enhance(api): アクセストークンを作成する際、createdAtをlastUsedAtを揃えるようにして、未使用かどうかを判定できるように

2 files changed, 8 insertions, 4 deletions

diff --git a/src/server/api/endpoints/auth/accept.ts b/src/server/api/endpoints/auth/accept.ts
index 6cde1a9ecd..e98242a3c3 100644
--- a/src/server/api/endpoints/auth/accept.ts
+++ b/src/server/api/endpoints/auth/accept.ts
@@ -56,11 +56,13 @@ export default define(meta, async (ps, user) => {
 		sha256.update(accessToken + app.secret);
 		const hash = sha256.digest('hex');
 
+		const now = new Date();
+
 		// Insert access token doc
 		await AccessTokens.save({
 			id: genId(),
-			createdAt: new Date(),
-			lastUsedAt: new Date(),
+			createdAt: now,
+			lastUsedAt: now,
 			appId: session.appId,
 			userId: user.id,
 			token: accessToken,
diff --git a/src/server/api/endpoints/miauth/gen-token.ts b/src/server/api/endpoints/miauth/gen-token.ts
index 6476e79d77..a5fa194008 100644
--- a/src/server/api/endpoints/miauth/gen-token.ts
+++ b/src/server/api/endpoints/miauth/gen-token.ts
@@ -38,11 +38,13 @@ export default define(meta, async (ps, user) => {
 	// Generate access token
 	const accessToken = secureRndstr(32, true);
 
+	const now = new Date();
+
 	// Insert access token doc
 	await AccessTokens.save({
 		id: genId(),
-		createdAt: new Date(),
-		lastUsedAt: new Date(),
+		createdAt: now,
+		lastUsedAt: now,
 		session: ps.session,
 		userId: user.id,
 		token: accessToken,