philipp/aef-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: philipp:de01d2507f6d73660e429f20399a353dc5a7bf55
Branches Tags
philipp:main
...
compare: philipp:ce3084f5ff2dd4f2ef197b34592dd5268248ec67
Branches Tags
philipp:main

12 Commits
de01d2507f ... ce3084f5ff

Author SHA1 Message Date
Philipp Hofer
ce3084f5ff try better hyphenation 2025-08-23 18:28:01 +02:00
Philipp Hofer
ca0f9fbd68 more hyphens 2025-08-23 17:29:18 +02:00
Philipp Hofer
2ffed940c0 add /cam page 2025-08-23 17:22:26 +02:00
Philipp Hofer
52efb51a3c only count those who have found at least 1 cam as participant 2025-08-22 08:51:37 +02:00
Philipp Hofer
7cd5107c8a update to new syntax 2025-08-21 15:02:26 +02:00
Philipp Hofer
aab0e0b780 add camera edit and add functionality 2025-08-21 14:58:00 +02:00
Philipp Hofer
a0eddece86 add function to be able to delete names 2025-08-21 12:31:31 +02:00
Philipp Hofer
c74500adfd add missing language 2025-08-21 09:12:43 +02:00
Philipp Hofer
c8d5868c60 incorporate feedback from MS 2025-08-21 08:45:21 +02:00
Philipp Hofer
f7647829bd create a delete-my-data button 2025-08-20 21:04:55 +02:00
Philipp Hofer
ea65f51704 make cookie auto-expire at the end of the festival 2025-08-20 20:56:06 +02:00
Philipp Hofer
965ba4c80b include feedback from MS 2025-08-20 20:48:03 +02:00
16 changed files with 998 additions and 66 deletions
Expand all files Collapse all files

1
Cargo.lock generated
View File

@@ -2671,6 +2671,7 @@ dependencies = [
"axum-extra",
"chrono",
"maud",
"rand",
"rust-i18n",
"serde",
"sqlx",

1
Cargo.toml
View File

@@ -8,6 +8,7 @@ axum = "0.8"
axum-extra = { version = "0.10", features = ["cookie-private", "cookie"] }
chrono = { version = "0.4", features = ["serde"] }
maud = { version = "0.27", features = ["axum"] }
rand = "0.8"
rust-i18n = "3.1"
serde = { version = "1", features = ["derive"] }
sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "sqlite", "macros", "chrono"] }

