sundowndev
/
interview-v1
mirror of https://github.com/sundowndev/interview-v1.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Avoid circular reference in controllers & services

pull/8/head
sundowndev 2018-07-22 02:33:22 +02:00
parent c176e32f89
commit e32435f5bb
6 changed files with 91 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
server/src/Controller/TaskController.php
View File

@ -5,7 +5,7 @@ namespace App\Controller;
use App\Service\JsonResponse;
use App\Service\Database;
use App\Repository\TaskRepository;
use App\Service\Security;
use App\Service\Request;
use App\Service\Session;
/**
@ -15,17 +15,20 @@ use App\Service\Session;
class TaskController
{
private $db;
private $request;
private $jsonResponse;
private $session;
private $security;
private $repository;
public function __construct()
{
$this->db = new Database();
$this->request = new Request();
$this->jsonResponse = new JsonResponse();
$this->repository = new TaskRepository($this->db);
$this->session = new Session();
$this->security = new Security();
$this->session = new Session($this->db, $this->jsonResponse);
$this->security = $this->session->security;
}
/**
@ -44,7 +47,7 @@ class TaskController
}
/**
* Get all tasks
* Get task by id
*
* Route: /tasks/$id
* Method: GET
@ -66,29 +69,25 @@ class TaskController
*/
public function post()
{
if ($this->security->isLogged($_COOKIE['session'])) {
$code = 403;
$message = 'You are not authentified.';
$data = [];
print $this->jsonResponse->create($code, $message, $data);
if (!$this->security->isLogged()) {
print $this->security->NotAllowedRequest();
exit();
}
if (empty($_POST['title']) || empty($_POST['description'])) {
$content = $this->request->getContentAsArray();
if (empty($content['title']) || empty($content['description'])) {
$code = 400;
$message = 'Bad parameters.';
$data = [];
print $this->jsonResponse->create($code, $message, $data);
print $this->jsonResponse->create($code, $message);
exit();
}
$task = $this->repository->create([
'user_id' => 1,
'title' => $_POST['title'],
'description' => $_POST['description'],
'creation_date' => new \DateTime(),
'title' => $content['title'],
'description' => $content['description'],
'status' => 1
]);
@ -122,9 +121,17 @@ class TaskController
*/
public function delete($id)
{
//verify auth
//verify csrf
//verify if author
if (!$this->security->isLogged()) {
print $this->security->NotAllowedRequest();
exit();
}
$task = $this->repository->findOneById($id);
if ($task['user_id'] !== 1) {
print $this->security->NotAllowedRequest();
exit();
}
$this->repository->deleteById($id);

32
server/src/Service/Database.php
View File

@ -8,47 +8,45 @@ namespace App\Service;
*/
class Database
{
private $dotEnvParser;
private $conn;
private $dsn;
private $options;
/**
* Database constructor.
*/
public function __construct()
{
$this->dotEnvParser = new DotEnvParser();
$this->dotEnvParser
->parse()
->toEnv()
->toArray();
$this->conn = null;
$dsn = "mysql:host=" . $_ENV['MYSQL_HOST'] . ";dbname=" . $_ENV['MYSQL_DBNAME'];
$options = array(
$this->dsn = "mysql:host=" . getenv('MYSQL_HOST') . ":".getenv('MYSQL_PORT').";dbname=" . getenv('MYSQL_DBNAME');
$this->options = array(
\PDO::ATTR_PERSISTENT => true,
\PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION
);
try {
$this->conn = new \PDO($dsn, $_ENV['MYSQL_USER'], $_ENV['MYSQL_PASS'], $options);
} //catch any errors
catch (\PDOException $e) {
$this->error = $e->getMessage();
}
}
/**
* Get the PDO connection instance
*
* @return \PDO
*/
public function getConnection()
{
if (is_null($this->conn)) {
try {
$this->conn = new \PDO($this->dsn, getenv('MYSQL_USER'), getenv('MYSQL_PASS'), $this->options);
} //catch any errors
catch (\PDOException $e) {
exit($e->getMessage());
}
}
return $this->conn;
}
/**
* Handle PDO execution errors
* @param PDOStatement $stmt
* @param \PDOStatement $stmt
* @return void
*/
public function errorHandler(\PDOStatement $stmt) : void

