Bumer-32
diff --git a/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/PREIWTCMS.kt‎
Lines changed: 12 additions & 19 deletions b/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/PREIWTCMS.kt‎
Lines changed: 12 additions & 19 deletions
diff --git a/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/PermissionsList.kt‎
Lines changed: 0 additions & 27 deletions b/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/PermissionsList.kt‎
Lines changed: 0 additions & 27 deletions
diff --git a/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/doAuth.kt‎
Lines changed: 11 additions & 20 deletions b/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/doAuth.kt‎
Lines changed: 11 additions & 20 deletions
diff --git a/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/requests/Configs.kt‎
Lines changed: 0 additions & 1 deletion b/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/requests/Configs.kt‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/requests/CreateUser.kt‎
Lines changed: 33 additions & 38 deletions b/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/requests/CreateUser.kt‎
Lines changed: 33 additions & 38 deletions
diff --git a/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/requests/DeleteUser.kt‎
Lines changed: 7 additions & 12 deletions b/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/requests/DeleteUser.kt‎
Lines changed: 7 additions & 12 deletions
diff --git a/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/requests/EditPermissions.kt‎
Lines changed: 20 additions & 40 deletions b/‎src/main/kotlin/ua/pp/lumivoid/iwtcms/ktor/api/requests/EditPermissions.kt‎
Lines changed: 20 additions & 40 deletions
@@ -2,22 +2,21 @@ package ua.pp.lumivoid.iwtcms
 
 import kotlinx.coroutines.runBlocking
 import net.fabricmc.loader.api.entrypoint.PreLaunchEntrypoint
-import org.apache.commons.codec.digest.DigestUtils
 import org.jetbrains.exposed.v1.core.StdOutSqlLogger
-import org.jetbrains.exposed.v1.r2dbc.insert
-import org.jetbrains.exposed.v1.r2dbc.selectAll
 import org.jetbrains.exposed.v1.r2dbc.R2dbcDatabase
 import org.jetbrains.exposed.v1.r2dbc.SchemaUtils
+import org.jetbrains.exposed.v1.r2dbc.selectAll
 import org.jetbrains.exposed.v1.r2dbc.transactions.suspendTransaction
 import org.slf4j.LoggerFactory
 import ua.pp.lumivoid.iwtcms.ktor.KtorServer
+import ua.pp.lumivoid.iwtcms.ktor.api.requests.CreateUser
 import ua.pp.lumivoid.iwtcms.ktor.tables.UserPermissionsTable
 import ua.pp.lumivoid.iwtcms.ktor.tables.UsersTable
 import ua.pp.lumivoid.iwtcms.ktor.util.Config
 import ua.pp.lumivoid.iwtcms.ktor.util.ErrorMessages
 import ua.pp.lumivoid.iwtcms.util.CustomLogger
 import java.io.File
-import java.util.TimeZone
+import java.util.*
 import kotlin.system.exitProcess
 
 object PREIWTCMS : PreLaunchEntrypoint {
@@ -57,24 +56,18 @@ object PREIWTCMS : PreLaunchEntrypoint {
             password = config.databasePassword,
         )
 
-        runBlocking { suspendTransaction {
-            if (config.devMode) addLogger(StdOutSqlLogger)
+        runBlocking {
+            suspendTransaction {
+                if (config.devMode) addLogger(StdOutSqlLogger)
 
-            SchemaUtils.create(
-                UsersTable,
-                UserPermissionsTable,
-            )
+                SchemaUtils.create(
+                    UsersTable,
+                    UserPermissionsTable,
+                )
 
-            if (UsersTable.selectAll().empty()) {
-                UsersTable.insert {
-                    it[username] = "admin"
-                    it[passwordHash] = DigestUtils.sha256Hex("iwtcms" + "ySXBvMifqXULEm1uRKP91ctmL6tCwCMi").toString()
-                    it[salt] = "ySXBvMifqXULEm1uRKP91ctmL6tCwCMi"
-                    it[uniqueId] = DigestUtils.sha256Hex("admin+iwtcms").toString()
-                    it[admin] = true
-                }
+                if (UsersTable.selectAll().empty()) CreateUser.create("admin", "iwtcms", true, emptyList())
             }
-        }}
+        }
 