74
locales/de.yml
View File

@@ -29,7 +29,7 @@ location_linz: "Wo: überall in Linz"
game_title: "Wer findet die meisten Kameras?"
game_explanation_todo: "Willkommen zu unserem Überwachungsbewusstseinsspiel! Als Teil unserer Digital Shadows Ausstellung beim Ars Electronica Festival haben wir QR-Codes bei Überwachungskameras in ganz Linz platziert. Deine Mission: Entdecke die Kameras, scanne unsere Codes und finde heraus, wie allgegenwärtig öffentliche Überwachung wirklich ist. Wir sind aber nur Menschen wir haben nur einen kleinen Teil aller Kameras erfasst, die unsere Stadt beobachten. Wer beobachtet wen in unseren öffentlichen Räumen? Die Jagd beginnt jetzt! 🕵️"
save_button: "Speichern"
amount_participants: "Aktuell gibt es insgesamt %{amount} Teilnehmer."
amount_participants: "Aktuell gibt es insgesamt %{amount} Teilnehmer (die mindestens 1 Kamera gefunden haben)."
cameras_found: "Du hast %{found}/%{total} Kameras gefunden:"
highscore_title: "Bestenliste"
not_found_title: "ups"
@@ -56,37 +56,85 @@ impressum: "Impressum"
# Privacy Policy
privacy_policy: "Datenschutz"
privacy_policy_title: "Datenschutzerklärung"
privacy_policy_title: "Daten<wbr/>schutz<wbr/>erklärung"
data_controller: "Datenverantwortlicher"
see_impressum: "Siehe Impressum"
data_controller_info: "Johannes Kepler Universität Linz<br>Institut für Netzwerke und Sicherheit<br>Science Park 3, 2. Stock<br>Altenberger Straße 69, 4040 Linz, Austria<br>https://www.ins.jku.at/<br>+43 732 2468-4120<br>office@digidow.eu<br>Umsatzsteuer-Identifikationsnummer (UID) der JKU: ATU57515567"
overview: "Überblick"
privacy_overview: "Diese Datenschutzerklärung erklärt, wie Daten auf dieser Website gesammelt und verarbeitet werden. Diese Website ist Teil der <a href='https://www.jku.at/ars-electronica-2025-panic-yes-no/digital-shadows/' target='_blank'>Digital Shadows Ausstellung vom Ars Electronica Festival 2025</a>."
privacy_overview: "Diese Datenschutzerklärung erklärt, wie Daten auf dieser Website gesammelt und verarbeitet werden. Diese Website ist Teil der <a href='https://www.jku.at/ars-electronica-2025-panic-yes-no/digital-shadows/' target='_blank'>Digital Shadows Ausstellung vom Ars Electronica Festival 2025</a> - einem künstlerisch-wissenschaftlichen Projekt, das sich mit der Allgegenwart digitaler Überwachung auseinandersetzt.<br><br>Unser interaktives Spiel lädt Sie ein, die versteckten Überwachungskameras in Linz zu entdecken. Während Sie durch die Stadt wandern und QR-Codes an Kameras scannen, sammeln Sie Punkte und werden Teil einer spielerischen Reflexion über öffentliche Überwachung. Das Spiel macht sichtbar, wie alltäglich und unsichtbar Kameras in unserem urbanen Raum geworden sind. Durch das Sammeln und Vergleichen mit anderen Teilnehmer*innen entsteht ein Bewusstsein für die Dichte des Überwachungsnetzes, in dem wir uns täglich bewegen.<br><br>Da dieses Projekt den bewussten Umgang mit persönlichen Daten thematisiert, legen wir besonderen Wert auf Transparenz bezüglich der Datenverarbeitung auf dieser Website."
data_we_collect: "Daten, die wir sammeln"
cookies: "Cookies"
cookies_description: "Wir verwenden nur zwei Cookies auf dieser Website:"
cookie_client_id: "(notwendig): Ein automatisch generierter eindeutiger Identifikator, der benötigt wird, um zu verfolgen, welche Kameras Sie gefunden haben. Dieser Cookie ist für die Spielfunktionalität notwendig."
cookie_client_id: "(notwendig): Ein automatisch generierter, für jede Person eindeutiger Identifikator, der benötigt wird, um zu verfolgen, welche Kameras Sie gefunden haben. Dieser Cookie ist für die Spielfunktionalität notwendig."
cookie_lang: "(optional): Speichert Ihre Spracheinstellung, wenn Sie eine Sprache auswählen. Dieser Cookie wird nur gesetzt, wenn Sie aktiv eine Spracheinstellung wählen."
game_data: "Spieldaten"
game_data_description: "Wenn Sie an unserem Überwachungsbewusstseinsspiel teilnehmen, sammeln wir:"
chosen_name: "Ihren gewählten Namen (optional): Der Anzeigename, den Sie eingeben, um in der Bestenliste angezeigt zu werden"
chosen_name: "Standardmäßig wird ein Name zufällig ausgewählt. Wenn Sie optional einen Namen vergeben wird dieser gespeichert. Hinweis: Der Name wird gemeinsam mit der Anzahl der Kameras die Sie gefunden haben öffentlich in der Bestenliste angezeigt."
game_progress: "Spielfortschritt: Welche Kameras Sie entdeckt haben und wann Sie sie gefunden haben"
random_client_id: "Die zufällig generierte <em>client_id</em> um Ihre Spielsitzungen zu verknüpfen"
random_client_id: "Die zufällig generierte <em>client_id</em> (Cookie, siehe oben) um Ihre Spielsitzungen zu verknüpfen"
purpose_legal_basis: "Zweck und Rechtsgrundlage"
game_functionality: "Spielfunktionalität: Wir verarbeiten Ihre Daten, um das Kamera-Entdeckungsspiel zu betreiben (berechtigtes Interesse nach Art. 6(1)(f) DSGVO)"
language_preference: "Spracheinstellung: Wir speichern Ihre Sprachwahl basierend auf Ihrer Einwilligung (Art. 6(1)(a) DSGVO)"
game_functionality: "Spielfunktionalität: Wir verarbeiten Ihre Daten, um das Kamera-Entdeckungsspiel zu betreiben und die Bestenliste anzuzeigen (Einwilligung nach Art. 6(1)(a) DSGVO)"
language_preference: "Spracheinstellung: Wir speichern Ihre Sprachwahl basierend auf Ihrer Einwilligung (Art. 6(1)(a) DSGVO), damit Sie nur einmal die Sprache einstellen müssen."
statistical_analysis: "Statistische Auswertung: Am Ende des Festivals werden statistische, nicht-personenbezogene Auswertungen über die Nutzung der Website gespeichert."
data_retention: "Datenspeicherung"
data_retention_description: "Ihre Spieldaten werden in unserer Datenbank bis zum Ende der Ars Electronica Festival Ausstellungszeit gespeichert. Die Cookies verfallen nach einem Monat oder wenn Sie Ihre Cookies löschen. Es gibt keine langfristige Speicherung von Daten."
data_retention_description: "Ihre Spieldaten werden in unserer Datenbank bis zum Ende der Ars Electronica Festival Ausstellungszeit gespeichert. Die Cookies verfallen automatisch zum Festivalende oder wenn Sie Ihre Cookies löschen."
data_sharing: "Datenweitergabe"
