diff --git a/Controller/API/BaseController.php b/Controller/API/BaseController.php index 4805fb7..40dc235 100644 --- a/Controller/API/BaseController.php +++ b/Controller/API/BaseController.php @@ -11,6 +11,8 @@ * @author SCTN4 */ class BaseController { + + static function create() { return new self(); } /** * __call magic method. */ @@ -25,8 +27,9 @@ class BaseController { */ protected function getUriSegments() { - $uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH); - $uri = explode( '/', $uri ); + $requestUri = filter_input(INPUT_SERVER, 'REQUEST_URI', FILTER_SANITIZE_STRING); /*htmlspecialchars()*/ + $parsedUri = parse_url($requestUri, PHP_URL_PATH); + $uri = explode( '/', $parsedUri ); return $uri; } /** @@ -37,9 +40,16 @@ class BaseController { protected function getQueryStringParams() { $query = array(); - $parameters = parse_str($_SERVER['QUERY_STRING'], $query); + $queryString = filter_input(INPUT_SERVER, 'QUERY_STRING', FILTER_SANITIZE_STRING); /*htmlspecialchars()*/ + parse_str($queryString, $query); return $query; } + + protected function getServerRequestMethod() + { + $requestMethod = filter_input(INPUT_SERVER, 'REQUEST_METHOD', FILTER_SANITIZE_STRING); /*htmlspecialchars()*/ + return $requestMethod; + } /** * Send API output. * diff --git a/Controller/API/CustomerController.php b/Controller/API/CustomerController.php index 5825188..2b1b99a 100644 --- a/Controller/API/CustomerController.php +++ b/Controller/API/CustomerController.php @@ -16,25 +16,33 @@ class CustomerController extends BaseController{ /** * "/customer/list" Endpoint - Get list of users */ - public function processAction($action) + private $customerModel; + private $requestMethod; + private $arrQueryStringParams; + private $strErrorDesc; + private $strErrorHeader; + + public $action; + + function __construct() { + $this->customerModel = new CustomerModel(); + $this->requestMethod = $this->getServerRequestMethod(); + $this->arrQueryStringParams = $this->getQueryStringParams(); + } + + public function processAction() { - $strErrorDesc = ''; - $requestMethod = $_SERVER["REQUEST_METHOD"]; - $arrQueryStringParams = $this->getQueryStringParams(); - if (strtoupper($requestMethod) == 'GET') { - try { - $customerModel = new CustomerModel(); - - $uri = $this->getUriSegments(); - switch($action) { - case "select": - $customerModel->limit = 10; - if (isset($arrQueryStringParams['limit']) && $arrQueryStringParams['limit']) { - $customerModel->limit = $arrQueryStringParams['limit']; - } - $arrCustomer = $customerModel->getCustomers(); - unset($customerModel->limit); - break; + $this->strErrorDesc = ''; + try { + switch($this->action) { + case "select": + if (isset($this->arrQueryStringParams['id'])) { + $response = $this->selectByIdAction(); + } else { + $response = $this->selectAction(); + } + break; + case "insert": $customerModel->first = $arrQueryStringParams['first']; $customerModel->last = $arrQueryStringParams['last']; @@ -75,15 +83,12 @@ class CustomerController extends BaseController{ break; } - $responseData = json_encode($arrCustomer); + $responseData = json_encode($response); } catch (Error $e) { - $strErrorDesc = $e->getMessage().' Something went wrong in processAction! Please contact support.'; - $strErrorHeader = 'HTTP/1.1 500 Internal Server Error'; + $this->strErrorDesc = $e->getMessage().' Something went wrong in processAction! Please contact support.'; + $this->strErrorHeader = 'HTTP/1.1 500 Internal Server Error'; } - } else { - $strErrorDesc = 'Request Method not supported for processAction'; - $strErrorHeader = 'HTTP/1.1 422 Unprocessable Entity'; - } + // send output if (!$strErrorDesc) { $this->sendOutput( @@ -96,4 +101,118 @@ class CustomerController extends BaseController{ ); } } + + private function selectAction(){ + if ($this->checkRequestType('GET') == 'false') { + $this->strErrorDesc = 'Request Method not supported for processAction'; + $this->strErrorHeader = 'HTTP/1.1 422 Unprocessable Entity'; + return; + } + + $this->customerModel->limit = 10; + + if (isset($this->arrQueryStringParams['limit'])) { + $this->customerModel->limit = $this->arrQueryStringParams['limit']; + } + $response = $this->customerModel->findAllCustomers(); + unset($this->customerModel->limit); + + return $response; + } + + private