From 77c1dec8823743fdd5b1a1090528bb29690fed15 Mon Sep 17 00:00:00 2001
From: Romain Mallard <romaimallard@gmail.com>
Date: Thu, 8 Jan 2026 17:47:20 +0100
Subject: [PATCH] register user small fix

---
 db/1.sqlite-shm           | Bin 32768 -> 32768 bytes
 db/auth_copy_2.sqlite-shm | Bin 0 -> 32768 bytes
 db/auth_copy_2.sqlite-wal | Bin 0 -> 107152 bytes
 src/utils/auth.rs         |  29 ++++++++++++++++++++++++++---
 4 files changed, 26 insertions(+), 3 deletions(-)
 create mode 100644 db/auth_copy_2.sqlite-shm
 create mode 100644 db/auth_copy_2.sqlite-wal

diff --git a/db/1.sqlite-shm b/db/1.sqlite-shm
index 5474019a0bc5da448b77902624c07d6005c1bc3c..dc07540e412ce34b0ec396e1a202ec01e6983e3c 100644
GIT binary patch
delta 180
zcmZo@U}|V!s+V}A%K!t63=9HWft<}O3=Dk!rb~}oYPno7a?w4h(eP!W@<+#wIa7*B
zRSz>8WbS_?02OCq*t)UtG}C4q<_%7p|G3t%F>hknvN@2sl8JLI!+M5|44WCY0=ZwA
KHh&4^(E|W;BRe(#

delta 176
zcmZo@U}|V!s+V}A%K!t63=9Grft<}O3=9V(e1ApE`K@-v$VK<0M#GmP$xr7__SIRC
zsvc%G$lU)(04mPJuyJGKX{OCF%nO_*7cdKK{^MH5wmFHphKY48!+M5|n-iITGHw16
H$fE}UEuB4C

diff --git a/db/auth_copy_2.sqlite-shm b/db/auth_copy_2.sqlite-shm
new file mode 100644
index 0000000000000000000000000000000000000000..e184ba970a793bd41d03cb3ab33a5c703a8706f4
GIT binary patch
literal 32768
zcmeI*J4!@B5CzckH#*~Q{6F1;iQrNc7vTzY6=Ep322&#w4a`hjfNsK2tA|l!z`#hb
z&V{0zrg*$Q3#jg1_oJnsH5D=3%XK~Lq<8!Dc5!v{{BU$|d4G8Ka(X^EJAS<Ge%YU&
z8l`>r{aePzU(0mvX0m3p=CXQO^W$2~b$Mdn{&#8Oto48P{<LO`5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkL{&joVcix4O(&?XKEftmts)|L>cDbS|O34xjdZN8!qs439PxuSzu
z9Zfl{Dd5%w2oR_z(56TW0RjXF)Dl?8w*iK+5nHhnyS1+Fw&ev@$_oIfE6~rkV%B0a
nwxf&o5{(cbK!5-N0t5&UAV7cs0RjXF5FkK+009C7{;$9Xu@Nhp