data_sharing_description: "Wir teilen, verkaufen oder übertragen Ihre Daten nicht an Dritte. Daten werden ausschließlich für den Betrieb des Kamera-Entdeckungsspiels verwendet."
your_rights_gdpr: "Ihre Rechte unter der DSGVO"
rights_description: "Sie haben das Recht auf:"
right_access: "Zugang: Anfrage, welche Daten wir über Sie haben"
right_access: "Auskunft: Anfrage, welche Daten wir über Sie haben"
right_rectification: "Berichtigung: Korrektur ungenauer Daten"
right_erasure: "Löschung: Anfrage zur Löschung Ihrer Daten"
right_restriction: "Einschränkung: Beschränkung der Verarbeitung Ihrer Daten"
right_portability: "Datenübertragbarkeit: Erhalt Ihrer Daten in einem strukturierten Format"
right_object: "Widerspruch: Widerspruch gegen die Verarbeitung auf Basis berechtigter Interessen"
right_withdraw_consent: "Einwilligung zurückziehen: Für den Spracheinstellungs-Cookie"
how_to_exercise_rights: "Wie Sie Ihre Rechte ausüben können"
clear_cookies: "Browser-Cookies löschen, um gespeicherte Identifikatoren zu entfernen"
contact_us: "Kontaktieren Sie uns an unserem Postcity Linz Stand oder <a href='https://digidow.eu/impressum' target='_blank'>per E-Mail</a>"
# Additional privacy policy sections
server_logfiles: "Serverlogfiles"
server_logfiles_description: "Unser Webserver legt ausschließlich anonymisierte Server-Logfiles an, in denen keine IP-Adressen oder sonstigen personenbezogenen Daten gespeichert werden."
data_security: "Datensicherheit"
data_security_description: "Alle Daten, die zwischen Ihrem Browser und unseren Servern übertragen werden, sind per SSL mit aktuellen Verschlüsselungsstandards gesichert und bieten eine hohe Übertragungssicherheit. Unsere Server werden an der JKU Linz betrieben und regelmäßig gewartet."
minors: "Minderjährige"
minors_description: "Diese Website darf nur von Personen ab 14 Jahren genutzt werden. Nutzer unter 14 Jahren benötigen die ausdrückliche Einverständniserklärung ihrer Erziehungsberechtigten."
data_protection_officer: "Datenschutzbeauftrager"
data_protection_officer_contact: "Stabsstelle Datenschutz der Johannes Kepler Universität Linz"
data_protection_officer_contact_full: "Stabsstelle Datenschutz der Johannes Kepler Universität Linz<br>Altenberger Straße 69, 4040 Linz<br>+43 732 2468 3802<br>datenschutz@jku.at"
data_collection_timing: "Wann werden Daten gesammelt"
data_collection_timing_description: "Daten werden gesammelt, wenn die Website besucht wird und QR Codes gescannt werden."
delete_personal_data: "Persönliche Daten löschen"
delete_data_description: "Sie können die vollständige Löschung aller Ihrer auf unseren Servern gespeicherten persönlichen Daten beantragen. Dies umfasst Ihren gewählten Namen, Spielfortschritt und alle Sichtungen. Diese Aktion kann nicht rückgängig gemacht werden."
delete_my_data: "Meine Daten löschen"
delete_confirmation: "Sind Sie sicher, dass Sie alle Ihre persönlichen Daten löschen möchten? Diese Aktion kann nicht rückgängig gemacht werden und Sie verlieren Ihren gesamten Spielfortschritt."
data_deletion_success_title: "Daten erfolgreich gelöscht"
data_deletion_success_body: "Alle Ihre persönlichen Daten wurden erfolgreich von unseren Servern entfernt. Ihr Sitzungs-Cookie wurde ebenfalls zerstört."
# Camera demonstration page
cam_title: "Gesichts<wbr/>erkennung"
cam_title2: "@ Ars Electronica Festival 2025"
cam_subtitle: "Bildungsdemonstrationen allgegenwärtiger Überwachungstechnologie"
cam_description: "Erleben Sie hautnah, wie Gesichtserkennungssysteme Ihre biometrischen Daten in vernetzten Umgebungen verfolgen und verarbeiten."
cam_project_by: "Ein Forschungs- und Sensibilisierungsprojekt vom "
cam_institute: "Institut für Netzwerke und Sicherheit, Johannes Kepler Universität"
cam_mission_quote: "Das Ziel dieses Projekts ist es, die Öffentlichkeit über allgegenwärtige Gesichtserkennungstechnologien und deren Auswirkungen auf die Privatsphäre zu informieren, indem Festivalbesucher*innen persönlich erfahren können, wie solche Systeme funktionieren und welche Daten verarbeitet werden."
cam_mission_attribution: "Projekt Mission Statement"
cam_project_description: "Dieses zeitlich begrenzte Forschungs- und Sensibilisierungsprojekt konzentriert sich auf die Verarbeitung biometrischer Daten zu Forschungs-, Bewusstseins- und künstlerischen Zwecken und hilft Besucher*innen, die allgegenwärtige Natur der Gesichtserkennung in unserem täglichen Leben zu verstehen."
cam_how_it_works: "Wie es funktioniert"
cam_tech_setup_title: "Technische Ausstattung"
cam_tech_setup_p1: "Das System besteht aus einer Hauptkamera und bis zu 10 kleineren Sensorstationen, die an verschiedenen Festivalstandorten positioniert sind. Diese Kameras erfassen Bilder und nutzen Gesichtserkennung, um Besucher*innen zu identifizieren und zu verfolgen, während sie sich zwischen den Stationen bewegen."
cam_tech_setup_p2: "Das System verarbeitet biometrische Merkmale (gespeichert als \"Embeddings\"), Zeitstempel, Standortdaten und optional benutzerzugewiesene Pseudonyme, um zu demonstrieren, wie moderne Überwachungssysteme funktionieren."
cam_tech_setup_footer: "Mehrere Standorte im gesamten Festivalgelände"
cam_data_processing_title: "Daten<wbr/>verarbeitung"
cam_data_processing_p1: "<strong>Wichtig ist, dass die tatsächlichen Bilder nicht gespeichert werden</strong> - nur die extrahierten biometrischen Daten und zugehörigen Metadaten werden verarbeitet und vorübergehend auf einem sicheren Server an der JKU gespeichert."
cam_data_processing_footer: "Sicherer Server am JKU Institut für Netzwerke und Sicherheit"
cam_festival_details: "Festival-Details"
cam_when_where_title: "Wann & Wo"
cam_festival_info: "Ars Electronica Festival 2025"
cam_festival_dates: "3. bis 7. September 2025"
cam_festival_location: "Verschiedene Standorte im gesamten Festivalgelände"
cam_legal_compliance: "Rechtliche Konformität"
cam_legal_description: "Wir haben bei der österreichischen Datenschutzbehörde die Genehmigung für diesen experimentellen Aufbau beantragt und die Genehmigung wurde am 28. Juli 2025 erteilt."
cam_legal_request: "Genehmigter Antrag"
cam_legal_decision: "Behördenbescheid"
cam_legal_request_title: "Genehmigungsantrag ansehen"
cam_legal_decision_title: "Behördenbescheid ansehen"

