further security improvements

[jarjk]

• only store encrypted solutions, not raw ones (or perhaps hash them with argon2 just like admin_password?)
• print first-time admin-password so that only real admins can set password (a uuid?)

[jarjk]

once tried implementing rate-limiting, although will more than probably never go this way, leaving here for reference...

diff --git a/Cargo.toml b/Cargo.toml
index b0c335e..a9432c6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -12,10 +12,12 @@ dioxus = { version = "0.7.1", features = ["fullstack"] }
 dioxus-primitives = { git = "https://github.com/DioxusLabs/components", version = "0.0.1", default-features = false }
 gloo-timers = { version = "0.3.0", features = ["futures"] }
 tokio = { version = "1.48.0", optional = true }
+tower = { version = "0.5.2", optional = true, features = ["buffer", "limit", "log"] }
+tower-http = { version = "0.6.7", features = ["trace"], optional = true }
 
 [features]
 default = ["web"]
 web = ["dioxus/web"]
 desktop = ["dioxus/desktop"]
 mobile = ["dioxus/mobile"]
-server = ["dioxus/server", "dep:tokio"]
+server = ["dioxus/server", "dep:tokio", "dep:tower", "dep:tower-http"]
diff --git a/src/main.rs b/src/main.rs
index 6be7a88..470b4bd 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -7,9 +7,26 @@ fn main() {
 
     #[cfg(feature = "server")]
     dioxus::serve(|| async move {
+        use dioxus::{prelude::*, server::axum::error_handling::HandleErrorLayer};
+        use std::time::Duration;
+        use tower::{BoxError, ServiceBuilder, buffer::BufferLayer, limit::RateLimitLayer};
+        use tower_http::trace::TraceLayer;
+
         backend::ensure_admin_env_vars();
 
-        let router = dioxus::server::router(app::App);
+        let router = dioxus::server::router(app::App)
+            .layer(
+                ServiceBuilder::new()
+                    .layer(HandleErrorLayer::new(|err: BoxError| async move {
+                        (
+                            StatusCode::INTERNAL_SERVER_ERROR,
+                            format!("Unhandled error: {err}"),
+                        )
+                    }))
+                    .layer(BufferLayer::new(1024))
+                    .layer(RateLimitLayer::new(5, Duration::from_mins(5))),
+            )
+            .layer(TraceLayer::new_for_http());
         Ok(router)
     });