pub async fn rotate_token(
__arg0: State<AppState>,
headers: HeaderMap,
__arg2: Path<String>,
) -> impl IntoResponseExpand description
POST /api/devices/{id}/token/rotate — revoke the device’s current bearer token and issue a fresh pairing code for re-pairing.
The device row is removed because the schema keys on token_hash; once
the token is revoked the row’s primary key is dead anyway. Re-pairing
inserts a fresh row with the new token’s hash.
The rotation’s load-bearing effect is invalidating the leaked token, not issuing a new code. If another flow holds the pairing-code slot the revoke still happens; the response reports that no new code was issued and the operator can use the pending code or call again once it clears.
If the caller is using the same bearer token as the device being rotated (self-revocation), the response is delivered over the now-invalid token; subsequent requests from that client will fail until they re-pair. That is the intended path for “rotate my own token after I think it leaked.”