55
locales/en.yml
View File

@@ -29,7 +29,7 @@ location_linz: "Where: all over Linz"
game_title: "Who finds the most cameras?"
game_explanation_todo: "Welcome to our public surveillance awareness game! As part of our Digital Shadows exhibition at Ars Electronica Festival, we've placed QR codes near surveillance cameras throughout Linz. Your mission: spot the cameras, scan our codes, and discover how pervasive public monitoring really is. We're only human though we've mapped just a small subset of all the cameras watching our city. Who's watching whom in our public spaces? The hunt begins now! 🕵️"
save_button: "Save"
amount_participants: "In total there are %{amount} participants so far."
amount_participants: "In total there are %{amount} participants so far (with at least 1 camera)."
cameras_found: "You have found %{found}/%{total} cameras:"
highscore_title: "Highscore"
not_found_title: "uups"
@@ -58,6 +58,7 @@ impressum: "Impressum"
privacy_policy: "Privacy Policy"
privacy_policy_title: "Privacy Policy"
data_controller: "Data controller"
data_controller_info: "Johannes Kepler Universität Linz<br>Institut für Netzwerke und Sicherheit<br>Science Park 3, 2nd Floor<br>Altenberger Straße 69, 4040 Linz, Austria<br>https://www.ins.jku.at/<br>+43 732 2468-4120<br>office@digidow.eu<br>VAT identification number (UID) of JKU: ATU57515567"
see_impressum: "See the impressum"
overview: "Overview"
privacy_overview: "This privacy policy explains how we collect and process data on this website, which is part of the <a href='https://www.jku.at/ars-electronica-2025-panic-yes-no/digital-shadows/' target='_blank'>Digital Shadows exhibition of the Ars Electronica Festival 2025</a>."
@@ -74,8 +75,9 @@ random_client_id: "The randomly generated <em>client_id</em> to link your game s
purpose_legal_basis: "Purpose and legal basis"
game_functionality: "Game functionality: We process your data to operate the camera discovery game (legitimate interest under Art. 6(1)(f) GDPR)"
language_preference: "Language preference: We store your language choice based on your consent (Art. 6(1)(a) GDPR)"
statistical_analysis: "Statistical analysis: At the end of the festival, statistical, non-personal analyses of website usage will be stored."
data_retention: "Data retention"
data_retention_description: "Your game data is stored in our database until the end of the Ars Electronica Festival exhibition period. The cookies expire after a month or when you clear your cookies. There is no long-term storage of any data."
data_retention_description: "Your game data is stored in our database until the end of the Ars Electronica Festival exhibition period. The cookies expire automatically after the festival or when you clear your cookies. There is no long-term storage of any data."
data_sharing: "Data sharing"
data_sharing_description: "We do not share, sell, or transfer your data to third parties. Data is used exclusively for operating the camera discovery game."
your_rights_gdpr: "Your rights under GDPR"
@@ -85,8 +87,53 @@ right_rectification: "Rectification: Correct inaccurate data"
right_erasure: "Erasure: Request deletion of your data"
right_restriction: "Restriction: Limit how we process your data"
right_portability: "Data portability: Receive your data in a structured format"
right_object: "Object: Object to processing based on legitimate interests"
right_withdraw_consent: "Withdraw consent: For the language preference cookie"
how_to_exercise_rights: "How to exercise your rights"
clear_cookies: "Clear browser cookies to remove stored identifiers"
contact_us: "Contact us at our Postcity Linz booth or <a href='https://digidow.eu/impressum' target='_blank'>via mail</a>"
# Additional privacy policy sections
server_logfiles: "Server logfiles"
server_logfiles_description: "Our web server creates only anonymized server log files, in which no IP addresses or other personal data are stored."
data_security: "Data security"
data_security_description: "All data transmitted between your browser and our servers is secured by SSL with current encryption standards and provides high transmission security. Our servers are operated at JKU Linz and regularly maintained."
minors: "Minors"
minors_description: "This website may only be used by persons aged 14 and over. Users under 14 require the express consent of their parents or guardians."
data_protection_officer: "Data Protection Officer"
data_protection_officer_contact: "Data Protection Office of Johannes Kepler University Linz"
data_protection_officer_contact_full: "Data Protection Office of Johannes Kepler University Linz<br>Altenberger Straße 69, 4040 Linz<br>+43 732 2468 3802<br>datenschutz@jku.at"
data_collection_timing: "When data is collected"
data_collection_timing_description: "Data is collected when the website is visited and QR codes are scanned."
delete_personal_data: "Delete Personal Data"
delete_data_description: "You can request the complete deletion of all your personal data stored on our servers. This includes your chosen name, game progress, and all sightings. This action cannot be undone."
delete_my_data: "Delete My Data"
delete_confirmation: "Are you sure you want to delete all your personal data? This action cannot be undone and you will lose all your game progress."
data_deletion_success_title: "Data Successfully Deleted"
data_deletion_success_body: "All your personal data has been successfully removed from our servers. Your session cookie has also been destroyed."
# Camera demonstration page
cam_title: "Face recognition"
cam_title2: "@ Ars Electronica Festival 2025"
cam_subtitle: "Educational Demonstration of Omnipresent Surveillance Technology"
cam_description: "Experience firsthand how facial recognition systems track and process your biometric data across interconnected environments."
cam_project_by: "A research and sensitization project by the "
cam_institute: "Institute for Networks and Security, Johannes Kepler University"
cam_mission_quote: "The goal of this project is to educate the public about omnipresent facial recognition technologies and their impact on privacy by allowing festival-goers to personally experience how such systems function and what data is processed."
cam_mission_attribution: "Project Mission Statement"
cam_project_description: "This time-limited research and sensitization project focuses on biometric data processing for research, awareness, and artistic purposes, helping visitors understand the pervasive nature of facial recognition in our daily lives."
cam_how_it_works: "How It Works"
cam_tech_setup_title: "Technology Setup"
cam_tech_setup_p1: "The system consists of a main camera and up to 10 smaller sensor-stations positioned at different festival locations. These cameras capture images and use facial recognition to identify and track visitors as they move between stations."
cam_tech_setup_p2: "The system processes biometric features (stored as \"Embeddings\"), timestamps, location data, and optionally, user-assigned pseudonyms to demonstrate how modern surveillance systems function."
cam_data_processing_title: "Data Processing"
cam_data_processing_p1: "<strong>Importantly, the actual images are not stored</strong> - only the extracted biometric data and associated metadata are processed and temporarily stored on a secure server at JKU."
cam_festival_details: "Festival Details"
cam_when_where_title: "When & Where"
cam_festival_info: "Ars Electronica Festival 2025"
cam_festival_dates: "September 3rd to 7th, 2025"
cam_festival_location: "Various locations throughout the festival grounds"
cam_legal_compliance: "Legal Compliance"
cam_legal_description: "We requested approval for this experimental setup from the Austrian Data Protection Authority and the request was approved on July 28, 2025."
cam_legal_request: "Approved Request (Antrag)"
cam_legal_decision: "Authority Decision (Bescheid)"
cam_legal_request_title: "View approval request"
cam_legal_decision_title: "View authority decision"