         KtorServer.setup()
     }
 
@@ -1,13 +1,10 @@
 package ua.pp.lumivoid.iwtcms.ktor.api
 
-import io.ktor.http.HttpStatusCode
-import io.ktor.server.response.respond
-import io.ktor.server.routing.RoutingCall
-import io.ktor.server.sessions.get
-import io.ktor.server.sessions.sessions
-import kotlinx.coroutines.flow.first
-import kotlinx.coroutines.flow.firstOrNull
-import org.jetbrains.exposed.v1.core.ResultRow
+import io.ktor.http.*
+import io.ktor.server.response.*
+import io.ktor.server.routing.*
+import io.ktor.server.sessions.*
+import kotlinx.coroutines.flow.singleOrNull
 import org.jetbrains.exposed.v1.core.and
 import org.jetbrains.exposed.v1.core.eq
 import org.jetbrains.exposed.v1.r2dbc.selectAll
@@ -41,10 +38,9 @@ suspend fun doAuth(
     }
 
     val status = suspendTransaction {
-        val user = UsersTable
-            .selectAll()
+        val user = UsersTable.selectAll()
             .where { (UsersTable.username eq session.name) and (UsersTable.uniqueId eq session.id) }
-            .firstOrNull()
+            .singleOrNull()
 
         if (user == null) {
             return@suspendTransaction HttpStatusCode.Unauthorized
@@ -54,16 +50,11 @@ suspend fun doAuth(
             return@suspendTransaction HttpStatusCode.OK
         }
 
-        val permission: ResultRow = try {
-            UserPermissionsTable
-                .selectAll()
-                .where { (UserPermissionsTable.userId eq user[UsersTable.id]) and (UserPermissionsTable.permissionName eq permission) }
-                .first()
-        } catch (_: NoSuchElementException) {
-            return@suspendTransaction HttpStatusCode.Forbidden
-        }
+        val found = UserPermissionsTable.selectAll()
+            .where { (UserPermissionsTable.userId eq user[UsersTable.id]) and (UserPermissionsTable.permissionName eq permission) }
+            .singleOrNull()
 
-        if (permission[UserPermissionsTable.permissionState]) {
+        if (found != null) {
             return@suspendTransaction HttpStatusCode.OK
         } else {
             return@suspendTransaction HttpStatusCode.Forbidden
 
@@ -10,7 +10,6 @@ import io.ktor.server.routing.put
 import kotlinx.serialization.Serializable
 import kotlinx.serialization.decodeFromString
 import ua.pp.lumivoid.iwtcms.Constants
-import ua.pp.lumivoid.iwtcms.ktor.api.PermissionsList
 import ua.pp.lumivoid.iwtcms.ktor.api.doAuth
 import java.io.File
 
 
@@ -5,14 +5,12 @@ import io.ktor.server.request.receive
 import io.ktor.server.response.respond
 import io.ktor.server.routing.Routing
 import io.ktor.server.routing.post
-import kotlinx.coroutines.flow.first
 import kotlinx.serialization.Serializable
 import org.apache.commons.codec.digest.DigestUtils
 import org.jetbrains.exposed.v1.core.eq
 import org.jetbrains.exposed.v1.r2dbc.insert
 import org.jetbrains.exposed.v1.r2dbc.selectAll
 import org.jetbrains.exposed.v1.r2dbc.transactions.suspendTransaction
-import ua.pp.lumivoid.iwtcms.ktor.api.PermissionsList
 import ua.pp.lumivoid.iwtcms.ktor.api.doAuth
 import ua.pp.lumivoid.iwtcms.ktor.tables.UserPermissionsTable
 import ua.pp.lumivoid.iwtcms.ktor.tables.UsersTable
@@ -28,59 +26,56 @@ object CreateUser : Request() {
                 call = call,
                 permission = PermissionsList.Permission.USERS_MANAGE.value,
                 success = {
-                    val success = suspendTransaction  {
-                        var salt = generateSequence { genSalt() }
-                            .first { saltCandidate ->
-                                UsersTable.selectAll().where(UsersTable.salt eq saltCandidate).empty()
-                            }
+                    if (create(payload.username, payload.password, payload.admin, payload.permissions)) call.respond("User created")
+                    else call.respond(HttpStatusCode.Conflict, "User already exists")
+                },
+            )
+        }
+    }
 
