From 7cc1ff9555d05346d7d15cf1c8f9d618841fe65c Mon Sep 17 00:00:00 2001
From: Danil-Bodry <danil.bodry@vk.com>
Date: Sat, 18 Apr 2026 13:32:57 +0300
Subject: [PATCH] up

---
 frontend/public/favicon.ico                   | Bin 4286 -> 16958 bytes
 frontend/src/components/Layout/AppLayout.vue  |   5 ++
 frontend/src/views/Users.vue                  |  63 +++++++++++++++---
 frontend/src/views/auth/Login.vue             |  12 +++-
 .../java/su/xserver/iikocon/AuthHandler.java  |  35 ++++++++--
 .../java/su/xserver/iikocon/MainVerticle.java |  17 +++++
 .../java/su/xserver/iikocon/UserService.java  |  28 +++++++-
 7 files changed, 141 insertions(+), 19 deletions(-)

diff --git a/frontend/public/favicon.ico b/frontend/public/favicon.ico
index df36fcfb72584e00488330b560ebcf34a41c64c2..0302a8108f565e1aac19500b2828c2cd4b4741ef 100644
GIT binary patch
literal 16958
zcmeI4drVVT9LKLQi&^%Ee=OO*f&(lYRTM<0$<|eaj%7<k$7G7~R2~I^iijd*8*YD0
z=U6mO>w<Av7EGMO2Lg^%vMgD)Wq+Avu{i6a<(A$);5K&Zmfy~!r(B@SC9XZ%vyyLr
zw}+7M`J8jw!#(#RNwd(G!62dMBuQtKq~|0_(xIRxsT~EklZQc)o_&UfHb@cx{9}Sc
z-PuZKCAjzIfzy-?cgoUfO4H$Xsg9-uRh(iS+$vrGx3*5?=9V-dDMA&+QIraf&Eaf9
z73IdJ6u9wDIE5+jd*Smm8&O5M{`UNd6wHU=f@BzeOOp-BVBe4g_Vr0Hyg36LCL=gM
zEQ7JZ?(B#0&Gh}iDa#gDb><mo#S7<Az*$anr##G$Jv^okum^j75?srlXR{Zi_RB|_
zx6Q;kwLSE6f67R0R<~>0i#;fSL-?Ou2h_tx-9`0>zO<>l+SlqOt8t_<qi1A$2Dr9U
z_5^YO*VfIm`Mx>6TFcCiLqGMV5%$UqKot_!!TRJu_4|uD#?7j{W9e5TRblo7cVI_z
zfpO#NKe4k?uGXKGtMnj<1DoqWO(Sza*sJw`Dv0C&^9TE^Mt9A^vxHqN2R84S!+E|>
z%K`C|i00t7r4W?&-UPRa@?#GoIl${gPt!`uFQ9|#MS2*mT?C`1MZ!8D`~o`|twa5f
z`2}_0smlbB9e8$Rg2)aCzrYS6{DM00)T8l_*;xd8KTzrygUAk)hQ%PV1H#YAfxJ5x
z<Xx+P=Q-5~f1Dk-EpMPdzv)A6S<B6Vw{Z#ZaNs-E!0^F)w1J#o=P?d2KMx0!_&=lk
zc#k384!mZ{A8!ZK_&Mz_5Pl90wEXy(*B*<{oCQ1__>bY!uk?ZWdF?a#c4h$&2ma&J
z`FS`X{4sK%w7mwtLnRaWxCFf6sOOKc?uYSnhe0_|9Es<nt-uoN^?|Pm^*`qSj~yr-
z>mq!QdJxO?fxjsmV&Op9pZ}=Xk)Ox>vHEPp{IPQ2X<G}v&QkDw5{_mrXvaT3CiCK8
z2`C3A<^i4)a`P(s*$|`a5B$3*f2<sky@e>}*8Ns<q<`^yA=z{0u<uOxIXIZaZ`JU}
z*@3?q^*`p1vxCX}W^Vh=f##*a!$IJLX8fbMz-!+b^Yd^pji1xrdtf)^kGF%s=TrKh
z)80Gb=iorQK2R*LbK7?wYsmp#4)FTGvu_R8>klwLPX{xt58`z#4&xWq!Pp+!|I7og
zxxi~2jPF?nB0Cu0y9`8jK==iAFy4y#AM*?9fba|KKy6(PB0Es`EeDYusQXugs1BU9
zIS}kDp!@=k19xj4-0d=f+J@!;<`>L?a;O6C4V}ylw!JhcpaYwF`J@4zgq1KqifH3t
z5VPZiPPf)$evusbyIN`(|6i`(o(jHixFC!JQ`Uw1H?Ka;_;G!3_1n~7`^w7+@1Sbo
z0J_&NUCYjn?+tb31}!TR*FlwjK<%@xVZ71mgI{gQ!H!q)Tu7w%!~t}F<GIi;{R^To
zM{E0|=YxviyD#@*4^QxC<A7YZq<8Gg_OfV<|EBH!k6-76zG$TD#17+Qzee(ySCD(U
z{6}lx?suni9?D4n5di#2>nj0T=Q?PebA{H~thUqFvsk4s|9|FXfc3-FdWHT%vmLa~
MVg1Vb8E8BF4fN`2<NyEw

