Kilian/PHP-Course
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Endpoints

Browse Source
This commit is contained in:
Kilian Hofmann 2024-07-22 21:38:21 +02:00
parent 5251c43a6b
commit 700faf4351
10 changed files with 367 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
exam/api/Logout/Logout.php
View File

@ -11,7 +11,7 @@ class Logout extends Api
{
public function post(): void
{
$token = Request::header("token");
$token = Request::token();
Response::json(User::getByToken($token)->logOut());
}

67
exam/api/Post/Post.php Normal file
View File

@ -0,0 +1,67 @@
<?php
namespace Api\Post;
use Exception;
use Khofmann\Api\Api;
use Khofmann\Input\Input;
use Khofmann\Models\Post\Post as MPost;
use Khofmann\Models\User\User;
use Khofmann\Request\Request;
use Khofmann\Response\Response;
class Post extends Api
{
public function post(): void
{
$content = Input::patch("content");
$self = User::getByToken(Request::token());
try {
Response::json(MPost::create($self, $content));
} catch (Exception $err) {
switch ($err->getMessage()) {
default:
throw $err;
}
}
}
public function patch($id): void
{
$content = Input::patch("content");
$self = User::getByToken(Request::token());
$post = MPost::getByID($id);
if (!$self->getIsAdmin() && $post->getUser()->getID() !== $self->getID()) throw new Exception("Not Authorized", 401);
try {
Response::json(MPost::getByID($id)->update($content));
} catch (Exception $err) {
switch ($err->getMessage()) {
case "NotFound":
throw new Exception("Post not found", 404);
case "FailedContent":
throw new Exception("Failed to update content", 500);
default:
throw $err;
}
}
}
public function delete($id): void
{
try {
Response::json(MPost::getByID($id)->delete());
} catch (Exception $err) {
switch ($err->getMessage()) {
case "NotFound":
throw new Exception("Post not found", 404);
default:
throw $err;
}
}
}
}

3
exam/api/Posts/Posts.php
View File

@ -14,7 +14,8 @@ class Posts extends Api
{
$page = max(0, intval(Input::get("p", 0)));
$limit = constrain(0, 30, intval(Input::get("l", 10)));
$authed = Request::header("token") !== null;
$authed = Request::token() !== null;
Response::json(Post::list($page, $limit, $authed));
}
}

2
exam/api/User/User.php
View File

@ -51,7 +51,7 @@ class User extends Api
public function patchSelf(): void
{
$token = Request::header("token");
$token = Request::token();
$username = Input::patch("username");
$password = Input::patch("password");
$image = Input::file("image");

