From fe2c37f7d786e48812dc2db6db4cefd5bfa9a692 Mon Sep 17 00:00:00 2001
From: Kekskurse <git@kekskurse.de>
Date: Thu, 6 Jun 2019 15:44:45 +0200
Subject: [PATCH] API

---
 app/Http/Controllers/API/AppController.php    | 64 +++++++++++++++++++
 app/Http/Controllers/API/UserController.php   |  8 +++
 app/Http/Middleware/CorsMiddleware.php        | 38 +++++++++++
 app/Http/Resources/API/App.php                | 36 +++++++++++
 app/Http/Resources/API/AppForOwner.php        | 39 +++++++++++
 app/Models/App.php                            |  2 +-
 app/Models/Setting.php                        |  3 +-
 bootstrap/app.php                             |  3 +-
 .../2019_05_22_121930_new_gui_settings.php    |  6 ++
 docker-compose.yml                            |  4 +-
 public/index.php                              |  1 -
 routes/web.php                                |  9 +++
 12 files changed, 207 insertions(+), 6 deletions(-)
 create mode 100644 app/Http/Controllers/API/AppController.php
 create mode 100644 app/Http/Middleware/CorsMiddleware.php
 create mode 100644 app/Http/Resources/API/App.php
 create mode 100644 app/Http/Resources/API/AppForOwner.php

diff --git a/app/Http/Controllers/API/AppController.php b/app/Http/Controllers/API/AppController.php
new file mode 100644
index 0000000..acc23ca
--- /dev/null
+++ b/app/Http/Controllers/API/AppController.php
@@ -0,0 +1,64 @@
+<?php
+
+namespace App\Http\Controllers\API;
+
+use App\Exceptions\HTTPException;
+use App\Exceptions\NoPermissionException;
+use App\Exceptions\NotLoggedInException;
+use App\Exceptions\ResourceNotFound;
+use App\Http\Resources\API\App;
+use App\Http\Resources\API\AppForOwner;
+use App\Models\Setting;
+use App\Models\User;
+use http\Env\Request;
+use Illuminate\Support\Facades\Auth;
+use Laravel\Lumen\Routing\Controller as BaseController;
+use TaGeSo\APIResponse\Response;
+
+class AppController extends BaseController
+{
+    public function listApps(Response $response) {
+        if(!Auth::check()) {
+            throw new NotLoggedInException();
+        }
+
+        $apps = \App\Models\App::query()->where("user_id", "=", Auth::user()->id)->get();
+
+        return $response->withData(AppForOwner::collection(collect($apps)));
+    }
+    public function appDetails(Response $response, $id) {
+        if(!Auth::check()) {
+            throw new NotLoggedInException();
+        }
+
+        $app = \App\Models\App::query()->where("id", "=", (int)$id)->firstOrFail();
+
+        if($app->user_id == Auth::user()->id) {
+            return $response->withData(new AppForOwner($app));
+        }
+
+        return $response->withData(new App($app));
+    }
+
+    public function findApp(Response $response, \Illuminate\Http\Request $request) {
+        if(!Auth::check()) {
+            throw new NotLoggedInException();
+        }
+
+        $this->validate($request, [
+            'apiKey' => '',
+        ]);
+
+        $query = \App\Models\App::query();
+
+        if($request->input("apiKey", false)) {
+            $query->where("apiKey", "=", $request->input("apiKey"));
+        }
+
+        $apps = $query->paginate(20);
+
+        $response->setPagination($apps->currentPage(), $apps->lastPage(), $apps->perPage());
+        return $response->withData(App::collection($apps));
+
+    }
+}
diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php
index 7f10014..98abff6 100644
--- a/app/Http/Controllers/API/UserController.php
+++ b/app/Http/Controllers/API/UserController.php
@@ -68,6 +68,14 @@ class UserController extends BaseController
         return new AccessToken($token);
     }
 
