,15 +4,15 @@ version = "0.1.0"
 edition = "2021"
 [dependencies]
-rocket = { version = "=0.5.0-rc.3", features = ["json"] }
+rocket = { version = "=0.5.0-rc.4", features = ["json"] }
-rocket_db_pools = { version = "=0.1.0-rc.3", features = ["sqlx_sqlite"] }
+rocket_db_pools = { version = "=0.1.0-rc.4", features = ["sqlx_sqlite"] }
-rocket_dyn_templates = { version = "=0.1.0-rc.3", features = ["tera"] }
+rocket_dyn_templates = { version = "=0.1.0-rc.4", features = ["tera"] }
 infer = { version = "0.13", default-features = false }
 erased-serde = "0.3"
 url = { workspace = true }
 futures = "0.3"
 base64 = "0.21.0"
-rocket_cors = "0.6.0-alpha2"
+rocket_cors = "0.6.0-alpha3"
 email_address = { workspace = true }
 chrono-tz = "0.8.2"
 chrono-humanize = "0.2.2"
--- a/crates/ezidam/src/guards/access_token.rs
+++ b/crates/ezidam/src/guards/access_token.rs
@ -35,7 +35,7 @@ impl AccessToken {
            },
            Err(e) => match e {
                Outcome::Success(s) => Ok(Some(Self(s))),
-                Outcome::Failure(e) => Err(BearerAuthError::Jwt(e.1)),
+                Outcome::Error(e) => Err(BearerAuthError::Jwt(e.1)),
                Outcome::Forward(_) => Ok(None),
            },
        }
@ -50,15 +50,15 @@ impl<'r> FromRequest<'r> for AccessToken {
        let keys: Vec<_> = request.headers().get("Authorization").collect();
        match keys.len() {
-            0 => Outcome::Forward(()),
+            0 => Outcome::Forward(Status::Unauthorized),
            1 => match AccessToken::from_bearer(keys[0], request).await {
                Ok(access_token) => match access_token {
                    Some(access_token) => Outcome::Success(access_token),
-                    None => Outcome::Forward(()),
+                    None => Outcome::Forward(Status::Unauthorized),
                },
-                Err(e) => Outcome::Failure((Status::Unauthorized, e)),
+                Err(e) => Outcome::Error((Status::Unauthorized, e)),
            },
-            _ => Outcome::Failure((Status::BadRequest, BearerAuthError::BadCount)),
+            _ => Outcome::Error((Status::BadRequest, BearerAuthError::BadCount)),
        }
    }
 }
--- a/crates/ezidam/src/guards/basic_auth.rs
+++ b/crates/ezidam/src/guards/basic_auth.rs
@ -56,12 +56,12 @@ impl<'r> FromRequest<'r> for BasicAuth {
        let keys: Vec<_> = request.headers().get("Authorization").collect();
        match keys.len() {
-            0 => Outcome::Forward(()),
+            0 => Outcome::Forward(Status::BadRequest),
            1 => match BasicAuth::from_base64(keys[0]) {
                Ok(auth_header) => Outcome::Success(auth_header),
-                Err(e) => Outcome::Failure((Status::BadRequest, e)),
+                Err(e) => Outcome::Error((Status::BadRequest, e)),
            },
-            _ => Outcome::Failure((Status::BadRequest, BasicAuthError::BadCount)),
+            _ => Outcome::Error((Status::BadRequest, BasicAuthError::BadCount)),
        }
    }
 }
--- a/crates/ezidam/src/guards/completed_setup.rs
+++ b/crates/ezidam/src/guards/completed_setup.rs
@ -19,16 +19,16 @@ impl<'r> FromRequest<'r> for CompletedSetup {
    async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
        let db = match request.guard::<&Database>().await {
            Outcome::Success(database) => database,
-            Outcome::Failure(e) => return Outcome::Failure((e.0, Error::GetDatabase)),
+            Outcome::Error(e) => return Outcome::Error((e.0, Error::GetDatabase)),
            Outcome::Forward(f) => return Outcome::Forward(f),
        };
        match User::get_initial_admin(&**db).await {
            Ok(initial_admin) => match initial_admin {
                Some(_) => Outcome::Success(CompletedSetup),
-                None => Outcome::Forward(()),
+                None => Outcome::Forward(Status::PermanentRedirect),
            },
-            Err(e) => Outcome::Failure((Status::InternalServerError, Error::Request(e))),
+            Err(e) => Outcome::Error((Status::InternalServerError, Error::Request(e))),
        }
    }
 }
--- a/crates/ezidam/src/guards/jwt.rs
+++ b/crates/ezidam/src/guards/jwt.rs
@ -16,6 +16,7 @@ use rocket::time::Duration;
 use rocket::tokio::task;
 use rocket::Request;
 use settings::Settings;
 use std::ops::DerefMut;
 use users::User;
 mod admin;
@ -78,14 +79,14 @@ pub async fn validate_jwt<T>(
    // Get database
    let db = match request.guard::<&Database>().await {
        Outcome::Success(database) => database,
-        Outcome::Failure(e) => return Err(Outcome::Failure((e.0, Error::GetDatabase))),
+        Outcome::Error(e) => return Err(Outcome::Error((e.0, Error::GetDatabase))),
        Outcome::Forward(f) => return Err(Outcome::Forward(f)),
    };
    let mut transaction = match db.begin().await {
        Ok(transaction) => transaction,
        Err(_e) => {
-            return Err(Outcome::Failure((
+            return Err(Outcome::Error((
                Status::InternalServerError,
                Error::StartTransaction,
            )));
@ -93,10 +94,10 @@ pub async fn validate_jwt<T>(
    };
    // Get keys
-    let keys = match Key::get_all(&mut transaction, Some(false)).await {
+    let keys = match Key::get_all(transaction.deref_mut(), Some(false)).await {
        Ok(keys) => keys,
        Err(e) => {
-            return Err(Outcome::Failure((
+            return Err(Outcome::Error((
                Status::InternalServerError,
                Error::Keys(e),
            )))
@ -105,10 +106,10 @@ pub async fn validate_jwt<T>(
    if let Some(specific_user) = specific_user {
        // Get settings
-        let settings = match Settings::get(&mut transaction).await {
+        let settings = match Settings::get(transaction.deref_mut()).await {
            Ok(settings) => settings,
            Err(e) => {
-                return Err(Outcome::Failure((
+                return Err(Outcome::Error((
                    Status::InternalServerError,
                    Error::GetSettings(e),
                )));
@ -119,7 +120,7 @@ pub async fn validate_jwt<T>(
        let first_admin = match settings.first_admin() {
            Some(home_page) => UserID(home_page.to_string()),
            None => {
-                return Err(Outcome::Failure((
+                return Err(Outcome::Error((
                    Status::InternalServerError,
                    Error::FirstAdminNotSet,
                )));
@ -133,7 +134,7 @@ pub async fn validate_jwt<T>(
    }
    if let Err(_e) = transaction.commit().await {
-        return Err(Outcome::Failure((
+        return Err(Outcome::Error((
            Status::InternalServerError,
            Error::CommitTransaction,
        )));
@ -191,11 +192,11 @@ pub async fn validate_jwt<T>(
                // Return jwt claims
                Ok(claims)
            }
-            Err(_e) => Err(Outcome::Forward(())),
+            Err(_e) => Err(Outcome::Forward(Status::Unauthorized)),
        },
        Err(e) => {
            // Failed to run blocking task
-            Err(Outcome::Failure((
+            Err(Outcome::Error((
                Status::InternalServerError,
                Error::BlockingTask(e.to_string()),
            )))
@ -211,92 +212,92 @@ pub async fn use_refresh_token(
    // Get database
    let db = match request.guard::<&Database>().await {
        Outcome::Success(database) => database,
-        Outcome::Failure(e) => return Outcome::Failure((e.0, Error::GetDatabase)),
+        Outcome::Error(e) => return Outcome::Error((e.0, Error::GetDatabase)),
        Outcome::Forward(f) => return Outcome::Forward(f),
    };
    // Get cookies
    let cookie_jar = match request.guard::<&CookieJar>().await {
        Outcome::Success(cookie_jar) => cookie_jar,
-        Outcome::Failure(e) => return Outcome::Failure((e.0, Error::GetCookies)),
+        Outcome::Error(e) => return Outcome::Error((e.0, Error::GetCookies)),
        Outcome::Forward(f) => return Outcome::Forward(f),
    };
    let mut transaction = match db.begin().await {
        Ok(transaction) => transaction,
        Err(_e) => {
-            return Outcome::Failure((Status::InternalServerError, Error::StartTransaction));
+            return Outcome::Error((Status::InternalServerError, Error::StartTransaction));
        }
    };
-    let refresh_token = match RefreshToken::get_one(&mut transaction, &refresh).await {
+    let refresh_token = match RefreshToken::get_one(transaction.deref_mut(), &refresh).await {
        Ok(refresh_token) => match refresh_token {
            Some(refresh_token) => refresh_token,
-            None => return Outcome::Forward(()),
+            None => return Outcome::Forward(Status::Unauthorized),
        },
        Err(e) => {
-            return Outcome::Failure((Status::InternalServerError, Error::GetRefreshToken(e)));
+            return Outcome::Error((Status::InternalServerError, Error::GetRefreshToken(e)));
        }
    };
-    let user = match User::get_one_from_refresh_token(&mut transaction, &refresh).await {
+    let user = match User::get_one_from_refresh_token(transaction.deref_mut(), &refresh).await {
        Ok(user) => match user {
            Some(user) => user,
            None => {
-                return Outcome::Failure((Status::InternalServerError, Error::UserNotFound));
+                return Outcome::Error((Status::InternalServerError, Error::UserNotFound));
            }
        },
        Err(e) => {
-            return Outcome::Failure((Status::InternalServerError, Error::GetUser(e)));
+            return Outcome::Error((Status::InternalServerError, Error::GetUser(e)));
        }
    };
    // make sure that `get_admin` is respected, dont generate token for unwanted users!