288
exam/api/docs/api.yaml
View File

@ -23,10 +23,7 @@ paths:
content:
application/json:
schema:
$ref: "#/components/schemas/BooleanResponse"
examples:
Success:
value: true
$ref: "#/components/schemas/LoginResponse"
400:
description: Missing fields.
content:
@ -99,10 +96,7 @@ paths:
content:
application/json:
schema:
$ref: "#/components/schemas/BooleanResponse"
examples:
Success:
value: true
$ref: "#/components/schemas/UserResponse"
400:
description: Missing fields or duplicate
content:
@ -187,48 +181,9 @@ paths:
application/json:
schema:
$ref: "#/components/schemas/UserListResponse"
examples:
Success:
value:
{
"pages": 1,
"data":
[
{
"id": 1,
"username": "Admin",
"status": 1,
"email": "marvin@zedat.fu-berlin.de",
"image": "669d41fbdb56b.png",
"isAdmin": true,
"memberSince":
{
"date": "2024-07-22 14:02:49.000000",
"timezone_type": 3,
"timezone": "Europe/Berlin",
},
"postCount": 3,
},
{
"id": 2,
"username": "Max",
"status": 1,
"email": "max@moritz.net",
"image": "profilbilder/max.svg",
"isAdmin": false,
"memberSince":
{
"date": "2024-07-22 03:07:41.000000",
"timezone_type": 3,
"timezone": "Europe/Berlin",
},
"postCount": 2,
},
],
}
tags:
- User
/user{id}:
/user/{id}:
get:
summary: Get user
description: Get user by ID.
@ -249,24 +204,6 @@ paths:
application/json:
schema:
$ref: "#/components/schemas/UserResponse"
examples:
Success:
value:
{
"id": 1,
"username": "Admin",
"status": 1,
"email": "marvin@zedat.fu-berlin.de",
"image": "669d41fbdb56b.png",
"isAdmin": true,
"memberSince":
{
"date": "2024-07-22 14:02:49.000000",
"timezone_type": 3,
"timezone": "Europe/Berlin",
},
"postCount": 3,
}
404:
description: User not found.
content:
@ -285,6 +222,7 @@ paths:
Use special ID <code>self</code> to update logged in user. <br>
Requires logged in user to have admin permissions for any ID other than <code>self</code>.
security:
- BasicAuth: []
- BasicAuth: [isAdmin]
parameters:
- name: id
@ -305,10 +243,7 @@ paths:
content:
application/json:
schema:
$ref: "#/components/schemas/BooleanResponse"
examples:
Success:
value: true
$ref: "#/components/schemas/UserResponse"
404:
description: User not found.
content:
@ -325,7 +260,7 @@ paths:
schema:
$ref: "#/components/schemas/ErrorResponse"
examples:
User not found:
Failed username:
value: { "message": "Failed to update username" }
tags:
- User
@ -348,10 +283,7 @@ paths:
content:
application/json:
schema:
$ref: "#/components/schemas/BooleanResponse"
examples:
Success:
value: true
$ref: "#/components/schemas/UserResponse"
404:
description: User not found.
content:
@ -397,29 +329,18 @@ paths:
Not authenticated:
value:
{
"pages": 1,
"pages": 0,
"data":
[
{
"id": 1,
"user": { "username": "Admin" },
"content": "Hey,\r\nGästebucher sind cool…\r\nDas Gästebuch ist freigegeben.\r\nIch hoffe auf viele Beiträge!",
"id": 0,
"user": { "username": "string" },
"content": "string",
"postedAt":
{
"date": "2020-03-03 09:03:00.000000",
"timezone_type": 3,
"timezone": "Europe/Berlin",
},
},
{
"id": 2,
"user": { "username": "Max" },
"content": "Bin über Google auf deine Seite gestoßen, danke für das geniale Gästebuch. Werde in Zukunft des Öftern vorbeischaun…\r\n\r\nLiebe Grüsse, Max",
"postedAt":
{
"date": "2020-03-04 12:26:40.000000",
"timezone_type": 3,
"timezone": "Europe/Berlin",
"date": "2019-08-24T14:15:22Z",
"timezone_type": 0,
"timezone": "string",
},
},
],
@ -434,58 +355,140 @@ paths:
"id": 1,
"user":
{
"id": 1,
"username": "Admin",
"status": 1,
"email": "marvin@zedat.fu-berlin.de",
"image": "669d41fbdb56b.png",
"id": 0,
"username": "string",
"status": 0,
"email": "string",
"image": "string",
"isAdmin": true,
"memberSince":
{
"date": "2024-07-22 14:02:49.000000",
"timezone_type": 3,
"timezone": "Europe/Berlin",
"date": "2019-08-24T14:15:22Z",
"timezone_type": 0,
"timezone": "string",
},
"postCount": 3,
"postCount": 0,
},
"content": "Hey,\r\nGästebucher sind cool…\r\nDas Gästebuch ist freigegeben.\r\nIch hoffe auf viele Beiträge!",
"content": "string",
"postedAt":
{
"date": "2020-03-03 09:03:00.000000",
"timezone_type": 3,
"timezone": "Europe/Berlin",
},
},
{
"id": 2,
"user":
{
"id": 2,
"username": "Max",
"status": 1,
"email": "max@moritz.net",
"image": "profilbilder/max.svg",
"isAdmin": false,
"memberSince":
{
"date": "2024-07-22 03:07:41.000000",
"timezone_type": 3,
"timezone": "Europe/Berlin",
},
"postCount": 2,
},
"content": "Bin über Google auf deine Seite gestoßen, danke für das geniale Gästebuch. Werde in Zukunft des Öftern vorbeischaun…\r\n\r\nLiebe Grüsse, Max",
"postedAt":
{
"date": "2020-03-04 12:26:40.000000",
"timezone_type": 3,
"timezone": "Europe/Berlin",
"date": "2019-08-24T14:15:22Z",
"timezone_type": 0,
"timezone": "string",
},
},
],
}
tags:
- Post
post:
summary: New post
description: Create a new post.
security:
- BasicAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/PostCreateRequest"
responses:
200:
description: Success.
content:
application/json:
schema:
$ref: "#/components/schemas/PostResponse"
400:
description: Missing fields.
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
examples:
Missing fields:
value: { "message": "Missing content" }
tags:
- Post
/post/{id}:
patch:
summary: Update post
description: Update post with ID. <br>
Requires logged in user to have admin permissions for posts not made by them.
security:
- BasicAuth: []
- BasicAuth: [isAdmin]
parameters:
- name: id
in: path
description: Post ID
required: true
schema:
type: integer
format: int14
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/PostUpdateRequest"
responses:
200:
description: Success.
content:
application/json:
schema:
$ref: "#/components/schemas/PostResponse"
404:
description: Post not found.
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
examples:
User not found:
value: { "message": "Post not found" }
500:
description: Update failed.
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
examples:
Failed:
value: { "message": "Failed to update post" }
tags:
- Post
delete:
summary: Delete post
description: Delete post with ID.
security:
- BasicAuth: [isAdmin]
parameters:
- name: id
in: path
description: Post ID
required: true
schema:
type: integer
format: int14
responses:
200:
description: Success.
content:
application/json:
schema:
$ref: "#/components/schemas/PostResponse"
404:
description: Post not found.
content:
application/json:
schema:
$ref: "#/components/schemas/ErrorResponse"
examples:
Post not found:
value: { "message": "Post not found" }
tags:
- Post
externalDocs:
url: https://khofmann.userpage.fu-berlin.de/phpCourse/exam/api/docs/
security: []
@ -510,6 +513,13 @@ components:
type: string
password:
type: string
LoginResponse:
type: object
properties:
user:
$ref: "#/components/schemas/UserResponse"
token:
type: string
UserResponse:
type: object
properties:
@ -585,6 +595,8 @@ components:
type: number
user:
$ref: "#/components/schemas/UserResponse"
content:
type: string
postedAt:
type: object
properties:
@ -604,6 +616,18 @@ components:
type: array
items:
$ref: "#/components/schemas/PostResponse"
PostUpdateRequest:
type: object
properties:
content:
type: string
PostCreateRequest:
type: object
required:
- content
properties:
content:
type: string
securitySchemes:
BasicAuth:
type: apiKey

44
exam/api/docs/index.html
View File

File diff suppressed because one or more lines are too long

73
exam/classes/Models/Post/Post.php
View File

@ -2,7 +2,9 @@
namespace Khofmann\Models\Post;
use Api\User\User as UserUser;
use DateTime;
use Exception;
use Khofmann\Models\User\User;
use JsonSerializable;
use Khofmann\Database\Database;
@ -13,6 +15,7 @@ class Post implements JsonSerializable
private int $id;
// User is set if the post was fetched by an authenticated user
private ?User $user;
// Name is set if the post was fetched by a non authenticated user
private ?string $name;
private string $content;
private DateTime $postedAt;
@ -30,7 +33,46 @@ class Post implements JsonSerializable
* Statics
*/
public static function list(int $page, int $limit, bool $authed = false)
public static function getByID(int $id): Post
{
$db = Database::getInstance();
$stmt = $db->prepare(
"SELECT
*
FROM
egb_gaestebuch
WHERE
id = :ID"
);
$stmt->bindValue(":ID", $id);
$stmt->execute();
$data = $stmt->fetch();
if (!$data) throw new Exception("NotFound");
$user = User::getByID($data["benutzer_id"]);
return new Post($data["id"], $user, null, $data["beitrag"], $data["zeitstempel"]);
}
public static function create(User $user, string $content): Post
{
$db = Database::getInstance();
$stmt = $db->prepare(
"INSERT INTO
egb_gaestebuch(benutzer_id, beitrag)
VALUES(:USR, :CON)"
);
$stmt->bindValue(":USR", $user->getID());
$stmt->bindValue(":CON", $content);
$stmt->execute();
return Post::getByID($db->lastInsertId());
}
public static function list(int $page, int $limit, bool $authed = false): array
{
$db = Database::getInstance();
$stmt = $db->prepare(
@ -63,6 +105,35 @@ class Post implements JsonSerializable
return ["pages" => intdiv($count, $limit) + 1, "data" => $list];
}
/*
* Members
*/
public function update(?string $content): Post
{
$db = Database::getInstance();
$error = false;
if (!empty($content)) {
$stmt = $db->prepare("UPDATE egb_gaestebuch SET beitrag = :CON WHERE id = :ID");
$stmt->bindValue(":CON", $content);
$stmt->bindValue(":ID", $this->id);
$error = !$stmt->execute();
}
if ($error) throw new Exception("FailedContent");
return Post::getByID($this->id);
}
public function delete(): Post
{
$db = Database::getInstance();
$stmt = $db->prepare("DELETE FROM egb_gaestebuch WHERE id = :ID");
$stmt->bindValue(":ID", $this->id);
return $this;
}
/*
* Getters
*/

