Most User endpoints

2024-07-21 20:22:39 +02:00 · 2024-07-21 20:22:39 +02:00 · 4b89a7e9ca
commit 4b89a7e9ca
parent b3c5841e36
11 changed files with 102 additions and 28 deletions
--- a/exam/.htaccess
+++ b/exam/.htaccess
@ -14,11 +14,6 @@ RewriteRule ^phpCourse/exam/vendor/.* index.php [L,NC]
 RewriteRule ^phpCourse/exam/routes/.* index.php [L,NC]
 RewriteRule ^phpCourse/exam/react/.* index.php [L,NC]

-RewriteCond %{REQUEST_FILENAME} -f
-RewriteCond %{REQUEST_FILENAME} !/uploads/.*
-RewriteCond %{REQUEST_FILENAME} !/dist/.*
-RewriteRule ^ dist [L,NC]
-
 ##
 ## API routes
 ##
@ -33,3 +28,9 @@ RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !/api/docs
 RewriteCond %{REQUEST_FILENAME} !/dist
 RewriteRule ^ dist [L,NC,QSA]
+
+RewriteCond %{REQUEST_FILENAME} -f
+RewriteCond %{REQUEST_FILENAME} !/storage/.*
+RewriteCond %{REQUEST_FILENAME} !/dist/.*
+RewriteCond %{REQUEST_FILENAME} !/api/docs
+RewriteRule ^ dist [L,NC]
--- a/exam/api/User/User.php
+++ b/exam/api/User/User.php
@ -45,4 +45,29 @@ class User
      }
    }
  }
+
+  public function postSelf()
+  {
+    $token = Input::header("token");
+    $username = Input::post("username");
+    $password = Input::post("password");
+    $image = Input::file("image");
+
+    try {
+      return json_encode(MUser::getByToken($token)->update($username, $password, $image));
+    } catch (Exception $err) {
+      switch ($err->getMessage()) {
+        case "NotFound":
+          throw new Exception("User not Found", 404);
+        case "FailedUsername":
+          throw new Exception("Failed to update username", 500);
+        case "FailedPassword":
+          throw new Exception("Failed to update password", 500);
+        case "FailedImage":
+          throw new Exception("Failed to update image", 500);
+        default:
+          throw $err;
+      }
+    }
+  }
 }
--- a/exam/api/docs/api.yaml
+++ b/exam/api/docs/api.yaml
@ -128,7 +128,10 @@ paths:
        - User
    post:
      summary: Update user
-      description: Update user with ID. Fields are updated in order username,password,image. If one fails, subsequent are not updated
+      description:
+        Update user with ID. Fields are updated in order username, password, image. If one fails, subsequent are not updated. <br>
+        Use special ID <code>self</code> to update logged in user. <br>
+        Requires logged in user to have admin permissions for any ID other than <code>self</code>. <br>
      security:
        - BasicAuth: []
      parameters:
@ -228,6 +231,7 @@ components:
          type: string
        image:
          type: string
+          format: binary
  securitySchemes:
    BasicAuth:
      type: apiKey
--- a/exam/api/docs/index.html
+++ b/exam/api/docs/index.html
--- a/exam/classes/Input/Input.php
+++ b/exam/classes/Input/Input.php
@ -4,6 +4,11 @@ namespace Khofmann\Input;

 class Input
 {
+  public static function header($name, $defaultValue = null, $tryParse = true)
+  {
+    return request()->getHeader($name, $defaultValue, $tryParse);
+  }
+
  public static function post($index, $defaultValue = null)
  {
    return request()->getInputHandler()->post($index, $defaultValue);
--- a/exam/classes/Models/User/User.php
+++ b/exam/classes/Models/User/User.php
@ -4,6 +4,7 @@ namespace Khofmann\Models\User;

 use Exception;
 use PDO;
+use DateTime;
 use Khofmann\Database\Database;
 use Config\Config;
 use JsonSerializable;
@ -16,8 +17,9 @@ class User implements JsonSerializable
  private string $email;
  private ?string $image;
  private bool $isAdmin;
+  private DateTime $memberSince;

