feat: add an actual is_active field in the DatabaseUser

[m4tx]

Description

This adds an is_active field to the DatabaseUser and checks if user is active before allowing to sign in.

Type of change

• Bug fix
• New feature
• Documentation
• Refactor / cleanup
• Performance improvement
• Other (describe above)

[github-actions]

Bencher Report

Branch	is_active
Testbed	github-ubuntu-latest

Click to view all benchmark results

Benchmark	Latency	Benchmark Result microseconds (µs) (Result Δ%)	Upper Boundary microseconds (µs) (Limit %)
empty_router/empty_router	📈 view plot 🚷 view threshold	6,805.40 µs (+11.52%) Baseline: 6,102.49 µs	7,699.78 µs (88.38%)
json_api/json_api	📈 view plot 🚷 view threshold	1,080.80 µs (+0.59%) Baseline: 1,074.49 µs	1,323.73 µs (81.65%)
nested_routers/nested_routers	📈 view plot 🚷 view threshold	996.07 µs (+0.31%) Baseline: 993.03 µs	1,204.49 µs (82.70%)
single_root_route/single_root_route	📈 view plot 🚷 view threshold	975.37 µs (+2.08%) Baseline: 955.50 µs	1,167.97 µs (83.51%)
single_root_route_burst/single_root_route_burst	📈 view plot 🚷 view threshold	15,983.00 µs (-9.71%) Baseline: 17,701.50 µs	21,171.80 µs (75.49%)

🐰 View full continuous benchmarking report in Bencher

[Copilot]

Pull request overview

This PR introduces a persistent is_active flag for DatabaseUser and enforces it in the authentication flow so inactive users cannot log in (and won’t be restored from an existing session).

Changes:

• Added is_active: bool to DatabaseUser, defaulting to true, plus a setter and a small unit test.
• Added a new DB migration to add the is_active column and registered it in the auth migrations list.
• Updated auth logic to reject login for inactive users and to treat inactive session users as unauthenticated, with accompanying tests.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
cot/src/auth/db/migrations/m_0002_add_is_active.rs	Adds a migration intended to introduce the is_active column.
cot/src/auth/db/migrations.rs	Registers the new migration in the auth migration list.
cot/src/auth/db.rs	Adds the is_active field to DatabaseUser, initializes it, and exposes a setter + test.
cot/src/auth.rs	Enforces is_active during login and when restoring a user from session; adds AuthError::UserInactive and tests.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

❌ Patch coverage is 96.29630% with 2 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
cot/src/auth.rs	95.00%	0 Missing and 2 partials ⚠️

Flag	Coverage Δ
rust	90.44% <96.29%> (+0.11%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
cot/src/auth/db.rs	85.89% <100.00%> (+0.80%)	⬆️
cot/src/auth.rs	91.46% <95.00%> (+0.40%)	⬆️

... and 3 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.