From 18ff7a17447fd3f5e80e361ebefc2ef96b162368 Mon Sep 17 00:00:00 2001
From: Jack Mechem <mechemjack@gmail.com>
Date: Thu, 21 May 2026 15:28:15 -0700
Subject: [PATCH 1/2] Left over changes

---
 src/auth.rs | 37 +++++++++++++++++++++++--------------
 1 file changed, 23 insertions(+), 14 deletions(-)

diff --git a/src/auth.rs b/src/auth.rs
index 3fb190f..27ec49d 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -244,6 +244,8 @@ pub async fn post_login(
         }
     };
 
+    println!("Authentication: {} credential(s) found for {}", stored.credentials.len(), username);
+
     let (rcr, auth_state) = match state
         .webauthn
         .start_securitykey_authentication(&stored.credentials)
@@ -332,19 +334,11 @@ pub async fn post_register_start(
         return (StatusCode::UNAUTHORIZED, "Invalid credentials").into_response();
     }
 
-    let stored = load_credentials(&username);
-    let user_id = stored.as_ref().map(|s| s.user_id).unwrap_or_else(Uuid::new_v4);
-
-    let exclude: Option<Vec<CredentialID>> = stored.as_ref().map(|s| {
-        s.credentials
-            .iter()
-            .map(|c| c.cred_id().clone())
-            .collect()
-    });
+    let user_id = Uuid::new_v4();
 
     let (ccr, reg_state) = match state
         .webauthn
-        .start_securitykey_registration(user_id, &username, &username, exclude, None, None)
+        .start_securitykey_registration(user_id, &username, &username, None, None, None)
     {
         Ok(r) => r,
         Err(e) => {
@@ -404,12 +398,27 @@ pub async fn post_register_finish(
         }
     };
 
-    let mut stored = load_credentials(&username).unwrap_or(StoredCredentials {
-        user_id,
-        credentials: vec![],
-    });
+    let path = std::path::PathBuf::from(CREDENTIAL_DIR).join(format!("{}.json", username));
+    let mut stored = if path.exists() {
+        match load_credentials(&username) {
+            Some(s) => {
+                println!("Loaded {} existing credential(s) for {}", s.credentials.len(), username);
+                s
+            }
+            None => {
+                println!("ERROR: credential file exists for {} but could not be parsed — refusing to overwrite", username);
+                return (StatusCode::INTERNAL_SERVER_ERROR, "Failed to read existing credentials").into_response();
+            }
+        }
+    } else {
+        StoredCredentials {
+            user_id,
+            credentials: vec![],
+        }
+    };
 
     stored.credentials.push(passkey);
+    println!("Saving {} credential(s) for {}", stored.credentials.len(), username);
 
     if let Err(e) = save_credentials(&username, &stored) {
         println!("Failed to save credentials: {}", e);

From 6012d432c83f3438afabeaef9f91c1f39940d6a4 Mon Sep 17 00:00:00 2001
From: Jack Mechem <mechemjack@gmail.com>
Date: Thu, 21 May 2026 15:45:15 -0700
Subject: [PATCH 2/2] Environment Variables

---
 flake.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/flake.nix b/flake.nix
index c41a731..6820a1f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -142,6 +142,8 @@
                                 Environment = [
                                     "RUST_LOG=info"
                                     "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+                                    "TAPO_USERNAME=mechemjack@gmail.com"
+                                    "TAPO_PASSWORD=Jackkcaj123$"
                                 ];
                                 AmbientCapabilities = [ "CAP_DAC_READ_SEARCH" ];
                                 CapabilityBoundingSet = [ "CAP_DAC_READ_SEARCH" ];