5
migration.sql
View File

@@ -24,3 +24,8 @@ CREATE TABLE sightings (
-- Create indexes for better performance on foreign key lookups
CREATE INDEX idx_sightings_client_uuid ON sightings(client_uuid);
CREATE INDEX idx_sightings_camera_id ON sightings(camera_id);
CREATE TABLE banned_names (
name TEXT PRIMARY KEY NOT NULL,
banned_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
);

433
src/admin.rs Normal file
View File

@@ -0,0 +1,433 @@
use crate::{language::language, page::Page, AppState};
use axum::{
extract::{Path, Query, State},
http::HeaderMap,
response::{IntoResponse, Redirect, Response},
routing::{get, post},
Form, Router,
};
use axum_extra::extract::{
cookie::{Cookie, Expiration},
CookieJar, PrivateCookieJar,
};
use maud::{html, Markup};
use serde::Deserialize;
use std::collections::HashMap;
use time::OffsetDateTime;
use uuid::Uuid;
#[derive(Deserialize)]
struct LoginForm {
password: String,
}
#[derive(Deserialize)]
struct CameraForm {
uuid: String,
name: String,
desc: Option<String>,
}
#[derive(Deserialize)]
struct DeleteCameraForm {
uuid: String,
}
#[derive(Deserialize)]
struct EditCameraForm {
name: String,
desc: Option<String>,
}
async fn login_page(cookies: CookieJar, headers: HeaderMap) -> Markup {
let lang = language(&cookies, &headers);
rust_i18n::set_locale(lang.to_locale());
Page::new(lang).content(html! {
h1 { "Admin Login" }
form method="POST" action="/admin/login" {
fieldset {
label for="password" { "Password:" }
input
type="password"
name="password"
id="password"
required;
input type="submit" value="Login";
}
}
})
}
async fn login(
State(state): State<AppState>,
private_cookies: PrivateCookieJar,
Form(form): Form<LoginForm>,
) -> Response {
if form.password == state.admin_password {
// Set secure admin session cookie
let expiration_date = OffsetDateTime::now_utc() + time::Duration::days(30);
let mut cookie = Cookie::new("admin_session", "authenticated");
cookie.set_expires(Expiration::DateTime(expiration_date));
cookie.set_http_only(true);
cookie.set_secure(true);
cookie.set_path("/");
let updated_cookies = private_cookies.add(cookie);
(updated_cookies, Redirect::to("/protected")).into_response()
} else {
// Invalid password, redirect back to login
Redirect::to("/admin/login").into_response()
}
}
async fn logout(private_cookies: PrivateCookieJar) -> Response {
// Remove admin session cookie
let expired_cookie = Cookie::build(("admin_session", ""))
.expires(Expiration::DateTime(
OffsetDateTime::now_utc() - time::Duration::days(1),
))
.http_only(true)
.secure(true)
.path("/")
.build();
let updated_cookies = private_cookies.add(expired_cookie);
(updated_cookies, Redirect::to("/")).into_response()
}
async fn protected_page(
private_cookies: PrivateCookieJar,
cookies: CookieJar,
headers: HeaderMap,
) -> Response {
// Check if admin is authenticated
if private_cookies.get("admin_session").is_none() {
return Redirect::to("/admin/login").into_response();
}
let lang = language(&cookies, &headers);
rust_i18n::set_locale(lang.to_locale());
let markup = Page::new(lang).content(html! {
h1 { "Protected Admin Area" }
p { "Welcome to the admin area! This is a protected route." }
p { "Only authenticated administrators can access this page." }
h2 { "Camera Management" }
p { "Manage cameras in the system." }
a href="/admin/cameras/add" { "Add Camera" }
" | "
a href="/admin/cameras" { "Manage Cameras" }
form method="POST" action="/admin/logout" {
input type="submit" value="Logout" class="secondary";
}
});
markup.into_response()
}
async fn add_camera_page(
private_cookies: PrivateCookieJar,
cookies: CookieJar,
headers: HeaderMap,
Query(params): Query<HashMap<String, String>>,
) -> Response {
// Check if admin is authenticated
if private_cookies.get("admin_session").is_none() {
return Redirect::to("/admin/login").into_response();
}
let lang = language(&cookies, &headers);
rust_i18n::set_locale(lang.to_locale());
// Get pre-filled UUID from query params
let prefilled_uuid = params.get("uuid").unwrap_or(&String::new()).clone();
let markup = Page::new(lang).content(html! {
h1 { "Add Camera" }
@if !prefilled_uuid.is_empty() {
p.text-muted { "Auto-detected missing camera with UUID: " strong { (prefilled_uuid) } }
}
form method="POST" action="/admin/cameras/add" {
fieldset {
label for="uuid" { "Camera UUID:" }
input
type="text"
name="uuid"
id="uuid"
placeholder="e.g., 123e4567-e89b-12d3-a456-426614174000"
value=(prefilled_uuid)
required;
label for="name" { "Camera Name:" }
input
type="text"
name="name"
id="name"
placeholder="e.g., Front Entrance Camera"
required;
label for="desc" { "Description (optional):" }
textarea
name="desc"
id="desc"
placeholder="e.g., Camera monitoring the main entrance" {};
input type="submit" value="Add Camera";
}
}
p {
a href="/protected" { "← Back to Admin Dashboard" }
}
});
markup.into_response()
}
async fn manage_cameras_page(
State(state): State<AppState>,
private_cookies: PrivateCookieJar,
cookies: CookieJar,
headers: HeaderMap,
) -> Response {
// Check if admin is authenticated
if private_cookies.get("admin_session").is_none() {
return Redirect::to("/admin/login").into_response();
}
let lang = language(&cookies, &headers);
rust_i18n::set_locale(lang.to_locale());
let cameras = state.backend.get_all_cameras().await;
let markup = Page::new(lang).content(html! {
h1 { "Manage Cameras" }
p { "Total cameras: " strong { (cameras.len()) } }
@if cameras.is_empty() {
p.text-muted { "No cameras found in the system." }
} @else {
table {
thead {
tr {
th { "UUID" }
th { "Name" }
th { "Description" }
th { "Actions" }
}
}
tbody {
@for camera in &cameras {
tr {
td {
code { (camera.uuid) }
}
td { (camera.name) }
td {
@if let Some(desc) = &camera.desc {
(desc)
} @else {
em.text-muted { "No description" }
}
}
td {
a href=(format!("/admin/cameras/{}/edit", camera.uuid)) class="secondary" style="margin-right: 0.5rem;" { "Edit" }
form method="POST" action="/admin/cameras/delete" style="display: inline;" {
input type="hidden" name="uuid" value=(camera.uuid);
input
type="submit"
value="Delete"
class="secondary"
onclick="return confirm('Are you sure you want to delete this camera? This will also remove all associated sightings.')";
}
}
}
}
}
}
}
p {
a href="/admin/cameras/add" { "Add New Camera" }
" | "
a href="/protected" { "← Back to Admin Dashboard" }
}
});
markup.into_response()
}
async fn add_camera(
State(state): State<AppState>,
private_cookies: PrivateCookieJar,
Form(form): Form<CameraForm>,
) -> Response {
// Check if admin is authenticated
if private_cookies.get("admin_session").is_none() {
return Redirect::to("/admin/login").into_response();
}
// Parse UUID
let uuid = match Uuid::parse_str(&form.uuid) {
Ok(uuid) => uuid,
Err(_) => return Redirect::to("/admin/cameras/add?error=invalid_uuid").into_response(),
};
// Check if camera already exists
if state.backend.get_camera(&uuid).await.is_some() {
return Redirect::to("/admin/cameras/add?error=already_exists").into_response();
}
// Create the camera
let desc = if form
.desc
.as_ref()
.map(|s| s.trim().is_empty())
.unwrap_or(true)
{
None
} else {
form.desc.as_deref()
};
match state.backend.create_camera(&uuid, &form.name, desc).await {
Ok(_) => Redirect::to("/admin/cameras?camera_added=1").into_response(),
Err(_) => Redirect::to("/admin/cameras/add?error=creation_failed").into_response(),
}
}
async fn edit_camera_page(
State(state): State<AppState>,
private_cookies: PrivateCookieJar,
cookies: CookieJar,
headers: HeaderMap,
Path(uuid_str): Path<String>,
) -> Response {
// Check if admin is authenticated
if private_cookies.get("admin_session").is_none() {
return Redirect::to("/admin/login").into_response();
}
let lang = language(&cookies, &headers);
rust_i18n::set_locale(lang.to_locale());
// Parse UUID
let uuid = match Uuid::parse_str(&uuid_str) {
Ok(uuid) => uuid,
Err(_) => return Redirect::to("/admin/cameras?error=invalid_uuid").into_response(),
};
// Get camera details
let Some(camera) = state.backend.get_camera(&uuid).await else {
return Redirect::to("/admin/cameras?error=not_found").into_response();
};
let markup = Page::new(lang).content(html! {
h1 { "Edit Camera" }
p.text-muted { "UUID: " code { (camera.uuid) } }
form method="POST" action=(format!("/admin/cameras/{}/edit", camera.uuid)) {
fieldset {
label for="name" { "Camera Name:" }
input
type="text"
name="name"
id="name"
value=(camera.name)
required;
label for="desc" { "Description (optional):" }
textarea
name="desc"
id="desc"
placeholder="e.g., Camera monitoring the main entrance" {
@if let Some(desc) = &camera.desc {
(desc)
}
}
input type="submit" value="Update Camera";
}
}
p {
a href="/admin/cameras" { "← Back to Camera List" }
}
});
markup.into_response()
}
async fn update_camera(
State(state): State<AppState>,
private_cookies: PrivateCookieJar,
Path(uuid_str): Path<String>,
Form(form): Form<EditCameraForm>,
) -> Response {
// Check if admin is authenticated
if private_cookies.get("admin_session").is_none() {
return Redirect::to("/admin/login").into_response();
}
// Parse UUID
let uuid = match Uuid::parse_str(&uuid_str) {
Ok(uuid) => uuid,
Err(_) => return Redirect::to("/admin/cameras?error=invalid_uuid").into_response(),
};
// Process description
let desc = if form
.desc
.as_ref()
.map(|s| s.trim().is_empty())
.unwrap_or(true)
{
None
} else {
form.desc.as_deref()
};
match state.backend.update_camera(&uuid, &form.name, desc).await {
Ok(true) => Redirect::to("/admin/cameras?camera_updated=1").into_response(),
Ok(false) => Redirect::to("/admin/cameras?error=not_found").into_response(),
Err(_) => Redirect::to("/admin/cameras?error=update_failed").into_response(),
}
}
async fn delete_camera(
State(state): State<AppState>,
private_cookies: PrivateCookieJar,
Form(form): Form<DeleteCameraForm>,
) -> Response {
// Check if admin is authenticated
if private_cookies.get("admin_session").is_none() {
return Redirect::to("/admin/login").into_response();
}
// Parse UUID
let uuid = match Uuid::parse_str(&form.uuid) {
Ok(uuid) => uuid,
Err(_) => return Redirect::to("/admin/cameras?error=invalid_uuid").into_response(),
};
match state.backend.delete_camera(&uuid).await {
Ok(true) => Redirect::to("/admin/cameras?camera_deleted=1").into_response(),
Ok(false) => Redirect::to("/admin/cameras?error=not_found").into_response(),
Err(_) => Redirect::to("/admin/cameras?error=deletion_failed").into_response(),
}
}
pub fn routes() -> Router<AppState> {
Router::new()
.route("/admin/login", get(login_page))
.route("/admin/login", post(login))
.route("/admin/logout", post(logout))
.route("/protected", get(protected_page))
.route("/admin/cameras", get(manage_cameras_page))
.route("/admin/cameras/add", get(add_camera_page))
.route("/admin/cameras/add", post(add_camera))
.route("/admin/cameras/{uuid}/edit", get(edit_camera_page))
.route("/admin/cameras/{uuid}/edit", post(update_camera))
.route("/admin/cameras/delete", post(delete_camera))
}

