public static function POST($params)
{
//Define model
$model = ['title' => ['type' => Validate::TYPE_TEXT, 'max' => 12, 'min' => 3, Validate::REQUIRED], 'content' => ['type' => Validate::TYPE_TEXT, 'max' => 4096, 'min' => 12, Validate::REQUIRED]];
//Require and Validate model
Validate::model($params, $model);
//Declare them as variables
$title = $params['title'];
$content = $params['content'];
$post = ['title' => $title, 'content' => $content, 'timestamp' => time()];
$post = \Phramework\Models\Filter::castEntry($post, ['timestamp' => Validate::TYPE_UNIX_TIMESTAMP]);
//Store ($title, $content) somehow and get the id
$id = rand(0, 100);
$post['id'] = $id;
\Phramework\Models\Response::created('http://localhost/post/' . $id . '/');
//Sample output
Phramework::view(['post' => $post], 'post', 'Blog post');
}
/**
* Execute the API
* @throws \Phramework\Exceptions\PermissionException
* @throws \Phramework\Exceptions\NotFoundException
* @throws \Phramework\Exceptions\IncorrectParametersException
* @throws \Phramework\Exceptions\RequestException
* @todo change default timezone
* @todo change default language
* @todo initialize database if set
* @todo @security deny access to any else referals
*/
public function invoke()
{
$params = new \stdClass();
$method = self::METHOD_GET;
$headers = [];
try {
date_default_timezone_set('Europe/Athens');
if (self::getSetting('debug')) {
error_reporting(E_ALL);
ini_set('display_errors', '1');
}
if (self::getSetting('errorlog_path')) {
ini_set('error_log', self::getSetting('errorlog_path'));
}
//Check if callback is set (JSONP)
if (isset($_GET['callback'])) {
if (!\Phramework\Validate\Validate::isValidJsonpCallback($_GET['callback'])) {
throw new \Phramework\Exceptions\IncorrectParametersException(['callback']);
}
self::$callback = $_GET['callback'];
unset($_GET['callback']);
}
/*
//Initialize Database connection if required or db set
if (self::getSetting('require_db') || self::getSetting('db')) {
\Phramework\Models\Database::requireDatabase(self::getSetting('db'));
}
//Unset from memory Database connection information
unset(self::$settings['db']);
*/
//Get method from the request (HTTP) method
$method = self::$method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : self::METHOD_GET;
//Check if the requested HTTP method method is allowed
// @todo check error code
if (!in_array($method, self::$methodWhitelist)) {
throw new \Phramework\Exceptions\RequestException('Method not allowed');
}
//Default value of response's header origin
$origin = '*';
//Get request headers
$headers = Models\Request::headers();
//Check origin header
if (isset($headers['Origin'])) {
$originHost = parse_url($headers['Origin'], PHP_URL_HOST);
//Check if origin host is allowed
if ($originHost && self::getSetting('allowed_referer') && in_array($originHost, self::getSetting('allowed_referer'))) {
$origin = $headers['Origin'];
}
//@TODO @security else deny access
} elseif (isset($_SERVER['HTTP_HOST']) && isset($_SERVER['REQUEST_URI'])) {
$origin = '*';
//TODO Exctract origin from request url
}
//Send access control headers
if (!headers_sent()) {
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Origin: ' . $origin);
header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, HEAD, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: ' . 'Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Encoding');
}
//Catch OPTIONS request and kill it
if ($method == self::METHOD_OPTIONS) {
header('HTTP/1.1 200 OK');
exit;
}
//Merge all REQUEST parameters into $params array
$params = (object) array_merge($_GET, $_POST, $_FILES);
//TODO $_FILES only if POST OR PUT
//Parse request body
//@Todo add allowed content-types
if (in_array($method, [self::METHOD_POST, self::METHOD_PATCH, self::METHOD_PUT, self::METHOD_DELETE])) {
$CONTENT_TYPE = null;
if (isset($headers[Request::HEADER_CONTENT_TYPE])) {
$CONTENT_TYPE = explode(';', $headers[Request::HEADER_CONTENT_TYPE]);
$CONTENT_TYPE = $CONTENT_TYPE[0];
}
if ($CONTENT_TYPE === 'application/x-www-form-urlencoded') {
//Decode and merge params
parse_str(file_get_contents('php://input'), $input);
if ($input && !empty($input)) {
$params = (object) array_merge((array) $params, (array) $input);
}
} elseif (in_array($CONTENT_TYPE, ['application/json', 'application/vnd.api+json'], true)) {
$input = trim(file_get_contents('php://input'));
if (!empty($input)) {
//note if input length is >0 and decode returns null then its bad data
//json_last_error()
$inputObject = json_decode($input);
if (json_last_error() !== JSON_ERROR_NONE) {
throw new \Phramework\Exceptions\RequestException('JSON parse error: ' . json_last_error_msg());
}
if ($inputObject && !empty($inputObject)) {
$params = (object) array_merge((array) $params, (array) $inputObject);
}
}
}
}
//STEP_AFTER_AUTHENTICATION_CHECK
self::$stepCallback->call(StepCallback::STEP_BEFORE_AUTHENTICATION_CHECK, $params, $method, $headers);
//Authenticate request (check authentication)
self::$user = \Phramework\Authentication\Manager::check($params, $method, $headers);
//In case of array returned force type to be object
if (is_array(self::$user)) {
self::$user = (object) self::$user;
}
//STEP_AFTER_AUTHENTICATION_CHECK
self::$stepCallback->call(StepCallback::STEP_AFTER_AUTHENTICATION_CHECK, $params, $method, $headers, [self::$user]);
