From c7fc10069aa25a8d9f2cbe23e62223dd805386e4 Mon Sep 17 00:00:00 2001
From: Joe Ardent <code@ardent.nebcorp.com>
Date: Wed, 3 Apr 2024 13:52:23 -0700
Subject: [PATCH] don't hash the slug with the visit key

this makes it easy to see if a single visitor visited multiple pages
---
 migrations/20240317182405_hits.up.sql |  5 +++--
 src/main.rs                           | 12 ++++++++----
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/migrations/20240317182405_hits.up.sql b/migrations/20240317182405_hits.up.sql
index ffb276c..6735166 100644
--- a/migrations/20240317182405_hits.up.sql
+++ b/migrations/20240317182405_hits.up.sql
@@ -1,8 +1,9 @@
 create table if not exists hits (
   id integer primary key,
   page text not null, -- the slug from the page
-  hit_key text not null unique,
-  viewed timestamp not null default CURRENT_TIMESTAMP
+  visit_key text not null unique,
+  viewed timestamp not null default CURRENT_TIMESTAMP,
+  unique(page, visit_key)
 );
 
 create index if not exists hits_page_dex on hits(page);
diff --git a/src/main.rs b/src/main.rs
index 1b7174a..14075c5 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -103,15 +103,19 @@ async fn register_hit(
     // we can't just enumerate all the possible hashes based on IP, page, and
     // time alone.
     let salt = *SESSION_SALT;
-    let key = format!("{now}{host}{slug}{salt}").into_bytes();
+    let key = format!("{now}{host}{salt}").into_bytes();
     let key = hex::encode(shasum(&key));
 
     let tx = db.begin().await;
 
     if let Ok(mut tx) = tx {
-        match sqlx::query!("insert into hits (page, hit_key) values (?, ?)", slug, key,)
-            .execute(&mut *tx)
-            .await
+        match sqlx::query!(
+            "insert into hits (page, visit_key) values (?, ?)",
+            slug,
+            key,
+        )
+        .execute(&mut *tx)
+        .await
         {
             Ok(_) => tx.commit().await.unwrap_or_default(),
             _ => { /* whatevs, fine */ }