Gitiles
Code Review Sign In
gerrit.avm99963.com / delefme-covid-tracability / backend / 472b0de6b5b5f5b9e59f82efd6e35a87e7c6fc68 / . / inc / API.php
blob: f1763ea358106650934e40dbc99b8005ab66e993 [file] [log] [blame]
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]1<?php
2namespace DAFME\Covid;
3
4class API {
5 private static function returnJSON($array) {
6 echo json_encode($array);
avm99963339e6f72020-09-27 17:12:43 +0200[diff] [blame]7 exit();
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]8 }
9
10 public static function returnError($errorMessage = 'Unexpected error') {
11 http_response_code(400);
12 self::returnJson([
13 'status' => 'error',
14 'errorMessage' => $errorMessage
15 ]);
16 }
17
18 public static function returnPayload($payload) {
19 self::returnJson([
20 'status' => 'ok',
21 'payload' => $payload
22 ]);
23 }
24
25 public static function returnOk() {
26 self::returnJson([
27 'status' => 'ok'
28 ]);
29 }
30
31 private static function checkSignInStatus() {
32 if (!Users::isSignedIn()) {
33 self::returnError('The user hasn\'t signed in.');
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]34 }
35 }
36
avm9996380afa682020-09-27 17:23:09 +0200[diff] [blame]37 private static function checkRequestMethod(string $method) {
38 if ($_SERVER['REQUEST_METHOD'] !== $method)
39 self::returnError('This action requires using the '.$method.' method.');
40 }
41
avm99963339e6f72020-09-27 17:12:43 +0200[diff] [blame]42 private static function getJSONBody() {
avm9996380afa682020-09-27 17:23:09 +0200[diff] [blame]43 self::checkRequestMethod('POST');
avm99963339e6f72020-09-27 17:12:43 +0200[diff] [blame]44
45 $rawBody = file_get_contents('php://input');
46 $json = json_decode($rawBody, true);
47 if (json_last_error() !== JSON_ERROR_NONE)
48 self::returnError('The request body is malformed.');
49
50 return $json;
51 }
52
avm999633cc83b62020-09-27 21:03:44 +0200[diff] [blame]53 private static function setCORSHeaders() {
54 global $conf;
55 if ((isset($conf['allowAllOrigins']) && $conf['allowAllOrigins']) ||
56 (isset($conf['allowedOrigins']) &&
57 isset($_SERVER['HTTP_ORIGIN']) &&
58 in_array($_SERVER['HTTP_ORIGIN'], $conf['allowedOrigins']))) {
59 header('Access-Control-Allow-Origin: '.($_SERVER['HTTP_ORIGIN'] ?? '*'));
60 header('Access-Control-Allow-Credentials: true');
61 }
62 }
63
64
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]65 public static function process($path) {
66 global $conf;
67
68 header('Content-Type: application/json');
avm999633cc83b62020-09-27 21:03:44 +0200[diff] [blame]69 self::setCORSHeaders();
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]70
71 $parts = explode('/', $path);
72 $method = $parts[0] ?? '';
73
74 switch ($method) {
75 case 'getAuthUrl':
avm9996380afa682020-09-27 17:23:09 +0200[diff] [blame]76 self::checkRequestMethod('GET');
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]77 $auth = new Auth();
78 self::returnPayload([
79 'url' => $auth->getAuthUrl()
80 ]);
81 break;
82
83 case 'isSignedIn':
avm9996380afa682020-09-27 17:23:09 +0200[diff] [blame]84 self::checkRequestMethod('GET');
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]85 $isSignedIn = \DAFME\Covid\Users::isSignedIn();
86 self::returnPayload([
87 'signedIn' => $isSignedIn
88 ]);
89 break;
90
91 case 'signOut':
avm9996380afa682020-09-27 17:23:09 +0200[diff] [blame]92 self::checkRequestMethod('POST');
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]93 \DAFME\Covid\Users::signOut();
94 self::returnOk();
95 break;
96
97 case 'getAllSubjects':
avm9996380afa682020-09-27 17:23:09 +0200[diff] [blame]98 self::checkRequestMethod('GET');
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]99 $subjects = Subjects::getAll();
100
101 if ($subjects === false)
102 self::returnError();
103
104 self::returnPayload([
105 'subjects' => $subjects
106 ]);
107 break;
108
109 case 'getUserSubjects':
avm9996380afa682020-09-27 17:23:09 +0200[diff] [blame]110 self::checkRequestMethod('GET');
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]111 self::checkSignInStatus();
avm99963339e6f72020-09-27 17:12:43 +0200[diff] [blame]112 $subjects = Subjects::getUserSubjects();
113
114 if ($subjects === false)
115 self::returnError();
116
117 self::returnPayload([
118 'subjects' => $subjects
119 ]);
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]120 break;
121
avm99963339e6f72020-09-27 17:12:43 +0200[diff] [blame]122 case 'addUserSubject':
123 self::checkSignInStatus();
124 $body = self::getJSONBody();
125 if (!isset($body['subject']))
126 self::returnError();
127
128 if (Subjects::addUserSubject((int)$body['subject']))
129 self::returnOk();
130 else
131 self::returnError();
132 break;
133
134 case 'removeUserSubject':
135 self::checkSignInStatus();
136 $body = self::getJSONBody();
137 if (!isset($body['subject']))
138 self::returnError();
139
140 if (Subjects::removeUserSubject((int)$body['subject']))
141 self::returnOk();
142 else
143 self::returnError();
144 break;
145
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]146 case 'getClasses':
avm99963472b0de2020-09-28 17:15:42 +0200[diff] [blame^]147 $body = self::getJSONBody();
148 $response = Classes::handleAPIGetClasses($body);
149 if ($response === false)
150 self::returnError();
151 else
152 self::returnPayload($response);
avm9996370995382020-09-23 01:03:01 +0200[diff] [blame]153 break;
154
155 case 'setClassState':
156 self::checkSignInStatus();
157 // @TODO: Handle this method
158 break;
159
160 default:
161 self::returnError('The method requested doesn\'t exist.');
162 break;
163 }
164 }
165}