3 files changed, 28 insertions, 8 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 1914f79..1a03408 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -488,7 +488,7 @@ dependencies = [
 
 [[package]]
 name = "dissociate"
-version = "0.3.0"
+version = "0.4.0"
 dependencies = [
  "argon2",
  "axum",
diff --git a/Cargo.toml b/Cargo.toml
index 0298a01..ddb4f46 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "dissociate"
-version = "0.3.0"
+version = "0.4.0"
 edition = "2021"
 
 [dependencies]
diff --git a/src/server/account.rs b/src/server/account.rs
index b2c294f..8f9ae61 100644
--- a/src/server/account.rs
+++ b/src/server/account.rs
@@ -2,7 +2,7 @@ use std::time::SystemTime;
 
 use axum::{
     body::Body,
-    extract::State,
+    extract::{Path, State},
     http::{HeaderMap, StatusCode, Uri},
     response::{IntoResponse, Response},
     routing::get,
@@ -18,7 +18,7 @@ use super::{account_auth, render_html, ApiState};
 
 pub fn bind(app: Router<ApiState>) -> Router<ApiState> {
     app.route("/", get(get_panel))
-        .route("/scopes", get(get_scopes))
+        .route("/scopes/:token", get(get_scopes))
         .route("/handoff", get(get_handoff))
 }
 
@@ -41,10 +41,30 @@ fn render_normal_panel(name: String) -> Response {
 }
 
 #[axum::debug_handler(state = ApiState)]
-async fn get_scopes(jar: CookieJar, State(store): State<Store>) -> Result<Response, Response> {
-    let name = account_auth(&jar, &store).await.prompt_login()?;
-    let account = store.get_account(&name).await.prompt_logout()?;
-    let body = account.scopes.join(" ");
+async fn get_scopes(
+    Path(token): Path<String>,
+    State(store): State<Store>,
+) -> Result<Response, Response> {
+    let error_response = || {
+        Response::builder()
+            .status(StatusCode::BAD_REQUEST)
+            .body(Body::empty())
+            .unwrap()
+    };
+    let mut parts = Vec::new();
+    let (name, expires) = store.check_token(&token).await.ok_or_else(error_response)?;
+    parts.push(
+        expires
+            .duration_since(SystemTime::UNIX_EPOCH)
+            .unwrap()
+            .as_secs()
+            .to_string(),
+    );
+    {
+        let account = store.get_account(&name).await.ok_or_else(error_response)?;
+        parts.extend(account.scopes.iter().cloned());
+    };
+    let body = parts.join("\n");
 
     Ok(Response::builder()
         .status(StatusCode::OK)