Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
CUNY Florian
FooGood
Commits
40db0450
Commit
40db0450
authored
Nov 09, 2021
by
CUNY Florian
Browse files
Ajout de la route /api/login
parent
062be3ba
Changes
2
Hide whitespace changes
Inline
Side-by-side
app/apiroutes/auth.php
0 → 100644
View file @
40db0450
<?php
require_once
__DIR__
.
'/../auth/JwtHandler.php'
;
require_once
__DIR__
.
'/../db/DBConnection.php'
;
use
Psr\Http\Message\ServerRequestInterface
as
Request
;
use
Psr\Http\Message\ResponseInterface
as
Response
;
/**
* Post Login
*/
$app
->
post
(
'/api/login'
,
function
(
Request
$request
,
Response
$response
){
if
(
$request
->
getParsedBody
()
==
null
)
{
// response : 400 : Bad Request
$response
->
getBody
()
->
write
(
'{"error": {"msg": "Please provide a username and a password."}}'
);
return
$response
->
withHeader
(
'Content-Type'
,
'application/json'
)
->
withStatus
(
400
);
}
// On récupère les identifiants utilisateurs
$username
=
$request
->
getParsedBody
()[
"name"
];
$password
=
$request
->
getParsedBody
()[
"password"
];
$user
=
null
;
// logged-in user
// On récupère s'assure que l'utilisateur existe, et on récupère ses données
try
{
$dbconn
=
new
DB\DBConnection
();
$db
=
$dbconn
->
connect
();
// query
$sql
=
"SELECT * FROM users WHERE (username='"
.
$username
.
"' AND password='"
.
$password
.
"')"
;
$stmt
=
$db
->
query
(
$sql
);
$users
=
$stmt
->
fetchAll
(
PDO
::
FETCH_OBJ
);
$db
=
null
;
// clear db object
if
(
sizeof
(
$users
)
!=
1
)
{
// Found no user or too much, i.e. credentials are wrong
// response : 403 : Forbidden
$response
->
getBody
()
->
write
(
'{"error": {"msg": "Invalid credentials."}}'
);
return
$response
->
withHeader
(
'Content-Type'
,
'application/json'
)
->
withStatus
(
403
);
}
$user
=
$users
[
0
];
}
catch
(
PDOException
$e
)
{
echo
$e
;
// response : 500 : PDO Error (DB)
$response
->
getBody
()
->
write
(
'{"error": {"msg": "'
.
$e
->
getMessage
()
.
'"}}'
);
return
$response
->
withHeader
(
'Content-Type'
,
'application/json'
)
->
withStatus
(
500
);
}
// Double-check que l'utilisateur est non-null
if
(
$user
==
null
)
{
// response : 403 : Forbidden
$response
->
getBody
()
->
write
(
'{"error": {"msg": "Invalid credentials (user does not exist?)."}}'
);
return
$response
->
withHeader
(
'Content-Type'
,
'application/json'
)
->
withStatus
(
403
);
}
$jwt
=
new
Auth\JwtHandler
();
$data
=
array
(
"username"
=>
$username
,
"first_name"
=>
$user
->
first_name
,
"last_name"
=>
$user
->
last_name
,
"admin"
=>
boolval
(
$user
->
admin
)
);
// Création du token
$token
=
$jwt
->
_jwt_encode_data
(
"FooGood.issuer"
,
$data
);
// Envoi du token avec HTTP 200
$response
->
getBody
()
->
write
(
json_encode
(
$token
));
return
$response
->
withHeader
(
'Content-Type'
,
'application/json'
)
->
withStatus
(
200
);
});
\ No newline at end of file
app/public/index.php
View file @
40db0450
...
...
@@ -28,6 +28,7 @@ $app->get('/', function (Request $request, Response $response, $args) {
// # include Users route
require
__DIR__
.
'/../apiroutes/users.php'
;
// # include Login route
require
__DIR__
.
'/../apiroutes/auth.php'
;
$app
->
run
();
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment