From 648d073e1b8f4838f147c0520024bd453921a25c Mon Sep 17 00:00:00 2001
From: Joris Guyonvarch
Date: Fri, 17 Apr 2026 22:53:02 +0200
Subject: Remove signing login token

It’s enough to use a safe crypto lib. But augment the token size to
upper bound.
---
 src/routes.rs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src/routes.rs')

diff --git a/src/routes.rs b/src/routes.rs
index 7107a60..8abe1b4 100644
--- a/src/routes.rs
+++ b/src/routes.rs
@@ -49,7 +49,7 @@ pub async fn routes(
             "icon.png" => file("assets/icon.png", "image/png").await,
             _ => controller::utils::not_found(),
         },
-        _ => match connected_user(&config, &db_conn, &request).await {
+        _ => match connected_user(&db_conn, &request).await {
             Some(user) => {
                 let wallet = Wallet {
                     db_conn,
@@ -67,12 +67,11 @@ pub async fn routes(
 }
 
 async fn connected_user(
-    config: &Config,
     db_conn: &Connection,
     request: &Request<Incoming>,
 ) -> Option<User> {
     let cookie = request.headers().get("COOKIE")?.to_str().ok()?;
-    let login_token = cookie::extract_token(config, cookie).ok()?;
+    let login_token = cookie::extract_token(cookie).ok()?;
     db::users::get_by_login_token(db_conn, login_token.to_string()).await
 }
 
-- 
cgit v1.2.3