literal 4286
zcmds*O-Phc6o&64GDVCEQHxsW(p4>LW*W<827=Unuo8sGpRux(DN@jWP-e29Wl%wj
zY84_aq9}^Am9-cWTD5GGEo#+5Fi2wX_P*bo+xO!)p*7B;iKlbFd(U~_d(U?#hLj56
zPhFkj-|A6~Qk#@g^#D^U0XT1cu=c-vu1+SElX9NR;kzAUV(q0|dl0|%h|dI$%VICy
zJnu2^L*Te9JrJMGh%-P79CL0}dq92RGU6gI{v2~|)p}sG5x0U*z<8U;Ij*hB9z?ei
z@g6Xq-pDoPl=MANPiR7%172VA%r)kev<ISBgE$F{SFy+(=9Z)f)De0Se}ZDZW}Z3B
zElCeVrw;K0Fdl_Cg=gZOFXXc3pL)Q05CAuT+XucQ<8g~3dteP~|7s7c6QYP;fy;mF
zMN;>tV-_5H*QJKFmd;8yA$98zCxBZYXTNZ#QFk2(TX0;Y2dt&WitL#$96|gJY=3xX
zpCoi|YNzgO3R`f@IiEeSmKrPSf#h#Qd<$%Ej^RIeeYfsxhPMOG`S`Pz8q``=511zm
zAm)MX5AV^5xIWPyEu7u>qYs?pn$I4nL9J!=K=SGlKLXpE<5x+2cDTXq?brj?n6sp=
zphe9;_JHf40^9~}9i08r{XM$7HB!`{Ys~TK0kx<}ZQng`UPvH*11|q7&l9?@FQz;8
zx!=3<4seY*%=OlbCbcae?<QnEgvj4i?s}Yk=qA2z`-^*<eK3c)MS4JOdbsTQEOa0)
z0NWqlna2rzs>5^V_}*K>Uo6ZWV8mTyE^B=DKy7-sdLYkR5Z?paTgK-zyIkKjIcpyO
z{+uIt&YSa_$QnN_@t~L014dyK(fOOo+W*MIxbA6Ndgr=Y!f#Tokqv}n<7-9qfHkc3
z=>a|HWqcX8fzQCT=dqVbogRq!-S>H%yA{1w#2Pn;=e>JiEj7Hl;zdt-2f+j2%DeVD
zsW0Ab)ZK@0cIW%W7<X*Er!BfRbvU93$DH%#v6dRt^6HBxz1xBNHx=$&_Gv<&J}Ljk
zJN<Fzx(`Oe@KgQ0F$<14=XV#WK`o#6Ku>z}H{&~yGhn~D;aiP4=;m-HCo`BEI+Kd6
z={Xwx{T<?%b6i9IjI)Ls)S{-*mq<@~R{?$}ZKjf;^k75i_}(2MXt}^SEBVg7AI@28
zo_uPg2V)_e-`2Ois=PYoe%9u*n9({PFR)OnHJPi{dNx>Kx<YG`4QQ>D#iCLfl2<BD
h7L=-;Q>vQGDitKtN>z|-AdCN|$jTFDg0m3O`WLD4_s#$S

