i finally committed i guess

Signed-off-by: boris <boris@borishub.co.uk>
2025-03-15 01:59:16 +00:00
parent 8de2b7f29e
commit 709596eea2
113 changed files with 25075 additions and 54344 deletions
--- a/api/admin.php
+++ b/api/admin.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * Admin-only API endpoint example
+ * 
+ * This endpoint demonstrates how to protect an API route for admin users only
+ * using our simplified authentication approach.
+ */
+
+require_once('../Models/User.php');
+
+// Set content type to JSON
+header('Content-Type: application/json');
+
+// Check if user is an admin
+$auth = User::checkAdmin();
+if (!$auth) {
+    // The checkAdmin method already sent the error response
+    exit;
+}
+
+// User is an admin, proceed with the admin-only logic
+$response = [
+    'status' => 'success',
+    'message' => 'You have access to this admin-only endpoint',
+    'user' => [
+        'id' => $auth['uid'],
+        'username' => $auth['username'],
+        'accessLevel' => $auth['accessLevel']
+    ]
+];
+
+// Send response
+echo json_encode($response); 
--- a/api/login.php
+++ b/api/login.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * Login API endpoint
+ * 
+ * This endpoint handles user authentication and returns a JWT token
+ * if the credentials are valid.
+ */
+
+require_once('../Models/User.php');
+
+// Set content type to JSON
+header('Content-Type: application/json');
+
+// Only allow POST requests
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    echo json_encode(['error' => 'Method not allowed']);
+    exit;
+}
+
+// Get JSON request body
+$json = file_get_contents('php://input');
+$data = json_decode($json, true);
+
+// Validate request data
+if (!$data || !isset($data['username']) || !isset($data['password'])) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Invalid request data']);
+    exit;
+}
+
+// Authenticate user
+$user = new User();
+$token = $user->Authenticate($data['username'], $data['password']);
+
+if ($token) {
+    // Authentication successful
+    echo json_encode([
+        'success' => true,
+        'token' => $token,
+        'user' => [
+            'id' => $user->getUserId(),
+            'username' => $user->getUsername(),
+            'accessLevel' => $user->getAccessLevel()
+        ]
+    ]);
+} else {
+    // Authentication failed
+    http_response_code(401);
+    echo json_encode(['error' => 'Invalid credentials']);
+} 
--- a/api/protected.php
+++ b/api/protected.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * Protected API endpoint example
+ * 
+ * This endpoint demonstrates how to protect an API route using
+ * our simplified authentication approach.
+ */
+
+require_once('../Models/User.php');
+
+// Set content type to JSON
+header('Content-Type: application/json');
+
+// Check if user is authenticated
+$auth = User::checkAuth();
+if (!$auth) {
+    // The checkAuth method already sent the error response
+    exit;
+}
+
+// User is authenticated, proceed with the endpoint logic
+$response = [
+    'status' => 'success',
+    'message' => 'You have access to this protected endpoint',
+    'user' => [
+        'id' => $auth['uid'],
+        'username' => $auth['username'],
+        'accessLevel' => $auth['accessLevel']
+    ]
+];
+
+// Send response
+echo json_encode($response);