Skip to content

Commit

Permalink
remove jwt, add more details in session and user endpoints
Browse files Browse the repository at this point in the history
  • Loading branch information
creme332 committed Aug 29, 2024
1 parent 5495aa0 commit a247e54
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 26 deletions.
30 changes: 15 additions & 15 deletions docs/API.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,25 +20,24 @@ tests for API.

There are two types of endpoints:

1. **Public endpoints** : They return a public resource that can be accessed **without a token**.
2. **Protected endpoints** : They return a protected resource that can only be accessed **with a valid JWT token**.
1. **Public endpoints** : They return a public resource that can be accessed by anyone.
2. **Protected endpoints** : They return a protected resource that can only be accessed by administrators.

### Session

| Endpoint | Description | Protected |
|-------------------------|--------------------------------------------------|-----------|
| `POST /api/v1/sessions` | Authenticates admin and creates a session token. | No |
PHP sessions are used for authentication so all session information are stored on server.

Note:

- Only administrators can receive a session token.
- Only administrators can access protected endpoints.
| Endpoint | Description | Protected |
|-------------------------|----------------------------------------------------------------------------------------------------------|-----------|
| `POST /api/v1/sessions` | Authenticates admin and creates a session token. The request body should contain `email` and `password`. | No |

### User

| Endpoint | Description | Protected |
|-----------------------------------|-----------------------------------------------------|-----------|
| `GET /api/v1/users` | Get the list of all users. | Yes |
A user can be a client or an administrator.

| Endpoint | Description | Protected | Query string parameters |
|-----------------------------------|-----------------------------------------------------|-----------|-------------------------|
| `GET /api/v1/users` | Get the list of all users. | Yes | `user-type` |
| `GET /api/v1/users/[id]` | Get the details of a specific user by their ID. | Yes |
| `POST /api/v1/users` | Create a new user entry in the database. | Yes |
| `DELETE /api/v1/users/[id]` | Delete a user with the specified ID. | Yes |
Expand Down Expand Up @@ -86,9 +85,10 @@ Note:

## Query string parameters

| Parameter | Possible values | Description |
|-----------|-----------------|---------------------------------------|
| `sort` | `asc`, `desc` | Sort in ascending or descending order |
| Parameter | Possible values | Description |
|-------------|-------------------|---------------------------------------------------|
| `sort` | `asc`, `desc` | Sort in ascending or descending order |
| `user-type` | `client`, `admin` | For user endpoints, return only clients or admins |

# References

Expand Down
21 changes: 10 additions & 11 deletions src/controllers/api/Sessions.php
Original file line number Diff line number Diff line change
Expand Up @@ -11,17 +11,21 @@
*/
class Sessions
{

public static array $routes = [
'POST' => [
'/sessions' => 'handleLogin',
]
];

/**
* Create a new session for an administrator if credentials are valid.
* @return void
*/
public function handleLogin(): void
{
$email = trim($_POST['email'] ?? "");
$password = trim($_POST['password'] ?? "");
$data = (object)json_decode(file_get_contents("php://input"), true);
$email = trim($data->email ?? "");
$password = trim($data->password ?? "");

if (empty($email) || empty($password)) {
http_response_code(400);
Expand All @@ -31,19 +35,14 @@ public function handleLogin(): void
// fetch administrator account
$admin = Administrator::getByEmail($email);

// validate email
if (!$admin) {
http_response_code(401);
die();
}

// validate password
if (!$admin->verifyPassword($password)) {
// validate credentials
if (!$admin || !$admin->verifyPassword($password)) {
http_response_code(401);
die();
}

$_SESSION['admin_email'] = $email;
session_regenerate_id();
http_response_code(201);
}
}

0 comments on commit a247e54

Please sign in to comment.