OXIESEC PANEL

	Name	Size	Modified	Perms
	📁 ..	-	08/07/2024 07:35:13 AM	rwxr-xr-x
	📄 API.php	3.66 KB	08/07/2024 05:13:37 AM	rw-r--r--

Editing: API.php

<?php

// Include your dependencies and configuration as needed
require_once __DIR__ . '/../config/Database.php';
require_once __DIR__ . '/../models/Authenticator.php';

use OpenApi\Annotations as OA;

/**
 * @OA\Info(
 *     title="Your API Documentation",
 *     version="1.0.0",
 *     description="API documentation for user_collection endpoints"
 * )
 */

/**
 * @OA\Server(
 *     url="http://localhost/API",
 *     description="Local development server"
 * )
 */

class API {
    private $db;
    private $authenticator;

public function __construct() {
        $this->db = (new Database())->getConnection();
        $this->authenticator = new Authenticator($this->db);
    }

/**
     * @OA\Get(
     *     path="/user_collection",
     *     tags={"User Collection"},
     *     summary="Get user collection data",
     *     description="Returns a list of user collection data",
     *     @OA\Parameter(
     *         name="api_key",
     *         in="query",
     *         required=true,
     *         description="API key",
     *         @OA\Schema(
     *             type="string"
     *         )
     *     ),
     *     @OA\Parameter(
     *         name="secret_key",
     *         in="query",
     *         required=true,
     *         description="Secret key",
     *         @OA\Schema(
     *             type="string"
     *         )
     *     ),
     *     @OA\Response(
     *         response=200,
     *         description="Successful operation",
     *         @OA\JsonContent(
     *             type="array",
     *             @OA\Items(ref="#/components/schemas/UserCollection")
     *         )
     *     ),
     *     @OA\Response(response=401, description="Unauthorized"),
     *     @OA\Response(response=404, description="No data found"),
     *     @OA\Response(response=500, description="Server error")
     * )
     */

public function handleRequest($gUserId) {
        if ($_SERVER['REQUEST_METHOD'] === 'GET') {
            $api_key = isset($_GET['api_key']) ? htmlspecialchars(strip_tags($_GET['api_key'])) : '';
            $secret_key = isset($_GET['secret_key']) ? htmlspecialchars(strip_tags($_GET['secret_key'])) : '';

try {
                if ($this->authenticator->authenticate($api_key, $secret_key)) {
                    // $sql = "SELECT (id, user_id, author, date_added, date_modified, date_published, likes, title, description) FROM user_collection WHERE user_id = ". $gUserId;
                    $sql = "SELECT * FROM user_collection WHERE user_id = ". $gUserId;
                    echo json_encode(["query" => $sql]);

$stmt = $this->db->prepare($sql);
                    $stmt->execute();
                    $data = $stmt->fetchAll(PDO::FETCH_ASSOC);

if (empty($data)) {
                        http_response_code(404);
                        echo json_encode(array("message" => "No data found in user_collection table."));
                    } else {
                        // header('Content-Type: application/json');
                        echo json_encode($data);
                    }
                } else {
                    http_response_code(401);
                    echo json_encode(array("message" => "Unauthorized access."));
                }
            } catch (Exception $e) {
                http_response_code(500);
                echo json_encode(array("message" => "Server error: " . $e->getMessage()));
            }
        } else {
            http_response_code(405);
            echo json_encode(array("message" => "Method not allowed."));
        }
    }
}
?>