literal 0
HcmV?d00001

diff --git a/db/auth_copy_2.sqlite-wal b/db/auth_copy_2.sqlite-wal
new file mode 100644
index 0000000000000000000000000000000000000000..ba59f848d606c1e6753e866a734a3b8884f62a3e
GIT binary patch
literal 107152
zcmeI*eT>`oc?WRa>3k=hb7o@uVxK*q<xZXL$hO26z0LMgQ4)1}p(s-C%sh{hD2jR^
zB~kC#lH8%ghGA>bZ5XyCD*~(t+CNsT8?bc+x^=6Ybs12kKojhbA}!Kx?S^$2wzcW9
zt{r*yCAqWXQyrwfgC7b0!KQQ~`4R8T`|0~U^gcDeVY>L*ag*s`lW}|b3t8;9Z@B+@
z;mQ}k{Uk5i^hL98U;gkH;-ifhuKmH1zVN`I^K*y(2>A_U<<PT-&Ku8y8wh{^2!H?x
zfB*=900@8p2!Ox?E6|ynHyvANj`c*XhuVd%q$-$Pu@A1IetSzF2)E}#?<#hoeHFFi
zoTD?Q7_BlYbg~mCp(qJQU9#hRM_5ZblU*^~FQjUoI2jJ9bv5Ln{9R90ETfJ@B^09R
zp1-)cmILMkrlqB&o@w5+vd*0Bsx3iQc3E|M*v^#Vy)2oe27`L4(oZ>~71mx;s2G(^
z%eB;K;Ntk8uNsQ9COp;+;%*#|(1oTnaq}IH9}GFQB`a!Qot-x=uQSW~TJc@hnQ9HR
zxX=qt+8!~MiqbWz*IkqB?bJjVxWZ1hr*yGyRpFJ4(8?AHSUp%Dj;k83&_!}k#A@z<
zu@ZcyJ+n!?T-4Xz-({V0!B?OHonW&NE|k%DcAU$JV!)2G-k!6>%AHEsQ>l*ef+Oq*
z#uIDBQq1q`IO>yPHe1B})iGVx*NI^>`tfWwj_IxWg4aI(x$xiq+$Y{x)R!GV{@H~5
z0Qo-hpUA)Ie}x+efB*=900@8p2!H?xfB*=900@A<z7#lMo|&1OGe)!77-whAW~<d~
zwpjGtnKO22YhK{Sryh^I`ajP<b#q?eWfSr><U7bWk?$cd@5>#BjRpY_009sH0T2KI
z5C8!X009sHfd@~(YCblznYfsnGcV1UE#~DJBatv`F(0#Th7qjh6^p(^k6-9G2MnOC
zd4VS{9bF>-c%#0Eysp;~Tr(m6d*~YS81j)rHy%7j*kcd?0T2KI5C8!X009sH0T2Lz
zcPUVvTW4l=3B<qqnu9q}UyWs#)x7)qf@yZ<-B%RM8ard%WoO=f5rO{3-kdYg|1xj9
z%UkmTKb)+b`TED{ufHuX@ZHVC0OSP>Cb)qB2!H?xfB*=900@8p2!H?xfWY1tc&EI;
zf_d3$v=vx1pR{l{+bHNev!MSuyfrWI%-=9S`tV1CA2s?8&LXdwknbX|A^))VcNw-2
z1V8`;KmY_l00ck)1V8`;KmY_DaDn9ovvZ~^R=c8ByWUe9qH?|0YR^BiU_QHj@hR(!
zUTDzQ#I9!a7BJ=o-pmVp@!8toHOHA3U|!$>Kbm0oK>!3m00ck)1V8`;KmY_l00j1%
zz|`{stJ~)V4jMbUl^6JzPk!p^hrWeBXUq#MEYc?A7Y=>)&`&Kr`cUWK^+kH-E8Fj;
zFYOPc4fD#P$+FI5*Bi%nt2in46@mA2g;9P~kNL4+vqP77){fzg)X<rmjGW<iqMW9O
zoW~<XJR^|^bOLBqjHM-Xpv4l+WB?_+LK$_HF1mf?@<jsoViyIs$9vHwy08*f#w&!^
zPpcET*%X}aOD@~FysT8zp=L{FY^dv!>#|K>;2|#CMjqn4EzoW^#k^RG%RQ$X_g=z1
zwsY~d44t@OYswAL77@!0^}H=u(~}^g6D6=q`b+4qnii@;SHATnPoNjDYa8a{Q!Aie
zFIh<mO>x3CwY5|v;jJ~2ti3czH}Wnn-c+K>TAr)tC9SEJ>9Lm4hMkmJkk}%n4qM~)
zq_|fVOs0e6w8z3Y8z$3OGgwJ@C9czO4>@v_4cJ32x|`8lu1bmWb(lJv@TLk}G?Q^V
zLPbK6BNZo$s}oN?lPd3Bg~cn=DtHo6l}=EkPYz<Ec3yLnBZrT*R~vZBJLpQ)zUIcV
z?P}F0`m&TiCJx6%mn#?3q()ckm4-q#yLT0=o@o{8Zjq@6JhVR<@33(k#aq%^Az-gm
z`A%DE_2N{DuXTO7I^B;nCW#RhpOpD=HZ8{54ULI7ol$o0Dp*|8Dn#QBzKzF6s#u7P
