Fix API
This commit is contained in:
@@ -1,5 +0,0 @@
|
||||
Order deny,allow
|
||||
Deny From All
|
||||
<FilesMatch "^$">
|
||||
Allow From All
|
||||
</FilesMatch>
|
||||
@@ -0,0 +1,114 @@
|
||||
openapi: 3.0.0
|
||||
info:
|
||||
title: PHP Course Exam
|
||||
version: 1.0.0
|
||||
contact:
|
||||
name: Kilian Kurt Hofmann
|
||||
email: khofmann@zedat.fu-berlin.de
|
||||
description: PHP Course (ABV FU Berlin) 2024 Exam
|
||||
paths:
|
||||
/users:
|
||||
get:
|
||||
summary: Get Users
|
||||
description: Returns all users
|
||||
parameters: []
|
||||
operationId: ""
|
||||
responses:
|
||||
"200":
|
||||
description: Default response
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/UsersListResponse"
|
||||
"401":
|
||||
description: Not allowed
|
||||
tags:
|
||||
- Users
|
||||
security:
|
||||
- BasicAuth: []
|
||||
put:
|
||||
summary: Add User
|
||||
description: Add a new user
|
||||
parameters: []
|
||||
operationId: ""
|
||||
responses:
|
||||
"200":
|
||||
description: Default response
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/TrueResponse"
|
||||
"401":
|
||||
description: Not allowed
|
||||
"500":
|
||||
description: Error
|
||||
tags:
|
||||
- Users
|
||||
security:
|
||||
- BasicAuth: []
|
||||
requestBody:
|
||||
required: true
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: "#/components/schemas/UserAddBody"
|
||||
externalDocs:
|
||||
url: "https://khofmann.userpage.fu-berlin.de/phpCourse/exam/api/docs/"
|
||||
security: []
|
||||
servers:
|
||||
- url: "https://khofmann.userpage.fu-berlin.de/phpCourse/exam/api/"
|
||||
description: ""
|
||||
variables: {}
|
||||
components:
|
||||
links: {}
|
||||
callbacks: {}
|
||||
schemas:
|
||||
UsersListResponse:
|
||||
type: array
|
||||
items:
|
||||
$ref: "#/components/schemas/UserType"
|
||||
UserType:
|
||||
type: object
|
||||
properties:
|
||||
ID:
|
||||
type: number
|
||||
description: User ID
|
||||
example: 1
|
||||
FirstName:
|
||||
type: string
|
||||
description: Given name of user
|
||||
example: Max
|
||||
LastName:
|
||||
type: string
|
||||
description: Family name of User
|
||||
example: Mustermann
|
||||
token:
|
||||
type: string
|
||||
description: Access Token
|
||||
format: uuid
|
||||
example: 3be6453c-03eb-4357-ae5a-984a0e574a54
|
||||
UserAddBody:
|
||||
type: object
|
||||
required:
|
||||
- FirstName
|
||||
- LastName
|
||||
properties:
|
||||
FirstName:
|
||||
type: string
|
||||
description: Given name of user
|
||||
example: Max
|
||||
LastName:
|
||||
type: string
|
||||
description: Family name of User
|
||||
example: Mustermann
|
||||
TrueResponse:
|
||||
type: boolean
|
||||
example: true
|
||||
securitySchemes:
|
||||
BasicAuth:
|
||||
type: apiKey
|
||||
name: token
|
||||
in: header
|
||||
tags:
|
||||
- name: Users
|
||||
- name: Posts
|
||||
@@ -0,0 +1,90 @@
|
||||
<?php
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$params = PathParams::get();
|
||||
|
||||
if (empty($params[2])) {
|
||||
return Response::api("Missing param", 500);
|
||||
}
|
||||
|
||||
switch ($method) {
|
||||
case "GET":
|
||||
if (Auth::hasPermission("read")) return get($params[2]);
|
||||
break;
|
||||
case "POST":
|
||||
if (Auth::hasPermission("write")) return post($params[2]);
|
||||
break;
|
||||
case "DELETE":
|
||||
if (Auth::hasPermission("write")) return delete($params[2]);
|
||||
break;
|
||||
default:
|
||||
return Response::api("$method not supported", 500);
|
||||
}
|
||||
|
||||
return Response::api("Not allowed", 401);
|
||||
|
||||
function get($id)
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
|
||||
$query =
|
||||
"SELECT
|
||||
*
|
||||
FROM
|
||||
Users
|
||||
WHERE
|
||||
ID = :ID";
|
||||
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->bindValue(":ID", $id);
|
||||
$stmt->execute();
|
||||
|
||||
Response::api($stmt->fetchAll());
|
||||
}
|
||||
|
||||
function post($id)
|
||||
{
|
||||
|
||||
$db = Database::getInstance();
|
||||
|
||||
$query =
|
||||
"UPDATE
|
||||
Users
|
||||
SET
|
||||
FirstName = :FIRST, LastName = :LAST
|
||||
WHERE
|
||||
ID = :ID";
|
||||
|
||||
$_POST = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
try {
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->bindValue(":FIRST", $_POST["firstName"]);
|
||||
$stmt->bindValue(":LAST", $_POST["lastName"]);
|
||||
$stmt->bindValue(":ID", $id);
|
||||
|
||||
Response::api($stmt->execute());
|
||||
} catch (Exception $e) {
|
||||
Response::api($e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
function delete($id)
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
|
||||
$query =
|
||||
"DELETE FROM
|
||||
Users
|
||||
WHERE
|
||||
ID = :ID";
|
||||
|
||||
try {
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->bindValue(":ID", $id);
|
||||
|
||||
Response::api($stmt->execute());
|
||||
} catch (Exception $e) {
|
||||
Response::api($e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
@@ -9,12 +9,6 @@ switch ($method) {
|
||||
case "PUT":
|
||||
if (Auth::hasPermission("write")) return put();
|
||||
break;
|
||||
case "POST":
|
||||
if (Auth::hasPermission("write")) return post();
|
||||
break;
|
||||
case "DELETE":
|
||||
if (Auth::hasPermission("write")) return delete();
|
||||
break;
|
||||
default:
|
||||
return Response::api("$method not supported", 500);
|
||||
}
|
||||
@@ -58,51 +52,3 @@ function put()
|
||||
Response::api($e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
function post()
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
|
||||
$query =
|
||||
"UPDATE
|
||||
Users
|
||||
SET
|
||||
FirstName = :FIRST, LastName = :LAST
|
||||
WHERE
|
||||
ID = :ID";
|
||||
|
||||
$_POST = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
try {
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->bindValue(":FIRST", $_POST["firstName"]);
|
||||
$stmt->bindValue(":LAST", $_POST["lastName"]);
|
||||
$stmt->bindValue(":ID", $_POST["ID"]);
|
||||
|
||||
Response::api($stmt->execute());
|
||||
} catch (Exception $e) {
|
||||
Response::api($e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
function delete()
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
|
||||
$_DELETE = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
$query =
|
||||
"DELETE FROM
|
||||
Users
|
||||
WHERE
|
||||
ID = :ID";
|
||||
|
||||
try {
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->bindValue(":ID", $_DELETE["ID"]);
|
||||
|
||||
Response::api($stmt->execute());
|
||||
} catch (Exception $e) {
|
||||
Response::api($e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user