public static function POST($params) { //Define model $model = ['title' => ['type' => Validate::TYPE_TEXT, 'max' => 12, 'min' => 3, Validate::REQUIRED], 'content' => ['type' => Validate::TYPE_TEXT, 'max' => 4096, 'min' => 12, Validate::REQUIRED]]; //Require and Validate model Validate::model($params, $model); //Declare them as variables $title = $params['title']; $content = $params['content']; $post = ['title' => $title, 'content' => $content, 'timestamp' => time()]; $post = \Phramework\Models\Filter::castEntry($post, ['timestamp' => Validate::TYPE_UNIX_TIMESTAMP]); //Store ($title, $content) somehow and get the id $id = rand(0, 100); $post['id'] = $id; \Phramework\Models\Response::created('http://localhost/post/' . $id . '/'); //Sample output Phramework::view(['post' => $post], 'post', 'Blog post'); }
/** * Execute the API * @throws \Phramework\Exceptions\PermissionException * @throws \Phramework\Exceptions\NotFoundException * @throws \Phramework\Exceptions\IncorrectParametersException * @throws \Phramework\Exceptions\RequestException * @todo change default timezone * @todo change default language * @todo initialize database if set * @todo @security deny access to any else referals */ public function invoke() { $params = new \stdClass(); $method = self::METHOD_GET; $headers = []; try { date_default_timezone_set('Europe/Athens'); if (self::getSetting('debug')) { error_reporting(E_ALL); ini_set('display_errors', '1'); } if (self::getSetting('errorlog_path')) { ini_set('error_log', self::getSetting('errorlog_path')); } //Check if callback is set (JSONP) if (isset($_GET['callback'])) { if (!\Phramework\Validate\Validate::isValidJsonpCallback($_GET['callback'])) { throw new \Phramework\Exceptions\IncorrectParametersException(['callback']); } self::$callback = $_GET['callback']; unset($_GET['callback']); } /* //Initialize Database connection if required or db set if (self::getSetting('require_db') || self::getSetting('db')) { \Phramework\Models\Database::requireDatabase(self::getSetting('db')); } //Unset from memory Database connection information unset(self::$settings['db']); */ //Get method from the request (HTTP) method $method = self::$method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : self::METHOD_GET; //Check if the requested HTTP method method is allowed // @todo check error code if (!in_array($method, self::$methodWhitelist)) { throw new \Phramework\Exceptions\RequestException('Method not allowed'); } //Default value of response's header origin $origin = '*'; //Get request headers $headers = Models\Request::headers(); //Check origin header if (isset($headers['Origin'])) { $originHost = parse_url($headers['Origin'], PHP_URL_HOST); //Check if origin host is allowed if ($originHost && self::getSetting('allowed_referer') && in_array($originHost, self::getSetting('allowed_referer'))) { $origin = $headers['Origin']; } //@TODO @security else deny access } elseif (isset($_SERVER['HTTP_HOST']) && isset($_SERVER['REQUEST_URI'])) { $origin = '*'; //TODO Exctract origin from request url } //Send access control headers if (!headers_sent()) { header('Access-Control-Allow-Credentials: true'); header('Access-Control-Allow-Origin: ' . $origin); header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, HEAD, DELETE, OPTIONS'); header('Access-Control-Allow-Headers: ' . 'Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Encoding'); } //Catch OPTIONS request and kill it if ($method == self::METHOD_OPTIONS) { header('HTTP/1.1 200 OK'); exit; } //Merge all REQUEST parameters into $params array $params = (object) array_merge($_GET, $_POST, $_FILES); //TODO $_FILES only if POST OR PUT //Parse request body //@Todo add allowed content-types if (in_array($method, [self::METHOD_POST, self::METHOD_PATCH, self::METHOD_PUT, self::METHOD_DELETE])) { $CONTENT_TYPE = null; if (isset($headers[Request::HEADER_CONTENT_TYPE])) { $CONTENT_TYPE = explode(';', $headers[Request::HEADER_CONTENT_TYPE]); $CONTENT_TYPE = $CONTENT_TYPE[0]; } if ($CONTENT_TYPE === 'application/x-www-form-urlencoded') { //Decode and merge params parse_str(file_get_contents('php://input'), $input); if ($input && !empty($input)) { $params = (object) array_merge((array) $params, (array) $input); } } elseif (in_array($CONTENT_TYPE, ['application/json', 'application/vnd.api+json'], true)) { $input = trim(file_get_contents('php://input')); if (!empty($input)) { //note if input length is >0 and decode returns null then its bad data //json_last_error() $inputObject = json_decode($input); if (json_last_error() !