restore auth for oauth revoke by id

app/controllers/OAuth.scala

@@ -121,7 +121,7 @@ final class OAuth(env: Env) extends LilaController(env) {
   def tokenRevoke =
     Scoped() { implicit req => _ =>
       HTTPRequest.bearer(req) ?? { token =>
-        env.oAuth.tokenApi.revoke(AccessToken.Id.from(token)) inject NoContent
+        env.oAuth.tokenApi.revoke(token) inject NoContent
       }
     }
 

app/controllers/OAuthToken.scala

@@ -39,7 +39,7 @@ final class OAuthToken(env: Env) extends LilaController(env) {
     }
 
   def delete(id: String) =
-    Auth { _ => _ =>
+    Auth { _ => me =>
-      tokenApi.revoke(AccessToken.Id(id)) inject Redirect(routes.OAuthToken.index).flashSuccess
+      tokenApi.revokeById(AccessToken.Id(id), me) inject Redirect(routes.OAuthToken.index).flashSuccess
     }
 }

modules/oauth/src/main/AccessTokenApi.scala

@@ -104,8 +104,15 @@ final class AccessTokenApi(coll: Coll, cacheApi: lila.memo.CacheApi, userRepo: U
       } yield AccessTokenApi.Client(origin, usedAt, scopes)
     }
 
-  def revoke(id: AccessToken.Id): Funit =
+  def revokeById(id: AccessToken.Id, user: User): Funit =
-    coll.delete.one($id(id)).map(_ => invalidateCached(id))
+    coll.delete
+      .one(
+        $doc(
+          F.id     -> id,
+          F.userId -> user.id
+        )
+      )
+      .map(_ => invalidateCached(id))
 
   def revokeByClientOrigin(clientOrigin: String, user: User): Funit =
     coll
@@ -130,6 +137,11 @@ final class AccessTokenApi(coll: Coll, cacheApi: lila.memo.CacheApi, userRepo: U
           .map(_ => invalidate.flatMap(_.getAsOpt[AccessToken.Id](F.id)).foreach(invalidateCached))
       }
 
+  def revoke(bearer: Bearer) = {
+    val id = AccessToken.Id.from(bearer)
+    coll.delete.one($id(id)).map(_ => invalidateCached(id))
+  }
+
   def get(bearer: Bearer) = accessTokenCache.get(AccessToken.Id.from(bearer))
 
   private val accessTokenCache =