function selectByIdAction(){ + + if ($this->checkRequestType('GET') == 'false') { + $this->strErrorDesc = 'Request Method not supported for processAction'; + $this->strErrorHeader = 'HTTP/1.1 422 Unprocessable Entity'; + return; + } + + if (isset($this->arrQueryStringParams['id'])) { + $this->customerModel->customerId = $this->arrQueryStringParams['id']; + $response = $this->customerModel->findByCustomerId(); + unset($this->customerModel->customerId); + } else { + return $this->notFoundResponse(); + } + + return $response; + } + + private function checkRequestType($request) + { + $response = 'false'; + if (strtoupper($this->requestMethod) == $request) { + $response = 'true'; + } + + return $response; + } + + private function createUserFromRequest() + { + $input = (array) json_decode(file_get_contents('php://input'), TRUE); + if (! $this->validatePerson($input)) { + return $this->unprocessableEntityResponse(); + } + $this->personGateway->insert($input); + $response['status_code_header'] = 'HTTP/1.1 201 Created'; + $response['body'] = null; + return $response; + } + + private function updateUserFromRequest($id) + { + $result = $this->personGateway->find($id); + if (! $result) { + return $this->notFoundResponse(); + } + $input = (array) json_decode(file_get_contents('php://input'), TRUE); + if (! $this->validatePerson($input)) { + return $this->unprocessableEntityResponse(); + } + $this->personGateway->update($id, $input); + $response['status_code_header'] = 'HTTP/1.1 200 OK'; + $response['body'] = null; + return $response; + } + + private function deleteUser($id) + { + $result = $this->personGateway->find($id); + if (! $result) { + return $this->notFoundResponse(); + } + $this->personGateway->delete($id); + $response['status_code_header'] = 'HTTP/1.1 200 OK'; + $response['body'] = null; + return $response; + } + + private function validatePerson($input) + { + if (! isset($input['firstname'])) { + return false; + } + if (! isset($input['lastname'])) { + return false; + } + return true; + } + + private function unprocessableEntityResponse() + { + $response['status_code_header'] = 'HTTP/1.1 422 Unprocessable Entity'; + $response['body'] = json_encode([ + 'error' => 'Invalid input' + ]); + return $response; + } + + private function notFoundResponse() + { + $response['status_code_header'] = 'HTTP/1.1 404 Not Found'; + $response['body'] = null; + return $response; + } } diff --git a/Model/CustomerModel.php b/Model/CustomerModel.php index bb2ef0e..8c84926 100644 --- a/Model/CustomerModel.php +++ b/Model/CustomerModel.php @@ -66,11 +66,16 @@ class CustomerModel extends Database { unset($this->params[$name]); } - public function getCustomers() + public function findAllCustomers() { return $this->processQuery("SELECT * FROM customer_view ORDER BY customer_id ASC LIMIT ?", ["i", $this->limit]); } + public function findByCustomerId() + { + return $this->processQuery("SELECT * FROM customer_view WHERE customer_id = ?", ["i", $this->customerId]); + } + public function insertCustomer() { $rowCount = $this->processStatement("CALL insert_new_customer_proc(?,?,?,?,?,?,?,?,?,?)", diff --git a/index.php b/index.php index 95e3acf..7639bdb 100644 --- a/index.php +++ b/index.php @@ -4,6 +4,7 @@ header("Content-Type: application/json; charset=UTF-8"); header("Access-Control-Allow-Methods: OPTIONS,GET,POST,PUT,DELETE"); header("Access-Control-Max-Age: 3600"); header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With"); + /* * Click nbfs://nbhost/SystemFileSystem/Templates/Licenses/license-default.txt to change this license * Click nbfs://nbhost/SystemFileSystem/Templates/Scripting/EmptyPHP.php to edit this template @@ -13,8 +14,10 @@ header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers * http://localhost/index.php/customer/process/list?limit=20 */ require __DIR__ . "/include/bootstrap.php"; + $uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH); $uri = explode( '/', $uri ); + //Set uri module location position to 1 for production, 2 for testing $uri_pos = 2; @@ -53,5 +56,6 @@ switch($uri[$uri_pos + 1]) { } $strMethodName = $uri[$uri_pos + 2] . 'Action'; -$objFeedController->{$strMethodName}($uri[$uri_pos + 3]); +$objFeedController->action = $uri[$uri_pos + 3]; +$objFeedController->{$strMethodName}();