diff --git a/frontend/src/components/Layout/AppLayout.vue b/frontend/src/components/Layout/AppLayout.vue
index 963a37f..6d250bb 100644
--- a/frontend/src/components/Layout/AppLayout.vue
+++ b/frontend/src/components/Layout/AppLayout.vue
@@ -146,4 +146,9 @@ onMounted(async () => {
 const userInitials = computed(() => {
   return (userName.value[0] || 'U').toUpperCase()
 })
+
+async function logout() {
+  await fetch('/api/logout', { method: 'POST' })
+  router.push('/login')
+}
 </script>
diff --git a/frontend/src/views/Users.vue b/frontend/src/views/Users.vue
index df3d728..c643ff0 100644
--- a/frontend/src/views/Users.vue
+++ b/frontend/src/views/Users.vue
@@ -24,15 +24,26 @@
             <td class="px-6 py-4 whitespace-nowrap text-sm">{{ user.login }}</td>
             <td class="px-6 py-4 whitespace-nowrap text-sm">{{ user.email }}</td>
             <td class="px-6 py-4 whitespace-nowrap text-sm">
-              <button @click="toggleActive(user)" :class="user.active ? 'text-green-600' : 'text-red-600'">
+              <button
+                v-if="user.id !== currentUserId"
+                @click="toggleActive(user)"
+                :class="user.active ? 'text-green-600' : 'text-red-600'"
+              >
                 {{ user.active ? 'Active' : 'Inactive' }}
               </button>
+              <span v-else class="text-gray-400 text-sm">(You)</span>
             </td>
             <td class="px-6 py-4 whitespace-nowrap text-sm">{{ user.ip || '-' }}</td>
             <td class="px-6 py-4 whitespace-nowrap text-sm">{{ formatDate(user.created) }}</td>
             <td class="px-6 py-4 whitespace-nowrap text-sm space-x-2">
               <button @click="openModal('edit', user)" class="text-blue-600">Edit</button>
-              <button @click="deleteUser(user.id)" class="text-red-600">Delete</button>
+              <button
+                v-if="user.id !== currentUserId"
+                @click="deleteUser(user.id)"
+                class="text-red-600"
+              >
+                Delete
+              </button>
             </td>
           </tr>
         </tbody>
@@ -71,10 +82,24 @@
 import { ref, onMounted } from 'vue';
 import AppLayout from '../components/Layout/AppLayout.vue';
 
+const currentUserId = ref<number | null>(null);
+
+async function loadCurrentUser() {
+  try {
+    const res = await fetch('/api/admin/me');
+    if (res.ok) {
+      const data = await res.json();
+      currentUserId.value = data.id;
+    }
+  } catch (e) {
+    console.error('Failed to load current user', e);
+  }
+}
+
 const users = ref([]);
 const modalOpen = ref(false);
 const modalMode = ref<'create' | 'edit'>('create');
-const form = ref({ id: null, login: '', password: '' });
+const form = ref({ id: null, login: '', email: '', password: '' });
 const modalTitle = ref('');
 
 async function loadUsers() {
@@ -95,10 +120,10 @@ async function toggleActive(user: any) {
 function openModal(mode: 'create' | 'edit', user: any = null) {
   modalMode.value = mode;
   if (mode === 'create') {
-    form.value = { id: null, login: '', password: '' };
+    form.value = { id: null, login: '', email: '', password: '' };
     modalTitle.value = 'Create User';
   } else {
-    form.value = { id: user.id, login: user.login, password: '' };
+    form.value = { id: user.id, login: user.login, email: user.email, password: '' }; // добавлен email
     modalTitle.value = 'Edit User';
   }
   modalOpen.value = true;
@@ -110,23 +135,36 @@ function closeModal() {
 
 async function submitUser() {
   try {
+    const payload: any = {
+      login: form.value.login,
+      email: form.value.email,
+    };
+    if (form.value.password) {
+      payload.password = form.value.password;
+    }
     if (modalMode.value === 'create') {
-      await fetch('/api/admin/users', {
+      if (!form.value.password) {
+        alert('Password is required');
+        return;
+      }
+      const res = await fetch('/api/admin/users', {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ login: form.value.login, password: form.value.password })
+        body: JSON.stringify(payload),
       });
+      if (!res.ok) throw new Error('Create failed');
     } else {
-      await fetch(`/api/admin/users/${form.value.id}`, {
+      const res = await fetch(`/api/admin/users/${form.value.id}`, {
         method: 'PUT',
         headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ login: form.value.login, password: form.value.password || undefined })
+        body: JSON.stringify(payload),
       });
+      if (!res.ok) throw new Error('Update failed');
     }
     await loadUsers();
     closeModal();
   } catch (e) {
-    alert('Operation failed');
+    alert('Operation failed: ' + e.message);
   }
 }
 