36
server/src/Service/DotEnvParser.php
View File

@ -2,7 +2,10 @@
namespace App\Service;
use josegonzalez\Dotenv\Loader;
//use M1\Env\Parser;
//use Dotenv\Dotenv;
//use \Jsefton\DotEnv\Parser;
use Codervio\Envmanager\Envparser;
/**
* Class DotEnvParser
@ -11,37 +14,18 @@ use josegonzalez\Dotenv\Loader;
class DotEnvParser
{
private $file;
private $loader;
private $parser;
public function __construct()
{
$this->file = __DIR__ . '/../../.env';
$this->loader = new Loader($this->file);
$this->parser = new Envparser($this->file);
$this->parser->load();
}
/**
* Parse the .env file
* @return bool|Loader
*/
public function parse()
public function run()
{
return $this->loader->parse();
}
/**
* Send the parsed .env file to the $_ENV variable
* @return bool|Loader
*/
public function toEnv()
{
return $this->loader->toEnv();
}
/**
* @return array|null
*/
public function toArray()
{
return $this->loader->toArray();
$this->parser->run();
}
}

2
server/src/Service/JsonResponse.php
View File

@ -16,6 +16,8 @@ class JsonResponse
'data' => $data
];
header('Access-Control-Allow-Origin: ' . getenv('ALLOW_ORIGIN'));
header('Accept: application/json');
header('Content-Type: application/json');
http_response_code($code);

38
server/src/Service/Security.php
View File

@ -13,12 +13,24 @@ class Security
*/
private $session;
/**
* @var JsonResponse
*/
private $jsonResponse;
/**
* @var $secret_key
*/
private $secret_key;
/**
* Security constructor.
*/
public function __construct()
public function __construct(Session $session, JsonResponse $jsonResponse)
{
$this->session = new Session();
$this->session = $session;
$this->jsonResponse = $jsonResponse;
$this->secret_key = getenv('APP_SECRET');
}
/**
@ -35,27 +47,21 @@ class Security
* @param $cookie
* @return bool
*/
public function isLogged($cookie)
public function isLogged()
{
if (is_null($this->session->getSession($cookie))) {
return false;
} else {
return true;
}
return false;
}
/**
* @param $csrf
* @param $cookie
* @return bool
* @return string
*/
public function isValidCsrf($csrf, $cookie)
public function NotAllowedRequest()
{
if (is_null($session = $this->session->getSession($cookie))) {
return false;
}
$code = 403;
$message = 'You are not allowed to perform this request.';
$data = [];
return $session['csrf'] === $csrf;
return $this->jsonResponse->create($code, $message, $data);
}
/**

25
server/src/Service/Session.php
View File

@ -8,12 +8,16 @@ namespace App\Service;
*/
class Session
{
private $db;
public $security;
/**
* Session constructor.
*/
public function __construct()
public function __construct(Database $database, JsonResponse $jsonResponse)
{
$this->db = new Database();
$this->db = $database;
$this->security = new Security($this, $jsonResponse);
}
/**
@ -21,12 +25,15 @@ class Session
* @param $csrf
* @param $cookie
*/
public function create($user_id, $csrf, $cookie)
public function create($user_id)
{
$stmt = $this->db->getConnection()->prepare('INSERT INTO Session (user_id, csrf, cookie) VALUES(:user_id, :csrf, :cookie)');
$token = $this->security->generateToken();
$expire_at = new \DateTime();
$stmt = $this->db->getConnection()->prepare('INSERT INTO Session (user_id, token, issued_at, expire_at) VALUES(:user_id, :token, NOW(), :expire_at)');
$stmt->bindParam(':user_id', $user_id, \PDO::PARAM_INT);
$stmt->bindParam(':title', $csrf, \PDO::PARAM_STR);
$stmt->bindParam(':description', $cookie, \PDO::PARAM_STR);
$stmt->bindParam(':token', $token, \PDO::PARAM_STR);
$stmt->bindParam(':expire_at', $expire_at);
$stmt->execute();
}
@ -34,10 +41,10 @@ class Session
* @param $cookie
* @return mixed|null
*/
public function getSession($cookie)
public function getSession($token)
{
$stmt = $this->db->getConnection()->prepare('SELECT * FROM Session WHERE cookie = :cookie');
$stmt->bindParam(':cookie', $cookie);
$stmt = $this->db->getConnection()->prepare('SELECT * FROM Session WHERE token = :token');
$stmt->bindParam(':token', $token);
$stmt->execute();
$session = $stmt->fetch(\PDO::FETCH_ASSOC);