abschluss
This commit is contained in:
176
routes/web.php
176
routes/web.php
@ -1,11 +1,25 @@
|
||||
<?php
|
||||
use Blog\Core\router;
|
||||
use Blog\Core\container;
|
||||
use Blog\Utils\authHelper;
|
||||
use Blog\Http\request;
|
||||
use Blog\Http\response;
|
||||
use Blog\Middleware\authMiddleware;
|
||||
use Blog\Core\Router;
|
||||
use Blog\Core\Container;
|
||||
use Blog\Utils\AuthHelper;
|
||||
use Blog\Http\Request;
|
||||
use Blog\Http\Response;
|
||||
use Blog\Middleware\AuthMiddleware;
|
||||
|
||||
/**
|
||||
* Registriert alle HTTP-Routen für den Blog.
|
||||
*
|
||||
* @var Router $router Die Router-Instanz für die Anwendung.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Startseite mit einer Liste der Blogposts.
|
||||
*
|
||||
* @route GET /
|
||||
* @param Request $req Die HTTP-Anfrage.
|
||||
* @param Response $res Die HTTP-Antwort.
|
||||
* @return Response Die Antwort mit gerendertem HTML-Inhalt.
|
||||
*/
|
||||
$router->addRoute('GET', '/', function(Request $req, Response $res) use($container) {
|
||||
$twig = $container->get('twig');
|
||||
$postModel = $container->get('postModel');
|
||||
@ -19,6 +33,64 @@ $router->addRoute('GET', '/', function(Request $req, Response $res) use($contain
|
||||
return $res;
|
||||
});
|
||||
|
||||
/**
|
||||
* Zeigt das Formular zum Erstellen eines neuen Blogposts (nur für eingeloggte Nutzer).
|
||||
*
|
||||
* @route GET /post/new
|
||||
* @param Request $req Die HTTP-Anfrage.
|
||||
* @param Response $res Die HTTP-Antwort.
|
||||
* @return Response Die Antwort mit gerendertem HTML-Inhalt.
|
||||
*/
|
||||
$router->addRoute('GET', '/post/new', function(Request $req, Response $res) use($container) {
|
||||
if(!AuthHelper::isLoggedIn()) {
|
||||
return $res->setStatus(403)->getBody()->write("403 - Nicht erlaubt.");
|
||||
}
|
||||
$twig = $container->get('twig');
|
||||
$res->getBody()->write(
|
||||
$twig->render("post_new")
|
||||
);
|
||||
return $res;
|
||||
});
|
||||
|
||||
/**
|
||||
* Verarbeitet das Formular zum Erstellen eines neuen Blogposts.
|
||||
*
|
||||
* @route POST /post/new
|
||||
* @param Request $req Die HTTP-Anfrage.
|
||||
* @param Response $res Die HTTP-Antwort.
|
||||
* @return Response Die Antwort mit Umleitung oder Fehlerstatus.
|
||||
*/
|
||||
$router->addRoute('POST', '/post/new', function(Request $req, Response $res) use($container) {
|
||||
if(!AuthHelper::isLoggedIn()) {
|
||||
return $res->setStatus(403)->getBody()->write("403 - Nicht erlaubt.");
|
||||
}
|
||||
if(!authMiddleware::validateCSRFToken($req)) {
|
||||
return $res->setStatus(419)->getBody()->write("419 - Ungültiger CSRF-Token.");
|
||||
}
|
||||
|
||||
$title = $req->getPost('title');
|
||||
$content = $req->getPost('content');
|
||||
$authorId = $_SESSION['user']['id'] ?? null;
|
||||
|
||||
if(!$title || !$content || !$authorId) {
|
||||
return $res->setStatus(400)->getBody()->write("400 - Fehlende Felder.");
|
||||
}
|
||||
|
||||
$postModel = $container->get('postModel');
|
||||
$postModel->createPost($title, $content, $authorId);
|
||||
|
||||
return $res->redirect('/');
|
||||
});
|
||||
|
||||
/**
|
||||
* Zeigt einen einzelnen Blogpost basierend auf der ID.
|
||||
*
|
||||
* @route GET /post/{id}
|
||||
* @param Request $req Die HTTP-Anfrage.
|
||||
* @param Response $res Die HTTP-Antwort.
|
||||
* @param string $id Die ID des Blogposts.
|
||||
* @return Response Die Antwort mit gerendertem Blogpost.
|
||||
*/
|
||||
$router->addRoute('GET', '/post/{id}', function(Request $req, Response $res, $id) use($container) {
|
||||
$twig = $container->get('twig');
|
||||
$postModel = $container->get('postModel');
|
||||
@ -34,27 +106,101 @@ $router->addRoute('GET', '/post/{id}', function(Request $req, Response $res, $id
|
||||
return $res;
|
||||
});
|
||||
|
||||
/**
|
||||
* Speichert Änderungen an einem Blogpost (nur für eingeloggte Nutzer).
|
||||
*
|
||||
* @route POST /post/{id}/edit
|
||||
* @param Request $req Die HTTP-Anfrage.
|
||||
* @param Response $res Die HTTP-Antwort.