== JSON_ERROR_NONE) { throw new \Phramework\Exceptions\RequestException('JSON parse error: ' . json_last_error_msg()); } if ($inputObject && !empty($inputObject)) { $params = (object) array_merge((array) $params, (array) $inputObject); } } } } //STEP_AFTER_AUTHENTICATION_CHECK self::$stepCallback->call(StepCallback::STEP_BEFORE_AUTHENTICATION_CHECK, $params, $method, $headers); //Authenticate request (check authentication) self::$user = \Phramework\Authentication\Manager::check($params, $method, $headers); //In case of array returned force type to be object if (is_array(self::$user)) { self::$user = (object) self::$user; } //STEP_AFTER_AUTHENTICATION_CHECK self::$stepCallback->call(StepCallback::STEP_AFTER_AUTHENTICATION_CHECK, $params, $method, $headers, [self::$user]); //Default language value $language = self::getSetting('language'); //Select request's language if (isset($_GET['this_language']) && self::getSetting('languages') && in_array($_GET['this_language'], self::getSetting('languages'))) { //Force requested language if ($_GET['this_language'] != $language) { $language = $_GET['this_language']; } unset($_GET['this_language']); } elseif (self::$user && property_exists(self::$user, 'language_code')) { // Use user's langugae $language = self::$user->language_code; } elseif (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) && self::getSetting('languages')) { // Use Accept languge if provided $a = $_SERVER['HTTP_ACCEPT_LANGUAGE']; if (in_array($a, self::getSetting('languages'))) { $language = $a; } } //Set language variable self::$language = $language; //self::$translation->setLanguageCode($language); //STEP_BEFORE_CALL_URISTRATEGY self::$stepCallback->call(StepCallback::STEP_BEFORE_CALL_URISTRATEGY, $params, $method, $headers); //Call controller's method list($invokedController, $invokedMethod) = self::$URIStrategy->invoke($params, $method, $headers, self::$user); self::$stepCallback->call(StepCallback::STEP_AFTER_CALL_URISTRATEGY, $params, $method, $headers, [$invokedController, $invokedMethod]); //STEP_BEFORE_CLOSE self::$stepCallback->call(StepCallback::STEP_BEFORE_CLOSE, $params, $method, $headers); } catch (\Phramework\Exceptions\NotFoundException $exception) { self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception); } catch (\Phramework\Exceptions\RequestException $exception) { self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception); } catch (\Phramework\Exceptions\PermissionException $exception) { self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception); } catch (\Phramework\Exceptions\UnauthorizedException $exception) { self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception); } catch (\Phramework\Exceptions\MissingParametersException $exception) { self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'meta' => ['missing' => $exception->getParameters()], 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception); } catch (\Phramework\Exceptions\IncorrectParametersException $exception) { self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'meta' => ['incorrect' => $exception->getParameters()], 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception); } catch (\Phramework\Exceptions\MethodNotAllowedException $exception) { //Write allow header if AllowedMethods is set if (!headers_sent() && $exception->getAllowedMethods()) { header('Allow: ' . implode(', ', $exception->getAllowedMethods())); } self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'meta' => ['allow' => $exception->getAllowedMethods()], 'title' => $exception->getMessage()]], $exception->getCode(), $params, $method, $headers, $exception); } catch (\Phramework\Exceptions\RequestException $exception) { self::errorView([(object) ['status' => $exception->getCode(), 'detail' => $exception->getMessage(), 'title' => 'Request Error']], $exception->getCode(), $params, $method, $headers, $exception); } catch (\Exception $exception) { self::errorView([(object) ['status' => 400, 'detail' => $exception->getMessage(), 'title' => 'Error']], 400, $params, $method, $headers, $exception); } finally { self::$stepCallback->call(StepCallback::STEP_FINALLY, $params, $method, $headers); //Unset all unset($params); //Try to close the databse \Phramework\Database\Database::close(); } }
/** * Required required values and parse provided parameters into an array * Validate the provided request model and return the * @uses \Phramework\Models\Request::requireParameters * @param array|object $parameters * @param array $model * @return array Return the keys => values collection * @deprecated since 1.0.0 */ public static function parseModel($parameters, $model) { if (is_object($parameters)) { $parameters = (array) $parameters; } $required_fields = []; foreach ($model as $key => $value) { if (in_array('required', $value, true) === true || in_array('required', $value, true) == true) { $required_fields[] = $key; } } Request::requireParameters($parameters, $required_fields); \Phramework\Validate\Validate::model($parameters, $model); $keys_values = []; foreach ($model as $key => $value) { if (isset($parameters[$key])) { if (in_array('nullable', $value) && $parameters[$key] == '0') { $keys_values[$key] = null; continue; } //Set value as null if (in_array('nullable', $value) && !$parameters[$key]) { $keys_values[$key] = null; continue; } /* if ($value['type'] == 'select' && !$parameters[$key]) { $keys_values[$key] = NULL; } else {*/ $keys_values[$key] = $parameters[$key]; /*}*/ } elseif (($value['type'] == 'boolean' || in_array('boolean', $value)) && (!isset($parameters[$key]) || !$parameters[$key])) { $keys_values[$key] = false; } } return $keys_values; }
/** * Validate a regexp * @param mixed input * @param string $field_name [optional] * @return boolean * @throws IncorrectParameters If value type is not correct. */ public static function boolean($input, $field_name = 'boolean') { //Define trivial model $model = [$field_name => ['type' => Validate::TYPE_BOOLEAN, Validate::REQUIRED]]; $parameters = [$field_name => $input]; Validate::model($parameters, $model); return $parameters[$field_name]; }