From 0a87f67824f16e4592166c95949fe9bda32cbbce Mon Sep 17 00:00:00 2001
From: AINDUSTRIES <contact.aindustries@gmail.com>
Date: Fri, 27 Sep 2024 18:22:51 +0200
Subject: [PATCH] Check password

---
 src/main.rs | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/main.rs b/src/main.rs
index ec46d27..bc0b46e 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -261,7 +261,6 @@ async fn login(req: Request<Incoming>, db: Arc<Mutex<SqlitePool>>) -> Result<Res
                 Ok(()) => {
                     let date: DateTime<Utc> = DateTime::from(SystemTime::now());
                     let date = date.checked_add_days(Days::new(7)).unwrap();
-                    println!("{}", date.to_rfc2822());
                     Ok(Response::builder().header("Set-Cookie", format!("token={}; Expires={}; Secure; HttpOnly; SameSite=Strict", user.token, date.to_rfc2822())).body(Full::new(Bytes::from("Ok"))).unwrap())
                 },
                 Err(_) => {
@@ -286,6 +285,9 @@ async fn register(req: Request<Incoming>, db: Arc<Mutex<SqlitePool>>) -> Result<
     if !check_username(&data.username) {
         return Ok(Response::builder().status(StatusCode::BAD_REQUEST).body(Full::new(Bytes::from("Bad Request"))).unwrap());
     }
+    if !check_password(&data.password) {
+        return Ok(Response::builder().status(StatusCode::BAD_REQUEST).body(Full::new(Bytes::from("Bad Request"))).unwrap());
+    }
     let pool = db.clone().lock().unwrap().clone();
     let mut conn = pool.acquire().await.unwrap();
     let exists = sqlx::query!(r#"SELECT id FROM users WHERE username=?1"#, data.username).fetch_optional(&mut *conn).await;
@@ -315,6 +317,28 @@ fn check_username(username: &String) -> bool {
     true
 }
 
+fn check_password(password: &String) -> bool {
+    // one symbol, 10 chars min, one capital letter, one number
+    if password.len() < 10 {
+        return false;
+    }
+    let mut up = false;
+    let mut num = false;
+    let mut sym = false;
+    for c in password.chars() {
+        if c.is_uppercase() {
+            up = true;
+        }
+        if c.is_numeric() {
+            num = true;
+        }
+        if !c.is_alphanumeric() {
+            sym = true;
+        }
+    }
+    up && num && sym
+}
+
 async fn not_found() -> Result<Response<Full<Bytes>>, Error> {
     let mut file_path = env::current_dir().expect("Could not get app directory.");
     file_path.push("static/html/404.html");