feat(restore): rotate auth hash on restore

api/app-routes.go

@@ -1457,6 +1457,11 @@ func (api *API) processRestoreFile(rAdminAction requestAdminAction, c *gin.Conte
 	if err := api.db.Reload(); err != nil {
 		log.Panicf("Unable to reload DB: %v", err)
 	}
+
+	// Rotate Auth Hashes
+	if err := api.rotateAllAuthHashes(); err != nil {
+		log.Panicf("Unable to rotate auth hashes: %v", err)
+	}
 }
 
 func (api *API) restoreData(zipReader *zip.Reader) error {

api/auth.go

@@ -340,13 +340,62 @@ func (api *API) rotateUserAuthHash(username string) error {
 	}
 
 	// Update User
-	_, err = api.db.Queries.UpdateUser(api.db.Ctx, database.UpdateUserParams{
+	if _, err = api.db.Queries.UpdateUser(api.db.Ctx, database.UpdateUserParams{
 		UserID:   username,
 		AuthHash: fmt.Sprintf("%x", rawAuthHash),
-	})
+	}); err != nil {
+		log.Error("UpdateUser DB Error: ", err)
+		return err
+	}
 
 	// Update Cache
 	api.userAuthCache[username] = fmt.Sprintf("%x", rawAuthHash)
 
 	return nil
 }
+
+func (api *API) rotateAllAuthHashes() error {
+	// Do Transaction
+	tx, err := api.db.DB.Begin()
+	if err != nil {
+		log.Error("Transaction Begin DB Error: ", err)
+		return err
+	}
+
+	// Defer & Start Transaction
+	defer tx.Rollback()
+	qtx := api.db.Queries.WithTx(tx)
+
+	users, err := qtx.GetUsers(api.db.Ctx)
+	if err != nil {
+		return err
+	}
+
+	// Update users
+	for _, user := range users {
+		// Generate Auth Hash
+		rawAuthHash, err := utils.GenerateToken(64)
+		if err != nil {
+			return err
+		}
+
+		// Update User
+		if _, err = qtx.UpdateUser(api.db.Ctx, database.UpdateUserParams{
+			UserID:   user.ID,
+			AuthHash: fmt.Sprintf("%x", rawAuthHash),
+		}); err != nil {
+			return err
+		}
+
+		// Update Cache
+		api.userAuthCache[user.ID] = fmt.Sprintf("%x", rawAuthHash)
+	}
+
+	// Commit Transaction
+	if err := tx.Commit(); err != nil {
+		log.Error("Transaction Commit DB Error: ", err)
+		return err
+	}
+
+	return nil
+}