From 4335740bfca8b974c2472f72ecda7b516141fe48 Mon Sep 17 00:00:00 2001
From: hrj <harshad.rj@gmail.com>
Date: Mon, 19 Apr 2021 00:23:54 +0530
Subject: [PATCH 1/3] remove O (Capital O) from set of safe alphabets

since it is easily confused with 0 (zero)

Signed-off-by: hrj <harshad.rj@gmail.com>
---
 src/main/java/lc/misc/HelperFunctions.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/lc/misc/HelperFunctions.java b/src/main/java/lc/misc/HelperFunctions.java
index fa12fc8..bda31b8 100644
--- a/src/main/java/lc/misc/HelperFunctions.java
+++ b/src/main/java/lc/misc/HelperFunctions.java
@@ -11,10 +11,10 @@ public class HelperFunctions {
         RenderingHints.KEY_FRACTIONALMETRICS, RenderingHints.VALUE_FRACTIONALMETRICS_ON);
   }
 
-  public static final String safeAlphabets = "ABCDEFGHJKMNOPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
-  public static final String allAlphabets = safeAlphabets + "ILl";
+  public static final String safeAlphabets = "ABCDEFGHJKMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+  public static final String allAlphabets = safeAlphabets + "ILlO";
   public static final String safeNumbers = "23456789";
-  public static final String allNumbers = safeNumbers + "1";
+  public static final String allNumbers = safeNumbers + "10";
   public static final String specialCharacters = "$#%@&?";
   public static final String safeCharacters = safeAlphabets + safeNumbers + specialCharacters;
 

From 7684b68efd584cd74fe7000237821ad5647277e7 Mon Sep 17 00:00:00 2001
From: hrj <harshad.rj@gmail.com>
Date: Mon, 19 Apr 2021 01:01:15 +0530
Subject: [PATCH 2/3] optimisation: faster update of attempted column

Signed-off-by: hrj <harshad.rj@gmail.com>
---
 src/main/scala/lc/core/captcha.scala        | 6 +++---
 src/main/scala/lc/database/statements.scala | 5 +----
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/main/scala/lc/core/captcha.scala b/src/main/scala/lc/core/captcha.scala
index 385c6b1..a1b1760 100644
--- a/src/main/scala/lc/core/captcha.scala
+++ b/src/main/scala/lc/core/captcha.scala
@@ -96,7 +96,7 @@ object Captcha {
       token match {
         case Some(value) => {
           val uuid = getUUID(value)
-          updateAttempted(uuid)
+          updateAttempted(value)
           Right(Id(uuid))
         }
         case None => {
@@ -121,9 +121,9 @@ object Captcha {
     }
   }
 
-  private def updateAttempted(uuid: String): Unit = {
+  private def updateAttempted(token: Int): Unit = {
     val updateAttemptedPstmt = Statements.tlStmts.get.updateAttemptedPstmt
-    updateAttemptedPstmt.setString(1, uuid)
+    updateAttemptedPstmt.setInt(1, token)
     updateAttemptedPstmt.executeUpdate()
   }
 
diff --git a/src/main/scala/lc/database/statements.scala b/src/main/scala/lc/database/statements.scala
index d23d6e2..bffa420 100644
--- a/src/main/scala/lc/database/statements.scala
+++ b/src/main/scala/lc/database/statements.scala
@@ -64,10 +64,7 @@ class Statements(dbConn: DBConn, maxAttempts: Int) {
   val updateAttemptedPstmt: PreparedStatement = dbConn.con.prepareStatement(
     "UPDATE challenge " +
       "SET attempted = attempted+1 " +
-      "WHERE token = (SELECT m.token " +
-      "FROM mapId m, challenge c " +
-      "WHERE m.token=c.token AND " +
-      "m.uuid = ?)"
+      "WHERE token = ?;"
   )
 
   val tokenPstmt: PreparedStatement = dbConn.con.prepareStatement(

From 2885decb56232455226267891a254eae6ba6fcf1 Mon Sep 17 00:00:00 2001
From: hrj <harshad.rj@gmail.com>
Date: Mon, 19 Apr 2021 01:02:10 +0530
Subject: [PATCH 3/3] ensure fresh captchas are served by sorting on attempted

Signed-off-by: hrj <harshad.rj@gmail.com>
---
 src/main/scala/lc/database/statements.scala | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/main/scala/lc/database/statements.scala b/src/main/scala/lc/database/statements.scala
index bffa420..fdbd637 100644
--- a/src/main/scala/lc/database/statements.scala
+++ b/src/main/scala/lc/database/statements.scala
@@ -19,7 +19,10 @@ class Statements(dbConn: DBConn, maxAttempts: Int) {
       "contentInput varchar, " +
       "image blob, " +
       "attempted int default 0, " +
-      "PRIMARY KEY(token))"
+      "PRIMARY KEY(token));" +
+      """
+      CREATE INDEX IF NOT EXISTS attempted ON challenge(attempted);
+      """
   )
   stmt.execute(
     "CREATE TABLE IF NOT EXISTS mapId" +
@@ -69,13 +72,13 @@ class Statements(dbConn: DBConn, maxAttempts: Int) {
 
   val tokenPstmt: PreparedStatement = dbConn.con.prepareStatement(
     s"""
-      SELECT token
+      SELECT token, attempted
         FROM challenge
         WHERE attempted < $maxAttempts AND
         contentLevel = ? AND
         contentType = ? AND
         contentInput = ?
-        ORDER BY RAND() LIMIT 1"""
+        ORDER BY attempted ASC LIMIT 1"""
   )
 
   val deleteAnswerPstmt: PreparedStatement = dbConn.con.prepareStatement(