|
||||
* @param string $id Die ID des Blogposts.
|
||||
* @return Response Die Antwort mit Umleitung oder Fehlerstatus.
|
||||
*/
|
||||
$router->addRoute('POST', '/post/{id}/edit', function(Request $req, Response $res, $id) use($container) {
|
||||
if(!AuthHelper::isLoggedIn()) {
|
||||
return $res->setStatus(403)->getBody()->write("403 - Nicht erlaubt.");
|
||||
}
|
||||
|
||||
if (!authMiddleware::validateCSRFToken($req)) {
|
||||
return $res->setStatus(419)->getBody()->write("419 - Ungültiger CSRF-Token.");
|
||||
}
|
||||
|
||||
$content = $req->getPost('content');
|
||||
$postModel = $container->get('postModel');
|
||||
$post = $postModel->getPost($id);
|
||||
|
||||
if (!$post) {
|
||||
return $res->setStatus(404)->getBody()->write("404 - Post nicht gefunden.");
|
||||
}
|
||||
|
||||
$postModel->updatePostContent($id, $content);
|
||||
|
||||
return $res->redirect('/post/' . $id);
|
||||
});
|
||||
|
||||
/**
|
||||
* Löscht einen Blogpost basierend auf der ID (nur für eingeloggte Nutzer).
|
||||
*
|
||||
* @route POST /post/delete/{id}
|
||||
* @param Request $req Die HTTP-Anfrage.
|
||||
* @param Response $res Die HTTP-Antwort.
|
||||
* @param string $id Die ID des Blogposts.
|
||||
* @return Response Die Antwort mit Umleitung oder Fehlerstatus.
|
||||
*/
|
||||
$router->addRoute('POST', '/post/delete/{id}', function(Request $req, Response $res, $id) use($container) {
|
||||
if(!AuthHelper::isLoggedIn()) {
|
||||
return $res->setStatus(403)->getBody()->write("403 - Nicht erlaubt.");
|
||||
}
|
||||
|
||||
if (!authMiddleware::validateCSRFToken($req)) {
|
||||
return $res->setStatus(419)->getBody()->write("419 - Ungültiger CSRF-Token.");
|
||||
}
|
||||
|
||||
$postModel = $container->get('postModel');
|
||||
$post = $postModel->getPost($id);
|
||||
|
||||
if (!$post) {
|
||||
return $res->setStatus(404)->getBody()->write("404 - Post nicht gefunden.");
|
||||
}
|
||||
|
||||
$postModel->deletePost($id);
|
||||
|
||||
return $res->redirect('/');
|
||||
});
|
||||
|
||||
/**
|
||||
* Zeigt die Login-Seite.
|
||||
*
|
||||
* @route GET /login
|
||||
* @param Request $req Die HTTP-Anfrage.
|
||||
* @param Response $res Die HTTP-Antwort.
|
||||
* @return Response Die Antwort mit gerendertem Loginformular.
|
||||
*/
|
||||
$router->addRoute('GET', '/login', function(Request $req, Response $res) use($container) {
|
||||
$twig = $container->get('twig');
|
||||
|
||||
$res->getBody()->write(
|
||||
$twig->render("login", [
|
||||
"csrf" => authMiddleware::generateCSRFToken()
|
||||
])
|
||||
$twig->render("login")
|
||||
);
|
||||
|
||||
return $res;
|
||||
});
|
||||
|
||||
/**
|
||||
* Verarbeitet die Login-Anfrage und authentifiziert den Nutzer.
|
||||
*
|
||||
* @route POST /login
|
||||
* @param Request $req Die HTTP-Anfrage.
|
||||
* @param Response $res Die HTTP-Antwort.
|
||||
* @return Response Die Antwort mit Umleitung oder Fehlerstatus.
|
||||
*/
|
||||
$router->addRoute('POST', '/login', function(Request $req, Response $res) use($container) {
|
||||
$twig = $container->get('twig');
|
||||
$userModel = $container->get('userModel');
|
||||
|
||||
$username = $req->getPost('username');
|
||||
$password = $req->getPost('password');
|
||||
$csrfToken = $req->getPost('_csrf_token');
|
||||
|
||||
if(!authMiddleware::validateCSRFToken($csrfToken)) {
|
||||
if(!authMiddleware::validateCSRFToken($req)) {
|
||||
return $res
|
||||
->setStatus(419)
|
||||
->getBody()
|
||||
@ -73,6 +219,14 @@ $router->addRoute('POST', '/login', function(Request $req, Response $res) use($c
|
||||
return $res->redirect('/');
|
||||
});
|
||||
|
||||
/**
|
||||
* Führt den Logout des Nutzers aus.
|
||||
*
|
||||
* @route GET /logout
|
||||
* @param Request $req Die HTTP-Anfrage.
|
||||
* @param Response $res Die HTTP-Antwort.
|
||||
* @return Response Die Antwort mit Umleitung zur Startseite.
|
||||
*/
|
||||
$router->addRoute('GET', '/logout', function(Request $req, Response $res) use($container) {
|
||||
AuthHelper::logout();
|
||||
return $res->redirect('/');
|
||||
|
||||
Reference in New Issue
Block a user