Kilian/PHP-Course
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix API

Browse Source
This commit is contained in:
Kilian Hofmann 2024-07-19 13:05:21 +02:00
parent 88f535a1ed
commit 156d277e77
10 changed files with 229 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
exam/.htaccess
View File

@ -9,10 +9,10 @@ RewriteBase /phpCourse/exam
##
## Black listed folders
##
RewriteRule ^app/.* index.php [L,NC]
RewriteRule ^config/.* index.php [L,NC]
RewriteRule ^vendor/.* index.php [L,NC]
RewriteRule ^routes/.* index.php [L,NC]
RewriteRule ^phpCourse/exam/app/.* index.php [L,NC]
RewriteRule ^phpCourse/exam/config/.* index.php [L,NC]
RewriteRule ^phpCourse/exam/vendor/.* index.php [L,NC]
RewriteRule ^phpCourse/exam/routes/.* index.php [L,NC]
##
## White listed folders

5
exam/api/.htaccess
View File

@ -1,5 +0,0 @@
Order deny,allow
Deny From All
<FilesMatch "^$">
Allow From All
</FilesMatch>

114
exam/api/docs/api.yaml Normal file
View File

@ -0,0 +1,114 @@
openapi: 3.0.0
info:
title: PHP Course Exam
version: 1.0.0
contact:
name: Kilian Kurt Hofmann
email: khofmann@zedat.fu-berlin.de
description: PHP Course (ABV FU Berlin) 2024 Exam
paths:
/users:
get:
summary: Get Users
description: Returns all users
parameters: []
operationId: ""
responses:
"200":
description: Default response
content:
application/json:
schema:
$ref: "#/components/schemas/UsersListResponse"
"401":
description: Not allowed
tags:
- Users
security:
- BasicAuth: []
put:
summary: Add User
description: Add a new user
parameters: []
operationId: ""
responses:
"200":
description: Default response
content:
application/json:
schema:
$ref: "#/components/schemas/TrueResponse"
"401":
description: Not allowed
"500":
description: Error
tags:
- Users
security:
- BasicAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/UserAddBody"
externalDocs:
url: "https://khofmann.userpage.fu-berlin.de/phpCourse/exam/api/docs/"
security: []
servers:
- url: "https://khofmann.userpage.fu-berlin.de/phpCourse/exam/api/"
description: ""
variables: {}
components:
links: {}
callbacks: {}
schemas:
UsersListResponse:
type: array
items:
$ref: "#/components/schemas/UserType"
UserType:
type: object
properties:
ID:
type: number
description: User ID
example: 1
FirstName:
type: string
description: Given name of user
example: Max
LastName:
type: string
description: Family name of User
example: Mustermann
token:
type: string
description: Access Token
format: uuid
example: 3be6453c-03eb-4357-ae5a-984a0e574a54
UserAddBody:
type: object
required:
- FirstName
- LastName
properties:
FirstName:
type: string
description: Given name of user
example: Max
LastName:
type: string
description: Family name of User
example: Mustermann
TrueResponse:
type: boolean
example: true
securitySchemes:
BasicAuth:
type: apiKey
name: token
in: header
tags:
- name: Users
- name: Posts

90
exam/api/user/index.php Normal file
View File

@ -0,0 +1,90 @@
<?php
$method = $_SERVER['REQUEST_METHOD'];
$params = PathParams::get();
if (empty($params[2])) {
return Response::api("Missing param", 500);
}
switch ($method) {
case "GET":
if (Auth::hasPermission("read")) return get($params[2]);
break;
case "POST":
if (Auth::hasPermission("write")) return post($params[2]);
break;
case "DELETE":
if (Auth::hasPermission("write")) return delete($params[2]);
break;
default:
return Response::api("$method not supported", 500);
}
return Response::api("Not allowed", 401);
function get($id)
{
$db = Database::getInstance();
$query =
"SELECT
*
FROM
Users
WHERE
ID = :ID";
$stmt = $db->prepare($query);
$stmt->bindValue(":ID", $id);
$stmt->execute();
Response::api($stmt->fetchAll());
}
function post($id)
{
$db = Database::getInstance();
$query =
"UPDATE
Users
SET
FirstName = :FIRST, LastName = :LAST
WHERE
ID = :ID";
$_POST = json_decode(file_get_contents('php://input'), true);
try {
$stmt = $db->prepare($query);
$stmt->bindValue(":FIRST", $_POST["firstName"]);
$stmt->bindValue(":LAST", $_POST["lastName"]);
$stmt->bindValue(":ID", $id);
Response::api($stmt->execute());
} catch (Exception $e) {
Response::api($e->getMessage(), 500);
}
}
function delete($id)
{
$db = Database::getInstance();
$query =
"DELETE FROM
Users
WHERE
ID = :ID";
try {
$stmt = $db->prepare($query);
$stmt->bindValue(":ID", $id);
Response::api($stmt->execute());
} catch (Exception $e) {
Response::api($e->getMessage(), 500);
}
}

