add user privileges & add translations

2026-04-20 19:12:27 +03:00
parent f16a830eb2
commit fc96a95335
17 changed files with 1073 additions and 426 deletions
--- a/src/main/java/su/xserver/iikocon/MainVerticle.java
+++ b/src/main/java/su/xserver/iikocon/MainVerticle.java
@@ -18,6 +18,7 @@ import io.vertx.ext.web.sstore.SessionStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import su.xserver.iikocon.config.AppConfig;
+import su.xserver.iikocon.handler.AdminHandler;
 import su.xserver.iikocon.handler.AuthHandler;
 import su.xserver.iikocon.handler.SecurityHandler;
 import su.xserver.iikocon.handler.SetupHandler;
@@ -194,7 +195,50 @@ public class MainVerticle extends AbstractVerticle {
        .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));
    }));

+    // В initRouter после настройки authHandler, до объявления /api/admin/*:
+    router.route("/api/admin/profile").handler(authHandler::requireAuth);
+    router.get("/api/admin/profile").handler(rc -> {
+      Integer userId = rc.session().get("userId");
+      userService.getProfile(userId)
+        .onSuccess(profile -> rc.response().putHeader("Content-Type", "application/json").end(profile.encode()))
+        .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));
+    });
+    router.put("/api/admin/profile").handler(rc -> {
+      Integer userId = rc.session().get("userId");
+      JsonObject body = rc.body().asJsonObject();
+      String email = body.getString("email");
+      String password = body.getString("password");
+      String language = body.getString("language");
+      userService.updateProfile(userId, email, password, language)
+        .onSuccess(v -> {
+          if (language != null) rc.session().put("language", language);
+          rc.response().end(new JsonObject().put("success", true).encode());
+        })
+        .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));
+    });
+    router.put("/api/admin/language").handler(rc -> {
+      Integer userId = rc.session().get("userId");
+      JsonObject body = rc.body().asJsonObject();
+      String language = body.getString("language");
+      if (language == null || (!"en".equals(language) && !"ru".equals(language))) {
+        rc.response().setStatusCode(400).end("Invalid language");
+        return;
+      }
+      userService.updateLanguage(userId, language)
+        .onSuccess(v -> {
+          rc.session().put("language", language);
+          rc.response().end(new JsonObject().put("success", true).encode());
+        })
+        .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));
+    });
+
+    // Затем существующий блок router.route("/api/admin/*").handler(authHandler::requireAuth);
    router.route("/api/admin/*").handler(authHandler::requireAuth);
+    // Добавить проверку роли для чувствительных эндпоинтов:
+//    router.route("/api/admin/users*").handler(AdminHandler::requireAdmin);
+//    router.route("/api/admin/restaurants*").handler(AdminHandler::requireAdmin);
+//    router.route("/api/admin/settings*").handler(AdminHandler::requireAdmin);
+//    router.route("/api/admin/active-sessions").handler(AdminHandler::requireAdmin);

    router.get("/api/admin/users").handler(rc -> userService.getAllUsers().onComplete(ar -> {
      if (ar.succeeded()) {
@@ -211,13 +255,14 @@ public class MainVerticle extends AbstractVerticle {
      String login = body.getString("login");
      String email = body.getString("email");
      String password = body.getString("password");
+      String role = body.getString("role");
      String ip = rc.request().remoteAddress().host();
      if (login == null || email == null || password == null) {
        rc.response().setStatusCode(400).end("Missing login, email or password");
        return;
      }
-      // Создаём активного пользователя (active = true)
-      userService.createUser(login, email, password, ip, true)
+      if (role == null || role.isEmpty()) role = "user";
+      userService.createUser(login, email, password, ip, true, role)
        .onSuccess(v -> rc.response().setStatusCode(201).end())
        .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));
    });
@@ -228,12 +273,13 @@ public class MainVerticle extends AbstractVerticle {
      String login = body.getString("login");
      String email = body.getString("email");
      String password = body.getString("password");
+      String role = body.getString("role");
      String ip = rc.request().remoteAddress().host();
      if (login == null || email == null) {
        rc.response().setStatusCode(400).end("Missing login or email");
        return;
      }
-      userService.updateUser(id, login, email, password, ip)
+      userService.updateUser(id, login, email, password, ip, role)
        .onSuccess(v -> rc.response().end())
        .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));
    });