    if let Some(get_admin) = get_admin {
        if user.is_admin() != get_admin {
-            return Outcome::Forward(());
+            return Outcome::Forward(Status::Forbidden);
        }
    }
    if refresh_token.has_been_used() {
        // Revoke all tokens for user
        if let Err(e) =
-            RefreshToken::revoke_all_for_user(&mut transaction, refresh_token.user()).await
+            RefreshToken::revoke_all_for_user(transaction.deref_mut(), refresh_token.user()).await
        {
-            return Outcome::Failure((Status::InternalServerError, Error::RevokeRefreshTokens(e)));
+            return Outcome::Error((Status::InternalServerError, Error::RevokeRefreshTokens(e)));
        }
        if let Err(_e) = transaction.commit().await {
-            return Outcome::Failure((Status::InternalServerError, Error::CommitTransaction));
+            return Outcome::Error((Status::InternalServerError, Error::CommitTransaction));
        }
-        return Outcome::Forward(());
+        return Outcome::Forward(Status::Unauthorized);
    }
    if refresh_token.is_revoked() {
-        return Outcome::Forward(());
+        return Outcome::Forward(Status::Unauthorized);
    }
    if refresh_token.has_expired() {
-        return Outcome::Forward(());
+        return Outcome::Forward(Status::Unauthorized);
    }
-    if let Err(e) = refresh_token.use_token(&mut transaction).await {
+    if let Err(e) = refresh_token.use_token(transaction.deref_mut()).await {
-        return Outcome::Failure((Status::InternalServerError, Error::MarkRefreshTokenUsed(e)));
+        return Outcome::Error((Status::InternalServerError, Error::MarkRefreshTokenUsed(e)));
    }
    // Get base url
-    let settings = match Settings::get(&mut transaction).await {
+    let settings = match Settings::get(transaction.deref_mut()).await {
        Ok(settings) => settings,
        Err(e) => {
-            return Outcome::Failure((Status::InternalServerError, Error::GetSettings(e)));
+            return Outcome::Error((Status::InternalServerError, Error::GetSettings(e)));
        }
    };
    let home_page = match settings.url().map(String::from) {
        Some(home_page) => home_page,
        None => {
-            return Outcome::Failure((Status::InternalServerError, Error::ServerUrlNotSet));
+            return Outcome::Error((Status::InternalServerError, Error::ServerUrlNotSet));
        }
    };
@ -304,7 +305,7 @@ pub async fn use_refresh_token(
    let new_refresh_token = match task::spawn_blocking(SecretString::default).await {
        Ok(new_refresh_token) => new_refresh_token,
        Err(e) => {
-            return Outcome::Failure((
+            return Outcome::Error((
                Status::InternalServerError,
                Error::BlockingTask(e.to_string()),
            ));
@ -315,13 +316,13 @@ pub async fn use_refresh_token(
    let ip_address = match request.client_ip() {
        Some(ip) => ip.to_string(),
        None => {
-            return Outcome::Failure((Status::BadRequest, Error::UnknownIp));
+            return Outcome::Error((Status::BadRequest, Error::UnknownIp));
        }
    };
    // Insert refresh token in database
    if let Err(e) = RefreshToken::insert(
-        &mut transaction,
+        transaction.deref_mut(),
        new_refresh_token.as_ref(),
        ip_address,
        user.id(),
@ -330,7 +331,7 @@ pub async fn use_refresh_token(
    )
    .await
    {
-        return Outcome::Failure((Status::InternalServerError, Error::SaveRefreshToken(e)));
+        return Outcome::Error((Status::InternalServerError, Error::SaveRefreshToken(e)));
    }
    // Add refresh token as a cookie
@ -345,24 +346,21 @@ pub async fn use_refresh_token(
    cookie_jar.add(cookie);
    // Get latest key from database
-    let key = match Key::get_most_recent(&mut transaction).await {
+    let key = match Key::get_most_recent(transaction.deref_mut()).await {
        Ok(key) => match key {
            Some(key) => key,
            None => {
-                return Outcome::Failure((
+                return Outcome::Error((Status::InternalServerError, Error::MostRecentKeyNotFound));
                    Status::InternalServerError,
                    Error::MostRecentKeyNotFound,
                ));
            }
        },
        Err(e) => {
-            return Outcome::Failure((Status::InternalServerError, Error::GetKey(e)));
+            return Outcome::Error((Status::InternalServerError, Error::GetKey(e)));
        }
    };
    // Make sure key has not been revoked
    if key.is_revoked() {
-        return Outcome::Failure((Status::InternalServerError, Error::MostRecentKeyRevoked));
+        return Outcome::Error((Status::InternalServerError, Error::MostRecentKeyRevoked));
    }
    // Import private key
@ -373,11 +371,11 @@ pub async fn use_refresh_token(
            Ok(private_key) => match private_key {
                Ok(private_key) => private_key,
                Err(e) => {
-                    return Outcome::Failure((Status::InternalServerError, Error::ImportKey(e)));
+                    return Outcome::Error((Status::InternalServerError, Error::ImportKey(e)));
                }
            },
            Err(e) => {
-                return Outcome::Failure((
+                return Outcome::Error((
                    Status::InternalServerError,
                    Error::BlockingTask(e.to_string()),
                ));
@ -385,13 +383,13 @@ pub async fn use_refresh_token(
        };
    // Get user roles
-    let roles = match Permission::get_all(&mut transaction, Some(user.id()), None).await {
+    let roles = match Permission::get_all(transaction.deref_mut(), Some(user.id()), None).await {
        Ok(roles) => roles
            .into_iter()
            .map(|role| role.role().to_string())
            .collect(),
        Err(e) => {
-            return Outcome::Failure((Status::InternalServerError, Error::GetPermissions(e)));
+            return Outcome::Error((Status::InternalServerError, Error::GetPermissions(e)));
        }
    };
@ -403,7 +401,7 @@ pub async fn use_refresh_token(
    {
        Ok(jwt) => jwt,
        Err(e) => {
-            return Outcome::Failure((Status::InternalServerError, Error::SignJwt(e)));
+            return Outcome::Error((Status::InternalServerError, Error::SignJwt(e)));
        }
    };
@ -416,7 +414,7 @@ pub async fn use_refresh_token(
    cookie_jar.add(cookie);
    if let Err(_e) = transaction.commit().await {
-        return Outcome::Failure((Status::InternalServerError, Error::CommitTransaction));
+        return Outcome::Error((Status::InternalServerError, Error::CommitTransaction));
    }
    Outcome::Success(jwt_claims)
@ -436,7 +434,7 @@ pub async fn use_access_token_or_refresh_token(
            match validate_jwt(access, request, get_admin, specific_user).await {
                Ok(jwt_claims) => match jwt_claims {
                    Some(jwt_claims) => Outcome::Success(jwt_claims),
-                    None => Outcome::Forward(()),
+                    None => Outcome::Forward(Status::Unauthorized),
                },
                Err(e) => e,
            }
@ -447,7 +445,7 @@ pub async fn use_access_token_or_refresh_token(
        }
        (None, None) => {
            // Nothing to do
-            Outcome::Forward(())
+            Outcome::Forward(Status::Unauthorized)
        }
    }
 }
--- a/crates/ezidam/src/guards/jwt/admin_not_current.rs
+++ b/crates/ezidam/src/guards/jwt/admin_not_current.rs
@ -2,6 +2,7 @@ use super::Error;
 use crate::guards::{use_access_token_or_refresh_token, SpecificUser};
 use crate::id::RocketUserID;
 use jwt::JwtClaims;
 use rocket::http::Status;
 use rocket::request::{FromRequest, Outcome};
 use rocket::Request;
@ -30,7 +31,7 @@ impl<'r> FromRequest<'r> for JwtAdminNotCurrent {
            ret
        } {
            Some(user_id) => user_id,
-            None => return Outcome::Forward(()),
+            None => return Outcome::Forward(Status::Forbidden),
        };
        // Don't allow first admin
@ -49,10 +50,10 @@ impl<'r> FromRequest<'r> for JwtAdminNotCurrent {
                if success.0.subject != user_id.0 .0 {
                    Outcome::Success(success)
                } else {
-                    Outcome::Forward(())
+                    Outcome::Forward(Status::Forbidden)
                }
            }