@@ -137,5 +175,8 @@ async function deleteUser(id: number) {
   }
 }
 
-onMounted(loadUsers);
+onMounted(async () => {
+  await loadCurrentUser();
+  await loadUsers();
+});
 </script>
diff --git a/frontend/src/views/auth/Login.vue b/frontend/src/views/auth/Login.vue
index bb40360..77567a2 100644
--- a/frontend/src/views/auth/Login.vue
+++ b/frontend/src/views/auth/Login.vue
@@ -16,7 +16,7 @@
       <div class="bg-white rounded-2xl shadow-xl p-8">
         <form @submit.prevent="handleLogin" class="space-y-6">
           <div>
-            <label class="block text-sm font-medium text-gray-700 mb-2">Username</label>
+            <label class="block text-sm font-medium text-gray-700 mb-2">Username or Email</label>
             <div class="relative">
               <div class="absolute inset-y-0 left-0 pl-3 flex items-center pointer-events-none">
                 <svg class="h-5 w-5 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
@@ -28,7 +28,7 @@
                 type="text"
                 required
                 class="input-field pl-10"
-                placeholder="Enter your username"
+                placeholder="Enter your username or email"
               />
             </div>
           </div>
@@ -120,7 +120,13 @@ async function handleLogin() {
     if (res.ok) {
       router.push('/dashboard')
     } else {
-      error.value = 'Invalid username or password'
+      // Пытаемся получить текст ошибки от сервера
+      const text = await res.text()
+      if (text && text.trim()) {
+        error.value = text
+      } else {
+        error.value = 'Invalid username or password'
+      }
     }
   } catch (e) {
     error.value = 'Network error. Please try again.'
diff --git a/src/main/java/su/xserver/iikocon/AuthHandler.java b/src/main/java/su/xserver/iikocon/AuthHandler.java
index a0f40ed..50439b2 100644
--- a/src/main/java/su/xserver/iikocon/AuthHandler.java
+++ b/src/main/java/su/xserver/iikocon/AuthHandler.java
@@ -21,25 +21,52 @@ public class AuthHandler {
       return;
     }
 
-    userService.findByLogin(login).onComplete(ar -> {
+    userService.findByLoginOrEmail(login).onComplete(ar -> {
       if (ar.succeeded() && ar.result() != null) {
         JsonObject user = ar.result();
-        if (userService.checkPassword(password, user.getString("password"))) {
+        System.out.println("User found: " + user.encode());
+
+        boolean passwordOk = userService.checkPassword(password, user.getString("password"));
+        System.out.println("Password OK: " + passwordOk);
+
+        if (passwordOk) {
+          // Надёжное получение флага активности
+          Boolean active = user.getBoolean("active");
+          if (active == null) {
+            // Если поле отсутствует, пробуем получить как Integer (на случай TINYINT)
+            Integer activeInt = user.getInteger("active");
+            active = activeInt != null && activeInt == 1;
+          }
+          System.out.println("Active flag: " + active);
+
+          if (!active) {
+            System.out.println("Sending: Account not activated");
+            ctx.response().setStatusCode(401).end("Account not activated");
+            return;
+          }
+
           Session session = ctx.session();
           session.put("userId", user.getInteger("id"));
           session.put("login", user.getString("login"));
           ctx.response().end(new JsonObject().put("success", true).put("login", user.getString("login")).encode());
         } else {
+          System.out.println("Sending: Invalid credentials (password mismatch)");
           ctx.response().setStatusCode(401).end("Invalid credentials");
         }
       } else {
+        System.out.println("Sending: Invalid credentials (user not found or error)");
         ctx.response().setStatusCode(401).end("Invalid credentials");
       }
     });
   }
 
   public void handleLogout(RoutingContext ctx) {
-    ctx.session().destroy();
+    Session session = ctx.session();
+    if (session != null) {
+      session.destroy();
+    }
+    // Явное удаление cookie сессии
+    ctx.response().removeCookie("admin.session");
     ctx.response().end(new JsonObject().put("success", true).encode());
   }
 