zRE=?UL^93Vv#Ni>6aqCS9>N4H)<}tgOm(OY^O;C2AUE6uHX39^Le15Qy{oYB*t7~&
z)E`X@MY2Qr2DrPK=t*jODA`r9(H<xYhC7pdL`@L^7v9M5>SUCzsRSm;@nVs1VR?GY
zNPAad-af4Yn{PW}dCl32_z9N~z&vY_R!Xwxib5?;VrVqfQ)r2=6^qqg${E5+ZKa4)
z&Os&~bWJ8sSt;z{W8uK+v<fjU)^D$&gO&qL=4#zWCxZ#JWS88blwZiwIcLgQm6C&W
zUdeSbLnh2N=-@!E55f&j>o=Q`ad__@3v<V(RY<g%@>;Lu)>?I+yhepPV<Ia{_GmKI
z$f+C1>Y`~zKmFQRc*HWdOOb41%;F9{m+`e3AJ^&!-LZDADcPxpjF!5Ti;u`8oe`6z
zP$8@iCXt#W6wGI_DqmJrk{#yzF75t$;&(d#vV|*>er|T_u_vx=Ag2~h)=iNkyPc2{
zT-ND}*7g5QgNeKp74crP%Ch!K-_1vp1nFfaOkh~<#%p<^LTGYhgvZHZvKkAERG()&
zW92@BY@UwpJR!9)Db9&v#7(Rx&}-}OJ89iK*c`i_p@+zvH^T<J?hHNP877*~rTres
zULY$0LMaw0LKB<gi7y-+73h>F-=%y)6`Qp66SLl^R_}|U;WS5xtY~UWkp(A;UeY)7
z)*1APsn4L(ExF=VU5Q{X-SR0;QH#^XmSitsd8!{IdJ$)j90i5^$RDQKYtazL6X^iM
zYq&oZXWC5PS)`}g%J=T~h&vv~n+ofzbGP0qWVd6tS{-PS8Zl(6cp;5-)3_qWTdbX}
zMfga8lBJ?B9C?PhZmvGe@?*4_A2;i%W>QkT^>9A!2y#SuieIL7yjAG>s(IQCEGv1I
z>``biEY`<VAw<%JVNgG-3-!4$<x5JgoJu9QERoUVNk<v8<9LZ-$ujBoRmT+TqLRLQ
z+Q8GZ*3BP?4#YCM+t0&rAXkbu2)Y&Vhq7x9t*dV`Yxe}1)__4HxWZ(Zg68MT#kMom
zs7Dh1PFkpNRWDzN@G|2jqt$yL)PJuxrU2foBe?LP@~ay5_y>&s0t?71Cgcs|zmb1O
zzO7did=+^Gd49+JIsIvH0|5{K0T2KI5C8!X009sH0T2KI5O|LSjH?Q+tQh0*<N7Md
zW5@LI%A=3!qi1<pA6-X}>f>Waj_9NP@L_#iedH12`KznOc<Pifo;+!cCr%jS_Ujeu
z&)-%@aOA+X`UgV91nLNM8MuJ}2!H?xfB*=900@8p2!H?xfWZC{n7WSO^j+!*{_BI+
zKl}~#%fDjG3s|g|chnJBFGC#x)Db`(0n`yd9Rbu4Kpg?p5kMWmZFK}2$m!`*^JsbG
z5M@4yX?nR;(C^5V!&OSMH%KDHG>hSEWsuTp?qL}(bXs*ShO>dVgLCCYA;-HiT4oTt
z&s7L_OdH>xnuj_9s3X``*a~$7P)7iD1lfI4NAOoqee3(=`OkmCs3Wi-FYT-&cnRtV
z_RmBSY$*tU00@8p2!H?xfB*=900@A<{ueNk|36M0f${v)r;TyyIs&VqwAFX;$+`bi
z=FdBRa|!vhX&y<Mkbgp+L0&|jMnwG|a03Al009sH0T2KI5C8!X009sH0T8&0!1DY&
zGGkpj>zS*mJ+XNmy&jV5s<LvxSiF4JJ*)SO$G1N;H;-7Y$IcQ(wXgQKJ#=z*9<j`<
zoW+c<5@hA(gV^=9-ez9YH{!5$X6gO7`Q~E$`ifa!$;|Tm@mcd*Yr(HK$NKtb=B*a%
z%GtNS&aF+;U*{p?wYKI3@~2AaLig_<H}V4W$g3vg2gvu3|3Ll~`KJC4xPbr&fB*=9
z00@8p2!H?xfB*=900`_Ofdgh_#xrk>?gPe1%o!tYHb!jLY_=L%fo**U!=s<geCD+O
zap*g^kKSh3R1g3G5C8!X009sH0T2KI5C8!XFqx+AJ7~L0-@#w+Q~x;scg$sDUchQO
zcU#{<%el9A9yEPvf52~;SEj!1XtA#dyq_zK@}qjpj|H0@y2P_~3~!`{&fH`KeFvfM
zAoLxCzJt(r5c&>6-@%QCZCg$Dj_i7AdME93`@2-J*=4AKKP+U%(Hs}BQ;bj%a^a+t
zkx~jx2XYNMR~5sJFk7#dJObJB@!2?6AOy;{2QTTpqsbnsUz;BK4({x-2Ym;3ikw<B
zS=X8D#=?=^t^rSQS*I^rmm1w*A}>Wnyw|Mi7cj5%-F!4jkX~lO1cv2qyp|^_geEse