//Default language value
$language = self::getSetting('language');
//Select request's language
if (isset($_GET['this_language']) && self::getSetting('languages') && in_array($_GET['this_language'], self::getSetting('languages'))) {
//Force requested language
if ($_GET['this_language'] != $language) {
$language = $_GET['this_language'];
}
unset($_GET['this_language']);
} elseif (self::$user && property_exists(self::$user, 'language_code')) {
// Use user's langugae
$language = self::$user->language_code;
} elseif (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) && self::getSetting('languages')) {
// Use Accept languge if provided
$a = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
if (in_array($a, self::getSetting('languages'))) {
$language = $a;
}
}
//Set language variable
self::$language = $language;
//self::$translation->setLanguageCode($language);
//STEP_BEFORE_CALL_URISTRATEGY
self::$stepCallback->call(StepCallback::STEP_BEFORE_CALL_URISTRATEGY, $params, $method, $headers);
//Call controller's method
list($invokedController, $invokedMethod) = self::$URIStrategy->invoke($params, $method, $headers, self::$user);
self::$stepCallback->call(StepCallback::STEP_AFTER_CALL_URISTRATEGY, $params, $method, $headers, [$invokedController, $invokedMethod]);
//STEP_BEFORE_CLOSE
self::$stepCallback->call(StepCallback::STEP_BEFORE_CLOSE, $params, $method, $headers);
} catch (\Phramework\Exceptions\NotFoundException $exception) {
self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception);
} catch (\Phramework\Exceptions\RequestException $exception) {
self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception);
} catch (\Phramework\Exceptions\PermissionException $exception) {
self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception);
} catch (\Phramework\Exceptions\UnauthorizedException $exception) {
self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception);
} catch (\Phramework\Exceptions\MissingParametersException $exception) {
self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'meta' => ['missing' => $exception->getParameters()], 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception);
} catch (\Phramework\Exceptions\IncorrectParametersException $exception) {
self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'meta' => ['incorrect' => $exception->getParameters()], 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception);
} catch (\Phramework\Exceptions\MethodNotAllowedException $exception) {
//Write allow header if AllowedMethods is set
if (!headers_sent() && $exception->getAllowedMethods()) {
header('Allow: ' . implode(', ', $exception->getAllowedMethods()));
}
self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'meta' => ['allow' => $exception->getAllowedMethods()], 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception);
} catch (\Phramework\Exceptions\RequestException $exception) {
self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'title' => 'Request Error']], $exception->getCode(), $params, $method, $headers, $exception);
} catch (\Exception $exception) {
self::errorView([(object) ['status' => 400, 'detail' => $exception->getMessage(), 'title' => 'Error']], 400, $params, $method, $headers, $exception);
} finally {
self::$stepCallback->call(StepCallback::STEP_FINALLY, $params, $method, $headers);
//Unset all
unset($params);
//Try to close the databse
\Phramework\Database\Database::close();
}
}
/**
* Required required values and parse provided parameters into an array
* Validate the provided request model and return the
* @uses \Phramework\Models\Request::requireParameters
* @param array|object $parameters
* @param array $model
* @return array Return the keys => values collection
* @deprecated since 1.0.0
*/
public static function parseModel($parameters, $model)
{
if (is_object($parameters)) {
$parameters = (array) $parameters;
}
$required_fields = [];
foreach ($model as $key => $value) {
if (in_array('required', $value, true) === true || in_array('required', $value, true) == true) {
$required_fields[] = $key;
}
}
Request::requireParameters($parameters, $required_fields);
\Phramework\Validate\Validate::model($parameters, $model);
$keys_values = [];
foreach ($model as $key => $value) {
if (isset($parameters[$key])) {
if (in_array('nullable', $value) && $parameters[$key] == '0') {
$keys_values[$key] = null;
continue;
}
//Set value as null
if (in_array('nullable', $value) && !$parameters[$key]) {
$keys_values[$key] = null;
continue;
}
/*
if ($value['type'] == 'select' && !$parameters[$key]) {
$keys_values[$key] = NULL;
} else {*/
$keys_values[$key] = $parameters[$key];
/*}*/
} elseif (($value['type'] == 'boolean' || in_array('boolean', $value)) && (!isset($parameters[$key]) || !$parameters[$key])) {
$keys_values[$key] = false;
}
}
return $keys_values;
}
/**
* Validate a regexp
* @param mixed input
* @param string $field_name [optional]
* @return boolean
* @throws IncorrectParameters If value type is not correct.
*/
public static function boolean($input, $field_name = 'boolean')
{
//Define trivial model
$model = [$field_name => ['type' => Validate::TYPE_BOOLEAN, Validate::REQUIRED]];
$parameters = [$field_name => $input];
Validate::model($parameters, $model);
return $parameters[$field_name];
}
