Afegida comprovació de mètodes HTTP per l'API
Per exemple, el mètode per tancar la sessió ara necessita que es cridi
com a una petició POST.
Change-Id: I5aaeee7e1a6a4525558a38e8da25bd32172d3e55
diff --git a/inc/API.php b/inc/API.php
index 8891a68..a3607bb 100644
--- a/inc/API.php
+++ b/inc/API.php
@@ -34,9 +34,13 @@
}
}
+ private static function checkRequestMethod(string $method) {
+ if ($_SERVER['REQUEST_METHOD'] !== $method)
+ self::returnError('This action requires using the '.$method.' method.');
+ }
+
private static function getJSONBody() {
- if ($_SERVER['REQUEST_METHOD'] !== 'POST')
- self::returnError('This action requires using the POST method.');
+ self::checkRequestMethod('POST');
$rawBody = file_get_contents('php://input');
$json = json_decode($rawBody, true);
@@ -59,6 +63,7 @@
switch ($method) {
case 'getAuthUrl':
+ self::checkRequestMethod('GET');
$auth = new Auth();
self::returnPayload([
'url' => $auth->getAuthUrl()
@@ -66,6 +71,7 @@
break;
case 'isSignedIn':
+ self::checkRequestMethod('GET');
$isSignedIn = \DAFME\Covid\Users::isSignedIn();
self::returnPayload([
'signedIn' => $isSignedIn
@@ -73,11 +79,13 @@
break;
case 'signOut':
+ self::checkRequestMethod('POST');
\DAFME\Covid\Users::signOut();
self::returnOk();
break;
case 'getAllSubjects':
+ self::checkRequestMethod('GET');
$subjects = Subjects::getAll();
if ($subjects === false)
@@ -89,6 +97,7 @@
break;
case 'getUserSubjects':
+ self::checkRequestMethod('GET');
self::checkSignInStatus();
$subjects = Subjects::getUserSubjects();
@@ -124,11 +133,6 @@
self::returnError();
break;
- case 'removeUserSubject':
- self::checkSignInStatus();
- // @TODO: Implement this method
- break;
-
case 'getClasses':
self::checkSignInStatus();
// @TODO: Implement this method