From 2f420101bf9df99b2283ec67497a69bc19c6a26c Mon Sep 17 00:00:00 2001
From: David Florness <david@florness.com>
Date: Tue, 10 Mar 2020 16:30:44 -0600
Subject: [PATCH] Don't let the same user register more than once

---
 bulletin.rkt | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/bulletin.rkt b/bulletin.rkt
index 7bc42b0..e961168 100644
--- a/bulletin.rkt
+++ b/bulletin.rkt
@@ -73,15 +73,21 @@
                [password (hash-ref params 'password)]
                [input (hash-ref params 'input)])
           (if (auth username password)
-              (let* ([token (crypto-random-bytes 128)]
-                     [token (bytes->hex-string token)])
-                (displayln (format "~a is voting! (~a)" username input))
-                (hash-set! _peers (string->symbol token)
-                           (hasheq 'input input
-                                   'username username))
-                ; send the token that the peer will use for further
-                ; authorization
-                (response/jsexpr token))
+              ; check if username is already present
+              (if (for/or ([(_ peer) _peers])
+                    (equal? username (hash-ref peer 'username)))
+                  (response/jsexpr
+                   "That username is already in use"
+                   #:code 403)
+                  (let* ([token (crypto-random-bytes 128)]
+                         [token (bytes->hex-string token)])
+                    (displayln (format "~a is voting! (~a)" username input))
+                    (hash-set! _peers (string->symbol token)
+                               (hasheq 'input input
+                                       'username username))
+                    ; send the token that the peer will use for further
+                    ; authorization
+                    (response/jsexpr token)))
               (response/jsexpr
                "Bad Login"
                #:code 400)))
-- 
2.38.4