-            Outcome::Failure(failure) => Outcome::Failure(failure),
+            Outcome::Error(failure) => Outcome::Error(failure),
            Outcome::Forward(forward) => Outcome::Forward(forward),
        }
    }
--- a/crates/ezidam/src/guards/need_setup.rs
+++ b/crates/ezidam/src/guards/need_setup.rs
@ -19,16 +19,16 @@ impl<'r> FromRequest<'r> for NeedSetup {
    async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
        let db = match request.guard::<&Database>().await {
            Outcome::Success(database) => database,
-            Outcome::Failure(e) => return Outcome::Failure((e.0, Error::GetDatabase)),
+            Outcome::Error(e) => return Outcome::Error((e.0, Error::GetDatabase)),
            Outcome::Forward(f) => return Outcome::Forward(f),
        };
        match User::get_initial_admin(&**db).await {
            Ok(initial_admin) => match initial_admin {
-                Some(_) => Outcome::Forward(()),
+                Some(_) => Outcome::Forward(Status::PermanentRedirect),
                None => Outcome::Success(NeedSetup),
            },
-            Err(e) => Outcome::Failure((Status::InternalServerError, Error::Request(e))),
+            Err(e) => Outcome::Error((Status::InternalServerError, Error::Request(e))),
        }
    }
 }
--- a/crates/ezidam/src/guards/refresh_token.rs
+++ b/crates/ezidam/src/guards/refresh_token.rs
@ -1,4 +1,5 @@
 use crate::tokens::REFRESH_TOKEN_COOKIE_NAME;
 use rocket::http::Status;
 use rocket::request::{FromRequest, Outcome};
 use rocket::Request;
@ -26,7 +27,7 @@ impl<'r> FromRequest<'r> for RefreshToken {
    async fn from_request(request: &'r Request<'_>) -> Outcome<Self, Self::Error> {
        match get_refresh_token_from_cookie(request) {
            Some(refresh_token) => Outcome::Success(Self(refresh_token)),
-            None => Outcome::Forward(()),
+            None => Outcome::Forward(Status::Unauthorized),
        }
    }
 }
--- a/crates/ezidam/src/guards/totp_request.rs
+++ b/crates/ezidam/src/guards/totp_request.rs
@ -1,3 +1,4 @@
 use rocket::http::Status;
 use rocket::request::{FromRequest, Outcome};
 use rocket::Request;
 use users::totp_login_request::{TOTP_REQUEST_COOKIE_NAME, TOTP_REQUEST_LEN};
@ -16,10 +17,10 @@ impl<'r> FromRequest<'r> for TotpRequest {
                if value.len() == TOTP_REQUEST_LEN {
                    Outcome::Success(Self(value.to_string()))
                } else {
-                    Outcome::Forward(())
+                    Outcome::Forward(Status::BadRequest)
                }
            }
-            None => Outcome::Forward(()),
+            None => Outcome::Forward(Status::BadRequest),
        }
    }
 }
--- a/crates/ezidam/src/lib.rs
+++ b/crates/ezidam/src/lib.rs
@ -30,6 +30,8 @@ pub fn config() -> rocket::figment::Figment {
    Figment::from(Config::default())
        // from `ezidam.toml`
        .merge(Toml::file(Env::var_or("EZIDAM_CONFIG", "ezidam.toml")).nested())
        // from env variables directly
        .merge(Env::prefixed("EZIDAM_").ignore(&["PROFILE"]).global())
        // from code below
        .merge(("ip_header", "x-forwarded-for"))
 }
--- a/crates/ezidam/src/routes.rs
+++ b/crates/ezidam/src/routes.rs
@ -7,7 +7,7 @@ pub mod settings;
 pub mod setup;
 pub mod well_known;
-pub(self) mod prelude {
+mod prelude {
    pub use crate::database::Database;
    pub use crate::error::Error;
    pub use crate::file_from_bytes::FileFromBytes;
@ -27,6 +27,7 @@ pub(self) mod prelude {
    pub use rocket_db_pools::sqlx::Acquire;
    pub use rocket_db_pools::Connection;
    pub use rocket_dyn_templates::Template;
    pub use std::ops::DerefMut;
    pub type Result<T> = std::result::Result<T, Error>;
 }
--- a/crates/ezidam/src/routes/admin/apps.rs
+++ b/crates/ezidam/src/routes/admin/apps.rs
@ -10,7 +10,9 @@ pub async fn admin_apps_list(
    admin: JwtAdmin,
    flash: Option<FlashMessage<'_>>,
 ) -> Result<Template> {
-    let apps = App::get_all(&mut *db, None).await?;
+    let mut transaction = db.begin().await?;
    let apps = App::get_all(transaction.deref_mut(), None).await?;
    transaction.commit().await?;
    let page = Page::AdminAppsList(super::content::AdminAppsList {
        user: admin.0,
@ -54,8 +56,9 @@ pub async fn admin_apps_new_form(
    let app_secret_hash = task::spawn_blocking(move || Secret::new(app_secret)).await??;
    // Insert in database
    let mut transaction = db.begin().await?;
    App::insert(
-        &mut *db,
+        transaction.deref_mut(),
        &app_id,
        form.label,
        &redirect_uri,
@ -63,6 +66,7 @@ pub async fn admin_apps_new_form(
        form.is_confidential,
    )
    .await?;
    transaction.commit().await?;
    Ok(Flash::new(
        Redirect::to(uri!(admin_apps_list)),
@ -79,9 +83,11 @@ pub async fn admin_apps_view(
    flash: Option<FlashMessage<'_>>,
 ) -> Result<Template> {
    let app_id = id.0;
-    let app = App::get_one_by_id(&mut *db, app_id.as_ref())
+    let mut transaction = db.begin().await?;
    let app = App::get_one_by_id(transaction.deref_mut(), app_id.as_ref())
        .await?
        .ok_or_else(|| Error::not_found(app_id.to_string()))?;
    transaction.commit().await?;
    if app.is_archived() {
        return Err(Error::gone(format!(
@ -108,14 +114,16 @@ pub async fn admin_apps_view_form(
    let redirect_uri = Url::parse(form.redirect_uri)?;
    // Update app
    let mut transaction = db.begin().await?;
    App::update(
-        &mut *db,
+        transaction.deref_mut(),
        &id.0,
        form.label,
        &redirect_uri,
        form.is_confidential,
    )
    .await?;
    transaction.commit().await?;
    Ok(Flash::new(
        Redirect::to(uri!(admin_apps_list)),
@ -144,7 +152,7 @@ pub async fn admin_apps_new_secret(
    // Get app
    let app_id = &id.0;
-    let app = App::get_one_by_id(&mut transaction, app_id.as_ref())
+    let app = App::get_one_by_id(transaction.deref_mut(), app_id.as_ref())
        .await?
        .ok_or_else(|| Error::not_found(app_id.to_string()))?;
@ -163,7 +171,8 @@ pub async fn admin_apps_new_secret(
    let app_secret_hash = task::spawn_blocking(move || Secret::new(app_secret)).await??;
    // Save new secret
-    app.new_secret(&mut transaction, &app_secret_hash).await?;
+    app.new_secret(transaction.deref_mut(), &app_secret_hash)
        .await?;
    transaction.commit().await?;
@ -198,7 +207,7 @@ pub async fn admin_apps_archive(
    // Get app
    let app_id = &id.0;
-    let app = App::get_one_by_id(&mut transaction, app_id.as_ref())
+    let app = App::get_one_by_id(transaction.deref_mut(), app_id.as_ref())
        .await?
        .ok_or_else(|| Error::not_found(app_id.to_string()))?;
@ -210,10 +219,10 @@ pub async fn admin_apps_archive(
    }
    // Archive
-    app.archive(&mut transaction).await?;
+    app.archive(transaction.deref_mut()).await?;
    // Revoke refresh tokens
-    refresh_tokens::RefreshToken::revoke_all_for_app(&mut transaction, app_id).await?;
+    refresh_tokens::RefreshToken::revoke_all_for_app(transaction.deref_mut(), app_id).await?;
    transaction.commit().await?;
--- a/crates/ezidam/src/routes/admin/dashboard.rs
+++ b/crates/ezidam/src/routes/admin/dashboard.rs
@ -10,17 +10,17 @@ pub async fn admin_dashboard(mut db: Connection<Database>, admin: JwtAdmin) -> R
    let mut transaction = db.begin().await?;
    // Get users
-    let users = User::get_all(&mut transaction).await?;
+    let users = User::get_all(transaction.deref_mut()).await?;
    // Get roles
-    let roles = Role::get_all(&mut transaction).await?;
+    let roles = Role::get_all(transaction.deref_mut()).await?;
    // Get apps
-    let apps = App::get_all(&mut transaction, None).await?;
+    let apps = App::get_all(transaction.deref_mut(), None).await?;
    // Get number of logins in the last 24 hours
    let number_logins_last_24_hours =
-        AuthorizationCode::used_in_last_24_hours(&mut transaction).await?;
+        AuthorizationCode::used_in_last_24_hours(transaction.deref_mut()).await?;
    transaction.commit().await?;
--- a/crates/ezidam/src/routes/admin/permissions.rs
+++ b/crates/ezidam/src/routes/admin/permissions.rs
@ -25,7 +25,7 @@ pub async fn admin_permissions_users(
 ) -> Result<Template> {
    let mut transaction = db.begin().await?;
-    let users = User::get_all(&mut transaction)
+    let users = User::get_all(transaction.deref_mut())
        .await?
        .into_iter()
        .filter(|user| !user.is_archived())
@ -69,7 +69,7 @@ pub async fn admin_permissions_for_user(
    let mut transaction = db.begin().await?;
    // Get user
-    let user = User::get_by_id(&mut transaction, &id.0)
+    let user = User::get_by_id(transaction.deref_mut(), &id.0)
        .await?
        .ok_or_else(|| Error::not_found("Failed to find user"))?;
@ -78,14 +78,14 @@ pub async fn admin_permissions_for_user(
    }
    // Get roles
-    let roles = Role::get_all(&mut transaction)
+    let roles = Role::get_all(transaction.deref_mut())
        .await?
        .into_iter()
        .filter(|role| !role.is_archived())
        .collect::<Vec<_>>();
    // Get permissions for user
-    let permissions = Permission::get_all(&mut transaction, Some(user.id()), None).await?;
+    let permissions = Permission::get_all(transaction.deref_mut(), Some(user.id()), None).await?;
    transaction.commit().await?;
@ -133,12 +133,12 @@ pub async fn admin_permissions_for_user_form(
        .iter()
        .map(|role| RoleID::from_str(role))
        .collect::<std::result::Result<Vec<_>, _>>()
-        .map_err(|_| Error::bad_request(format!("Invalid role detected")))?;
+        .map_err(|_| Error::bad_request("Invalid role detected".to_string()))?;
    let mut transaction = db.begin().await?;
    // Get user
-    let user = User::get_by_id(&mut transaction, &id.0)
+    let user = User::get_by_id(transaction.deref_mut(), &id.0)
        .await?
        .ok_or_else(|| Error::not_found("Failed to find user"))?;
@ -147,14 +147,14 @@ pub async fn admin_permissions_for_user_form(
    }
    // Get roles
-    let roles = Role::get_all(&mut transaction)
+    let roles = Role::get_all(transaction.deref_mut())
        .await?
        .into_iter()
        .filter(|role| !role.is_archived())
        .collect::<Vec<_>>();
    // Get permissions for user
-    let permissions = Permission::get_all(&mut transaction, Some(user.id()), None).await?;
+    let permissions = Permission::get_all(transaction.deref_mut(), Some(user.id()), None).await?;
    transaction.commit().await?;
@ -167,14 +167,14 @@ pub async fn admin_permissions_for_user_form(
            if permissions.iter().all(|perm| perm.role() != role.name()) {
                // If the permission does not exist, add it
-                Permission::add(&mut transaction, user.id(), role.name()).await?;
+                Permission::add(transaction.deref_mut(), user.id(), role.name()).await?;
            }
        } else {
            // Intent is to delete permission
            if permissions.iter().any(|perm| perm.role() == role.name()) {
                // If the permission exists, delete it
-                Permission::delete(&mut transaction, user.id(), role.name()).await?;
+                Permission::delete(transaction.deref_mut(), user.id(), role.name()).await?;
            }
        }
    }
@ -200,7 +200,7 @@ pub async fn admin_permissions_roles(
 ) -> Result<Template> {
    let mut transaction = db.begin().await?;
-    let roles = Role::get_all(&mut transaction)
+    let roles = Role::get_all(transaction.deref_mut())
        .await?
        .into_iter()
        .filter(|role| !role.is_archived())
@ -236,7 +236,7 @@ pub async fn admin_permissions_for_role(
    let mut transaction = db.begin().await?;
    // Get role
-    let role = Role::get_by_name(&mut transaction, &id.0)
+    let role = Role::get_by_name(transaction.deref_mut(), &id.0)
        .await?
        .ok_or_else(|| Error::not_found("Failed to find role"))?;
@ -245,14 +245,14 @@ pub async fn admin_permissions_for_role(
    }
    // Get users
-    let users = User::get_all(&mut transaction)
+    let users = User::get_all(transaction.deref_mut())
        .await?
        .into_iter()
        .filter(|user| !user.is_archived())
        .collect::<Vec<_>>();
    // Get permissions for role
-    let permissions = Permission::get_all(&mut transaction, None, Some(role.name())).await?;
+    let permissions = Permission::get_all(transaction.deref_mut(), None, Some(role.name())).await?;
    transaction.commit().await?;
@ -300,12 +300,12 @@ pub async fn admin_permissions_for_role_form(
        .iter()
        .map(|user| UserID::from_str(user))
        .collect::<std::result::Result<Vec<_>, _>>()
-        .map_err(|_| Error::bad_request(format!("Invalid user detected")))?;
+        .map_err(|_| Error::bad_request("Invalid user detected".to_string()))?;
    let mut transaction = db.begin().await?;
    // Get role
-    let role = Role::get_by_name(&mut transaction, &id.0)
+    let role = Role::get_by_name(transaction.deref_mut(), &id.0)
        .await?
        .ok_or_else(|| Error::not_found("Failed to find role"))?;
@ -314,14 +314,14 @@ pub async fn admin_permissions_for_role_form(
    }
    // Get users
-    let users = User::get_all(&mut transaction)
+    let users = User::get_all(transaction.deref_mut())
        .await?
        .into_iter()
        .filter(|user| !user.is_archived())
        .collect::<Vec<_>>();
    // Get permissions for role
-    let permissions = Permission::get_all(&mut transaction, None, Some(role.name())).await?;
+    let permissions = Permission::get_all(transaction.deref_mut(), None, Some(role.name())).await?;
    transaction.commit().await?;
@ -334,14 +334,14 @@ pub async fn admin_permissions_for_role_form(
            if permissions.iter().all(|perm| perm.user() != user.id()) {
                // If the permission does not exist, add it
-                Permission::add(&mut transaction, user.id(), role.name()).await?;
+                Permission::add(transaction.deref_mut(), user.id(), role.name()).await?;
            }
        } else {
            // Intent is to delete permission
            if permissions.iter().any(|perm| perm.user() == user.id()) {
                // If the permission exists, delete it
-                Permission::delete(&mut transaction, user.id(), role.name()).await?;
+                Permission::delete(transaction.deref_mut(), user.id(), role.name()).await?;
            }
        }
    }
--- a/crates/ezidam/src/routes/admin/roles.rs
+++ b/crates/ezidam/src/routes/admin/roles.rs
@ -12,7 +12,7 @@ pub async fn admin_roles_list(
 ) -> Result<Template> {
    let mut transaction = db.begin().await?;
-    let roles = Role::get_all(&mut transaction).await?;
+    let roles = Role::get_all(transaction.deref_mut()).await?;
    transaction.commit().await?;
@ -62,7 +62,7 @@ pub async fn admin_roles_new_form(
    let mut transaction = db.begin().await?;
    // Insert role in database
-    if let Err(e) = Role::insert(&mut transaction, &name, form.label).await {
+    if let Err(e) = Role::insert(transaction.deref_mut(), &name, form.label).await {
        return Ok(Flash::new(
            Redirect::to(uri!(admin_roles_new)),
            FlashKind::Danger,
@ -91,7 +91,7 @@ pub async fn admin_roles_view(
    let mut transaction = db.begin().await?;
-    let role = Role::get_by_name(&mut transaction, &role_id)
+    let role = Role::get_by_name(transaction.deref_mut(), &role_id)
        .await?
        .ok_or_else(|| Error::not_found(role_id.to_string()))?;
@ -128,12 +128,13 @@ pub async fn admin_roles_archive(
            let mut transaction = db.begin().await?;
            // Get role
-            let role = Role::get_by_name(&mut transaction, &id.0)
+            let role = Role::get_by_name(transaction.deref_mut(), &id.0)
                .await?
                .ok_or_else(|| Error::not_found("Could not find role"))?;
            // Set new status
-            role.set_archive_status(&mut transaction, true).await?;
+            role.set_archive_status(transaction.deref_mut(), true)
                .await?;
            transaction.commit().await?;
@ -149,12 +150,13 @@ pub async fn admin_roles_archive(
            let mut transaction = db.begin().await?;
            // Get role
-            let role = Role::get_by_name(&mut transaction, &id.0)
+            let role = Role::get_by_name(transaction.deref_mut(), &id.0)
                .await?