-                        runCatching {
-                            UsersTable.insert {
-                                it[UsersTable.username] = payload.username
-                                it[UsersTable.passwordHash] = DigestUtils.sha256Hex(payload.password + salt)
-                                it[UsersTable.salt] = salt
-                                it[UsersTable.uniqueId] = DigestUtils.sha256Hex("${payload.username}+${payload.password}+${salt}")
-                                it[UsersTable.admin] = payload.admin
-                            }
-                        }.onFailure {
-                            return@suspendTransaction false
-                        }
+    suspend fun create(username: String, password: String, admin: Boolean, permissions: List<String>): Boolean {
+        return suspendTransaction  {
+            val salt = generateSequence { genSalt() }.first { saltCandidate ->
+                UsersTable.selectAll().where(UsersTable.salt eq saltCandidate).empty()
+            }
 
-                        payload.permissions.forEach { (key, value) ->
-                            if (key in PermissionsList.getPermissionsList()) {
-                                runCatching {
-                                    val userId = UsersTable.selectAll().where{ UsersTable.username eq payload.username }.first()[UsersTable.id]
-                                    UserPermissionsTable.insert {
-                                        it[UserPermissionsTable.permissionName] = key
-                                        it[UserPermissionsTable.permissionState] = value
-                                        it[UserPermissionsTable.userId] = userId
-                                    }
-                                }
-                            }
-                        }
+            runCatching {
+                val user = UsersTable.insert {
+                    it[UsersTable.username] = username
+                    it[UsersTable.passwordHash] = DigestUtils.sha256Hex(password + salt)
+                    it[UsersTable.salt] = salt
+                    it[UsersTable.uniqueId] = DigestUtils.sha256Hex("${username}+${password}+${salt}")
+                    it[UsersTable.admin] = admin
+                }
 
-                        true
+                if (!admin) {
+                    permissions.forEach { permission ->
+                        UserPermissionsTable.insert {
+                            it[UserPermissionsTable.userId] = user[UsersTable.id]
+                            it[UserPermissionsTable.permissionName] = permission
+                        }
                     }
+                }
+            }.onFailure {
+                return@suspendTransaction false
+            }
 
-                    if (success) call.respond("User created")
-                    else call.respond(HttpStatusCode.Conflict, "User already exists")
-                },
-            )
+            true
         }
     }
 
-    fun genSalt(): String {
+    private fun genSalt(): String {
         val allowedChars = ('A'..'Z') + ('a'..'z') + ('0'..'9')
         return (1..32)
             .map { allowedChars.random() }
             .joinToString("")
     }
 
     @Serializable
-    data class CreateUserPayload(
+    private data class CreateUserPayload(
         val username: String,
         val password: String,
         val admin: Boolean,
-        val permissions: Map<String, Boolean>,
+        val permissions: List<String>
     )
 }
@@ -1,19 +1,16 @@
 package ua.pp.lumivoid.iwtcms.ktor.api.requests
 
-import io.ktor.http.HttpStatusCode
-import io.ktor.server.request.receive
-import io.ktor.server.response.respond
-import io.ktor.server.routing.Routing
-import io.ktor.server.routing.delete
-import kotlinx.coroutines.flow.firstOrNull
+import io.ktor.http.*
+import io.ktor.server.request.*
+import io.ktor.server.response.*
+import io.ktor.server.routing.*
+import kotlinx.coroutines.flow.singleOrNull
 import kotlinx.serialization.Serializable
 import org.jetbrains.exposed.v1.core.eq
 import org.jetbrains.exposed.v1.r2dbc.deleteWhere
 import org.jetbrains.exposed.v1.r2dbc.selectAll
 import org.jetbrains.exposed.v1.r2dbc.transactions.suspendTransaction
-import ua.pp.lumivoid.iwtcms.ktor.api.PermissionsList
 import ua.pp.lumivoid.iwtcms.ktor.api.doAuth
-import ua.pp.lumivoid.iwtcms.ktor.tables.UserPermissionsTable
 import ua.pp.lumivoid.iwtcms.ktor.tables.UsersTable
 
 object DeleteUser : Request() {
@@ -28,15 +25,13 @@ object DeleteUser : Request() {
                 permission = PermissionsList.Permission.USERS_MANAGE.value,
                 success = {
                     val success = suspendTransaction {
-                        val user = UsersTable
-                                            .selectAll()
+                        val user = UsersTable.selectAll()
                                             .where { UsersTable.username eq payload.username }
-                                            .firstOrNull()
+                                            .singleOrNull()
 