+    public function me(Response $response) {
+        if(!Auth::check()) {
+            throw new NotLoggedInException();
+        }
+
+        return $response->withData(new \App\Http\Resources\API\User(Auth::user()));
+    }
+
     public function register(Request $request, Response $response) {
         //If Recptache is enabled check it at the beginning
         if(Setting::getSettingValue("recaptcha_v2_register")) {
diff --git a/app/Http/Middleware/CorsMiddleware.php b/app/Http/Middleware/CorsMiddleware.php
new file mode 100644
index 0000000..8dc0d2a
--- /dev/null
+++ b/app/Http/Middleware/CorsMiddleware.php
@@ -0,0 +1,38 @@
+<?php
+namespace App\Http\Middleware;
+
+use Closure;
+
+class CorsMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $headers = [
+            'Access-Control-Allow-Origin'      => '*',
+            'Access-Control-Allow-Methods'     => 'POST, GET, OPTIONS, PUT, DELETE',
+            'Access-Control-Allow-Credentials' => 'true',
+            'Access-Control-Max-Age'           => '86400',
+            'Access-Control-Allow-Headers'     => 'Content-Type, Authorization, X-Requested-With'
+        ];
+
+        if ($request->isMethod('OPTIONS'))
+        {
+            return response()->json('{"method":"OPTIONS"}', 200, $headers);
+        }
+
+        $response = $next($request);
+        foreach($headers as $key => $value)
+        {
+            $response->header($key, $value);
+        }
+
+        return $response;
+    }
+}
\ No newline at end of file
diff --git a/app/Http/Resources/API/App.php b/app/Http/Resources/API/App.php
new file mode 100644
index 0000000..fae25c2
--- /dev/null
+++ b/app/Http/Resources/API/App.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Resources\API;
+
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class App extends JsonResource
+{
+    /**
+     * Transform the resource into an array.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return array
+     */
+    public function toArray($request)
+    {
+        return [
+            'id' => (int)$this->id,
+            #'created_at' => $this->created_at,
+            #'updated_at' => $this->created_at,
+            'name' => $this->name,
+            'description' => $this->description,
+            'directUrl' => $this->direct_url,
+            'url' => $this->url,
+            /*'properties' => [
+                #'autoAccept' => $this->auto_accept,
+                #'untrustedWarning' => $this->untrusted_warning,
+                #'showOnWebpage' => $this->show_on_webpage,
+                #'stopAutoRedirect' => $this->stop_auto_redirect,
+                #'hideInAppList' => $this->hide_in_app_list,
+                #'userCantRemoveApp' => $this->user_cant_remove_app
+            ]*/
+
+        ];
+    }
+}
\ No newline at end of file
diff --git a/app/Http/Resources/API/AppForOwner.php b/app/Http/Resources/API/AppForOwner.php
new file mode 100644
index 0000000..4e584de
--- /dev/null
+++ b/app/Http/Resources/API/AppForOwner.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace App\Http\Resources\API;
+
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class AppForOwner extends JsonResource
+{
+    /**
+     * Transform the resource into an array.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return array
+     */
+    public function toArray($request)
+    {
+        return [
+            'id' => (int)$this->id,
+            'created_at' => $this->created_at,
+            'updated_at' => $this->updated_at,
+            'name' => $this->name,
+            'description' => $this->description,
+            'url' => $this->url,
+            'directUrl' => $this->direct_url,
+            'apiKey' => $this->apiKey,
+            'apiSecret' => $this->apiSecret,
+            'properties' => [
+                'testingWarning' => $this->testing_warning,
+                'autoAccept' => $this->auto_accept,
+                'untrustedWarning' => $this->untrusted_warning,
+                'showOnWebpage' => $this->show_on_webpage,
+                'stopAutoRedirect' => $this->stop_auto_redirect,
+                'hideInAppList' => $this->hide_in_app_list,
+                'userCantRemoveApp' => $this->user_cant_remove_app
+            ]
+
+        ];
+    }
+}
\ No newline at end of file
diff --git a/app/Models/App.php b/app/Models/App.php
index 384ad1b..1a1f1b0 100644
--- a/app/Models/App.php
+++ b/app/Models/App.php
@@ -16,7 +16,7 @@ class App extends Model
      * @var array
      */
     protected $fillable = [
-        'name', 'description', 'url', 'apiKey', 'apiSecret', 'auto_accept', 'testing_warning', 'untrusted_warning', 'user_id'
+        'name', 'description', 'url', 'apiKey', 'apiSecret', 'auto_accept', 'testing_warning', 'untrusted_warning', 'user_id', 'direct_url'
     ];
 