zc$_RItFf?1^?AlKR<!&3UE{j6dAC8|!D36Ym#{q54-&ly^c{r0gZroN;2-|z_x^n0
z_n-ZYQAc1!Uc9~U;EUTj4?ed)<^^CYK>!3m00ck)1V8`;KmY_l00cl_e+o?BchGpI
z&2|rc2e;J`q<<d$3ZMLor=gBue;zNe)gS-@AOHd&00JNY0w4eaAOHdntiaTD1ZVD2
zNAR_$e`&n%yPXANUSM%y`3`ji3(Id+5<nfnNF)NC09qAeX$c)@u|zW&xWBP2>`t+*
zC(sMnwGH#}sjDeaua~T(gr+#*n%Y__lJM3VN!DJPq#JptBY-*rs3U+nf(NdSVB_I4
z(}(8AzOdR99Z@$Ia?(}8!R6`+OtSN}T%;As`@3znlp-)uzes&l?2^fn5KEL>rSil{
zNnEqbrM3MLnuj`q@V1CJ)DhsG9i<g|Wd+m`Y&%GF5vU{JoG3=zJXw7Ly|(_olU9>O
zudHw!+pVx7MCQC1HsEz<=mF0#(R?oL_ek~vSqTtIu}Be`*c?xM;ozu1r#$&C<rAvd
zq^-!2-l$gZi=p8(XXvt`sVzkooG5xp-^^QQ&?lxogHE^PidS_dg1vOhr#M9|PD335
zu88p#YiDZ_K2m@>g8frRaOH*Tzxrq2Ir?d%j$jeFai=<h8*i&5c<zCng@GLh0T2KI
z5C8!X009sH0T2KI5CDOnfWS0$1jcjDoVn*Zf`i6xY+a}D8=w664?lOKwY0QIo2)zX
z0@llxa|_Fm7icHSX?n<cJVL|+d4Z-{rpH=F8+KA^L1K%PI&6*Glj1aUva~vpn@z##
zzT~o<%gahd9cs2@#)j&hYA)OK1s>wEZR8=&+XC%&Q_PE{xZHEPaqlJlLy2?owG5rO
zU~9?^(H0TQ4fVV&Skte?DLPT&ol_Gg(?N1`VtT!?>&)~x8z$3OGgwJ@C9czO4>@v_
z4cJ4F7l6C~<OLuvAgKx_SL}nUsNdew2g2>S(7TFVXkSI`kQca(1o{r%MuL_{4pHWV
zm?mViLBAtc4p%A3-XMt(qen@yl|f3Yxrb%E&}r4R7|sUb4$hSqg&gn7XqiDQe1HF+
z#qX3(+?f|JnPv`~W;VO*J+f<a%EXw(9egh1YcoEs)epL3?Oao`Qw<p{btxAgkx4ou
zCQG40SRG6vHAg6z&tg@+tg0kC%=caQxy{~GB9IqgQjixI1%>>`AEw%C(GbTI=>WrP
zxIYzV+DzYBr1#)=_GW5geRb|uv;)~K+EJ|zv`CE@vQ@m0#=2?93mDlGbp7<Kb@K<J
z1F_87h3?(XBNE|2t`uz$bSvTyW!D^9SIO&bM?FENHDJ&Pt}q#<p!xZ7vF%JX>XC%M
zlNKsm)yo$myv(@CXqE5^Wz<!===PP%7YW>pT@>6N??spB!b(^fuMl4Uj&uyFPYD<$
z1BbWf1>8UVTNfA4%q%Y=ujqXTcjN_LLS95}==bN}yg#RZE!;o=1V8`;KmY_l00ck)
z1V8`;KmY{ZBY}I%3+Nj&zq)FC?Wt47c=Dt%o;YEQb92UMHXGyYtp3bxd4Z=s`_<q1
z*u(hICF^CAWk+7%W?BI90+1JoH<hTemgnkuNrSuqoA9OzTr`t$J3>W5FJr4XSzMiX
z@|jfm{?7T{Ej6)tW!lt)ClOWY1V#GfAU0~}H8(kOKwbdy0+1KD+dMzy1#bIr{K3cz
zm`t<wsXrZuyui+!4dexO1drf4g*!l?zrb6c^S*b9+dJl7ATJOvF)Udo-M;FWVqH|y
zSH6c&<M&@)KzJkk%O}44v7cE)UNTvB<^^u11t2f*9?b#4%Ypz1fB*=900@8p2!H?x
zfB*=9z)k_<Q~i|{V?2Ibe~dhKOdqd2`lvp7mY4O>b@Zt5=vIFLeaS<oPwV47<^>M^
zDfesU*W<sqWI1PA*pU}7dJ8~*0cRNU0+1KzW;B<pQlfkvrVe=lH<oQzt3J_}rTj5*
zI4-(extJz3x>~O^)C*_#Zfe5nnKm_1cZ*Ct;GzA=c!!PSDC7koF93M~lgaG8_2KxD
zT}#IyFK}Cg0`dZo7uco181e#;7kJ0IaL5bXp*Vhh)jVwjgtA_&PxdG@7#8best_XS
z!Y~-HS3-R*O!<<ME2mNkE=y!IdD2nF?DzrA3%vA~^MyZo<|D5!A}^X2cIE|)-U85H
tK%aDh8wh{^2!H?xfB*=900@8p2!H?x{A2{C&kN|=bJ%9n#~&*%@c+7-+}i*E

