-
Notifications
You must be signed in to change notification settings - Fork 0
/
api.php
95 lines (76 loc) · 2.54 KB
/
api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
define('SITE_ROOT', __DIR__);
require_once SITE_ROOT . "/utility/Database.php";
require_once SITE_ROOT . "./user/Roles.php";
require_once SITE_ROOT . "./user/User.php";
require_once SITE_ROOT . "./user/UserRepository.php";
require_once SITE_ROOT . "./user/UserController.php";
// --------------------------------------------------------------------
// Chequea si el usuario esta autenticado
// --------------------------------------------------------------------
if (!isset($_SERVER['PHP_AUTH_USER']))
{
header('WWW-Authenticate: Basic realm="My API"');
header('HTTP/1.1 401 Unauthorized');
exit;
}
$db = new Database();
$ur = new UserRepository($db->getConnection());
// Cheque aque el usuario actual sea el administrador
$admin = $ur->findById(1);
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if ($admin->username != $username)
{
header('HTTP/1.1 403 Forbidden');
exit;
}
if ($admin->password != $password) {
header('HTTP/1.1 403 Forbidden');
exit;
}
/*
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Mi dominio"');
header('HTTP/1.0 401 Unauthorized');
echo 'Texto a enviar si el usuario pulsa el botón Cancelar';
exit;
} else {
$username = $_SERVER['PHP_AUTH_USER'];
$passw = $_SERVER['PHP_AUTH_PW'];
$currentUser = $ur->findByUserName($username);
if ($currentUser->Role == ROLE_PAGE_1)
{
}
if ($currentUser->Role == ROLE_PAGE_2)
{
}
}
*/
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: OPTIONS,GET,POST,PUT,DELETE");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$pos = strripos($uri,"/user");
if ($pos == FALSE)
{
header("HTTP/1.1 404 Not Found");
exit();
}
$endPoint = substr($uri, $pos + 1, strlen($uri)-$pos);
$tokens = explode( '/', $endPoint );
// Todos los endpoint empiezan con /user
if ($tokens[0] !== 'user') {
header("HTTP/1.1 404 Not Found");
exit();
}
// the user id is, of course, optional and must be a number:
$userId = null;
if (isset($tokens[1])) {
$userId = (int) $tokens[1];
}
$requestMethod = $_SERVER["REQUEST_METHOD"];
$controller = new UserController($ur, $requestMethod, $userId);
$controller->processRequest();