From d08370f5f8b0179c09d8bd637e176f64e632d39c Mon Sep 17 00:00:00 2001
From: sto <puz.github.sto.happiness841@passmail.net>
Date: Thu, 4 Dec 2025 10:30:44 +0100
Subject: [PATCH] Use contestant IDs instead of tokens for QR codes

https://gitea.puzzle-scoreboard.org/sto/puzzle-scoreboard/issues/6
---
 app/controllers/contestants_controller.rb | 17 ++++++++++++---
 app/controllers/users_controller.rb       |  2 +-
 app/models/contestant.rb                  | 25 ++++++++---------------
 config/routes.rb                          |  6 +++---
 4 files changed, 27 insertions(+), 23 deletions(-)

diff --git a/app/controllers/contestants_controller.rb b/app/controllers/contestants_controller.rb
index 51213fd..80ffefc 100644
--- a/app/controllers/contestants_controller.rb
+++ b/app/controllers/contestants_controller.rb
@@ -122,12 +122,16 @@ class ContestantsController < ApplicationController
   def generate_qrcodes
     authorize @contest
 
+    generate_contestants_qrcodes(@contest)
+
     @contestants = @contest.contestants.sort_by { |contestant| contestant.name }
   end
 
   def generate_qrcodes_pdf
     authorize @contest
 
+    generate_contestants_qrcodes(@contest)
+
     @contestants = @contest.contestants.sort_by { |contestant| contestant.name }
     @nonav = true
 
@@ -139,7 +143,7 @@ class ContestantsController < ApplicationController
   def get_public_completion
     skip_authorization
 
-    @contestant = Contestant.find_by_token_for(:token, params[:token])
+    @contestant = Contestant.find(params[:contestant_id])
     if !@contestant
       not_found and return
     end
@@ -156,7 +160,7 @@ class ContestantsController < ApplicationController
   def post_public_completion
     skip_authorization
 
-    @contestant = Contestant.find_by_token_for(:token, params[:token])
+    @contestant = Contestant.find(params[:contestant_id])
     if !@contestant
       not_found and return
     end
@@ -186,7 +190,7 @@ class ContestantsController < ApplicationController
   def public_completion_updated
     skip_authorization
 
-    @contestant = Contestant.find_by_token_for(:token, params[:token])
+    @contestant = Contestant.find(params[:contestant_id])
     if !@contestant
       not_found and return
     end
@@ -235,4 +239,11 @@ class ContestantsController < ApplicationController
   def completion_params
     params.expect(completion: [ :display_time_from_start, :completed, :missing_pieces, :remaining_pieces, :puzzle_id, :code ])
   end
+
+  def generate_contestants_qrcodes(contest)
+    contest.contestants.where(qrcode: nil).each do |contestant|
+      contestant.generate_qrcode
+      contestant.save
+    end
+  end
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index dbc2a4a..15523c3 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -77,7 +77,7 @@ class UsersController < ApplicationController
     authorize :user
 
     Contestant.all.each do |contestant|
-      contestant.regenerate_qrcode
+      contestant.generate_qrcode
       contestant.save
     end
   end
diff --git a/app/models/contestant.rb b/app/models/contestant.rb
index 77238f1..b126c72 100644
--- a/app/models/contestant.rb
+++ b/app/models/contestant.rb
@@ -28,13 +28,10 @@ class Contestant < ApplicationRecord
   has_and_belongs_to_many :categories
 
   before_validation :initialize_time_seconds_if_empty
-  before_save :generate_qrcode, if: -> { !qrcode.present? }
 
   validates :name, presence: true
   validates :time_seconds, presence: true
 
-  generates_token_for :token
-
   def form_name
     if email.present?
       "#{name} - #{email}"
@@ -43,21 +40,9 @@ class Contestant < ApplicationRecord
     end
   end
 
-  def regenerate_qrcode
-    generate_qrcode
-  end
-
-  private
-
-  def initialize_time_seconds_if_empty
-    if !self.time_seconds
-      self.time_seconds = 0
-    end
-  end
-
   def generate_qrcode
     host = Rails.application.config.action_controller.default_url_options[:host]
-    qrcode = RQRCode::QRCode.new("https://#{host}/public/p/#{self.generate_token_for(:token)}")
+    qrcode = RQRCode::QRCode.new("https://#{host}/public/p/#{self.id}")
     self.qrcode = qrcode.as_svg(
       color: "000",
       shape_rendering: "crispEdges",
@@ -67,4 +52,12 @@ class Contestant < ApplicationRecord
       viewbox: true
     )
   end
+
+  private
+
+  def initialize_time_seconds_if_empty
+    if !self.time_seconds
+      self.time_seconds = 0
+    end
+  end
 end
diff --git a/config/routes.rb b/config/routes.rb
index 2c68ad1..fe112da 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -47,7 +47,7 @@ Rails.application.routes.draw do
   get "public/:id/offline/:token", to: "contests#offline_edit"
   patch "public/:id/offline/:token", to: "contests#offline_update"
   get "public/:id/offline/:token/completed", to: "contests#offline_completed"
-  get "public/p/:token", to: "contestants#get_public_completion"
-  post "public/p/:token", to: "contestants#post_public_completion"
-  get "public/p/:token/updated", to: "contestants#public_completion_updated"
+  get "public/p/:contestant_id", to: "contestants#get_public_completion"
+  post "public/p/:contestant_id", to: "contestants#post_public_completion"
+  get "public/p/:contestant_id/updated", to: "contestants#public_completion_updated"
 end