literal 0
HcmV?d00001

diff --git a/src/utils/auth.rs b/src/utils/auth.rs
index fb934e9..f7c637c 100644
--- a/src/utils/auth.rs
+++ b/src/utils/auth.rs
@@ -136,7 +136,8 @@ fn verify_password(password: &str, stored_hash: &str) -> bool {
 pub struct RegisterValues{
     username: String,
     password: String,
-    hotel_id: i32,
+    #[serde(default)]
+    hotel_ids: Vec<i32>, //-> :Vec!<32>, maybe optionnal ?
     displayname: String,
 }
 
@@ -167,10 +168,32 @@ pub async fn register_user (
         .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB connection error"))?;
 
     conn.execute(
-        "INSERT INTO users (username, password, hotel_id, displayname) VALUES (?1, ?2, ?3, ?4)",
-        params![payload.username, hashed_password, payload.hotel_id, payload.displayname],
+        "INSERT INTO users (username, password, displayname) VALUES (?1, ?2, ?3)",
+        params![payload.username, hashed_password, payload.displayname],
     )
     .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB insert error"))?;
+    
+    let user_id = conn.last_insert_rowid();
+    for hotel_id in payload.hotel_ids {
+        
+        // more logic for security here
+        //FIXME: needs to be the display name in the DB, scheme is currently wrong
+        
+        let hotel_name = conn.execute(
+            "SELECT hotel_name
+            FROM hotels
+            WHERE id = ?1 ",
+            params![hotel_id],
+        ).map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB insert error"))?;
+        
+        conn.execute(
+        "INSERT INTO hotel_user_link (user_id, hotel_id, username, hotel_name) VALUES (?1, ?2, ?3, ?4)",
+            params![user_id, hotel_id, payload.username, hotel_name],
+        )
+        .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB insert error"))?;
+
+    }
+
 
     Ok((StatusCode::CREATED, "User registered successfully"))
 }