@@ -50,5 +77,5 @@ public class AuthHandler {
     } else {
       ctx.next();
     }
-  };
+  }
 }
diff --git a/src/main/java/su/xserver/iikocon/MainVerticle.java b/src/main/java/su/xserver/iikocon/MainVerticle.java
index 29aebd8..909cad4 100644
--- a/src/main/java/su/xserver/iikocon/MainVerticle.java
+++ b/src/main/java/su/xserver/iikocon/MainVerticle.java
@@ -186,6 +186,7 @@ public class MainVerticle extends AbstractVerticle {
         rc.response().setStatusCode(400).end("Missing login, email or password");
         return;
       }
+      // Создаём активного пользователя (active = true)
       userService.createUser(login, email, password, ip, true)
         .onSuccess(v -> rc.response().setStatusCode(201).end())
         .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));
@@ -209,6 +210,15 @@ public class MainVerticle extends AbstractVerticle {
 
     router.delete("/api/admin/users/:id").handler(rc -> {
       int id = Integer.parseInt(rc.pathParam("id"));
+      Integer currentUserId = rc.session().get("userId");
+
+      if (currentUserId != null && currentUserId == id) {
+        rc.response().setStatusCode(403).end(new JsonObject()
+          .put("error", "You cannot delete your own account")
+          .encode());
+        return;
+      }
+
       userService.deleteUser(id)
         .onSuccess(v -> rc.response().end())
         .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));
@@ -217,6 +227,13 @@ public class MainVerticle extends AbstractVerticle {
     router.put("/api/admin/users/:id/activate").handler(rc -> {
       int id = Integer.parseInt(rc.pathParam("id"));
       boolean active = Boolean.parseBoolean(rc.queryParam("active").get(0));
+      Integer currentUserId = rc.session().get("userId");
+
+      if (currentUserId != null && currentUserId == id) {
+        rc.response().setStatusCode(403).end(new JsonObject().put("error", "You cannot deactivate yourself").encode());
+        return;
+      }
+
       userService.setActive(id, active)
         .onSuccess(v -> rc.response().end())
         .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));
diff --git a/src/main/java/su/xserver/iikocon/UserService.java b/src/main/java/su/xserver/iikocon/UserService.java
index 1e41a86..425a4f9 100644
--- a/src/main/java/su/xserver/iikocon/UserService.java
+++ b/src/main/java/su/xserver/iikocon/UserService.java
@@ -5,6 +5,7 @@ import io.vertx.core.json.JsonArray;
 import io.vertx.core.json.JsonObject;
 import io.vertx.sqlclient.Pool;
 import io.vertx.sqlclient.Row;
+import io.vertx.sqlclient.Tuple;
 import io.vertx.sqlclient.templates.SqlTemplate;
 import org.mindrot.jbcrypt.BCrypt;
 
@@ -66,6 +67,21 @@ public class UserService {
       .execute(Map.of("id", id, "active", active)).mapEmpty();
   }
 
+  public Future<JsonObject> findByLoginOrEmail(String loginOrEmail) {
+    String sql = "SELECT id, login, email, password, active, ip, created, updated FROM users WHERE login = ? OR email = ?";
+    return pool.preparedQuery(sql)
+      .execute(Tuple.of(loginOrEmail, loginOrEmail))
+      .map(rows -> {
+        if (rows.size() == 0) {
+          System.out.println("User not found: " + loginOrEmail);
+          return null;
+        }
+        Row row = rows.iterator().next();
+        System.out.println("User found, active=" + row.getBoolean("active"));
+        return toJson(row);
+      });
+  }
+
   public Future<JsonObject> findByEmail(String email) {
     return SqlTemplate.forQuery(pool, "SELECT id, login, email, password, active, ip, created, updated FROM users WHERE email = #{email}")
       .mapTo(this::toJson)
@@ -94,7 +110,16 @@ public class UserService {
       .execute()
       .map(rows -> {
         JsonArray array = new JsonArray();
-        rows.forEach(row -> array.add(toJson(row)));
+        for (Row row : rows) {
+          array.add(new JsonObject()
+            .put("id", row.getInteger("id"))
+            .put("login", row.getString("login"))
+            .put("email", row.getString("email"))
+            .put("active", row.getBoolean("active"))
+            .put("ip", row.getString("ip"))
+            .put("created", row.getLocalDateTime("created") != null ? row.getLocalDateTime("created").toString() : null)
+            .put("updated", row.getLocalDateTime("updated") != null ? row.getLocalDateTime("updated").toString() : null));
+        }
         return array;
       });
   }
@@ -135,6 +160,7 @@ public class UserService {
       .put("id", row.getInteger("id"))
       .put("login", row.getString("login"))
       .put("email", row.getString("email"))
+      .put("password", row.getString("password"))  // ← ДОБАВИТЬ ЭТУ СТРОКУ
       .put("active", row.getBoolean("active"))
       .put("ip", row.getString("ip"))
       .put("created", row.getLocalDateTime("created") != null ? row.getLocalDateTime("created").toString() : null)