                .ok_or_else(|| Error::not_found("Could not find role"))?;
            // Set new status
-            role.set_archive_status(&mut transaction, false).await?;
+            role.set_archive_status(transaction.deref_mut(), false)
                .await?;
            transaction.commit().await?;
@ -191,7 +193,7 @@ pub async fn admin_roles_info_update(
 ) -> Result<Flash<Redirect>> {
    let mut transaction = db.begin().await?;
-    let role = Role::get_by_name(&mut transaction, &id.0)
+    let role = Role::get_by_name(transaction.deref_mut(), &id.0)
        .await?
        .ok_or_else(|| Error::not_found("Could not find role"))?;
@ -201,7 +203,7 @@ pub async fn admin_roles_info_update(
    // Update label
    if role.label() != form.label {
-        if let Err(e) = role.set_label(&mut transaction, form.label).await {
+        if let Err(e) = role.set_label(transaction.deref_mut(), form.label).await {
            return Ok(Flash::new(
                Redirect::to(uri!(admin_roles_view(id))),
                FlashKind::Danger,
@ -215,6 +217,6 @@ pub async fn admin_roles_info_update(
    Ok(Flash::new(
        Redirect::to(uri!(admin_roles_view(id))),
        FlashKind::Success,
-        format!("Role has been updated."),
+        "Role has been updated.".to_string(),
    ))
 }
--- a/crates/ezidam/src/routes/admin/settings.rs
+++ b/crates/ezidam/src/routes/admin/settings.rs
@ -15,7 +15,9 @@ use users::User;
 #[get("/admin/settings/branding")]
 pub async fn settings_branding(mut db: Connection<Database>, admin: JwtAdmin) -> Result<Page> {
-    let settings = Settings::get(&mut *db).await?;
+    let mut transaction = db.begin().await?;
    let settings = Settings::get(transaction.deref_mut()).await?;
    transaction.commit().await?;
    Ok(Page::AdminSettingsBranding(
        super::content::AdminSettingsBranding {
@ -44,12 +46,12 @@ pub async fn settings_update_branding(
    match form.delete_logo {
        Some(delete_logo) => {
            if delete_logo {
-                Settings::delete_business_logo(&mut transaction).await?;
+                Settings::delete_business_logo(transaction.deref_mut()).await?;
            }
        }
        None => {
            if let Some(business_name) = form.business_name {
-                Settings::set_business_name(&mut transaction, business_name).await?;
+                Settings::set_business_name(transaction.deref_mut(), business_name).await?;
            }
            if form.file.len() != 0 {
@ -61,7 +63,7 @@ pub async fn settings_update_branding(
                let file_bytes = rocket::tokio::fs::read(file_path).await?;
                // Save in database
-                Settings::set_business_logo(&mut transaction, &file_bytes).await?;
+                Settings::set_business_logo(transaction.deref_mut(), &file_bytes).await?;
            }
        }
    }
@ -110,30 +112,39 @@ pub async fn settings_security_form(
                    task::spawn_blocking(move || jwt::generate(&key_id_for_generation)).await??;
                // Insert keys in database
-                jwt::database::save_new_keys(&mut transaction, &key_id, &private_key, &public_key)
+                jwt::database::save_new_keys(
-                    .await?;
+                    transaction.deref_mut(),
                    &key_id,
                    &private_key,
                    &public_key,
                )
                .await?;
                // Revoke all keys except new one
-                jwt::database::revoke_all_except_one(&mut transaction, &key_id).await?;
+                jwt::database::revoke_all_except_one(transaction.deref_mut(), &key_id).await?;
                // Get app
-                let app = App::get_one_by_id(&mut transaction, "ezidam")
+                let app = App::get_one_by_id(transaction.deref_mut(), "ezidam")
                    .await?
                    .ok_or_else(|| Error::not_found("Could not find application"))?;
                // Get user info
-                let user = User::get_by_login(&mut transaction, &admin.0.subject)
+                let user = User::get_by_login(transaction.deref_mut(), &admin.0.subject)
                    .await?
                    .ok_or_else(|| Error::not_found("Could not find user"))?;
                // Revoke all refresh tokens
-                RefreshToken::revoke_all(&mut transaction).await?;
+                RefreshToken::revoke_all(transaction.deref_mut()).await?;
                // Generate refresh token
-                let refresh_token =
+                let refresh_token = generate_refresh_token(
-                    generate_refresh_token(&mut transaction, ip_address, user.id(), app.id())
+                    transaction.deref_mut(),
-                        .await
+                    ip_address,
-                        .map_err(Error::internal_server_error)?;
+                    user.id(),
                    app.id(),
                )
                .await
                .map_err(Error::internal_server_error)?;
                // Add refresh token as a cookie
                let mut cookie = Cookie::new(REFRESH_TOKEN_COOKIE_NAME, refresh_token);
@ -144,7 +155,7 @@ pub async fn settings_security_form(
                cookie_jar.add(cookie);
                // Get base url
-                let settings = Settings::get(&mut transaction).await?;
+                let settings = Settings::get(transaction.deref_mut()).await?;
                let home_page = settings
                    .url()
                    .map(String::from)
@ -152,7 +163,7 @@ pub async fn settings_security_form(
                // Generate jwt
                let jwt = generate_jwt(
-                    &mut transaction,
+                    transaction.deref_mut(),
                    &private_key,
                    &home_page,
                    &app.id().0,
@ -194,7 +205,7 @@ pub async fn settings_maintenance(
 ) -> Result<Template> {
    let mut transaction = db.begin().await?;
-    let database_size = Settings::database_size(&mut transaction)
+    let database_size = Settings::database_size(transaction.deref_mut())
        .await?
        .ok_or_else(|| Error::internal_server_error("Failed to get database size"))?;
--- a/crates/ezidam/src/routes/admin/users.rs
+++ b/crates/ezidam/src/routes/admin/users.rs
@ -18,7 +18,9 @@ pub async fn admin_users_list(
    admin: JwtAdmin,
    flash: Option<FlashMessage<'_>>,
 ) -> Result<Template> {
-    let users = User::get_all(&mut *db).await?;
+    let mut transaction = db.begin().await?;
    let users = User::get_all(transaction.deref_mut()).await?;
    transaction.commit().await?;
    let page = Page::AdminUsersList(super::content::AdminUsersList {
        user: admin.0,
@ -68,7 +70,7 @@ pub async fn admin_users_new_form(
    let mut transaction = db.begin().await?;
    // Insert user in database
-    if let Err(e) = User::insert(&mut transaction, &user_id, false, &username, None).await {
+    if let Err(e) = User::insert(transaction.deref_mut(), &user_id, false, &username, None).await {
        return Ok(Flash::new(
            Redirect::to(uri!(admin_users_new)),
            FlashKind::Danger,
@ -94,9 +96,11 @@ pub async fn admin_users_view(
    flash: Option<FlashMessage<'_>>,
 ) -> Result<Template> {
    let user_id = id.0;
-    let user = User::get_by_id(&mut *db, &user_id)
+    let mut transaction = db.begin().await?;
    let user = User::get_by_id(transaction.deref_mut(), &user_id)
        .await?
        .ok_or_else(|| Error::not_found(user_id.to_string()))?;
    transaction.commit().await?;
    // If user has password reset token
    let password_recover_expiration = user
@ -136,13 +140,13 @@ pub async fn admin_users_archive(
            let mut transaction = db.begin().await?;
            // Get ID of first admin
-            let settings = Settings::get(&mut transaction).await?;
+            let settings = Settings::get(transaction.deref_mut()).await?;
            let first_admin = settings
                .first_admin()
                .ok_or_else(|| Error::bad_request("First user is not set"))?;
            // Get user
-            let user = User::get_by_id(&mut transaction, &id.0)
+            let user = User::get_by_id(transaction.deref_mut(), &id.0)
                .await?
                .ok_or_else(|| Error::not_found("Could not find user"))?;
@ -152,17 +156,19 @@ pub async fn admin_users_archive(
            }
            // Set new status
-            user.set_archive_status(&mut transaction, true).await?;
+            user.set_archive_status(transaction.deref_mut(), true)
                .await?;
            // Revoke refresh tokens
-            refresh_tokens::RefreshToken::revoke_all_for_user(&mut transaction, user.id()).await?;
+            refresh_tokens::RefreshToken::revoke_all_for_user(transaction.deref_mut(), user.id())
                .await?;
            // Use all authorization codes
-            AuthorizationCode::use_all_for_user(&mut transaction, user.id()).await?;
+            AuthorizationCode::use_all_for_user(transaction.deref_mut(), user.id()).await?;
            // Use all totp login requests
            if user.totp_secret().is_some() {
-                TotpLoginRequest::use_all_for_user(&mut transaction, user.id()).await?;
+                TotpLoginRequest::use_all_for_user(transaction.deref_mut(), user.id()).await?;
            }
            transaction.commit().await?;
@ -178,12 +184,13 @@ pub async fn admin_users_archive(
            let mut transaction = db.begin().await?;
-            let user = User::get_by_id(&mut transaction, &id.0)
+            let user = User::get_by_id(transaction.deref_mut(), &id.0)
                .await?
