Registration endpoint fixing

client-solid/src/Footer.tsx

@@ -0,0 +1,55 @@
+import { JSXElement } from "solid-js";
+
+export function Footer(): JSXElement {
+  return (
+    <footer class="footer footer-center bottom-0 rounded bg-base-200 p-10 text-base-content">
+      <nav class="grid grid-flow-col gap-4">
+        <a class="link-hover link">About us</a>
+        <a class="link-hover link">Contact</a>
+      </nav>
+      <nav>
+        <div class="grid grid-flow-col gap-4">
+          <a>
+            <svg
+              xmlns="http://www.w3.org/2000/svg"
+              width="24"
+              height="24"
+              viewBox="0 0 24 24"
+              class="fill-current"
+            >
+              <path d="M24 4.557c-.883.392-1.832.656-2.828.775 1.017-.609 1.798-1.574 2.165-2.724-.951.564-2.005.974-3.127 1.195-.897-.957-2.178-1.555-3.594-1.555-3.179 0-5.515 2.966-4.797 6.045-4.091-.205-7.719-2.165-10.148-5.144-1.29 2.213-.669 5.108 1.523 6.574-.806-.026-1.566-.247-2.229-.616-.054 2.281 1.581 4.415 3.949 4.89-.693.188-1.452.232-2.224.084.626 1.956 2.444 3.379 4.6 3.419-2.07 1.623-4.678 2.348-7.29 2.04 2.179 1.397 4.768 2.212 7.548 2.212 9.142 0 14.307-7.721 13.995-14.646.962-.695 1.797-1.562 2.457-2.549z"></path>
+            </svg>
+          </a>
+          <a>
+            <svg
+              xmlns="http://www.w3.org/2000/svg"
+              width="24"
+              height="24"
+              viewBox="0 0 24 24"
+              class="fill-current"
+            >
+              <path d="M19.615 3.184c-3.604-.246-11.631-.245-15.23 0-3.897.266-4.356 2.62-4.385 8.816.029 6.185.484 8.549 4.385 8.816 3.6.245 11.626.246 15.23 0 3.897-.266 4.356-2.62 4.385-8.816-.029-6.185-.484-8.549-4.385-8.816zm-10.615 12.816v-8l8 3.993-8 4.007z"></path>
+            </svg>
+          </a>
+          <a>
+            <svg
+              xmlns="http://www.w3.org/2000/svg"
+              width="24"
+              height="24"
+              viewBox="0 0 24 24"
+              class="fill-current"
+            >
+              <path d="M9 8h-3v4h3v12h5v-12h3.642l.358-4h-4v-1.667c0-.955.192-1.333 1.115-1.333h2.885v-5h-3.808c-3.596 0-5.192 1.583-5.192 4.615v3.385z"></path>
+            </svg>
+          </a>
+        </div>
+      </nav>
+      <aside>
+        <p>
+          Copyright © {new Date().getFullYear()} - All right reserved by Swarm
+          Industries Ltd
+        </p>
+      </aside>
+    </footer>
+  );
+}

client-solid/src/Posts.tsx

@@ -15,9 +15,9 @@ export function Posts(): JSXElement {
 
   return (
     <Show when={!loading()} fallback={loadSpinner()}>
-      <For each={posts()}>
+      {/* <For each={posts()}>
         {(post): JSXElement => <PostSegment post={post} />}
-      </For>
+      </For> */}
     </Show>
   );
 }

client-solid/src/Root.tsx

@@ -4,6 +4,7 @@ import { GlobalStateProvider } from "./GlobalState";
 import { LoginModal } from "./LoginModal";
 import { Navbar } from "./Navbar";
 import { Primary } from "./Primary";
+import { Footer } from "./Footer";
 
 function Root(): JSXElement {
   return (
@@ -13,9 +14,10 @@ function Root(): JSXElement {
         <div class="flex flex-col items-center">
           <Navbar />
           <LoginModal />
-          <div class="flex w-full flex-col items-center space-y-2 px-2 md:max-w-3xl">
+          <div class="flex w-full min-h-[65vh] flex-col items-center mb-8 space-y-2 px-2 md:max-w-3xl">
             <Primary />
           </div>
+          <Footer />
         </div>
       </GlobalStateProvider>
     </>
@@ -25,7 +27,7 @@ function Root(): JSXElement {
 function FancyBackground(): JSXElement {
   return (
     <div class="bg-container">
-      <div class="bg-fancy min-h-screen bg-cover bg-center" />
+      <div class="bg-fancy bg-cover bg-center" />
     </div>
   );
 }

server/Cargo.lock

@@ -1851,6 +1851,7 @@ dependencies = [
  "jsonwebtoken",
  "lipsum",
  "log",
+ "rand",
  "serde",
  "serde_json",
  "sled",

server/Cargo.toml

@@ -17,6 +17,7 @@ env_logger = "0.10.0"
 jsonwebtoken = "8.3.0"
 lipsum = "0.9.0"
 log = "0.4.20"
+rand = "0.8.5"
 serde = { version = "1.0.188", features = ["derive"] }
 serde_json = "1.0.107"
 sled = { version = "0.34.7" }

server/src/db.rs

@@ -6,7 +6,7 @@ use argon2::{
 use log::{info, warn};
 use sqlx::PgPool;
 
-// Gets the latest posts from the database, ordered by created_at
+/// Gets the latest posts from the database, ordered by created_at
 pub async fn db_get_latest_posts(pool: &PgPool, limit: i64, offset: i64) -> Vec<Post> {
     sqlx::query_as!(
         Post,
@@ -19,7 +19,7 @@ pub async fn db_get_latest_posts(pool: &PgPool, limit: i64, offset: i64) -> Vec<
     .unwrap()
 }
 
-// Gets the post with id from the database
+/// Gets the post with id from the database
 pub async fn db_get_post(id: i64, pool: &PgPool) -> Option<Post> {
     sqlx::query_as!(Post, "SELECT * FROM posts WHERE id = $1", id)
         .fetch_one(pool)
@@ -27,7 +27,7 @@ pub async fn db_get_post(id: i64, pool: &PgPool) -> Option<Post> {
         .ok()
 }
 
-// Inserts a new post to the database
+/// Inserts a new post to the database
 pub async fn db_new_post(userid: i64, content: &str, pool: &PgPool) -> Option<Post> {
     info!("User with id {} submitted a post", userid);
 
@@ -57,6 +57,7 @@ pub async fn db_new_post(userid: i64, content: &str, pool: &PgPool) -> Option<Po
     Some(post)
 }
 
+/// Checks if the user exists in the database
 pub async fn db_user_exists(username: String, pool: &PgPool) -> bool {
     let exists = sqlx::query!("SELECT username FROM users WHERE username = $1", username)
         .fetch_one(pool)
@@ -67,6 +68,7 @@ pub async fn db_user_exists(username: String, pool: &PgPool) -> bool {
     exists.is_some()
 }
 
+/// Checks if the user exists and if the password is correct
 pub async fn db_user_login(username: String, password: String, pool: &PgPool) -> Option<User> {
     let username = username.clone();
     let user = sqlx::query_as!(User, "SELECT * FROM users WHERE username = $1", username)
@@ -95,6 +97,7 @@ pub async fn db_user_login(username: String, password: String, pool: &PgPool) ->
     }
 }
 
+/// Creates a new user if the username is not already taken
 pub async fn db_new_user(username: String, password: String, pool: &PgPool) -> Option<User> {
     // First check if the user already exists
     match db_user_exists(username.clone(), pool).await {

server/src/main.rs

@@ -8,10 +8,12 @@ mod db;
 mod jwt;
 mod routes;
 mod state;
+mod util;
 
 use routes::{get_posts, login, new_post, post_by_id, register};
 use state::CaptchaState;
 use state::ServerState;
+use util::hex_string;
 
 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
@@ -20,6 +22,15 @@ async fn main() -> std::io::Result<()> {
     let data = ServerState::new().await;
     let capt_db = CaptchaState::new();
 