54
exam/api/users/index.php
View File

@ -9,12 +9,6 @@ switch ($method) {
case "PUT":
if (Auth::hasPermission("write")) return put();
break;
case "POST":
if (Auth::hasPermission("write")) return post();
break;
case "DELETE":
if (Auth::hasPermission("write")) return delete();
break;
default:
return Response::api("$method not supported", 500);
}
@ -58,51 +52,3 @@ function put()
Response::api($e->getMessage(), 500);
}
}
function post()
{
$db = Database::getInstance();
$query =
"UPDATE
Users
SET
FirstName = :FIRST, LastName = :LAST
WHERE
ID = :ID";
$_POST = json_decode(file_get_contents('php://input'), true);
try {
$stmt = $db->prepare($query);
$stmt->bindValue(":FIRST", $_POST["firstName"]);
$stmt->bindValue(":LAST", $_POST["lastName"]);
$stmt->bindValue(":ID", $_POST["ID"]);
Response::api($stmt->execute());
} catch (Exception $e) {
Response::api($e->getMessage(), 500);
}
}
function delete()
{
$db = Database::getInstance();
$_DELETE = json_decode(file_get_contents('php://input'), true);
$query =
"DELETE FROM
Users
WHERE
ID = :ID";
try {
$stmt = $db->prepare($query);
$stmt->bindValue(":ID", $_DELETE["ID"]);
Response::api($stmt->execute());
} catch (Exception $e) {
Response::api($e->getMessage(), 500);
}
}

8
exam/routes/routes.php
View File

@ -3,9 +3,11 @@
$path = ltrim(str_replace(Config::getBasePath(), "", $_SERVER['REQUEST_URI']), "/");
try {
if (substr($path, 0, 3) === "api") {
if (strpos($path, "docs") === false) {
require_once __DIR__ . "/../$path/index.php";
$segments = PathParams::get();
if ($segments[0] === "api") {
if ($segments[1] !== "docs") {
require_once __DIR__ . "/../api/{$segments[1]}/index.php";
} else {
Headers::redirect("index.html");
}

2
exam/vendor/config/config.php vendored
View File

@ -2,7 +2,7 @@
class Config
{
private static $instances = [];
private static array $instances = [];
private array $app;
private array $database;

2
exam/vendor/database/database.php vendored
View File

@ -2,7 +2,7 @@
class Database extends PDO
{
private static $instances = [];
private static array $instances = [];
protected function __construct($dsn, $username = null, $password = null, array $options = null)
{

6
exam/vendor/headers/headers.php vendored
View File

@ -2,18 +2,18 @@
class Headers
{
static function json()
public static function json()
{
header('Content-Type: text/html; charset=utf-8');
header("Content-Type: text/json");
}
static function html()
public static function html()
{
header('Content-Type: text/html; charset=utf-8');
}
static function redirect(string $newUrl, bool $permanent = FALSE)
public static function redirect(string $newUrl, bool $permanent = FALSE)
{
header('Location: ' . $newUrl, true, $permanent ? 301 : 303);

11
exam/vendor/pathParams/pathParams.php vendored Normal file
View File

@ -0,0 +1,11 @@
<?php
class PathParams
{
public static function get()
{
$path = ltrim(str_replace(Config::getBasePath(), "", $_SERVER['REQUEST_URI']), "/");
$segs = explode("/", $path);
return $segs ? $segs : [];
}
}