                .ok_or_else(|| Error::not_found("Could not find user"))?;
            // Set new status
-            user.set_archive_status(&mut transaction, false).await?;
+            user.set_archive_status(transaction.deref_mut(), false)
                .await?;
            transaction.commit().await?;
@ -234,10 +241,10 @@ pub async fn admin_users_password_reset(
    let mut transaction = db.begin().await?;
    // Get settings
-    let settings = Settings::get(&mut transaction).await?;
+    let settings = Settings::get(transaction.deref_mut()).await?;
    // Get user
-    let user = User::get_by_id(&mut transaction, &id.0)
+    let user = User::get_by_id(transaction.deref_mut(), &id.0)
        .await?
        .ok_or_else(|| Error::not_found("Could not find user"))?;
@ -245,7 +252,7 @@ pub async fn admin_users_password_reset(
    let token = task::spawn_blocking(PasswordResetToken::generate).await?;
    // Save in database
-    user.set_password_reset_token(&mut transaction, Some(&token))
+    user.set_password_reset_token(transaction.deref_mut(), Some(&token))
        .await?;
    transaction.commit().await?;
@ -414,12 +421,12 @@ pub async fn admin_users_paper_key_reset(
            let mut transaction = db.begin().await?;
            // Get user
-            let user = User::get_by_id(&mut transaction, &id.0)
+            let user = User::get_by_id(transaction.deref_mut(), &id.0)
                .await?
                .ok_or_else(|| Error::not_found("Could not find user"))?;
            // Delete paper key
-            user.set_paper_key(&mut transaction, None).await?;
+            user.set_paper_key(transaction.deref_mut(), None).await?;
            transaction.commit().await?;
@ -452,15 +459,15 @@ pub async fn admin_users_totp_secret_disable(
            let mut transaction = db.begin().await?;
            // Get user
-            let user = User::get_by_id(&mut transaction, &id.0)
+            let user = User::get_by_id(transaction.deref_mut(), &id.0)
                .await?
                .ok_or_else(|| Error::not_found("Could not find user"))?;
            // Delete totp secret
-            user.set_totp_secret(&mut transaction, None).await?;
+            user.set_totp_secret(transaction.deref_mut(), None).await?;
            // Delete totp backup
-            user.set_totp_backup(&mut transaction, None).await?;
+            user.set_totp_backup(transaction.deref_mut(), None).await?;
            transaction.commit().await?;
@ -493,12 +500,12 @@ pub async fn admin_users_totp_backup_delete(
            let mut transaction = db.begin().await?;
            // Get user
-            let user = User::get_by_id(&mut transaction, &id.0)
+            let user = User::get_by_id(transaction.deref_mut(), &id.0)
                .await?
                .ok_or_else(|| Error::not_found("Could not find user"))?;
            // Delete totp backup
-            user.set_totp_backup(&mut transaction, None).await?;
+            user.set_totp_backup(transaction.deref_mut(), None).await?;
            transaction.commit().await?;
@ -531,7 +538,7 @@ pub async fn admin_users_info_update(
 ) -> Result<Flash<Redirect>> {
    let mut transaction = db.begin().await?;
-    let user = User::get_by_id(&mut transaction, &id.0)
+    let user = User::get_by_id(transaction.deref_mut(), &id.0)
        .await?
        .ok_or_else(|| Error::not_found("Could not find user"))?;
@ -553,7 +560,7 @@ pub async fn admin_users_info_update(
            }
        };
-        if let Err(e) = user.set_username(&mut transaction, &username).await {
+        if let Err(e) = user.set_username(transaction.deref_mut(), &username).await {
            return Ok(Flash::new(
                Redirect::to(uri!(admin_users_view(id))),
                FlashKind::Danger,
@ -571,7 +578,7 @@ pub async fn admin_users_info_update(
            // If it does not exist, use provided value
            .unwrap_or(true)
    {
-        user.set_name(&mut transaction, form.name).await?;
+        user.set_name(transaction.deref_mut(), form.name).await?;
    }
    // Update email
@ -595,7 +602,7 @@ pub async fn admin_users_info_update(
            }
        };
-        if let Err(e) = user.set_email(&mut transaction, email).await {
+        if let Err(e) = user.set_email(transaction.deref_mut(), email).await {
            return Ok(Flash::new(
                Redirect::to(uri!(admin_users_view(id))),
                FlashKind::Danger,
@ -607,7 +614,8 @@ pub async fn admin_users_info_update(
    // Admin status
    let new_status = matches!(form.is_admin, Some("on"));
    if user.is_admin() != new_status {
-        user.set_admin_status(&mut transaction, new_status).await?;
+        user.set_admin_status(transaction.deref_mut(), new_status)
            .await?;
    }
    transaction.commit().await?;
--- a/crates/ezidam/src/routes/oauth/authorize.rs
+++ b/crates/ezidam/src/routes/oauth/authorize.rs
@ -21,7 +21,7 @@ pub async fn authorize_page(
    // Get app info
    let app = App::get_valid_app(
-        &mut transaction,
+        transaction.deref_mut(),
        auth_request.response_type,
        auth_request.scope,
        auth_request.client_id,
@ -29,7 +29,7 @@ pub async fn authorize_page(
    )
    .await?;
-    let settings = Settings::get(&mut transaction).await?;
+    let settings = Settings::get(transaction.deref_mut()).await?;
    transaction.commit().await?;
@ -59,7 +59,7 @@ pub async fn authorize_ezidam(mut db: Connection<Database>) -> Result<Redirect>
    // Get ezidam app info
    let app_id = "ezidam";
-    let app = App::get_one_by_id(&mut transaction, app_id)
+    let app = App::get_one_by_id(transaction.deref_mut(), app_id)
        .await?
        .ok_or_else(|| Error::not_found(app_id))?;
@ -117,7 +117,7 @@ pub async fn authorize_form(
    // Get app info
    let app = App::get_valid_app(
-        &mut transaction,
+        transaction.deref_mut(),
        auth_request.response_type,
        auth_request.scope,
        auth_request.client_id,
@ -145,7 +145,7 @@ pub async fn authorize_form(
            };
            // Get user
-            let Some(user) = User::get_by_login(&mut transaction, form.login).await? else {
+            let Some(user) = User::get_by_login(transaction.deref_mut(), form.login).await? else {
                return Ok(Either::Right(invalid_credentials(form.login, auth_request)));
            };
@ -183,7 +183,7 @@ pub async fn authorize_form(
        // Save in database
        let mut transaction = db.begin().await?;
        users::totp_login_request::TotpLoginRequest::insert(
-            &mut transaction,
+            transaction.deref_mut(),
            totp_token.as_ref(),
            &user_id,
            totp_duration,
@ -211,7 +211,7 @@ pub async fn authorize_form(
    let mut transaction = db.begin().await?;
    // Save authorization code
-    AuthorizationCode::insert(&mut transaction, code.as_ref(), app.id(), &user_id).await?;
+    AuthorizationCode::insert(transaction.deref_mut(), code.as_ref(), app.id(), &user_id).await?;
    transaction.commit().await?;
--- a/crates/ezidam/src/routes/oauth/redirect.rs
+++ b/crates/ezidam/src/routes/oauth/redirect.rs
@ -26,15 +26,15 @@ pub async fn redirect_page(
    let mut transaction = db.begin().await?;
    // Get authorization code
-    let code = AuthorizationCode::get_one(&mut transaction, redirect_request.code)
+    let code = AuthorizationCode::get_one(transaction.deref_mut(), redirect_request.code)
        .await?
        .ok_or_else(|| Error::not_found("Could not find authorization code"))?;
    // Make sure code has not been used
    if code.has_been_used() {
        // Revoke all codes and refresh tokens for user
-        AuthorizationCode::use_all_for_user(&mut transaction, code.user()).await?;
+        AuthorizationCode::use_all_for_user(transaction.deref_mut(), code.user()).await?;
-        RefreshToken::revoke_all_for_user(&mut transaction, code.user()).await?;
+        RefreshToken::revoke_all_for_user(transaction.deref_mut(), code.user()).await?;
        transaction.commit().await?;
@ -49,14 +49,15 @@ pub async fn redirect_page(
    }
    // Get app
-    let app = App::get_one_from_authorization_code(&mut transaction, redirect_request.code)
+    let app = App::get_one_from_authorization_code(transaction.deref_mut(), redirect_request.code)
        .await?
        .ok_or_else(|| Error::not_found("Could not find application"))?;
    // Get user info
-    let user = User::get_one_from_authorization_code(&mut transaction, redirect_request.code)
+    let user =
-        .await?
+        User::get_one_from_authorization_code(transaction.deref_mut(), redirect_request.code)
-        .ok_or_else(|| Error::not_found("Could not find user"))?;
+            .await?