     /**
diff --git a/app/Models/Setting.php b/app/Models/Setting.php
index b3e6d91..90a66d9 100644
--- a/app/Models/Setting.php
+++ b/app/Models/Setting.php
@@ -41,7 +41,8 @@ class Setting extends Model
         'recaptcha_v2_key',
         'name_big',
         'name_small',
-        'name_slogen'
+        'name_slogen',
+        'startpage'
     ];
 
 
diff --git a/bootstrap/app.php b/bootstrap/app.php
index 7e80da3..fb98a31 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -62,7 +62,8 @@ $app->singleton(
 // ]);
 
 $app->middleware(array(
-    TaGeSo\APIResponse\Middelware::class
+    TaGeSo\APIResponse\Middelware::class,
+    \App\Http\Middleware\CorsMiddleware::class
 ));
 
 
diff --git a/database/migrations/2019_05_22_121930_new_gui_settings.php b/database/migrations/2019_05_22_121930_new_gui_settings.php
index aa9c327..ca9dbaf 100644
--- a/database/migrations/2019_05_22_121930_new_gui_settings.php
+++ b/database/migrations/2019_05_22_121930_new_gui_settings.php
@@ -32,6 +32,12 @@ class NewGuiSettings extends Migration
         $setting->typ = "textinput";
         $setting->value = "Zentraler authentication Service";
         $setting->saveOrFail();
+        $setting = new \App\Models\Setting();
+        $setting->name = "startpage";
+        $setting->description = "Show startpage, if not enabled the user will redirect to the login page";
+        $setting->typ = "checkbox";
+        $setting->value = true;
+        $setting->saveOrFail();
     }
 
     /**
diff --git a/docker-compose.yml b/docker-compose.yml
index 80f78a6..ea60be1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,9 +9,9 @@ services:
   mysql:
     image: mysql:5.7
     ports:
-      - 3306:3306
+      - 3366:3306
     environment:
       MYSQL_ROOT_PASSWORD: example
       MYSQL_DATABASE: oauth
       MYSQL_USER: oauth
-      MYSQL_PASSWORD: oauth
\ No newline at end of file
+      MYSQL_PASSWORD: oauth
diff --git a/public/index.php b/public/index.php
index dd915e1..56028d9 100644
--- a/public/index.php
+++ b/public/index.php
@@ -26,6 +26,5 @@ $app = require __DIR__.'/../bootstrap/app.php';
 |
 */
 
-header("Access-Control-Allow-Origin: *");
 
 $app->run();
diff --git a/routes/web.php b/routes/web.php
index 91532f1..c450598 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -44,6 +44,15 @@ $router->group(['prefix' => 'api'], function () use ($router) {
             $router->post("/register", ['uses' => 'API\UserController@register']);
             $router->get("/captcha", ['uses' => 'API\UserController@reCAPTCHA']);
             $router->get("/invites", ['uses' => 'API\UserController@getInviteCodeInfo']);
+            $router->get("/me", ['uses' => 'API\UserController@me']);
+        });
+        $router->group(['prefix' => 'app'], function () use ($router) {
+            $router->get("/", ['uses' => 'API\AppController@listApps']);
+            $router->get("/find", ['uses' => 'API\AppController@findApp']);
+            $router->group(['prefix' => '{id}'], function () use ($router) {
+                $router->get("/", ['uses' => 'API\AppController@appDetails']);
+
+            });
         });
         $router->group(['prefix' => 'account'], function () use ($router) {
             $router->get("/", ['uses' => 'API\AccountController@getUsers']);