15
exam/classes/Models/User/User.php
View File

@ -177,7 +177,7 @@ class User implements JsonSerializable
}
}
public static function create(string $username, string $email, string $password): bool
public static function create(string $username, string $email, string $password): User
{
$db = Database::getInstance();
$guid = GUID::v4();
@ -192,6 +192,8 @@ class User implements JsonSerializable
$stmt->bindValue(":EMA", $email);
$stmt->bindValue(":COD", $guid);
$user = User::getByID($db->lastInsertId());
try {
$stmt->execute();
@ -201,7 +203,7 @@ class User implements JsonSerializable
"Hello $username. To activate your account, visit https://khofmann.userpage.fu-berlin.de/phpCourse/exam/confirm?c=$guid"
);
return true;
return $user;
} catch (Exception $err) {
if ($err->getCode() === "23000") throw new Exception("Duplicate");
@ -267,7 +269,7 @@ class User implements JsonSerializable
return $stmt->execute();
}
public function update(?string $username, ?string $password, $image = null): bool
public function update(?string $username, ?string $password, $image = null): User
{
$db = Database::getInstance();
@ -299,15 +301,16 @@ class User implements JsonSerializable
}
if ($error) throw new Exception("FailedImage");
return true;
return User::getByID($this->id);
}
public function delete(): bool
public function delete(): User
{
$db = Database::getInstance();
$stmt = $db->prepare("DELETE FROM egb_benutzer WHERE id = :ID");
$stmt->bindValue(":ID", $this->id);
return $stmt->execute();
return $this;
}
/*

5
exam/classes/Request/Request.php
View File

@ -16,4 +16,9 @@ class Request
{
return Request::request()->getHeader($name, $defaultValue, $tryParse);
}
public static function token()
{
return Request::header("token");
}
}

26
exam/routes/routes.php
View File

@ -1,36 +1,42 @@
<?php
// Namespaces
use Pecee\SimpleRouter\SimpleRouter;
use Pecee\Http\Request;
use Khofmann\Response\Response;
// Error handling
SimpleRouter::error(function (Request $request, Exception $exception) {
$code = $exception->getCode();
Response::response()->httpCode(is_int($code) ? $code : 500)->json(["message" => $exception->getMessage()]);
});
// Index
SimpleRouter::all("/", function () {
Response::redirect("docs", 301);
});
/*
* Open routes
* Open
*/
// Login
SimpleRouter::post("/login", [Api\Login\Login::class, "post"]);
// Register and confirm
SimpleRouter::post("/register", [Api\Register\Register::class, "post"]);
SimpleRouter::patch("/register", [Api\Register\Register::class, "patch"]);
/*
* Optional Auth
*/
SimpleRouter::group(["middleware" => Khofmann\Auth\OptAuth::class], function () {
// List posts with user data
// List posts
SimpleRouter::get("/posts", [Api\Posts\Posts::class, "get"]);
});
/*
* Normal Auth routes
* Normal Auth
*/
SimpleRouter::group(["middleware" => Khofmann\Auth\Auth::class], function () {
// Logout
SimpleRouter::post("/logout", [Api\Logout\Logout::class, "post"]);
@ -38,15 +44,23 @@ SimpleRouter::group(["middleware" => Khofmann\Auth\Auth::class], function () {
SimpleRouter::get("/user/{id}", [Api\User\User::class, "get"]);
// Update self
SimpleRouter::patch("/user/self", [Api\User\User::class, "patchSelf"]);
// Update post
SimpleRouter::patch("/post/{id}", [Api\Post\Post::class, "patch"]);
// Create post
SimpleRouter::post("/posts", [Api\Post\Post::class, "post"]);
});
/*
* Admin Auth routes
* Admin Auth
*/
SimpleRouter::group(["middleware" => Khofmann\Auth\AdminAuth::class], function () {
// List users
SimpleRouter::get("/users", [Api\Users\Users::class, "get"]);
// Update any user
// Update user
SimpleRouter::patch("/user/{id}", [Api\User\User::class, "patch"]);
// Delete any user
// Delete user
SimpleRouter::delete("/user/{id}", [Api\User\User::class, "delete"]);
// Delete post
SimpleRouter::delete("/post/{id}", [Api\Post\Post::class, "delete"]);
});