            .ok_or_else(|| Error::not_found("Could not find user"))?;
    // Check if user is archived
    if user.is_archived() {
@ -64,10 +65,10 @@ pub async fn redirect_page(
    }
    // Mark code as used
-    code.use_code(&mut transaction).await?;
+    code.use_code(transaction.deref_mut()).await?;
    // Get base url
-    let settings = Settings::get(&mut transaction).await?;
+    let settings = Settings::get(transaction.deref_mut()).await?;
    let home_page = settings
        .url()
        .map(String::from)
@ -76,7 +77,7 @@ pub async fn redirect_page(
    if jwt_user.is_none() {
        // Generate refresh token
        let refresh_token =
-            generate_refresh_token(&mut transaction, ip_address, user.id(), app.id())
+            generate_refresh_token(transaction.deref_mut(), ip_address, user.id(), app.id())
                .await
                .map_err(Error::internal_server_error)?;
@ -89,7 +90,7 @@ pub async fn redirect_page(
        cookie_jar.add(cookie);
        // Get latest key from database
-        let key = Key::get_most_recent(&mut transaction)
+        let key = Key::get_most_recent(transaction.deref_mut())
            .await?
            .ok_or_else(|| Error::internal_server_error("Failed to get key to sign JWT"))?;
@ -105,7 +106,7 @@ pub async fn redirect_page(
        // Generate jwt
        let jwt = generate_jwt(
-            &mut transaction,
+            transaction.deref_mut(),
            &private_key,
            &home_page,
            &app.id().0,
@ -130,7 +131,7 @@ pub async fn redirect_page(
    {
        // If it has expired, delete it
        if password_recover.has_expired() {
-            user.set_password_reset_token(&mut transaction, None)
+            user.set_password_reset_token(transaction.deref_mut(), None)
                .await?;
        }
    }
--- a/crates/ezidam/src/routes/oauth/token.rs
+++ b/crates/ezidam/src/routes/oauth/token.rs
@ -187,7 +187,7 @@ pub async fn request_token(
                .ok_or(TokenError::AuthorizationCodeNotProvided)?;
            // Get authorization code
-            let code = AuthorizationCode::get_one(&mut transaction, authorization_code)
+            let code = AuthorizationCode::get_one(transaction.deref_mut(), authorization_code)
                .await
                .map_err(TokenError::AuthorizationError)?
                .ok_or(TokenError::AuthorizationCodeNotFound(
@ -197,10 +197,10 @@ pub async fn request_token(
            // Make sure code has not been used
            if code.has_been_used() {
                // Revoke all codes and refresh tokens for user
-                AuthorizationCode::use_all_for_user(&mut transaction, code.user())
+                AuthorizationCode::use_all_for_user(transaction.deref_mut(), code.user())
                    .await
                    .map_err(TokenError::AuthorizationError)?;
-                RefreshToken::revoke_all_for_user(&mut transaction, code.user())
+                RefreshToken::revoke_all_for_user(transaction.deref_mut(), code.user())
                    .await
                    .map_err(TokenError::RefreshTokenError)?;
@ -218,10 +218,11 @@ pub async fn request_token(
            }
            // Get user info
-            let user = User::get_one_from_authorization_code(&mut transaction, authorization_code)
+            let user =
-                .await
+                User::get_one_from_authorization_code(transaction.deref_mut(), authorization_code)
-                .map_err(TokenError::UserError)?
+                    .await
-                .ok_or(TokenError::UserNotFound)?;
+                    .map_err(TokenError::UserError)?
                    .ok_or(TokenError::UserNotFound)?;
            // Check if user is archived
            if user.is_archived() {
@ -229,15 +230,16 @@ pub async fn request_token(
            }
            // Get app from code
-            let app = App::get_one_from_authorization_code(&mut transaction, authorization_code)
+            let app =
-                .await
+                App::get_one_from_authorization_code(transaction.deref_mut(), authorization_code)
-                .map_err(TokenError::AppError)?
+                    .await
-                .ok_or(TokenError::AppNotFoundFromAuthorizationCode(
+                    .map_err(TokenError::AppError)?
-                    authorization_code.into(),
+                    .ok_or(TokenError::AppNotFoundFromAuthorizationCode(
-                ))?;
+                        authorization_code.into(),
                    ))?;
            // Mark code as used
-            code.use_code(&mut transaction)
+            code.use_code(transaction.deref_mut())
                .await
                .map_err(TokenError::AuthorizationError)?;
@ -248,19 +250,19 @@ pub async fn request_token(
                .refresh_token
                .ok_or(TokenError::RefreshTokenNotProvided)?;
-            let user = User::get_one_from_refresh_token(&mut transaction, refresh_token)
+            let user = User::get_one_from_refresh_token(transaction.deref_mut(), refresh_token)
                .await
                .map_err(TokenError::UserError)?
                .ok_or(TokenError::UserNotFound)?;
-            let refresh_token = RefreshToken::get_one(&mut transaction, refresh_token)
+            let refresh_token = RefreshToken::get_one(transaction.deref_mut(), refresh_token)
                .await
                .map_err(TokenError::RefreshTokenError)?
                .ok_or(TokenError::RefreshTokenNotFound(refresh_token.into()))?;
            if refresh_token.has_been_used() {
                // Revoke all tokens for user
-                RefreshToken::revoke_all_for_user(&mut transaction, refresh_token.user())
+                RefreshToken::revoke_all_for_user(transaction.deref_mut(), refresh_token.user())
                    .await
                    .map_err(TokenError::RefreshTokenError)?;
@ -281,7 +283,7 @@ pub async fn request_token(
            }
            // Get app
-            let app = App::get_one_by_id(&mut transaction, refresh_token.app().as_ref())
+            let app = App::get_one_by_id(transaction.deref_mut(), refresh_token.app().as_ref())
                .await
                .map_err(TokenError::AppError)?
                .ok_or(TokenError::AppNotFoundFromRefreshToken(format!(
@ -290,7 +292,7 @@ pub async fn request_token(
                )))?;
            refresh_token
-                .use_token(&mut transaction)
+                .use_token(transaction.deref_mut())
                .await
                .map_err(TokenError::RefreshTokenError)?;
@ -336,7 +338,7 @@ pub async fn request_token(
    }
    // Get base url
-    let settings = Settings::get(&mut transaction)
+    let settings = Settings::get(transaction.deref_mut())
        .await
        .map_err(TokenError::SettingsError)?;
    let home_page = settings
@ -345,12 +347,13 @@ pub async fn request_token(
        .ok_or(TokenError::ServerUrlNotSet)?;
    // Generate refresh token
-    let refresh_token = generate_refresh_token(&mut transaction, ip_address, user.id(), app.id())
+    let refresh_token =
-        .await
+        generate_refresh_token(transaction.deref_mut(), ip_address, user.id(), app.id())
-        .map_err(TokenError::RefreshTokenGenerate)?;
+            .await
            .map_err(TokenError::RefreshTokenGenerate)?;
    // Get latest key from database
-    let key = Key::get_most_recent(&mut transaction)
+    let key = Key::get_most_recent(transaction.deref_mut())
        .await
        .map_err(TokenError::JwtError)?
        .ok_or(TokenError::JwkNotFound)?;
@ -369,7 +372,7 @@ pub async fn request_token(
    // Generate jwt
    let jwt = generate_jwt(
-        &mut transaction,
+        transaction.deref_mut(),
        &private_key,
        &home_page,
        &app.id().0,
--- a/crates/ezidam/src/routes/oauth/totp.rs
+++ b/crates/ezidam/src/routes/oauth/totp.rs
@ -3,7 +3,7 @@ use crate::routes::prelude::*;
 use apps::App;
 use authorization_codes::AuthorizationCode;
 use hash::{Secret, SecretString};
-use rocket::http::{Cookie, CookieJar};
+use rocket::http::CookieJar;
 use rocket::{get, post};
 use users::totp_login_request::TOTP_REQUEST_COOKIE_NAME;
 use users::User;
@ -19,7 +19,7 @@ pub async fn totp_page(
    // Get app info
    let _app = App::get_valid_app(
-        &mut transaction,
+        transaction.deref_mut(),
        auth_request.response_type,
        auth_request.scope,
        auth_request.client_id,
@ -28,10 +28,12 @@ pub async fn totp_page(
    .await?;
    // Get totp request
-    let totp_request =
+    let totp_request = users::totp_login_request::TotpLoginRequest::get_one(
-        users::totp_login_request::TotpLoginRequest::get_one(&mut transaction, &totp_request.0)
+        transaction.deref_mut(),
-            .await?
+        &totp_request.0,
-            .ok_or_else(|| Error::not_found("Failed to find totp request"))?;
+    )
    .await?
    .ok_or_else(|| Error::not_found("Failed to find totp request"))?;
    if totp_request.has_expired() {
        return Err(Error::bad_request("Totp request has expired"));
@ -42,7 +44,7 @@ pub async fn totp_page(
    }
    // Get user
-    let user = User::get_by_id(&mut transaction, totp_request.user())
+    let user = User::get_by_id(transaction.deref_mut(), totp_request.user())
        .await?
