From edf8b7cecff1c9d90aa5514111893085ed6db51c Mon Sep 17 00:00:00 2001 From: Kilian Hofmann Date: Sat, 13 Jul 2024 20:17:59 +0200 Subject: [PATCH] Basic User and Auth --- exam/api/docs/index.css | 3 -- exam/api/docs/index.html | 2 +- exam/api/users/index.php | 86 ++++++++++++++++++++++++++++++++++++++- exam/app/app.php | 4 +- exam/vendor/auth/auth.php | 28 +++++++++++++ 5 files changed, 116 insertions(+), 7 deletions(-) create mode 100644 exam/vendor/auth/auth.php diff --git a/exam/api/docs/index.css b/exam/api/docs/index.css index 88cb00c..e69de29 100644 --- a/exam/api/docs/index.css +++ b/exam/api/docs/index.css @@ -1,3 +0,0 @@ -body { - background-color: red; -} \ No newline at end of file diff --git a/exam/api/docs/index.html b/exam/api/docs/index.html index 68a3df6..f787ab6 100644 --- a/exam/api/docs/index.html +++ b/exam/api/docs/index.html @@ -3,7 +3,7 @@ - Calculator + API Docs diff --git a/exam/api/users/index.php b/exam/api/users/index.php index 5cc4ccb..4d6cc01 100644 --- a/exam/api/users/index.php +++ b/exam/api/users/index.php @@ -4,11 +4,23 @@ $method = $_SERVER['REQUEST_METHOD']; switch ($method) { case "GET": - return get(); + if (Auth::hasPermission("read")) return get(); + break; + case "PUT": + if (Auth::hasPermission("write")) return put(); + break; + case "POST": + if (Auth::hasPermission("write")) return post(); + break; + case "DELETE": + if (Auth::hasPermission("write")) return delete(); + break; default: return Response::api("$method not supported", 500); } +return Response::api("Not allowed", 401); + function get() { $db = Database::getInstance(); @@ -17,10 +29,80 @@ function get() "SELECT * FROM - egb_benutzer"; + Users"; $stmt = $db->prepare($query); $stmt->execute(); Response::api($stmt->fetchAll()); } + +function put() +{ + $db = Database::getInstance(); + + $_PUT = json_decode(file_get_contents('php://input'), true); + + $query = + "INSERT INTO + Users(FirstName, LastName, Token) + VALUES(:FIRST, :LAST, UUID())"; + + try { + $stmt = $db->prepare($query); + $stmt->bindValue(":FIRST", $_PUT["firstName"]); + $stmt->bindValue(":LAST", $_PUT["lastName"]); + + Response::api($stmt->execute()); + } catch (Exception $e) { + Response::api($e->getMessage(), 500); + } +} + +function post() +{ + $db = Database::getInstance(); + + $query = + "UPDATE + Users + SET + FirstName = :FIRST, LastName = :LAST + WHERE + ID = :ID"; + + $_POST = json_decode(file_get_contents('php://input'), true); + + try { + $stmt = $db->prepare($query); + $stmt->bindValue(":FIRST", $_POST["firstName"]); + $stmt->bindValue(":LAST", $_POST["lastName"]); + $stmt->bindValue(":ID", $_POST["ID"]); + + Response::api($stmt->execute()); + } catch (Exception $e) { + Response::api($e->getMessage(), 500); + } +} + +function delete() +{ + $db = Database::getInstance(); + + $_DELETE = json_decode(file_get_contents('php://input'), true); + + $query = + "DELETE FROM + Users + WHERE + ID = :ID"; + + try { + $stmt = $db->prepare($query); + $stmt->bindValue(":ID", $_DELETE["ID"]); + + Response::api($stmt->execute()); + } catch (Exception $e) { + Response::api($e->getMessage(), 500); + } +} diff --git a/exam/app/app.php b/exam/app/app.php index b4ad6bb..6aa994d 100644 --- a/exam/app/app.php +++ b/exam/app/app.php @@ -1,6 +1,8 @@ prepare($query); + $stmt->bindValue(":TOKEN", $token); + $stmt->execute(); + $perms = $stmt->fetchAll(PDO::FETCH_COLUMN, 0); + + return in_array($required, $perms); + } +}