Basic User and Auth

2024-07-13 20:17:59 +02:00
parent 03da043be3
commit edf8b7cecf
5 changed files with 116 additions and 7 deletions
@@ -1,3 +0,0 @@
-body {
-  background-color: red;
-}
@@ -3,7 +3,7 @@
  <head>
    <link href="./index.css" rel="stylesheet" />

-    <title>Calculator</title>
+    <title>API Docs</title>
  </head>

  <body></body>
@@ -4,11 +4,23 @@ $method = $_SERVER['REQUEST_METHOD'];

 switch ($method) {
  case "GET":
-    return get();
+    if (Auth::hasPermission("read")) return get();
+    break;
+  case "PUT":
+    if (Auth::hasPermission("write")) return put();
+    break;
+  case "POST":
+    if (Auth::hasPermission("write")) return post();
+    break;
+  case "DELETE":
+    if (Auth::hasPermission("write")) return delete();
+    break;
  default:
    return Response::api("$method not supported", 500);
 }

+return Response::api("Not allowed", 401);
+
 function get()
 {
  $db = Database::getInstance();
@@ -17,10 +29,80 @@ function get()
    "SELECT
      *
    FROM
-      egb_benutzer";
+      Users";

  $stmt = $db->prepare($query);
  $stmt->execute();

  Response::api($stmt->fetchAll());
 }
+
+function put()
+{
+  $db = Database::getInstance();
+
+  $_PUT = json_decode(file_get_contents('php://input'), true);
+
+  $query =
+    "INSERT INTO
+      Users(FirstName, LastName, Token)
+    VALUES(:FIRST, :LAST, UUID())";
+
+  try {
+    $stmt = $db->prepare($query);
+    $stmt->bindValue(":FIRST", $_PUT["firstName"]);
+    $stmt->bindValue(":LAST", $_PUT["lastName"]);
+
+    Response::api($stmt->execute());
+  } catch (Exception $e) {
+    Response::api($e->getMessage(), 500);
+  }
+}
+
+function post()
+{
+  $db = Database::getInstance();
+
+  $query =
+    "UPDATE
+      Users
+    SET
+      FirstName = :FIRST, LastName = :LAST
+    WHERE
+      ID = :ID";
+
+  $_POST = json_decode(file_get_contents('php://input'), true);
+
+  try {
+    $stmt = $db->prepare($query);
+    $stmt->bindValue(":FIRST", $_POST["firstName"]);
+    $stmt->bindValue(":LAST", $_POST["lastName"]);
+    $stmt->bindValue(":ID", $_POST["ID"]);
+
+    Response::api($stmt->execute());
+  } catch (Exception $e) {
+    Response::api($e->getMessage(), 500);
+  }
+}
+
+function delete()
+{
+  $db = Database::getInstance();
+
+  $_DELETE = json_decode(file_get_contents('php://input'), true);
+
+  $query =
+    "DELETE FROM
+      Users
+    WHERE
+      ID = :ID";
+
+  try {
+    $stmt = $db->prepare($query);
+    $stmt->bindValue(":ID", $_DELETE["ID"]);
+
+    Response::api($stmt->execute());
+  } catch (Exception $e) {
+    Response::api($e->getMessage(), 500);
+  }
+}