More fixes

README.md

@@ -1,27 +1,58 @@
 ### Welcome to QUIZTerm
-## Building and running
+
+This documentation is for building and running quizterm. You do not need to worry about this
+document to be a user.
+
+#### Getting env variables ready
+
+An api-key, and a base16-encoded version of it is needed to communicate with the 
+endpoints. You can use the sha256 command from the "hashalot" bundle or similar.
+```
+sha256 -x
+Enter passphrase: 
+```
+The passphrase test will output
+```
+9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
+```
+
+This is the value provided in "quizterm.env.example". Feel free to use this for "local
+testing", copy the file to "quizterm.env". For non-local testing, pick a better API key...
+
+The provided "init script" that sets up some "dummy examples" needs the non-hashed
+version of the api-key, see the section "Running init script" after "Building and running"
+
+#### Building and running
 
 Docker, or a compatible container manager, like podman, is required to build and run
 quizterm. The alternative is to install Gleam and Erlang/BEAM and run it dockerless.
 Unless you plan to do Gleam development, using Docker will save a lot of hassle.
 
-To compile project and build docker image, write:
+To build and start write 
 ```
-docker build . -t quizterm:1
+docker compose up
 ```
-quizterm can be whatever name you want to give the container, 1 can be 
-changed to whatever you want the version of the container to be.
+You can now access quizterm on http://localhost:1234. If you need a different port, modify 
+docker-compose.yml, the number 1234 before the colon Note that it will always say
+"listening on port 1234", this is the port used inside the docker image.
+
+Stop quizterm with 
 
-Start server on port 4321:
 ```
-docker run -p 4321:1234 quizterm:1
+docker compose down
 ```
 
-Port 1234 is the port used internally in the docker container, while 4321
-is the port exposed outside the container. The latter can be set to whatever
-port you want to use.
+#### Running the init script
 
-Open web browser and access http://localhost:4321
+A provided init script sets up some bits for testing, it creates several "team rooms",
+and generates questions and answers.
+
+If you used the "default" values in quizterm.env, the api-key "test" will work with the
+init script. If not, edit the api-test/init.sh file and set correct api-key (non-hashed).
+
+```
+sh api-test/init.sh
+```
 
 ## The rest of this readme is currently outdated and will be updated shortly
 

api-test/init.sh

@@ -1,5 +1,5 @@
 #!/bin/sh
-export API_KEY="X-api-key: 66db96c6-97c9-419e-ac80-6cf920158844"
+export API_KEY="X-api-key: test"
 export URL=http://localhost:1234
 echo $URL
 

docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   quizterm:
-    image: quizterm
+    image: quizterm2
     build: .
     ports:
       - "1234:1234"

quizterm.env.example

@@ -1,2 +1,2 @@
-SHAED_API_KEY=d6722bd5f433b342bd51901e51c1bfebb9f5da2462be2212ea03b9597c88dbed
+SHAED_API_KEY=9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
 QTERM_SECRET=AVerySecretSentence

server/src/web/router.gleam

@@ -7,6 +7,7 @@ import gleam/http
 import gleam/int
 import gleam/list
 import gleam/otp/actor.{type Started}
+import gleam/string
 import shared/message.{type RoomControl, type StateControl}
 import web/handlers/serve.{html_404}
 import wisp.{type Request, type Response}
@@ -49,14 +50,22 @@ fn handle_api(
 
   case list.key_find(req.headers, "x-api-key") {
     Ok(key) -> {
+      echo "key" <> key
+      echo "enc key "
+        <> string.lowercase(
+          bit_array.base16_encode(crypto.hash(crypto.Sha256, <<key:utf8>>)),
+        )
+      echo "sha" <> sha_api_key
       case
-        bit_array.base16_encode(crypto.hash(crypto.Sha256, <<key:utf8>>))
-        == sha_api_key
+        string.lowercase(
+          bit_array.base16_encode(crypto.hash(crypto.Sha256, <<key:utf8>>)),
+        )
+        == string.lowercase(sha_api_key)
       {
         True ->
           case path {
-            ["api", "room"] -> handle_room(room_handler, req, json)
-            ["api", ..path] -> handle_admin_api(state_handler, req, path, json)
+            ["room"] -> handle_room(room_handler, req, json)
+            [..path] -> handle_admin_api(state_handler, req, path, json)
             _ -> #(404, "bad api path", "Resource not found")
           }
         False -> {
@@ -77,13 +86,6 @@ fn handle_admin_api(
   path: List(String),
   json: dynamic.Dynamic,
 ) {
-  case list.key_find(req.headers, "x-api-key") {
-    Ok(key) -> {
-      case
-        bit_array.base64_encode(crypto.hash(crypto.Sha256, <<key:utf8>>), True)
-        == "1nIr1fQzs0K9UZAeUcG/67n12iRiviIS6gO5WXyI2+0="
-      {
-        True ->
   case req.method, path {
     http.Post, ["info"] -> decode_info(actor, json)
     http.Post, ["questions"] ->
@@ -92,15 +94,6 @@ fn handle_admin_api(
       decode_index_to_text(actor, json, message.SetAnswer)
     _, _ -> #(404, "bad api path", "Resource not found")
   }
-        False -> {
-          #(401, "invalid api key", "unauthorized")
-        }
-      }
-    }
-    Error(_) -> {
-      #(401, "missing api key", "unauthorized")
-    }
-  }
 }
 
 fn fetch_rooms(