Commit dfdc7e52 authored by CUNY Florian's avatar CUNY Florian
Browse files

users.php: step 2

parent 51ad70b1
......@@ -5,43 +5,76 @@ require_once __DIR__ . '/../db/DBConnection.php';
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface as Response;
/**
* Get All Users : admin only (see documentation)
*/
$app->get('/api/users', function( Request $request, Response $response){
//prepare query
$sql = "SELECT * FROM users ORDER BY id";
try {
//check auth
$userdata = get_token_infos($request);
$app->get('/api/users', function( Request $request, Response $response){
$sql = "select * from users order by id";
try
{
try {
$dbconn = new DB\DBConnection();
$db = $dbconn->connect();
// query
$stmt = $db->query( $sql );
$users = $stmt->fetchAll( PDO::FETCH_OBJ );
$db = null; // clear db object
// print out the result as json format
//echo json_encode( $books );
$response->getBody()->write(json_encode( $users ));
return $response->withHeader('Content-Type', 'application/json')->withStatus(200);
} catch( PDOException $e ) {
// show error message as Json format
//echo '{"error": {"msg": ' . $e->getMessage() . '}';
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(500);
}
}
catch (Exception $e)
{
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(401);
}
// check auth user is admin
if (!$userdata->admin) {
throw new Auth\UnauthorizedException("Service only available for admin user !");
}
try {
//connect to DB
$dbconn = new DB\DBConnection();
$db = $dbconn->connect();
// execute sql
$stmt = $db->query( $sql );
$users = $stmt->fetchAll( PDO::FETCH_OBJ );
$db = null; // clear db object
//response : 200 : Return All Users Array
$response->getBody()->write(json_encode( $users ));
return $response->withHeader('Content-Type', 'application/json')->withStatus(200);
} catch( PDOException $e ) {
// response : 500 : PDO Error (DB)
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(500);
}
}
catch (Auth\UnauthenticatedException $e) {
//response : 401 : catch UnauthenticatedException : Authentication Error
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(401);
}
catch (Auth\UnauthorizedException $e) {
//response : 403 : catch UnauthorizedException : User Rights Access Denied Error
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(403);
}
catch (Exception $e) {
// Response 500 : Error
$response->getBody()->write('{"error": {"msg": "' . $e->getMessage() . '"}}');
return $response->withHeader('Content-Type', 'application/json')->withStatus(500);
}
});
/**
* Function which parse token, decode user infos from this token and Throws
* UnauthenticatedException if Authentication Issue.
*
* The UnauthenticatedException must be catched in the caller and should result
* to a 401 Http Error
*/
function get_token_infos(Request $request){
if ($request->hasHeader('Authorization')) {
list($token) = sscanf($request->getHeaderLine('Authorization'), 'Bearer %s');
$jwt = new Auth\JwtHandler();
$data = $jwt->_jwt_decode_data($token);
return $data;
}
else{
throw new Auth\UnauthenticatedException("Unable to find Authorization Header");
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment