From 4b53c3884f504825497268296b2b55ee30c39b61 Mon Sep 17 00:00:00 2001
From: Anna <git@anna.lgbt>
Date: Thu, 13 Jun 2024 08:47:47 -0400
Subject: [PATCH] fix: keep track of used extra tokens

---
 .../migrations/14_add_code_tracking_table.sql |  4 +++
 .../15_add_code_tracking_primary_key.sql      |  7 +++++
 server/migrations/16_fix_tracking_table.sql   |  7 +++++
 server/src/web/claim.rs                       | 28 +++++++++++++++++++
 4 files changed, 46 insertions(+)
 create mode 100644 server/migrations/14_add_code_tracking_table.sql
 create mode 100644 server/migrations/15_add_code_tracking_primary_key.sql
 create mode 100644 server/migrations/16_fix_tracking_table.sql

diff --git a/server/migrations/14_add_code_tracking_table.sql b/server/migrations/14_add_code_tracking_table.sql
new file mode 100644
index 0000000..b752173
--- /dev/null
+++ b/server/migrations/14_add_code_tracking_table.sql
@@ -0,0 +1,4 @@
+create table used_codes (
+    id text not null references extra_codes (id) on delete cascade,
+    user integer not null references users (id) on delete cascade
+);
diff --git a/server/migrations/15_add_code_tracking_primary_key.sql b/server/migrations/15_add_code_tracking_primary_key.sql
new file mode 100644
index 0000000..e9e0e0b
--- /dev/null
+++ b/server/migrations/15_add_code_tracking_primary_key.sql
@@ -0,0 +1,7 @@
+drop table used_codes;
+create table used_codes (
+    id text not null references extra_codes (id) on delete cascade,
+    user integer not null references users (id) on delete cascade,
+
+    primary key (id, user)
+);
diff --git a/server/migrations/16_fix_tracking_table.sql b/server/migrations/16_fix_tracking_table.sql
new file mode 100644
index 0000000..528a42c
--- /dev/null
+++ b/server/migrations/16_fix_tracking_table.sql
@@ -0,0 +1,7 @@
+drop table used_codes;
+create table used_codes (
+    id text not null references extra_tokens (id) on delete cascade,
+    user integer not null references users (id) on delete cascade,
+
+    primary key (id, user)
+);
diff --git a/server/src/web/claim.rs b/server/src/web/claim.rs
index 4a4a6c9..4df11ba 100644
--- a/server/src/web/claim.rs
+++ b/server/src/web/claim.rs
@@ -42,6 +42,34 @@ async fn logic(state: Arc<State>, id: i64, bytes: Bytes) -> Result<impl Reply, R
         .map_err(AnyhowRejection)
         .map_err(warp::reject::custom)?;
 
+    let count = sqlx::query_scalar!(
+        // language=sqlite
+        "select count(*) as count from used_codes where id = ? and user = ?",
+        code,
+        id,
+    )
+        .fetch_one(&mut *t)
+        .await
+        .context("could not check if code is used")
+        .map_err(AnyhowRejection)
+        .map_err(warp::reject::custom)?;
+
+    if count > 0 {
+        return Err(warp::reject::custom(WebError::InvalidExtraCode));
+    }
+
+    sqlx::query!(
+        // language=sqlite
+        "insert into used_codes (id, user) values (?, ?)",
+        code,
+        id,
+    )
+        .execute(&mut *t)
+        .await
+        .context("could not store used code")
+        .map_err(AnyhowRejection)
+        .map_err(warp::reject::custom)?;
+
     sqlx::query!(
         // language=sqlite
         "delete from extra_tokens where id = ? and uses = 0",