64
src/game.rs
View File

@@ -1,7 +1,7 @@
use crate::{
language::language,
page::{MyMessage, Page},
AppState, Backend, NameUpdateError,
AppState, NameUpdateError,
};
use axum::{
extract::{Path, State},
@@ -13,26 +13,29 @@ use axum::{
use axum_extra::extract::{CookieJar, PrivateCookieJar};
use maud::{html, Markup, PreEscaped};
use serde::Deserialize;
use std::sync::Arc;
use uuid::Uuid;
async fn index(
State(backend): State<Arc<Backend>>,
State(state): State<AppState>,
cookies: PrivateCookieJar,
lang_cookies: CookieJar,
headers: HeaderMap,
) -> Response {
retu(backend, cookies, lang_cookies, headers, None).await
retu(state, cookies, lang_cookies, headers, None).await
}
async fn retu(
backend: Arc<Backend>,
state: AppState,
cookies: PrivateCookieJar,
lang_cookies: CookieJar,
headers: HeaderMap,
message: Option<MyMessage>,
) -> Response {
let backend = &state.backend;
let (cookies, req) = backend.client_full(cookies, &lang_cookies, &headers).await;
// Check if user is admin
let is_admin = cookies.get("admin_session").is_some();
let client = req.client;
rust_i18n::set_locale(&req.lang.to_string());
@@ -99,6 +102,12 @@ async fn retu(
@if rank.client == client { (PreEscaped("<mark id='ranking'>")) }
(rank.client.get_display_name())
@if rank.client == client { (PreEscaped("</mark>")) }
@if is_admin && rank.client.name.is_some() && rank.client.name.as_ref().unwrap() != "***" {
form method="POST" action="/game/ban-name" style="display: inline; margin-left: 0.5rem;" {
input type="hidden" name="name" value=(rank.client.name.as_ref().unwrap());
input type="submit" value="Block" class="secondary" style="font-size: 0.8rem; padding: 0.25rem 0.5rem;";
}
}
}
span.font-headline.font-lg {
(rank.amount)
@@ -118,12 +127,13 @@ async fn retu(
}
async fn game(
State(backend): State<Arc<Backend>>,
State(state): State<AppState>,
cookies: PrivateCookieJar,
lang_cookies: CookieJar,
headers: HeaderMap,
Path(uuid): Path<String>,
) -> Response {
let backend = &state.backend;
let (cookies, req) = backend.client_full(cookies, &lang_cookies, &headers).await;
let client = req.client;
rust_i18n::set_locale(req.lang.to_locale());
@@ -133,6 +143,12 @@ async fn game(
};
let Some(camera) = backend.get_camera(&uuid).await else {
// Check if user is admin
if cookies.get("admin_session").is_some() {
// Redirect to camera add form with pre-filled UUID
return axum::response::Redirect::to(&format!("/admin/cameras/add?uuid={}", uuid))
.into_response();
}
return not_found(lang_cookies, headers).await.into_response();
};
@@ -146,7 +162,7 @@ async fn game(
)
};
retu(backend, cookies, lang_cookies, headers, Some(message)).await
retu(state, cookies, lang_cookies, headers, Some(message)).await
}
async fn not_found(cookies: CookieJar, headers: HeaderMap) -> Markup {
@@ -161,13 +177,19 @@ struct NameForm {
name: String,
}
#[derive(Deserialize)]
struct BanNameForm {
name: String,
}
async fn set_name(
State(backend): State<Arc<Backend>>,
State(state): State<AppState>,
cookies: PrivateCookieJar,
lang_cookies: CookieJar,
headers: HeaderMap,
Form(form): Form<NameForm>,
) -> Response {
let backend = &state.backend;
let (cookies, req) = backend.client_full(cookies, &lang_cookies, &headers).await;
let client = req.client;
rust_i18n::set_locale(req.lang.to_locale());
@@ -191,12 +213,36 @@ async fn set_name(
),
};
retu(backend, cookies, lang_cookies, headers, Some(message)).await
retu(state, cookies, lang_cookies, headers, Some(message)).await
}
async fn ban_name(
State(state): State<AppState>,
private_cookies: PrivateCookieJar,
_lang_cookies: CookieJar,
_headers: HeaderMap,
Form(form): Form<BanNameForm>,
) -> Response {
// Check if user is admin
if private_cookies.get("admin_session").is_none() {
return axum::response::Redirect::to("/game").into_response();
}
let backend = &state.backend;
// Ban the name
let _ = backend.ban_name(&form.name).await;
// Replace existing instances with asterisks
let _ = backend.replace_banned_names_with_asterisks().await;
axum::response::Redirect::to("/game").into_response()
}
pub(super) fn routes() -> Router<AppState> {
Router::new()
.route("/game", get(index))
.route("/game", post(set_name))
.route("/game/ban-name", post(ban_name))
.route("/{*uuid}", get(game))
}

127
src/index.rs
View File

@@ -1,7 +1,11 @@
use crate::{language::language, page::Page};
use axum::http::HeaderMap;
use crate::{
language::language,
page::{MyMessage, Page},
};
use axum::{extract::Query, http::HeaderMap};
use axum_extra::extract::CookieJar;
use maud::{html, Markup, PreEscaped};
use serde::Deserialize;
pub(super) async fn index(cookies: CookieJar, headers: HeaderMap) -> Markup {
let lang = language(&cookies, &headers);
@@ -54,16 +58,97 @@ pub(super) async fn index(cookies: CookieJar, headers: HeaderMap) -> Markup {
})
}
pub(super) async fn data(cookies: CookieJar, headers: HeaderMap) -> Markup {
pub(super) async fn cam(cookies: CookieJar, headers: HeaderMap) -> Markup {
let lang = language(&cookies, &headers);
rust_i18n::set_locale(lang.to_locale());
let page = Page::new(lang);
page.content(html! {
h1 { (t!("privacy_policy_title")) }
hgroup {
h1 { (PreEscaped(t!("cam_title"))) }
p { (t!("cam_title2")) }
}
hgroup {
h2 { (t!("cam_subtitle")) }
p { (t!("cam_description")) }
}
p {
(t!("cam_project_by"))
span.highlight { (t!("cam_institute")) }
}
blockquote {
(t!("cam_mission_quote"))
footer {
cite { (t!("cam_mission_attribution")) }
}
}
p { (t!("cam_project_description")) }
h2 { (t!("cam_how_it_works")) }
div.grid.gap-lg {
article {
header { (t!("cam_tech_setup_title")) }
p { (t!("cam_tech_setup_p1")) }
p { (t!("cam_tech_setup_p2")) }
}
article {
header { (PreEscaped(t!("cam_data_processing_title"))) }
p { (PreEscaped(t!("cam_data_processing_p1"))) }
}
}
h2 { (t!("cam_festival_details")) }
div.info-box {
h3 { (t!("cam_when_where_title")) }
p {
(t!("cam_festival_info")) br;
(t!("cam_festival_dates")) br;
(t!("cam_festival_location"))
}
}
h2 { (t!("cam_legal_compliance")) }
p { (t!("cam_legal_description")) }
div.legal-docs {
a href="/static/dsb-request.pdf" target="_blank" title=(t!("cam_legal_request_title")) { (t!("cam_legal_request")) }
" | "
a href="/static/dsb-accept.pdf" target="_blank" title=(t!("cam_legal_decision_title")) { (t!("cam_legal_decision")) }
}
})
}
#[derive(Deserialize)]
pub(super) struct PrivacyQuery {
deleted: Option<u8>,
}
pub(super) async fn data(
cookies: CookieJar,
headers: HeaderMap,
Query(query): Query<PrivacyQuery>,
) -> Markup {
let lang = language(&cookies, &headers);
rust_i18n::set_locale(lang.to_locale());
let mut page = Page::new(lang);
// Show success message if data was deleted
if query.deleted == Some(1) {
page.set_message(MyMessage::DataDeleted);
}
page.content(html! {
h1 { (PreEscaped(t!("privacy_policy_title"))) }
h2 { (t!("data_controller")) }
p {
a href="https://www.digidow.eu/impressum/" target="_blank" { (t!("see_impressum")) }
(PreEscaped(t!("data_controller_info")))
}
h2 { (t!("overview")) }
p {
@@ -102,6 +187,7 @@ pub(super) async fn data(cookies: CookieJar, headers: HeaderMap) -> Markup {
ul {
li { (t!("game_functionality")) }
li { (t!("language_preference")) }
li { (t!("statistical_analysis")) }
}
h2 { (t!("data_retention")) }
p {
@@ -111,6 +197,26 @@ pub(super) async fn data(cookies: CookieJar, headers: HeaderMap) -> Markup {
p {
(t!("data_sharing_description"))
}
h2 { (t!("server_logfiles")) }
p {
(t!("server_logfiles_description"))
}
h2 { (t!("data_security")) }
p {
(t!("data_security_description"))
}
h2 { (t!("minors")) }
p {
(t!("minors_description"))
}
h2 { (t!("data_protection_officer")) }
p {
(PreEscaped(t!("data_protection_officer_contact_full")))
}
h2 { (t!("data_collection_timing")) }
p {
(t!("data_collection_timing_description"))
}
h2 { (t!("your_rights_gdpr")) }
p {
(t!("rights_description"))
@@ -120,8 +226,6 @@ pub(super) async fn data(cookies: CookieJar, headers: HeaderMap) -> Markup {
li { (t!("right_erasure")) }
li { (t!("right_restriction")) }
li { (t!("right_portability")) }
li { (t!("right_object")) }
li { (t!("right_withdraw_consent")) }
}
}
h3 { (t!("how_to_exercise_rights")) }
@@ -131,5 +235,14 @@ pub(super) async fn data(cookies: CookieJar, headers: HeaderMap) -> Markup {
(PreEscaped(t!("contact_us")))
}
}
h3 { (t!("delete_personal_data")) }
p {
(t!("delete_data_description"))
}
form method="POST" action="/delete-data" onsubmit={"return confirm('" (t!("delete_confirmation")) "');"} {
button type="submit" class="secondary" {
(t!("delete_my_data"))
}
}
})
}

