From 7cf0e44b657d2bd18c321f35747b33a4784687fe Mon Sep 17 00:00:00 2001
From: Jef Roosens <roosensjef@gmail.com>
Date: Sun, 12 Jan 2025 08:48:24 +0100
Subject: [PATCH] fix: generate i64 session ids instead of u64

---
 Cargo.lock           | 1 +
 Cargo.toml           | 1 +
 src/db/comment.rs    | 6 +++---
 src/db/event.rs      | 6 +++---
 src/db/plant.rs      | 4 ++--
 src/db/session.rs    | 9 +++++----
 src/db/user.rs       | 2 +-
 src/server/auth.rs   | 2 +-
 src/server/plants.rs | 2 +-
 9 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index fc9db08..e0fee13 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -292,6 +292,7 @@ dependencies = [
  "chrono",
  "r2d2",
  "r2d2_sqlite",
+ "rand",
  "rusqlite",
  "serde",
  "tera",
diff --git a/Cargo.toml b/Cargo.toml
index a4d6dce..5a92953 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -14,6 +14,7 @@ axum-extra = { version = "0.10.0", features = ["cookie"] }
 chrono = { version = "0.4.39", features = ["serde"] }
 r2d2 = "0.8.10"
 r2d2_sqlite = "0.25.0"
+rand = "0.8.5"
 # this dependency is needed soly because the r2d2_sqlite crate doesn't export
 # the 'chrono' feature flag
 rusqlite = { version = "0.32.1", features = ["chrono", "bundled"] }
diff --git a/src/db/comment.rs b/src/db/comment.rs
index f865584..1530922 100644
--- a/src/db/comment.rs
+++ b/src/db/comment.rs
@@ -5,14 +5,14 @@ use super::{DbError, DbPool};
 
 #[derive(Serialize, Deserialize)]
 pub struct Comment {
-    id: i32,
-    plant_id: i32,
+    id: i64,
+    plant_id: i64,
     comment: String,
 }
 
 #[derive(Deserialize)]
 pub struct NewComment {
-    plant_id: i32,
+    plant_id: i64,
     comment: String,
 }
 
diff --git a/src/db/event.rs b/src/db/event.rs
index 59148ec..2c9128a 100644
--- a/src/db/event.rs
+++ b/src/db/event.rs
@@ -64,8 +64,8 @@ impl FromSql for EventType {
 
 #[derive(Serialize)]
 pub struct Event {
-    id: i32,
-    plant_id: i32,
+    id: i64,
+    plant_id: i64,
     event_type: EventType,
     date: NaiveDate,
     description: String,
@@ -85,7 +85,7 @@ impl Event {
 
 #[derive(Deserialize)]
 pub struct NewEvent {
-    plant_id: i32,
+    plant_id: i64,
     event_type: EventType,
     date: NaiveDate,
     description: String,
diff --git a/src/db/plant.rs b/src/db/plant.rs
index faeae78..3b55c1d 100644
--- a/src/db/plant.rs
+++ b/src/db/plant.rs
@@ -5,7 +5,7 @@ use super::{Comment, DbError, DbPool, Event};
 
 #[derive(Serialize)]
 pub struct Plant {
-    id: i32,
+    id: i64,
     name: String,
     species: String,
     description: String,
@@ -37,7 +37,7 @@ impl Plant {
         Ok(plants?)
     }
 
-    pub fn by_id(pool: &DbPool, id: i32) -> Result<Option<Self>, DbError> {
+    pub fn by_id(pool: &DbPool, id: i64) -> Result<Option<Self>, DbError> {
         let conn = pool.get()?;
 
         let mut stmt = conn.prepare("select * from plants where id = $1")?;
diff --git a/src/db/session.rs b/src/db/session.rs
index 90b7020..8b63762 100644
--- a/src/db/session.rs
+++ b/src/db/session.rs
@@ -1,10 +1,11 @@
 use argon2::password_hash::rand_core::{OsRng, RngCore};
+use rand::Rng;
 use rusqlite::Row;
 
 use super::{DbError, DbPool, User};
 
 pub struct Session {
-    pub id: u64,
+    pub id: i64,
     pub user_id: i32,
 }
 
@@ -16,7 +17,7 @@ impl Session {
         })
     }
 
-    pub fn user_from_id(pool: &DbPool, id: u64) -> Result<Option<super::User>, DbError> {
+    pub fn user_from_id(pool: &DbPool, id: i64) -> Result<Option<super::User>, DbError> {
         let conn = pool.get()?;
 
         let mut stmt = conn.prepare("select users.* from sessions inner join users on sessions.user_id = users.id where sessions.id = $1")?;
@@ -27,8 +28,8 @@ impl Session {
         }
     }
 
-    pub fn new_for_user(pool: &DbPool, user_id: i32) -> Result<Self, DbError> {
-        let id: u64 = OsRng.next_u64();
+    pub fn new_for_user(pool: &DbPool, user_id: i64) -> Result<Self, DbError> {
+        let id: i64 = rand::thread_rng().gen();
 
         let conn = pool.get()?;
         let mut stmt =
diff --git a/src/db/user.rs b/src/db/user.rs
index 6369bf7..5b25f90 100644
--- a/src/db/user.rs
+++ b/src/db/user.rs
@@ -9,7 +9,7 @@ use super::{DbError, DbPool};
 
 #[derive(Serialize, Deserialize, Clone)]
 pub struct User {
-    pub id: i32,
+    pub id: i64,
     pub username: String,
     pub password_hash: String,
     pub admin: bool,
diff --git a/src/server/auth.rs b/src/server/auth.rs
index 61a68f9..7870650 100644
--- a/src/server/auth.rs
+++ b/src/server/auth.rs
@@ -22,7 +22,7 @@ pub fn logged_in_user(pool: &DbPool, headers: &HeaderMap) -> Result<Option<User>
 
     if let Some(session_id) = jar
         .get("session_id")
-        .and_then(|c| c.value().parse::<u64>().ok())
+        .and_then(|c| c.value().parse::<i64>().ok())
     {
         Session::user_from_id(pool, session_id)
     } else {
diff --git a/src/server/plants.rs b/src/server/plants.rs
index a0a373d..ef93579 100644
--- a/src/server/plants.rs
+++ b/src/server/plants.rs
@@ -20,7 +20,7 @@ pub fn app() -> axum::Router<crate::Context> {
 async fn get_plant_page(
     State(ctx): State<crate::Context>,
     headers: HeaderMap,
-    Path(plant_id): Path<i32>,
+    Path(plant_id): Path<i64>,
 ) -> super::Result<Html<String>> {
     let res = tokio::task::spawn_blocking(move || {
         let plant = Plant::by_id(&ctx.pool, plant_id)?;