-  protected function __construct(int $id, string $username, int $status, string $email, string $image = null, bool $isAdmin = false)
+  protected function __construct(int $id, string $username, int $status, string $email, string $timestamp, string $image, bool $isAdmin)
  {
    $this->id = $id;
    $this->username = $username;
@ -25,6 +27,7 @@ class User implements JsonSerializable
    $this->email = $email;
    $this->image = $image;
    $this->isAdmin = $isAdmin;
+    $this->memberSince = new DateTime($timestamp);
  }

  /*
@ -35,7 +38,7 @@ class User implements JsonSerializable
  {
    $db = Database::getInstance();
    $stmt = $db->prepare(
-      "SELECT benutzer, status, email, image, isadmin FROM egb_benutzer WHERE id = :ID"
+      "SELECT benutzer, status, email, image, isadmin, zeitstempel FROM egb_benutzer WHERE id = :ID"
    );
    $stmt->bindValue(":ID", $id);
    $stmt->execute();
@ -43,14 +46,14 @@ class User implements JsonSerializable

    if (!$data) throw new Exception("NotFound");

-    return new User($id, $data["benutzer"], $data["status"], $data["email"], $data["image"], $data["isadmin"] === 1);
+    return new User($id, $data["benutzer"], $data["status"], $data["email"], $data["zeitstempel"], $data["image"], $data["isadmin"] === 1);
  }

  public static function getByEmail(string $email): User
  {
    $db = Database::getInstance();
    $stmt = $db->prepare(
-      "SELECT id, benutzer, status, image, isadmin FROM egb_benutzer WHERE email = :EMAIL"
+      "SELECT id, benutzer, status, image, isadmin, zeitstempel FROM egb_benutzer WHERE email = :EMAIL"
    );
    $stmt->bindValue(":EMAIL", $email);
    $stmt->execute();
@ -58,14 +61,14 @@ class User implements JsonSerializable

    if (!$data) throw new Exception("NotFound");

-    return new User($data["id"], $data["benutzer"], $data["status"], $email, $data["image"], $data["isadmin"] === 1);
+    return new User($data["id"], $data["benutzer"], $data["status"], $email, $data["zeitstempel"], $data["image"], $data["isadmin"] === 1);
  }

  public static function getByToken(string $token): User
  {
    $db = Database::getInstance();
    $stmt = $db->prepare(
-      "SELECT id, benutzer, status, email, image, isadmin FROM egb_benutzer WHERE token = :TOKEN"
+      "SELECT id, benutzer, status, email, image, isadmin, zeitstempel FROM egb_benutzer WHERE token = :TOKEN"
    );
    $stmt->bindValue(":TOKEN", $token);
    $stmt->execute();
@ -73,7 +76,7 @@ class User implements JsonSerializable

    if (!$data) throw new Exception("NotFound");

-    return new User($data["id"], $data["benutzer"], $data["status"], $data["email"], $data["image"], $data["isadmin"] === 1);
+    return new User($data["id"], $data["benutzer"], $data["status"], $data["email"], $data["zeitstempel"], $data["image"], $data["isadmin"] === 1);
  }

  public static function logIn(string $email, string $password): array
@ -86,7 +89,7 @@ class User implements JsonSerializable
    $data = $stmt->fetch();

    if ($data) {
-      $user = new User($data["id"], $data["benutzer"], $data["status"], $email, $data["image"], $data["isadmin"] === 1);
+      $user = new User($data["id"], $data["benutzer"], $data["status"], $email, $data["zeitstempel"], $data["image"], $data["isadmin"] === 1);
      if (password_verify($password, $data["passwort"])) {
        // REHASH for safety should it somehow change
        if (password_needs_rehash($data["passwort"], PASSWORD_DEFAULT)) {
@ -156,7 +159,7 @@ class User implements JsonSerializable

    if (!empty($image)) {
      $destinationFilename = sprintf('%s.%s', uniqid(), $image->getExtension());
-      $image->move(Config::getBaseFSPath() . "uploads/profilbilder/$destinationFilename");
+      $image->move(Config::getStoragePath() . "profilbilder/$destinationFilename");