+    #[cfg(debug_assertions)]
+    {
+        for _ in 0..10 {
+            let s = hex_string(10);
+            info!("Adding captcha key: {}", &s);
+            capt_db.capthca_db.lock().unwrap().insert(s);
+        }
+    }
+
     info!("Spinning up server on http://localhost:8080");
     HttpServer::new(move || {
         App::new()

server/src/routes/users.rs

@@ -5,8 +5,6 @@ use crate::ServerState;
 
 use actix_web::web::Data;
 use actix_web::{post, web::Json, HttpResponse, Responder, Result};
-use argon2::password_hash::rand_core::RngCore;
-use argon2::password_hash::*;
 use biosvg::BiosvgBuilder;
 use log::*;
 use serde::{Deserialize, Serialize};
@@ -18,7 +16,7 @@ pub struct LoginData {
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct LoginResponse {
+pub struct AuthResponse {
     username: String,
     token: String,
 }
@@ -34,10 +32,31 @@ pub struct RegisterData {
 pub async fn register(
     data: Json<RegisterData>,
     state: Data<ServerState>,
+    captcha_state: Data<CaptchaState>,
 ) -> Result<impl Responder> {
-    db_new_user(data.username.clone(), data.password.clone(), &state.pool).await;
+    if !captcha_state
-    info!("User: {} registered", data.username);
+        .capthca_db
-    Ok(HttpResponse::Ok().json("User registered"))
+        .lock()
+        .unwrap()
+        .remove(&data.captcha)
+    {
+        info!("User failed to register, captcha was wrong");
+        return Ok(HttpResponse::BadRequest().json("Error"));
+    }
+
+    match db_new_user(data.username.clone(), data.password.clone(), &state.pool).await {
+        Some(user) => {
+            info!("User: {} registered", &user.username);
+            Ok(HttpResponse::Ok().json(AuthResponse {
+                username: user.username.clone(),
+                token: token_factory(&user.username).unwrap(),
+            }))
+        }
+        None => {
+            info!("User \"{}\" already exists", data.username);
+            return Ok(HttpResponse::BadRequest().json("Error"));
+        }
+    }
 }
 
 #[post("/login")]
@@ -46,7 +65,7 @@ pub async fn login(data: Json<LoginData>, state: Data<ServerState>) -> Result<im
 
     match result {
         Some(_) => {
-            return Ok(HttpResponse::Ok().json(LoginResponse {
+            return Ok(HttpResponse::Ok().json(AuthResponse {
                 username: data.username.clone(),
                 token: token_factory(&data.username).unwrap(),
             }));
@@ -67,35 +86,38 @@ pub struct CaptchaResponse {
 /// Request a captcha from the captcha service
 #[post("/captcha")]
 pub async fn captcha_request(cstate: Data<CaptchaState>) -> Result<impl Responder> {
+    unimplemented!("Captcha is currently disabled");
+    return Ok(HttpResponse::InternalServerError().json("Error"));
+
     // This might block the thread a bit too long
-    let (answer, svg) = get_captcha();
+    // let (answer, svg) = get_captcha();
 
-    let id = rand_core::OsRng.next_u32() as i32;
+    // let id = rand_core::OsRng.next_u32() as i32;
 
-    let cresponse = CaptchaResponse {
+    // let cresponse = CaptchaResponse {
-        captcha_svg: svg.clone(),
+    //     captcha_svg: svg.clone(),
-        captcha_id: id,
+    //     captcha_id: id,
-    };
+    // };
 
