use("/", function (array &$req, Response $res) { if (isset($_COOKIE["TOKEN"])) { $user = new User(); if ($user->loginWithToken($_COOKIE["TOKEN"])) { $req["user"] = $user; } } }); /* * Home */ $app->get("/", function (array $req, Response $res) use ($db) { $res->json(["message" => "Die Einkaufsliste des Don", "name" => "Shopping List", "authors" => "Simon Bock, Johannes Kantz & Malte Schulze Hobeling"]); }); /* * User */ $app->get("/user", function (array $req, Response $res) { if (isset($req["user"])) { $res->json(["id" => $req["user"]->id, "username" => $req["user"]->username, "email" => $req["user"]->email]); } else { $res->json(["status" => HTTP_STATUS_CODE::FORBIDDEN, "message" => "You are not logged in. Goto '/login' to login"]); } }); $app->post("/signup", function (array $req, Response $res) use ($db) { $newUsername = $req["body"]["username"]; $newPassword = $req["body"]["password"]; $newEmail = $req["body"]["email"]; $db->insert("utente", ["email" => "$newEmail", "parolaDordine" => "$newPassword", "nomeUtente" => "$newUsername"]); $res->send("Account Created", HTTP_STATUS_CODE::CREATED); }); $app->post("/login", function (array $req, Response $res) use ($db) { $username = $req["body"]["username"]; $password = $req["body"]["password"]; $user = new User(); $usertoken = $user->loginWithUsername($username, $password); if ($usertoken) { setcookie("TOKEN", $usertoken, time() + 3600); // 1h $res->json(["message" => "Login successful", "token" => $usertoken]); } else { $res->json(["message" => "Login failed"], HTTP_STATUS_CODE::FORBIDDEN); } }); /* * Ingredients */ $app->route("/ingredient") ->get(function (array $req, Response $res) use ($db) { $res->json(["data" => $db->select("ingredienti")]); }) ->post(function (array $req, Response $res) use ($db) { $name = $req["body"]["name"]; $calories = $req["body"]["calories"]; $quantity = $req["body"]["quantity"]; $unit = $req["body"]["unit"]; $price = $req["body"]["price"]; $unitInTable = $db->select("folla", ["unita" => $unit]); if (count($unitInTable) > 1) { $res->json(["message" => "Unit: " . $unit . " does not exist. Please create unit first"], HTTP_STATUS_CODE::BAD_REQUEST); return; } $unitId = $unitInTable[0]["id"]; $id = $db->insert("ingredienti", ["cognome" => "$name", "calorie" => "$calories", "quantita" => "$quantity", "follaID" => $unitId, "prezzo" => "$price"]); if (!$id) { $res->json(["message" => "Something went wrong when creating the Ingredient"], HTTP_STATUS_CODE::BAD_REQUEST); return; } $res->json(["message" => "New ingredient has been listed", "ingredient" => $db->select("ingredienti", ["id" => $id])]); }); $app->route("/ingredient/:id") ->get(function (array $req, Response $res) use ($db) { $id = $req["params"]["id"]; $query = $db->select("ingredienti", ["id" => $id]); if(count($query) < 1){ $res->json(["message" => "Item does not exists"]); return; } $ingredient = $query[0]; $res->json(["data" => $ingredient]); }) ->put(function (array $req, Response $res) use ($db) { $id = $req["params"]["id"]; $name = $req["body"]["name"]; $calories = $req["body"]["calories"]; $quantity = $req["body"]["quantity"]; $unit = $req["body"]["unit"]; $price = $req["body"]["price"]; $unitInTable = $db->select("folla", ["unita" => $unit]); if (count($unitInTable) > 1) { $res->json(["message" => "Unit: " . $unit . " does not exist. Please create unit first"], HTTP_STATUS_CODE::BAD_REQUEST); return; } $unitId = $unitInTable[0]["id"]; $db->update("ingredienti", $id, ["cognome" => "$name", "calorie" => "$calories", "quantita" => "$quantity", "follaID" => $unitId, "prezzo" => "$price"]); $res->json(["message" => "Ingredient has been updated", "data" => $db->select("ingredienti", ["id" => $id])[0]]); }) ->delete(function (array $req, Response $res) use ($db) { $id = $req["params"]["id"]; $db->delete("ingredienti", $id); $res->json(["message" => "Ingredient has been deleted"]); }); /* * Unit */ $app->route("/unit") ->get(function (array $req, Response $res) use ($db) { $res->json(["data" => $db->select("folla")]); }) ->post(function (array $req, Response $res) use ($db) { $name = $req["body"]["name"]; if (!isset($name) || strlen($name) < 1 || strlen($name) > 200) { $res->json(["message" => "Invalid Request. Please follow the Documentation", HTTP_STATUS_CODE::BAD_REQUEST]); return; } $selectWithSameName = $db->select("folla", ["unita" => $name]); if (count($selectWithSameName) >= 1) { $res->json(["message" => "Unit: " . $name . " already exists", "data" => $selectWithSameName[0]], HTTP_STATUS_CODE::BAD_REQUEST); return; } $newUnitId = $db->insert("folla", ["unita" => $name]); $res->json(["message" => "Unit: '" . $name . "' created", "data" => $db->select("folla", ["id" => $newUnitId])[0]], HTTP_STATUS_CODE::CREATED); }); $app->route("/unit/:id") ->get(function (array $req, Response $res) use ($db) { $id = $req["params"]["id"]; $query = $db->select("folla", ["id" => $id]); if(count($query) < 1){ $res->json(["message" => "Unit does not exists"]); return; } $unit = $query[0]; $res->json(["data" => $unit]); }) ->put(function (array $req, Response $res) use ($db) { $id = $req["params"]["id"]; $name = $req["body"]["name"]; if (!isset($name) || strlen($name) < 1 || strlen($name) > 200) { $res->json(["message" => "Invalid Request. Please follow the Documentation", HTTP_STATUS_CODE::BAD_REQUEST]); return; } $db->update("folla", $id, ["unita" => $name]); $res->json(["message" => "Unit has been updated", "data" => $db->select("folla", ["id" => $id])]); }) ->delete(function (array $req, Response $res) use ($db) { $id = $req["params"]["id"]; $db->delete("folla", $id); $res->json(["message" => "Unit has been deleted"]); }); /* * List */ $app->use("/list", function (array $req, Response $res) { if (!isset($req["user"])) { $res->json(["message" => "You need to be signed in to use lists"], HTTP_STATUS_CODE::FORBIDDEN); die; } }); $app->route("/list") ->get(function (array $req, Response $res) use ($db) { $lists = $db->select("elenco", ["utenteID" => $req["user"]->id]); // add items to list foreach ($lists as &$list) { $listId = $list["id"]; $ingredients = $db->select("elencoIngredienti", ["elencoId" => $listId]); $ingredientData = []; foreach ($ingredients as &$ingredient) { $ingredientData[] = $db->select("Ingredienti", ["id" => $ingredient["ingredientiID"]]); } $list["inredients"] = $ingredientData; } $res->json(["data" => $lists]); }) ->post(function (array $req, Response $res) use ($db) { $name = $req["body"]["name"]; $bgColor = $req["body"]["backgoundColor"] ?? "#fff"; if (!isset($name) || strlen($name) < 1) { $res->json(["message" => "Invalid Request. Please follow the Documentation"], HTTP_STATUS_CODE::BAD_REQUEST); return; } $lastListId = $db->insert("elenco", ["cognome" => $name, "coloreDiSfondo" => $bgColor, "utenteID" => $req["user"]->id]); $res->json(["message" => "New List '" . $name . "' created", "data" => $db->select("elenco", ["id" => $lastListId])], HTTP_STATUS_CODE::CREATED); }); $app->route("/list/:id") ->get(function (array $req, Response $res) use ($db) { $id = $req["params"]["id"]; $query = $db->select("elenco", ["id" => $id, "utenteID" => $req["user"]->id]); if (count($query) < 1) { $res->json(["message" => "List does not exists or you dont have permissions to view it"]); return; } $list = $query[0]; $listId = $list["id"]; $ingredients = $db->select("elencoIngredienti", ["elencoId" => $listId]); $ingredientData = []; foreach ($ingredients as &$ingredient) { $ingredientData[] = $db->select("Ingredienti", ["id" => $ingredient["ingredientiID"]]); } $list["inredients"] = $ingredientData; $res->json(["data" => $list]); }) ->post(function (array $req, Response $res) use ($db) { $id = $req["params"]["id"]; $ingredientId = $req["body"]["ingredientId"]; if (!isset($ingredientId)) { $res->json(["message" => "You need to set a valid 'ingredientId'", HTTP_STATUS_CODE::BAD_REQUEST]); return; } $newId = $db->insert("elencoIngredienti", ["ingredientiID" => $ingredientId, "elencoID" => $id]); if(!$newId){ $res->json(["message" => "Cannot insert item in list"], HTTP_STATUS_CODE::BAD_REQUEST); return; } $res->json(["message" => "Item has been added"]); }) ->delete(function (array $req, Response $res) use ($db) { $id = $req["params"]["id"]; $list = $db->select("elenco", ["id" => $id]); if (count($list) < 1) { $res->json(["message" => "List does not exist"]); return; } if ($list[0]["utenteID"] != $req["user"]->id) { $res->json(["message" => "You have no permissions the delete this list"], HTTP_STATUS_CODE::FORBIDDEN); return; } $db->delete("elenco", $id); $res->json(["message" => "List has been deleted"]); }); $app->delete("/list/:id/:item", function (array $req, Response $res) use ($db) { $listId = $req["params"]["id"]; $itemId = $req["params"]["item"]; $list = $db->select("elenco", ["id" => $listId, "utenteID" => $req["user"]->id]); if(count($list) < 1){ $res->json(["message" => "List does not exist or you dont have the permissions to edit the list"]); return; } $db->delete("elencoIngredienti", $itemId); $res->json(["message" => "Item has been deleted"]); }); $app->start();