From dde84caa536b9ea56948541668dd74d778df3fee Mon Sep 17 00:00:00 2001
From: JMARyA <jmarya@hydrar.de>
Date: Wed, 8 Jan 2025 20:42:43 +0100
Subject: [PATCH 1/2] update

---
 src/format.rs | 18 +++++++++++++++---
 src/lib.rs    |  1 -
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/format.rs b/src/format.rs
index 56415e0..b44f0a4 100644
--- a/src/format.rs
+++ b/src/format.rs
@@ -36,12 +36,24 @@ pub fn format_date(date: &chrono::NaiveDate) -> String {
 ///
 /// let number = 12345;
 /// let formatted = format_number(number);
-/// assert_eq!(formatted, "12345");
+/// assert_eq!(formatted, "12.345");
 /// ```
 #[must_use]
 pub fn format_number(num: i32) -> String {
-    // TODO : Implement custom formatting
-    num.to_string()
+    let mut str = num.to_string();
+    let mut result = String::new();
+    let mut count = 0;
+
+    str = str.chars().rev().collect();
+
+    for (i, c) in str.chars().enumerate() {
+        if i != 0 && i % 3 == 0 {
+            result.push('.');
+        }
+        result.push(c);
+    }
+
+    result.chars().rev().collect()
 }
 
 /// Converts a number of seconds into a formatted string in `HH:MM:SS` or `MM:SS` format.
diff --git a/src/lib.rs b/src/lib.rs
index ffdcff6..44842e3 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -8,7 +8,6 @@ pub mod page;
 pub mod request;
 pub mod result;
 
-// TODO : API Pagination?
 // TODO : CORS?
 
 // Postgres

From 901af1c43c4e85ff9e3e053fda72b8f1f40a7620 Mon Sep 17 00:00:00 2001
From: JMARyA <jmarya@hydrar.de>
Date: Wed, 8 Jan 2025 20:46:01 +0100
Subject: [PATCH 2/2] update csrf

---
 src/auth/csrf.rs | 12 +++++++++++-
 src/format.rs    |  1 -
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/auth/csrf.rs b/src/auth/csrf.rs
index 74cb84d..d59fa1d 100644
--- a/src/auth/csrf.rs
+++ b/src/auth/csrf.rs
@@ -1,3 +1,5 @@
+use maud::{PreEscaped, html};
+
 use super::User;
 use crate::get_pg;
 use std::str::FromStr;
@@ -5,9 +7,17 @@ use std::str::FromStr;
 pub trait CSRF {
     fn get_csrf(&self) -> impl std::future::Future<Output = uuid::Uuid>;
     fn verify_csrf(&self, csrf: &str) -> impl std::future::Future<Output = bool>;
+    fn update_csrf(&self) -> impl std::future::Future<Output = PreEscaped<String>>;
 }
 
 impl CSRF for User {
+    /// Javascript to update the `value` of an element with id `csrf`.
+    ///
+    /// This is useful for htmx requests to update the CSRF token in place.
+    async fn update_csrf(&self) -> PreEscaped<String> {
+        html! { script { (format!("document.getElementById('csrf').value = '{}';", self.get_csrf().await)) }; }
+    }
+
     /// Get CSRF Token for the current session
     async fn get_csrf(&self) -> uuid::Uuid {
         let res: (uuid::Uuid,) = sqlx::query_as("SELECT csrf FROM user_session WHERE token = $1")
@@ -21,7 +31,7 @@ impl CSRF for User {
 
     /// Verify CSRF and generate a new one
     async fn verify_csrf(&self, csrf: &str) -> bool {
-        if self.get_csrf().await == uuid::Uuid::from_str(csrf).unwrap() {
+        if self.get_csrf().await == uuid::Uuid::from_str(csrf).unwrap_or_default() {
             sqlx::query("UPDATE user_session SET csrf = gen_random_uuid() WHERE token = $1")
                 .bind(&self.session)
                 .execute(get_pg!())
diff --git a/src/format.rs b/src/format.rs
index b44f0a4..7b60d78 100644
--- a/src/format.rs
+++ b/src/format.rs
@@ -42,7 +42,6 @@ pub fn format_date(date: &chrono::NaiveDate) -> String {
 pub fn format_number(num: i32) -> String {
     let mut str = num.to_string();
     let mut result = String::new();
-    let mut count = 0;
 
     str = str.chars().rev().collect();