166
src/main.rs
View File

@@ -1,5 +1,10 @@
use crate::model::client::Client;
use axum::{http::HeaderMap, routing::get, Router};
use axum::{
http::HeaderMap,
response::Redirect,
routing::{get, post},
Router,
};
use axum_extra::extract::{
cookie::{Cookie, Expiration, Key},
CookieJar, PrivateCookieJar,
@@ -14,7 +19,7 @@ use std::{
str::FromStr,
sync::{Arc, LazyLock},
};
use time::{Duration, OffsetDateTime};
use time::{Date, Month, OffsetDateTime, Time};
use tower_http::services::ServeDir;
use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt, EnvFilter};
use uuid::Uuid;
@@ -24,6 +29,7 @@ extern crate rust_i18n;
i18n!("locales", fallback = "en");
mod admin;
mod game;
mod index;
pub(crate) mod language;
@@ -156,7 +162,10 @@ impl Backend {
Some(uuid) => (cookies, self.get_client(&uuid).await),
None => {
let new_id = Uuid::new_v4();
let expiration_date = OffsetDateTime::now_utc() + Duration::days(30);
let expiration_date = OffsetDateTime::new_utc(
Date::from_calendar_date(2025, Month::September, 7).unwrap(),
Time::from_hms(20, 0, 0).unwrap(),
);
let mut cookie = Cookie::new("client_id", new_id.to_string());
cookie.set_expires(Expiration::DateTime(expiration_date));
cookie.set_http_only(true);
@@ -187,7 +196,7 @@ impl Backend {
if name.len() < 3 {
return Err(NameUpdateError::TooShort(3, name.len()));
}
if contains_bad_word(name) {
if contains_bad_word(name) || self.is_name_banned(name).await {
return Err(NameUpdateError::ContainsBadWord);
}
@@ -206,12 +215,72 @@ impl Backend {
Ok(())
}
async fn is_name_banned(&self, name: &str) -> bool {
match self {
Backend::Sqlite(db) => {
let result = sqlx::query!("SELECT name FROM banned_names WHERE name = ?", name)
.fetch_optional(db)
.await
.unwrap();
result.is_some()
}
}
}
async fn ban_name(&self, name: &str) -> Result<(), sqlx::Error> {
match self {
Backend::Sqlite(db) => {
sqlx::query!("INSERT OR IGNORE INTO banned_names (name) VALUES (?)", name)
.execute(db)
.await?;
Ok(())
}
}
}
async fn unban_name(&self, name: &str) -> Result<(), sqlx::Error> {
match self {
Backend::Sqlite(db) => {
sqlx::query!("DELETE FROM banned_names WHERE name = ?", name)
.execute(db)
.await?;
Ok(())
}
}
}
async fn get_banned_names(&self) -> Vec<String> {
match self {
Backend::Sqlite(db) => {
let rows = sqlx::query!("SELECT name FROM banned_names ORDER BY banned_at DESC")
.fetch_all(db)
.await
.unwrap();
rows.into_iter().map(|row| row.name).collect()
}
}
}
async fn replace_banned_names_with_asterisks(&self) -> Result<(), sqlx::Error> {
match self {
Backend::Sqlite(db) => {
sqlx::query!(
"UPDATE client SET name = '***' WHERE name IN (SELECT name FROM banned_names)"
)
.execute(db)
.await?;
Ok(())
}
}
}
}
#[derive(Clone)]
pub struct AppState {
pub(crate) backend: Arc<Backend>,
pub key: Key,
pub admin_password: String,
}
impl axum::extract::FromRef<AppState> for Key {
@@ -229,32 +298,101 @@ impl axum::extract::FromRef<AppState> for Arc<Backend> {
#[derive(Serialize, Deserialize)]
struct Config {
key: Vec<u8>,
admin_password: String,
}
impl Config {
fn generate() -> Self {
use rand::{distributions::Alphanumeric, thread_rng, Rng};
let admin_password: String = thread_rng()
.sample_iter(&Alphanumeric)
.take(15)
.map(char::from)
.collect();
Self {
key: Key::generate().master().to_vec(),
admin_password,
}
}
}
fn load_or_create_key() -> Result<Key, Box<dyn std::error::Error>> {
fn load_or_create_config() -> Result<(Key, Config), Box<dyn std::error::Error>> {
let config_path = "config.toml";
// Try to read existing config
if Path::new(config_path).exists() {
let content = fs::read_to_string(config_path)?;
let config: Config = toml::from_str(&content)?;
return Ok(Key::from(&config.key));
// Try to parse as complete config first
if let Ok(config) = toml::from_str::<Config>(&content) {
let key = Key::from(&config.key);
return Ok((key, config));
}
// If that fails, try to parse just the key and generate new admin password
#[derive(Deserialize)]
struct PartialConfig {
key: Vec<u8>,
}
if let Ok(partial_config) = toml::from_str::<PartialConfig>(&content) {
use rand::{distributions::Alphanumeric, thread_rng, Rng};
let admin_password: String = thread_rng()
.sample_iter(&Alphanumeric)
.take(15)
.map(char::from)
.collect();
let config = Config {
key: partial_config.key,
admin_password,
};
// Write the updated config back
let toml_string = toml::to_string(&config)?;
fs::write(config_path, toml_string)?;
let key = Key::from(&config.key);
return Ok((key, config));
}
}
// Create new config if file doesn't exist
// Create new config if file doesn't exist or parsing failed
let config = Config::generate();
let toml_string = toml::to_string(&config)?;
fs::write(config_path, toml_string)?;
let key = Key::from(&config.key);
Ok(Key::from(&config.key))
Ok((key, config))
}
async fn delete_personal_data(
axum::extract::State(state): axum::extract::State<AppState>,
cookies: PrivateCookieJar,
) -> (PrivateCookieJar, Redirect) {
let backend = &state.backend;
// Get the client from cookies
if let Some(client_cookie) = cookies.get("client_id") {
if let Ok(uuid) = Uuid::parse_str(client_cookie.value()) {
// Delete all client data from database
let _ = backend.delete_client_data(&uuid).await;
}
}
// Remove the client_id cookie by setting an expired cookie
let expired_cookie = Cookie::build(("client_id", ""))
.expires(Expiration::DateTime(
OffsetDateTime::now_utc() - time::Duration::days(1),
))
.http_only(true)
.secure(true)
.build();
let updated_cookies = cookies.add(expired_cookie);
// Redirect back to privacy page with success message
(updated_cookies, Redirect::to("/privacy?deleted=1"))
}
#[tokio::main]
@@ -270,17 +408,25 @@ async fn main() {
.await
.unwrap();
let key = load_or_create_key().unwrap();
let (key, config) = load_or_create_config().unwrap();
// Print admin password for convenience
tracing::info!("Admin password: {}", config.admin_password);
let state = AppState {
backend: Arc::new(Backend::Sqlite(db)),
key,
admin_password: config.admin_password,
};
let app = Router::new()
.route("/", get(index::index))
.route("/privacy", get(index::data))
.route("/cam", get(index::cam))
.route("/delete-data", post(delete_personal_data))
.nest_service("/static", ServeDir::new("./static/serve"))
.merge(game::routes())
.merge(admin::routes())
.with_state(state);
// run our app with hyper, listening globally on port 3000

