Compare commits
2 Commits
4d25387a47
...
edf8b7cecf
| Author | SHA1 | Date | |
|---|---|---|---|
| edf8b7cecf | |||
| 03da043be3 |
0
exam/api/docs/index.css
Normal file
0
exam/api/docs/index.css
Normal file
@ -1 +1,10 @@
|
||||
DOCUMENTATION
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<link href="./index.css" rel="stylesheet" />
|
||||
|
||||
<title>API Docs</title>
|
||||
</head>
|
||||
|
||||
<body></body>
|
||||
</html>
|
||||
|
||||
@ -1,4 +1,3 @@
|
||||
<?php
|
||||
foreach (glob(__DIR__ . '/*/index.php') as $filename) {
|
||||
require_once($filename);
|
||||
}
|
||||
|
||||
Headers::redirect("docs/index.html");
|
||||
|
||||
26
exam/api/posts/index.php
Normal file
26
exam/api/posts/index.php
Normal file
@ -0,0 +1,26 @@
|
||||
<?php
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
switch ($method) {
|
||||
case "GET":
|
||||
return get();
|
||||
default:
|
||||
return Response::api("$method not supported", 500);
|
||||
}
|
||||
|
||||
function get()
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
|
||||
$query =
|
||||
"SELECT
|
||||
*
|
||||
FROM
|
||||
egb_gaestebuch";
|
||||
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->execute();
|
||||
|
||||
Response::api($stmt->fetchAll());
|
||||
}
|
||||
@ -4,12 +4,105 @@ $method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
switch ($method) {
|
||||
case "GET":
|
||||
return get();
|
||||
if (Auth::hasPermission("read")) return get();
|
||||
break;
|
||||
case "PUT":
|
||||
if (Auth::hasPermission("write")) return put();
|
||||
break;
|
||||
case "POST":
|
||||
if (Auth::hasPermission("write")) return post();
|
||||
break;
|
||||
case "DELETE":
|
||||
if (Auth::hasPermission("write")) return delete();
|
||||
break;
|
||||
default:
|
||||
return Response::api("$method not supported", 500);
|
||||
}
|
||||
|
||||
return Response::api("Not allowed", 401);
|
||||
|
||||
function get()
|
||||
{
|
||||
Response::api("GET USERS");
|
||||
$db = Database::getInstance();
|
||||
|
||||
$query =
|
||||
"SELECT
|
||||
*
|
||||
FROM
|
||||
Users";
|
||||
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->execute();
|
||||
|
||||
Response::api($stmt->fetchAll());
|
||||
}
|
||||
|
||||
function put()
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
|
||||
$_PUT = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
$query =
|
||||
"INSERT INTO
|
||||
Users(FirstName, LastName, Token)
|
||||
VALUES(:FIRST, :LAST, UUID())";
|
||||
|
||||
try {
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->bindValue(":FIRST", $_PUT["firstName"]);
|
||||
$stmt->bindValue(":LAST", $_PUT["lastName"]);
|
||||
|
||||
Response::api($stmt->execute());
|
||||
} catch (Exception $e) {
|
||||
Response::api($e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
function post()
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
|
||||
$query =
|
||||
"UPDATE
|
||||
Users
|
||||
SET
|
||||
FirstName = :FIRST, LastName = :LAST
|
||||
WHERE
|
||||
ID = :ID";
|
||||
|
||||
$_POST = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
try {
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->bindValue(":FIRST", $_POST["firstName"]);
|
||||
$stmt->bindValue(":LAST", $_POST["lastName"]);
|
||||
$stmt->bindValue(":ID", $_POST["ID"]);
|
||||
|
||||
Response::api($stmt->execute());
|
||||
} catch (Exception $e) {
|
||||
Response::api($e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
function delete()
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
|
||||
$_DELETE = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
$query =
|
||||
"DELETE FROM
|
||||
Users
|
||||
WHERE
|
||||
ID = :ID";
|
||||
|
||||
try {
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->bindValue(":ID", $_DELETE["ID"]);
|
||||
|
||||
Response::api($stmt->execute());
|
||||
} catch (Exception $e) {
|
||||