        .ok_or_else(|| Error::not_found("Failed to find user"))?;
@ -75,7 +77,7 @@ pub async fn totp_verify(
    // Get app info
    let app = App::get_valid_app(
-        &mut transaction,
+        transaction.deref_mut(),
        auth_request.response_type,
        auth_request.scope,
        auth_request.client_id,
@ -84,10 +86,12 @@ pub async fn totp_verify(
    .await?;
    // Get totp request
-    let totp_request =
+    let totp_request = users::totp_login_request::TotpLoginRequest::get_one(
-        users::totp_login_request::TotpLoginRequest::get_one(&mut transaction, &totp_request.0)
+        transaction.deref_mut(),
-            .await?
+        &totp_request.0,
-            .ok_or_else(|| Error::not_found("Failed to find totp request"))?;
+    )
    .await?
    .ok_or_else(|| Error::not_found("Failed to find totp request"))?;
    if totp_request.has_expired() {
        return Err(Error::bad_request("Totp request has expired"));
@ -98,7 +102,7 @@ pub async fn totp_verify(
    }
    // Get user
-    let user = User::get_by_id(&mut transaction, totp_request.user())
+    let user = User::get_by_id(transaction.deref_mut(), totp_request.user())
        .await?
        .ok_or_else(|| Error::not_found("Failed to find user"))?;
@ -146,20 +150,20 @@ pub async fn totp_verify(
    let mut transaction = db.begin().await?;
    // Save authorization code
-    AuthorizationCode::insert(&mut transaction, code.as_ref(), app.id(), user.id()).await?;
+    AuthorizationCode::insert(transaction.deref_mut(), code.as_ref(), app.id(), user.id()).await?;
    // Mark totp token as used
-    totp_request.use_code(&mut transaction).await?;
+    totp_request.use_code(transaction.deref_mut()).await?;
    // Delete totp backup if it got used
    if delete_totp_backup {
-        user.set_totp_backup(&mut transaction, None).await?;
+        user.set_totp_backup(transaction.deref_mut(), None).await?;
    }
    transaction.commit().await?;
    // Delete cookie
-    cookie_jar.remove(Cookie::named(TOTP_REQUEST_COOKIE_NAME));
+    cookie_jar.remove(TOTP_REQUEST_COOKIE_NAME);
    // Construct uri to redirect to
    let uri = redirect_uri(auth_request, &app, &code);
--- a/crates/ezidam/src/routes/root/forgot_password.rs
+++ b/crates/ezidam/src/routes/root/forgot_password.rs
@ -67,7 +67,7 @@ pub async fn forgot_password_email_form(
    let mut transaction = db.begin().await?;
    // Get settings
-    let settings = Settings::get(&mut transaction).await?;
+    let settings = Settings::get(transaction.deref_mut()).await?;
    // Get server url
    let url = settings
@ -85,7 +85,7 @@ pub async fn forgot_password_email_form(
    };
    // Get user
-    let user = match User::get_by_email(&mut transaction, &email).await? {
+    let user = match User::get_by_email(transaction.deref_mut(), &email).await? {
        Some(user) => user,
        None => {
            return Ok(Flash::new(
@ -100,7 +100,7 @@ pub async fn forgot_password_email_form(
    let token = task::spawn_blocking(PasswordResetToken::generate).await?;
    // Save in database
-    user.set_password_reset_token(&mut transaction, Some(&token))
+    user.set_password_reset_token(transaction.deref_mut(), Some(&token))
        .await?;
    transaction.commit().await?;
@ -236,7 +236,7 @@ pub async fn forgot_password_paper_key_form(
    let mut transaction = db.begin().await?;
    // Get user
-    let user = match User::get_by_login(&mut transaction, form.login).await? {
+    let user = match User::get_by_login(transaction.deref_mut(), form.login).await? {
        Some(user) => user,
        None => {
            return Ok(Flash::new(
@ -272,7 +272,7 @@ pub async fn forgot_password_paper_key_form(
    let token = task::spawn_blocking(PasswordResetToken::generate).await?;
    // Save in database
-    user.set_password_reset_token(&mut transaction, Some(&token))
+    user.set_password_reset_token(transaction.deref_mut(), Some(&token))
        .await?;
    transaction.commit().await?;
--- a/crates/ezidam/src/routes/root/logo.rs
+++ b/crates/ezidam/src/routes/root/logo.rs
@ -5,7 +5,9 @@ use settings::Settings;
 #[get("/logo")]
 pub async fn get_logo(mut db: Connection<Database>) -> Result<FileFromBytes> {
    // Get settings
-    let settings = Settings::get(&mut *db).await?;
+    let mut transaction = db.begin().await?;
    let settings = Settings::get(transaction.deref_mut()).await?;
    transaction.commit().await?;
    // HTTP response
    Ok(FileFromBytes::from(settings.business_logo()))
--- a/crates/ezidam/src/routes/root/logout.rs
+++ b/crates/ezidam/src/routes/root/logout.rs
@ -1,6 +1,6 @@
 use crate::routes::prelude::*;
 use crate::tokens::{JWT_COOKIE_NAME, REFRESH_TOKEN_COOKIE_NAME};
-use rocket::http::{Cookie, CookieJar};
+use rocket::http::CookieJar;
 use rocket::post;
 #[post("/logout")]
@ -11,19 +11,23 @@ pub async fn request_logout(
 ) -> Result<Redirect> {
    let mut transaction = db.begin().await?;
-    let refresh_token = refresh_tokens::RefreshToken::get_one(&mut transaction, &refresh_token.0)
+    let refresh_token =
-        .await?
+        refresh_tokens::RefreshToken::get_one(transaction.deref_mut(), &refresh_token.0)
-        .ok_or_else(|| Error::not_found("Unknown refresh token"))?;
+            .await?
            .ok_or_else(|| Error::not_found("Unknown refresh token"))?;
    // Delete cookies
-    cookie_jar.remove(Cookie::named(JWT_COOKIE_NAME));
+    cookie_jar.remove(JWT_COOKIE_NAME);
-    cookie_jar.remove(Cookie::named(REFRESH_TOKEN_COOKIE_NAME));
+    cookie_jar.remove(REFRESH_TOKEN_COOKIE_NAME);
    // If refresh token has already been used
    if refresh_token.has_been_used() {
        // Revoke all refresh tokens for user
-        refresh_tokens::RefreshToken::revoke_all_for_user(&mut transaction, refresh_token.user())
+        refresh_tokens::RefreshToken::revoke_all_for_user(
-            .await?;
+            transaction.deref_mut(),
            refresh_token.user(),
        )
        .await?;
        transaction.commit().await?;
@ -41,7 +45,7 @@ pub async fn request_logout(
    }
    // Revoke token
-    refresh_token.revoke(&mut transaction).await?;
+    refresh_token.revoke(transaction.deref_mut()).await?;
    transaction.commit().await?;
--- a/crates/ezidam/src/routes/root/reset_password.rs
+++ b/crates/ezidam/src/routes/root/reset_password.rs
@ -60,15 +60,16 @@ pub async fn reset_password_form(
    let mut transaction = db.begin().await?;
    // Get user info
-    let user = User::get_one_from_password_reset_token(&mut transaction, &token.0)
+    let user = User::get_one_from_password_reset_token(transaction.deref_mut(), &token.0)
        .await?
        .ok_or_else(|| Error::not_found("Could not find user"))?;
    // Set password
-    user.set_password(&mut transaction, Some(&password)).await?;
+    user.set_password(transaction.deref_mut(), Some(&password))
        .await?;
    // Consume password reset token
-    user.set_password_reset_token(&mut transaction, None)
+    user.set_password_reset_token(transaction.deref_mut(), None)
        .await?;
    transaction.commit().await?;
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Philippe Loctaux	580c212e7d	nix: wrapper to launch ezidam with env variables	2023-11-20 22:31:38 +01:00
Philippe Loctaux	3b9f4792dc	nix: copy assets in docker, need to finish env	2023-11-17 22:33:50 +01:00
Philippe Loctaux	89e0432b7a	ezidam: config via env variables	2023-11-17 22:32:46 +01:00
Philippe Loctaux	c1b8fd3c89	update to final release of rocket_cors 0.6.0-alpha3	2023-11-17 11:24:00 +01:00
Philippe Loctaux	cfd71d2dec	nix: build on macos	2023-11-17 11:23:50 +01:00
Philippe Loctaux	8917287633	nix: build, clippy, docker image WIP	2023-11-17 01:16:26 +01:00
Philippe Loctaux	f85aa12eef	clippy	2023-11-15 21:11:49 +01:00
Philippe Loctaux	b4271853a9	rocket v0.5-rc4 with some adjustements: - all db access are done with transactions - Forwards in Outcomes return a status	2023-11-15 21:01:22 +01:00
Philippe Loctaux	2ae345800c	temporary patch to rocket_cors until new release	2023-11-15 20:11:27 +01:00
Philippe Loctaux	e6d3329f6f	sqlx v0.7.x	2023-11-15 20:10:40 +01:00