                         if (user == null) return@suspendTransaction false
 
                         UsersTable.deleteWhere { UsersTable.username eq payload.username }
-                        UserPermissionsTable.deleteWhere { UserPermissionsTable.userId eq userId }
                         true
                     }
 
 
@@ -1,18 +1,16 @@
 package ua.pp.lumivoid.iwtcms.ktor.api.requests
 
-import io.ktor.http.HttpStatusCode
-import io.ktor.server.request.receive
-import io.ktor.server.response.respond
-import io.ktor.server.routing.Routing
-import io.ktor.server.routing.post
-import kotlinx.coroutines.flow.first
+import io.ktor.http.*
+import io.ktor.server.request.*
+import io.ktor.server.response.*
+import io.ktor.server.routing.*
+import kotlinx.coroutines.flow.single
 import kotlinx.serialization.Serializable
-import org.jetbrains.exposed.v1.core.and
 import org.jetbrains.exposed.v1.core.eq
+import org.jetbrains.exposed.v1.r2dbc.deleteWhere
+import org.jetbrains.exposed.v1.r2dbc.insert
 import org.jetbrains.exposed.v1.r2dbc.selectAll
 import org.jetbrains.exposed.v1.r2dbc.transactions.suspendTransaction
-import org.jetbrains.exposed.v1.r2dbc.update
-import ua.pp.lumivoid.iwtcms.ktor.api.PermissionsList
 import ua.pp.lumivoid.iwtcms.ktor.api.doAuth
 import ua.pp.lumivoid.iwtcms.ktor.tables.UserPermissionsTable
 import ua.pp.lumivoid.iwtcms.ktor.tables.UsersTable
@@ -21,54 +19,36 @@ object EditPermissions : Request() {
     override val path = "/api/editPermissions"
 
     override val request: Routing.() -> Unit = {
-        post(path) {
+        put(path) {
             val payload = call.receive<EditPermissionPayload>()
 
             doAuth(
                 call = call,
                 permission = PermissionsList.Permission.USERS_MANAGE.value,
                 success = {
-                    val result: TransactionState = suspendTransaction {
-                        val userId: Int = try {
-                            UsersTable
-                                .selectAll()
-                                .where { UsersTable.username eq payload.username }
-                                .first()[UsersTable.id]
-                        } catch (_: NoSuchElementException) {
-                            return@suspendTransaction TransactionState.USER_NOT_FOUND
-                        }
+                    suspendTransaction {
+                        val user = UsersTable.selectAll()
+                            .where { UsersTable.username eq payload.username }.single()
+
+                        UserPermissionsTable.deleteWhere { userId eq user[UsersTable.id] }
 
-                        try {
-                            payload.permissions.forEach { (key, value) ->
-                                UserPermissionsTable.update({ (UserPermissionsTable.userId eq userId) and (UserPermissionsTable.permissionName eq key) }) {
-                                    it[UserPermissionsTable.permissionState] = value
-                                }
+                        payload.permissions.forEach { permission ->
+                            UserPermissionsTable.insert {
+                                it[UserPermissionsTable.userId] = user[UsersTable.id]
+                                it[UserPermissionsTable.permissionName] = permission
                             }
-                            return@suspendTransaction TransactionState.SUCCESS
-                        } catch (_: NoSuchElementException) {
-                            return@suspendTransaction TransactionState.PERMISSION_NOT_FOUND
                         }
                     }
 
-
-                    when (result) {
-                        TransactionState.PERMISSION_NOT_FOUND -> call.respond(HttpStatusCode.NotFound, "Permission not found")
-                        TransactionState.USER_NOT_FOUND -> call.respond(HttpStatusCode.NotFound, "User not found")
-                        TransactionState.SUCCESS -> call.respond(HttpStatusCode.OK, "User permissions updated")
-                    }
+                    call.respond(HttpStatusCode.OK, "User permissions updated")
                 }
             )
         }
     }
 
     @Serializable
-    data class EditPermissionPayload(
+    private data class EditPermissionPayload(
         val username: String,
-        val permissions: Map<String, Boolean>,
+        val permissions: List<String>,
     )
-
-    private enum class TransactionState {
-        USER_NOT_FOUND, PERMISSION_NOT_FOUND, SUCCESS
-    }
-
 }