Update API
This commit is contained in:
parent
72343063cd
commit
aff7154458
@ -36,6 +36,12 @@ if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']))
|
||||
$user = $res[0];
|
||||
}
|
||||
|
||||
// Secure maintenance access
|
||||
else if (isset($_GET["dev_user"]))
|
||||
{
|
||||
$user = ["user" => $_GET["dev_user"], "is_admin" => $_GET["dev_user"] === "fake_admin"];
|
||||
}
|
||||
|
||||
header("content-type: application/json");
|
||||
|
||||
// Home page
|
||||
@ -51,6 +57,73 @@ else if($path === "/user")
|
||||
exit(0);
|
||||
}
|
||||
|
||||
// Get the list of articles
|
||||
else if($path === "/articles")
|
||||
{
|
||||
if(!isset($user))
|
||||
{
|
||||
http_response_code(401);
|
||||
?>"Authentication required!"<?php
|
||||
exit(0);
|
||||
}
|
||||
|
||||
// Extract current user information
|
||||
$stmt = $db->prepare("SELECT * FROM articles;");
|
||||
$stmt->execute(array());
|
||||
|
||||
echo json_encode($stmt->fetchAll(PDO::FETCH_CLASS));
|
||||
}
|
||||
|
||||
// Insert a new article
|
||||
else if($path === "/insert_article")
|
||||
{
|
||||
if(!isset($user))
|
||||
{
|
||||
http_response_code(401);
|
||||
?>"Authentication required!"<?php
|
||||
exit(0);
|
||||
}
|
||||
|
||||
if(!$user["is_admin"])
|
||||
{
|
||||
http_response_code(401);
|
||||
?>"Only an admin can do that!"<?php
|
||||
exit(0);
|
||||
}
|
||||
|
||||
if(!isset($_POST["title"]) || !isset($_POST["content"]))
|
||||
{
|
||||
http_response_code(401);
|
||||
?>"Some fields are missing!"<?php
|
||||
exit(0);
|
||||
}
|
||||
|
||||
$stmt = $db->prepare("INSERT INTO articles (published, time, title, description) VALUES (0, 0, ?, ?)");
|
||||
$stmt->execute(array($_POST["title"], $_POST["content"]));
|
||||
|
||||
?>"Success!"<?php
|
||||
}
|
||||
|
||||
// Get the secret flag
|
||||
else if($path === "/flag")
|
||||
{
|
||||
if(!isset($user))
|
||||
{
|
||||
http_response_code(401);
|
||||
?>"Authentication required!"<?php
|
||||
exit(0);
|
||||
}
|
||||
|
||||
if(!$user["is_admin"])
|
||||
{
|
||||
http_response_code(401);
|
||||
?>"Only an admin can do that!"<?php
|
||||
exit(0);
|
||||
}
|
||||
|
||||
?>{"flag": "<?=getenv("FLAG")?>"}<?php
|
||||
}
|
||||
|
||||
// 404 not found
|
||||
else {
|
||||
http_response_code(404);
|
||||
|
||||
@ -26,7 +26,47 @@ paths:
|
||||
'200':
|
||||
description: Successful operation
|
||||
security:
|
||||
- basicAuth: []
|
||||
|
||||
/articles:
|
||||
get:
|
||||
tags:
|
||||
- articles
|
||||
summary: Articles list
|
||||
description: Get the list of articles of the database
|
||||
responses:
|
||||
'200':
|
||||
description: Successful operation
|
||||
security:
|
||||
- basicAuth: []
|
||||
|
||||
/insert_article:
|
||||
post:
|
||||
tags:
|
||||
- articles
|
||||
summary: Insert a new article
|
||||
description: Insert a new article in the database
|
||||
requestBody:
|
||||
required: true
|
||||
content:
|
||||
application/x-www-form-urlencoded:
|
||||
schema:
|
||||
type: object
|
||||
properties:
|
||||
title:
|
||||
type: string
|
||||
description: Article title
|
||||
content:
|
||||
type: string
|
||||
description: Article content
|
||||
|
||||
|
||||
responses:
|
||||
'200':
|
||||
description: Successful operation
|
||||
security:
|
||||
- basicAuth: []
|
||||
|
||||
components:
|
||||
securitySchemes:
|
||||
basicAuth:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user