Response::api($e->getMessage(), 500);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
<?php
|
||||
|
||||
ini_set("display_errors", 1);
|
||||
if (strpos($_SERVER["REQUEST_URI"], "api") === false) {
|
||||
ini_set("display_errors", 1);
|
||||
}
|
||||
ini_set("default_charset", "utf-8");
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
ini_set('session.cookie_secure', 1);
|
||||
|
||||
9
exam/config/database.php
Normal file
9
exam/config/database.php
Normal file
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
|
||||
return [
|
||||
"host" => "usersql.zedat.fu-berlin.de",
|
||||
"user" => "khofmann-sql",
|
||||
"passwd" => "xz8c7m7p",
|
||||
"database" => "khofmann-db1",
|
||||
"charset" => "utf8",
|
||||
];
|
||||
@ -4,7 +4,11 @@ $path = ltrim(str_replace(Config::getBasePath(), "", $_SERVER['REQUEST_URI']), "
|
||||
|
||||
try {
|
||||
if (substr($path, 0, 3) === "api") {
|
||||
require_once __DIR__ . "/../api/index.php";
|
||||
if (strpos($path, "docs") === false) {
|
||||
require_once __DIR__ . "/../$path/index.php";
|
||||
} else {
|
||||
Headers::redirect("index.html");
|
||||
}
|
||||
} else {
|
||||
require_once __DIR__ . "/../pages/index.html";
|
||||
}
|
||||
|
||||
28
exam/vendor/auth/auth.php
vendored
Normal file
28
exam/vendor/auth/auth.php
vendored
Normal file
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
class Auth
|
||||
{
|
||||
public static function hasPermission(string $required)
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
|
||||
if (!isset($_SERVER["HTTP_TOKEN"])) return false;
|
||||
$token = $_SERVER["HTTP_TOKEN"];
|
||||
|
||||
$query =
|
||||
"SELECT
|
||||
UserPermissions.Permission
|
||||
FROM
|
||||
UserPermissions, Users
|
||||
WHERE
|
||||
Users.ID = UserPermissions.fkUserID AND
|
||||
Users.Token = :TOKEN";
|
||||
|
||||
$stmt = $db->prepare($query);
|
||||
$stmt->bindValue(":TOKEN", $token);
|
||||
$stmt->execute();
|
||||
$perms = $stmt->fetchAll(PDO::FETCH_COLUMN, 0);
|
||||
|
||||
return in_array($required, $perms);
|
||||
}
|
||||
}
|
||||
7
exam/vendor/config/config.php
vendored
7
exam/vendor/config/config.php
vendored
@ -5,10 +5,12 @@ class Config
|
||||
private static $instances = [];
|
||||
|
||||
private array $app;
|
||||
private array $database;
|
||||
|
||||
protected function __construct()
|
||||
{
|
||||
$this->app = require_once __DIR__ . "/../../config/app.php";
|
||||
$this->database = require_once __DIR__ . "/../../config/database.php";
|
||||
}
|
||||
|
||||
protected function __clone()
|
||||
@ -34,4 +36,9 @@ class Config
|
||||
{
|
||||
return Config::getInstance()->app["basePath"];
|
||||
}
|
||||
|
||||
public static function getDatabase()
|
||||
{
|
||||
return Config::getInstance()->database;
|
||||
}
|
||||
}
|
||||
|
||||
32
exam/vendor/database/database.php
vendored
Normal file
32
exam/vendor/database/database.php
vendored
Normal file
@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
class Database extends PDO
|
||||
{
|
||||
private static $instances = [];
|
||||
|
||||
protected function __construct($dsn, $username = null, $password = null, array $options = null)
|
||||
{
|
||||
parent::__construct($dsn, $username, $password, $options);
|
||||
}
|
||||
|
||||
public static function getInstance(): Database
|
||||
{
|
||||
$cls = static::class;
|
||||
if (!isset(self::$instances[$cls])) {
|
||||
$dataAccess = Config::getDatabase();
|
||||
self::$instances[$cls] = new static(
|
||||
"mysql:host={$dataAccess["host"]};dbname={$dataAccess["database"]};charset={$dataAccess["charset"]}",
|
||||
$dataAccess["user"],
|
||||
$dataAccess["passwd"],
|
||||
[
|
||||
PDO::ATTR_PERSISTENT => false,
|
||||
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
||||
PDO::ATTR_EMULATE_PREPARES => false,
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
return self::$instances[$cls];
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user