63
src/model/camera.rs
View File

@@ -25,6 +25,69 @@ impl Backend {
}
}
pub(crate) async fn create_camera(&self, uuid: &Uuid, name: &str, desc: Option<&str>) -> Result<(), sqlx::Error> {
let uuid_str = uuid.to_string();
match self {
Backend::Sqlite(db) => {
sqlx::query!(
"INSERT INTO camera (uuid, name, desc) VALUES (?, ?, ?)",
uuid_str,
name,
desc
)
.execute(db)
.await?;
Ok(())
}
}
}
pub(crate) async fn update_camera(&self, uuid: &Uuid, name: &str, desc: Option<&str>) -> Result<bool, sqlx::Error> {
let uuid_str = uuid.to_string();
match self {
Backend::Sqlite(db) => {
let result = sqlx::query!(
"UPDATE camera SET name = ?, desc = ? WHERE uuid = ?",
name,
desc,
uuid_str
)
.execute(db)
.await?;
Ok(result.rows_affected() > 0)
}
}
}
pub(crate) async fn delete_camera(&self, uuid: &Uuid) -> Result<bool, sqlx::Error> {
let uuid_str = uuid.to_string();
match self {
Backend::Sqlite(db) => {
let result = sqlx::query!(
"DELETE FROM camera WHERE uuid = ?",
uuid_str
)
.execute(db)
.await?;
Ok(result.rows_affected() > 0)
}
}
}
pub(crate) async fn get_all_cameras(&self) -> Vec<Camera> {
match self {
Backend::Sqlite(db) => {
sqlx::query_as!(
Camera,
"SELECT uuid, desc, name FROM camera ORDER BY name"
)
.fetch_all(db)
.await
.unwrap_or_default()
}
}
}
pub(crate) async fn amount_total_cameras(&self) -> i64 {
match self {
Backend::Sqlite(db) => {

24
src/model/client.rs
View File

@@ -41,4 +41,28 @@ impl Backend {
}
}
}
pub(crate) async fn delete_client_data(&self, uuid: &Uuid) -> Result<(), sqlx::Error> {
let uuid_str = uuid.to_string();
match self {
Backend::Sqlite(db) => {
// Start a transaction to ensure data consistency
let mut tx = db.begin().await?;
// Delete sightings first (foreign key constraint)
sqlx::query!("DELETE FROM sightings WHERE client_uuid = ?", uuid_str)
.execute(&mut *tx)
.await?;
// Delete client record
sqlx::query!("DELETE FROM client WHERE uuid = ?", uuid_str)
.execute(&mut *tx)
.await?;
tx.commit().await?;
Ok(())
}
}
}
}

17
src/model/highscore.rs
View File

@@ -11,10 +11,11 @@ impl Backend {
pub(crate) async fn amount_participants(&self) -> i64 {
match self {
Backend::Sqlite(db) => {
let row = sqlx::query!("SELECT COUNT(*) as count FROM client")
.fetch_one(db)
.await
.unwrap();
let row =
sqlx::query!("SELECT COUNT(DISTINCT client_uuid) AS count FROM sightings; ")
.fetch_one(db)
.await
.unwrap();
row.count
}
@@ -37,11 +38,9 @@ impl Backend {
)
SELECT rank, name, uuid, amount
FROM ranked_clients
WHERE rank <= (
SELECT rank
FROM ranked_clients
ORDER BY rank
LIMIT 1 OFFSET 9
WHERE rank <= COALESCE(
(SELECT rank FROM ranked_clients ORDER BY rank LIMIT 1 OFFSET 9),
(SELECT MAX(rank) FROM ranked_clients)
)
ORDER BY rank, name"
)

9
src/page.rs
View File

@@ -10,6 +10,7 @@ pub(crate) enum MyMessage {
NameChanged,
FoundCam(String, i64),
Error(String, String, String),
DataDeleted,
}
impl Page {
@@ -97,6 +98,14 @@ impl Page {
}
}
}
MyMessage::DataDeleted => {
div.flex {
article class="succ msg" {
header { (t!("data_deletion_success_title")) }
(t!("data_deletion_success_body"))
}
}
}
}
}
section { (content) }

BIN
static/serve/dsb-accept.pdf Normal file
View File

Binary file not shown.

BIN
static/serve/dsb-request.pdf Normal file
View File

Binary file not shown.

23
static/serve/style.css
View File

@@ -19,6 +19,10 @@
--custom-box-shadow: #015886;
}
body {
hyphens: auto;
}
/** Headline Styles */
h1 {
font-family: 'Rubik Doodle Shadow', sans-serif;
@@ -139,21 +143,14 @@ ul.iterated > li {
border-bottom: 2px solid var(--pico-color);
border-radius: 2% 6% 5% 4% / 1% 1% 2% 4%;
position: relative;
&::before {
content: '';
border-bottom: 1px solid var(--pico-color);
display: block;
width: 100%;
height: 100%;
position: absolute;
top: 50%;
left: 50%;
transform: translate3d(-50%, -50%, 0) scale(1.015) rotate(0.5deg);
border-radius: 1% 1% 2% 4% / 2% 6% 5% 4%;
}
}
ul.iterated > li > * {
position: relative;
z-index: 1; /* Bring content forward */
}
ul.iterated > li.no-border {
border-bottom: 0;
}