aggressive-murja > 27deb0036f61acf439f16045b7ee26c5d24328c7 diff

diff of 27deb0036f61acf439f16045b7ee26c5d24328c7

27deb0036f61acf439f16045b7ee26c5d24328c7
diff --git a/resources/sql/user-fns.sql b/resources/sql/user-fns.sql
index 7f695c5..3785556 100644
--- a/resources/sql/user-fns.sql
+++ b/resources/sql/user-fns.sql
@@ -18,31 +18,26 @@ GROUP BY
   u.id;
 
 -- name: query-users*
--- :? :1 
-SELECT u.Username, u.Nickname, u.ID as UserID, u.Password, u.Img_location, ug.ID as GroupID, ug.Name as GroupName, gm.PrimaryGroup, json_agg(DISTINCT perm.action) "permissions"
+-- returns: :array-hash
+SELECT u.Username, u.Nickname, u.Img_location, ug.Name as "primary-group-name", gm.PrimaryGroup, u.ID as userid, json_agg(DISTINCT perm.action) as "permissions"
 FROM blog.Users u
 JOIN blog.GroupMapping gm ON u.ID = gm.UserID
 JOIN blog.UserGroup ug ON ug.ID = gm.GroupID
 JOIN blog.grouppermissions gp ON gp.groupid = gm.groupid
 JOIN blog.permission perm ON perm.id = gp.permissionid
-WHERE u.Username = $1 AND u.Password = $2;
+WHERE u.Username = $1 AND u.Password = $2
+GROUP BY u.Username, u.Nickname, u.Img_location, ug.Name, gm.PrimaryGroup, u.ID;
 
--- name: get-user-view-data*
-SELECT u.Username, u.Nickname, u.Img_location, ug.Name as "primary-group-name", gm.PrimaryGroup, u.ID as userid, perm.action
+-- name: query-user-for-session
+-- returns: :array-hash 
+SELECT u.Username, u.Nickname, u.Img_location, ug.Name as "primary-group-name", gm.PrimaryGroup, u.ID as userid, json_agg(DISTINCT perm.action) as "permissions"
 FROM blog.Users u
 JOIN blog.GroupMapping gm ON u.ID = gm.UserID
 JOIN blog.UserGroup ug ON ug.ID = gm.GroupID
 JOIN blog.grouppermissions gp ON gp.groupid = gm.groupid
 JOIN blog.permission perm ON perm.id = gp.permissionid
-WHERE u.ID = :user-id;
-
--- name: user-groups*
-SELECT ug.ID, ug.Name, ug.Description
-FROM blog.Users u
-LEFT JOIN blog.GroupMapping um ON um.UserID = u.ID
-LEFT JOIN blog.UserGroup ug ON um.GroupID = ug.ID
-WHERE u.Username = :username;
-
+WHERE u.id = $1
+GROUP BY u.Username, u.Nickname, u.Img_location, ug.Name, gm.PrimaryGroup, u.ID;
 
 -- name: can?*
 -- :? :1
diff --git a/src/routes/login-routes.lisp b/src/routes/login-routes.lisp
index 1bc92bb..7f87f58 100644
--- a/src/routes/login-routes.lisp
+++ b/src/routes/login-routes.lisp
@@ -1,25 +1,30 @@
 (defpackage murja.routes.login-routes
   (:use :cl)
-  (:import-from :murja.middleware.auth :@authenticated)
+  (:import-from :murja.middleware.auth :@authenticated :*user*)
   (:import-from :murja.middleware.db :@transaction)
    
   (:import-from :murja.middleware.json :@json)
   (:import-from :easy-routes :defroute)
-  (:import-from :com.inuoe.jzon :parse))
+  (:import-from :com.inuoe.jzon :parse :stringify))
 
 (in-package :murja.routes.login-routes)
 
-(defroute post-login ("/api/login" :method :post :decorators (@transaction @json)) ()
+(defun sha-512 (str)
+  (ironclad:byte-array-to-hex-string
+    (ironclad:digest-sequence :sha512
+                              (ironclad:ascii-string-to-byte-array str))))
+
+(defroute post-login ("/api/login/login" :method :post :decorators (@transaction @json)) ()
   (let* ((body-params (parse (hunchentoot:raw-post-data :force-text t)))
 	 (username (gethash "username" body-params))
 	 (password (gethash "password" body-params))
-	 (user-row (select-user-by-login username (sha-512 password))))
+	 (user-row (murja.users.user-db:select-user-by-login username (sha-512 password))))
     (if (and user-row
 	     (string= (gethash "username" user-row) username))
 	(progn
 	  (setf (hunchentoot:session-value :logged-in-username) username)
-	  (setf (hunchentoot:session-value :logged-in-user-id) (gethash "id" user-row))
-	  (stringify data-for-frontend))
+	  (setf (hunchentoot:session-value :logged-in-user-id) (gethash "userid" user-row))
+	  (stringify user-row))
 
 	(progn 
 	  (setf (hunchentoot:return-code*) 401)
@@ -29,7 +34,7 @@
 								      @json
 								      @authenticated)) ()
   (if *user*
-      (com.inuoe.jzon:stringify *user*)
+      (com.inuoe.jzon:stringify (murja.users.user-db:get-session-user-by-id (gethash "id" *user*)))
       (progn
 	(setf (hunchentoot:return-code*) 401)
 	nil)))
diff --git a/src/users/user-db.lisp b/src/users/user-db.lisp
index e892cd9..f2b67ed 100644
--- a/src/users/user-db.lisp
+++ b/src/users/user-db.lisp
@@ -1,5 +1,6 @@
 (defpackage :murja.users.user-db
   (:use :cl :postmodern)
+  (:export :get-session-user-by-id :select-user-by-login)
   (:import-from :halisql :defqueries))
 
 (in-package :murja.users.user-db)
@@ -16,7 +17,12 @@
 (defun get-user-by-id (id)
   (jsonize-key (aref (get-user-by-id* id) 0) "permissions"))
 
+(defun get-session-user-by-id (id)
+  (jsonize-key (aref (query-user-for-session id) 0) "permissions"))
+
 (defun select-user-by-login (username password-sha)
-  (jsonize-key (aref (query-users* username password-sha) 0) "permissions"))
+  (let ((usr (first (coerce  (query-users* username password-sha) 'list))))
+    (when usr
+      (jsonize-key usr "permissions"))))
 
   ;;(postmodern:connect-toplevel "blogdb" "blogadmin" "blog" "localhost")