Kilian/PHP-Course
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Basic User and Auth

Browse Source
This commit is contained in:
Kilian Hofmann 2024-07-13 20:17:59 +02:00
parent 03da043be3
commit edf8b7cecf
5 changed files with 116 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
exam/api/docs/index.css
View File

@ -1,3 +0,0 @@
body {
background-color: red;
}

2
exam/api/docs/index.html
View File

@ -3,7 +3,7 @@
<head> <head>
<link href="./index.css" rel="stylesheet" /> <link href="./index.css" rel="stylesheet" />
<title>Calculator</title> <title>API Docs</title>
</head> </head>
<body></body> <body></body>

86
exam/api/users/index.php
View File

@ -4,11 +4,23 @@ $method = $_SERVER['REQUEST_METHOD'];
switch ($method) { switch ($method) {
case "GET": case "GET":
return get(); if (Auth::hasPermission("read")) return get();
break;
case "PUT":
if (Auth::hasPermission("write")) return put();
break;
case "POST":
if (Auth::hasPermission("write")) return post();
break;
case "DELETE":
if (Auth::hasPermission("write")) return delete();
break;
default: default:
return Response::api("$method not supported", 500); return Response::api("$method not supported", 500);
} }
return Response::api("Not allowed", 401);
function get() function get()
{ {
$db = Database::getInstance(); $db = Database::getInstance();
@ -17,10 +29,80 @@ function get()
"SELECT "SELECT
* *
FROM FROM
egb_benutzer"; Users";
$stmt = $db->prepare($query); $stmt = $db->prepare($query);
$stmt->execute(); $stmt->execute();
Response::api($stmt->fetchAll()); Response::api($stmt->fetchAll());
} }
function put()
{
$db = Database::getInstance();
$_PUT = json_decode(file_get_contents('php://input'), true);
$query =
"INSERT INTO
Users(FirstName, LastName, Token)
VALUES(:FIRST, :LAST, UUID())";
try {
$stmt = $db->prepare($query);
$stmt->bindValue(":FIRST", $_PUT["firstName"]);
$stmt->bindValue(":LAST", $_PUT["lastName"]);
Response::api($stmt->execute());
} catch (Exception $e) {
Response::api($e->getMessage(), 500);
}
}
function post()
{
$db = Database::getInstance();
$query =
"UPDATE
Users
SET
FirstName = :FIRST, LastName = :LAST
WHERE
ID = :ID";
$_POST = json_decode(file_get_contents('php://input'), true);
try {
$stmt = $db->prepare($query);
$stmt->bindValue(":FIRST", $_POST["firstName"]);
$stmt->bindValue(":LAST", $_POST["lastName"]);
$stmt->bindValue(":ID", $_POST["ID"]);
Response::api($stmt->execute());
} catch (Exception $e) {
Response::api($e->getMessage(), 500);
}
}
function delete()
{
$db = Database::getInstance();
$_DELETE = json_decode(file_get_contents('php://input'), true);
$query =
"DELETE FROM
Users
WHERE
ID = :ID";
try {
$stmt = $db->prepare($query);
$stmt->bindValue(":ID", $_DELETE["ID"]);
Response::api($stmt->execute());
} catch (Exception $e) {
Response::api($e->getMessage(), 500);
}
}

4
exam/app/app.php
View File

@ -1,6 +1,8 @@
<?php <?php
ini_set("display_errors", 1); if (strpos($_SERVER["REQUEST_URI"], "api") === false) {
ini_set("display_errors", 1);
}
ini_set("default_charset", "utf-8"); ini_set("default_charset", "utf-8");
ini_set('session.cookie_httponly', 1); ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 1); ini_set('session.cookie_secure', 1);

28
exam/vendor/auth/auth.php vendored Normal file
View File

@ -0,0 +1,28 @@
<?php
class Auth
{
public static function hasPermission(string $required)
{
$db = Database::getInstance();
if (!isset($_SERVER["HTTP_TOKEN"])) return false;
$token = $_SERVER["HTTP_TOKEN"];
$query =
"SELECT
UserPermissions.Permission
FROM
UserPermissions, Users
WHERE
Users.ID = UserPermissions.fkUserID AND
Users.Token = :TOKEN";
$stmt = $db->prepare($query);
$stmt->bindValue(":TOKEN", $token);
$stmt->execute();
$perms = $stmt->fetchAll(PDO::FETCH_COLUMN, 0);
return in_array($required, $perms);
}
}