     // This is bad in about every way i can think of
     // It might just be better to hit the database every time, and let the database
     // handle rng and maybe set a trigger to delete old captchas
-    match cstate.capthca_db.lock() {
+    // match cstate.capthca_db.lock() {
-        Ok(mut db) => {
+    //     Ok(mut db) => {
-            if (db.len() as i32) > 100 {
+    //         if (db.len() as i32) > 100 {
-                // To prevent the database from growing too large
+    //             // To prevent the database from growing too large
-                // Replace with a proper LRU cache or circular buffer
+    //             // Replace with a proper LRU cache or circular buffer
-                db.remove(&(id % 100)); // This is terrible
+    //             db.remove(&(id % 100)); // This is terrible
-            }
+    //         }
-            db.insert(id, answer.clone()); // We do not care about collisions
+    //         db.insert(id, answer.clone()); // We do not care about collisions
-            return Ok(HttpResponse::Ok().json(cresponse));
+    //         return Ok(HttpResponse::Ok().json(cresponse));
-        }
+    //     }
-        Err(_) => {
+    //     Err(_) => {
-            // This shouldnt happen
+    //         // This shouldnt happen
-            error!("Failed to lock captcha database");
+    //         error!("Failed to lock captcha database");
-            return Ok(HttpResponse::InternalServerError().json("Error"));
+    //         return Ok(HttpResponse::InternalServerError().json("Error"));
-        }
+    //     }
-    }
+    // }
 }
 
 /// Returns a new captcha in the form of a tuple (answer, svg)

server/src/state.rs

@@ -1,4 +1,4 @@
-use std::collections::BTreeMap;
+use std::collections::BTreeSet;
 use std::sync::Arc;
 use std::sync::Mutex;
 
@@ -9,13 +9,14 @@ use sqlx::PgPool;
 
 #[derive(Clone)]
 pub struct CaptchaState {
-    pub capthca_db: Arc<Mutex<BTreeMap<i32, String>>>,
+    // pub capthca_db: Arc<Mutex<BTreeMap<i32, String>>>,
+    pub capthca_db: Arc<Mutex<BTreeSet<String>>>,
 }
 
 impl CaptchaState {
     pub fn new() -> Self {
         Self {
-            capthca_db: Arc::new(Mutex::new(BTreeMap::new())),
+            capthca_db: Arc::new(Mutex::new(BTreeSet::new())),
         }
     }
 }
@@ -62,6 +63,7 @@ impl ServerState {
 #[cfg(debug_assertions)]
 async fn debug_setup(pool: &PgPool) -> Result<(), sqlx::Error> {
     use lipsum::lipsum;
+    use rand::prelude::*;
     use sqlx::query;
 
     use crate::db::db_new_user;
@@ -69,26 +71,29 @@ async fn debug_setup(pool: &PgPool) -> Result<(), sqlx::Error> {
     db_new_user("user".to_string(), "pass".to_string(), pool).await;
 
     // Check if the demo post already exists
-    let posted = query!("SELECT * FROM posts WHERE id = 1",)
+    let no_posts = query!("SELECT * FROM posts WHERE id = 1",)
         .fetch_one(pool)
         .await
-        .ok();
+        .ok()
+        .is_none();
 
     // If the demo user already has a post, don't insert another one
-    if !posted.is_some() {
+    if no_posts {
-        // This requires that the user with id 1 exists in the user table
+        let mut rng = rand::thread_rng();
-        query!("INSERT INTO posts (user_id, content) VALUES (1, 'Hello world! The demo username is user and the password is pass.')",)
-        .execute(pool)
-        .await?;
 
-        for _ in 0..10 {
+        // This requires that the user with id 1 exists in the user table
+        for _ in 0..100 {
             query!(
                 "INSERT INTO posts (user_id, content) VALUES (1, $1)",
-                lipsum(50)
+                lipsum(rng.gen_range(10..100))
             )
             .execute(pool)
             .await?;
         }
+
+        query!("INSERT INTO posts (user_id, content) VALUES (1, 'Hello world! The demo username is user and the password is pass.')",)
+        .execute(pool)
+        .await?;
     }
 
     Ok(())

server/src/util/mod.rs

@@ -0,0 +1,3 @@
+mod util;
+
+pub use util::*;

server/src/util/util.rs

@@ -0,0 +1,19 @@
+use rand::{Rng, RngCore};
+
+// This will do for now
+pub fn hex_string(length: usize) -> String {
+    let mut rng = rand::thread_rng();
+    let mut bytes = vec![0u8; length];
+    rng.fill(&mut bytes[..]);
+    bytes.iter().map(|b| format!("{:X}", b)).collect::<String>()[..length].to_string()
+}
+
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_random_hex_string() {
+        let s = hex_string(16);
+        assert_eq!(s.len(), 16);
+    }
+}