      $stmt = $db->prepare("UPDATE egb_benutzer SET image = :IMG WHERE id = :ID");
      $stmt->bindValue(":IMG", $destinationFilename);
@ -202,6 +205,11 @@ class User implements JsonSerializable
    return $this->isAdmin;
  }

+  public function getMemberSince(): DateTime
+  {
+    return $this->memberSince;
+  }
+
  /*
  * JSON
  */
@ -214,7 +222,8 @@ class User implements JsonSerializable
      'status' => $this->getStatus(),
      'email' => $this->getEmail(),
      'image' => $this->getImage(),
-      'isAdmin' => $this->getIsAdmin()
+      'isAdmin' => $this->getIsAdmin(),
+      'memberSince' => $this->getMemberSince(),
    ];
  }
 }
--- a/exam/config/Config.php
+++ b/exam/config/Config.php
@ -44,6 +44,11 @@ class Config
    return Config::getInstance()->app["baseFSPath"];
  }

+  public static function getStoragePath()
+  {
+    return Config::getInstance()->app["storagePath"];
+  }
+
  public static function getDatabase()
  {
    return Config::getInstance()->database;
--- a/exam/config/app.php
+++ b/exam/config/app.php
@ -2,5 +2,6 @@

 return [
  "basePath" => "phpCourse/exam/",
-  "baseFSPath" => "/home/k/khofmann/public_html/phpCourse/exam/"
+  "baseFSPath" => "/home/k/khofmann/public_html/phpCourse/exam/",
+  "storagePath" => "/home/k/khofmann/public_html/phpCourse/exam/storage/"
 ];
--- a/exam/package.json
+++ b/exam/package.json
@ -0,0 +1,10 @@
+{
+  "name": "php-course-exam",
+  "description": "End of Course Exam",
+  "version": "1.0.0",
+  "dependencies": {},
+  "devDependencies": {},
+  "scripts": {
+    "generate-api-docs": "npx @redocly/cli build-docs --output api/docs/index.html api/docs/api.yaml"
+  }
+}
--- a/exam/routes/routes.php
+++ b/exam/routes/routes.php
@ -11,13 +11,27 @@ SimpleRouter::error(function (Request $request, Exception $exception) {
 SimpleRouter::all("/", function () {
  redirect("docs", 301);
 });
-// Login/Logout
+
+/*
+* Open routes
+*/
+// Login
 SimpleRouter::post("/login", [Api\Login\Login::class, "post"]);
+/*
+* Normal Auth routes
+*/
 SimpleRouter::group(["middleware" => \Khofmann\Auth\Auth::class], function () {
+  // Login
  SimpleRouter::post("/logout", [Api\Logout\Logout::class, "post"]);
-});
-// User
-//SimpleRouter::group(["middleware" => \Khofmann\Auth\Auth::class], function () {
+  // Get any user
  SimpleRouter::get("/user/{id}", [Api\User\User::class, "get"]);
+  // Update self
+  SimpleRouter::post("/user/self", [Api\User\User::class, "postSelf"]);
+});
+/*
+* Admin Auth routes
+*/
+SimpleRouter::group(["middleware" => \Khofmann\Auth\AdminAuth::class], function () {
+  // Update any user
  SimpleRouter::post("/user/{id}", [Api\User\User::class, "post"]);
-//});
+});
--- a/exam/storage/profilbilder/.gitignore
+++ b/exam/storage/profilbilder/.gitignore