From: Clworld <clworld@ggtea.org>
Date: Sat, 27 May 2017 21:27:54 +0000 (+0900)
Subject: Reject revoked access_token on Streaming API. (#3367)
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=2e429c0c25c0f82abb6a6b348195cd541052397e;p=mastodon.git

Reject revoked access_token on Streaming API. (#3367)
---

diff --git a/streaming/index.js b/streaming/index.js
index 908e70d20..5145732e2 100644
--- a/streaming/index.js
+++ b/streaming/index.js
@@ -168,7 +168,7 @@ if (cluster.isMaster) {
         return;
       }
 
-      client.query('SELECT oauth_access_tokens.resource_owner_id, users.account_id, users.filtered_languages FROM oauth_access_tokens INNER JOIN users ON oauth_access_tokens.resource_owner_id = users.id WHERE oauth_access_tokens.token = $1 LIMIT 1', [token], (err, result) => {
+      client.query('SELECT oauth_access_tokens.resource_owner_id, users.account_id, users.filtered_languages FROM oauth_access_tokens INNER JOIN users ON oauth_access_tokens.resource_owner_id = users.id WHERE oauth_access_tokens.token = $1 AND oauth_access_tokens.revoked_at IS NULL LIMIT 1', [token], (err, result) => {
         done();
 
         if (err) {