On branch main

Initial commit

Author: bta2bj

.gitignore

@@ -0,0 +1,6 @@
+log/cache
+vendor
+node_modules
+.idea
+temp/
+www/dist

.htaccess

@@ -0,0 +1,2 @@
+Order Allow,Deny
+Deny from all

README.md

@@ -0,0 +1,60 @@
+# Test project REST API
+## APITTE Project with Swagger, Docker, PHP 8.1 and Nette 3.1
+
+This project is a REST API built with Apitte, Docker, PHP 8.1, and Nette 3.1.
+## Endpoints:
+- `/api/v1/product/all`: Get all products with filter (query string)
+- `/api/v1/product/one`: Get a single product by ID (query string)
+- `/api/v1/product/delete`: Delete a product by ID (query string)
+- `/api/v1/product/new`: Create a new product (json body)
+- `/api/v1/product/update`: Update a product by ID (json body)
+
+## Setup Instructions
+
+*If folder name log does not exist, please create it to make project work properly.*
+
+1. Clone the repository
+
+2. Navigate into the cloned directory and start the project with Docker:
+
+   `docker compose up -d`
+
+3. Install the NPM dependencies:
+
+   `npm install`
+
+4. Build the composer dependencies by running:
+
+   `docker compose exec php composer install`
+
+5. Build the database by running the migrations with this command:
+
+   `docker compose exec php composer run run-migration`
+
+## Swagger, Adminer, and API Endpoints
+After setting up, the following services can be accessed as shown:
+
+- Swagger UI: `http://localhost:9001`
+- Adminer (for database management): `http://localhost:8181`
+- API endpoints (for testing): `http://localhost:8080/api/v1/`
+
+To handle CORS, the `CorsMiddleware` middleware will be used to add appropriate CORS headers to the response.
+
+## Planned
+
+### Authentication
+Although authentication is not yet implemented, the Plan is to use JWT Bearer tokens for authentication. With this method, after a user logs in, a token would be generated for the user which will be used to make authenticated requests to the server.
+
+The `AuthenticationDecorator` middleware will verify the token present in the Authorization header of the request.
+
+### Caching
+Caching is another planned thing that would serve to ease queries to the database and speed up api response.
+
+### Filter
+Adding more complex filter to search for example "from" "to" range. 
+
+### Tests
+For testing purpose I plan to use PHP Unit tester.
+
+### Versions
+Versioning strategy is crucial for maintaining compatibility and providing a grace period for clients to adjust to new versions

app/Api/Decorators/AuthenticationDecorator.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace App\Api\Decorators;
+
+use Apitte\Core\Decorator\IRequestDecorator;
+use Apitte\Core\Exception\Api\ClientErrorException;
+use Apitte\Core\Http\ApiRequest;
+use Apitte\Core\Http\ApiResponse;
+use Apitte\Core\Http\RequestAttributes;
+
+class AuthenticationDecorator implements IRequestDecorator
+{
+    public function decorateRequest(ApiRequest $request, ApiResponse $response): ApiRequest
+    {
+        $endpoint = $request->getAttribute(RequestAttributes::ATTR_ENDPOINT);
+
+        if ($endpoint->hasTag('OpenApi')) {
+            return $request;
+        }
+
+        $authHeader = $request->getHeader('Authorization');
+        if (count($authHeader) === 0) {
+            throw ClientErrorException::create()
+                ->withMessage('Missing Authorization')
+                ->withCode(401);
+        }
+
+        $jwt = str_replace('Bearer ', '', $authHeader);
+        if (empty($jwt)) {
+            throw ClientErrorException::create()
+                ->withMessage('Invalid Bearer token')
+                ->withCode(401);
+        }
+
+        return $request->withAttribute('jwt', 'test');
+    }
+}

app/Api/Middlewares/CORSMiddleware.php

@@ -0,0 +1,32 @@
+<?php declare(strict_types = 1);
+
+namespace App\Api\Middlewares;
+
+use Contributte\Middlewares\IMiddleware;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+class CORSMiddleware implements IMiddleware
+{
+    private function decorate(ResponseInterface $response): ResponseInterface
+    {
+        return $response
+            ->withHeader('Access-Control-Allow-Origin', '*')
+            ->withHeader('Access-Control-Allow-Credentials', 'true')
+            ->withHeader('Access-Control-Allow-Methods', '*')
+            ->withHeader('Access-Control-Allow-Headers', '*');
+    }
+
+    public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next): ResponseInterface
+    {
+        if ($request->getMethod() === 'OPTIONS') {
+            return $this->decorate($response);
+        }
+
+        /** @var ResponseInterface $response */
+        $response = $next($request, $response);
+
+        return $this->decorate($response);
+    }
+
+}

app/Api/V1/BaseV1Controller.php

@@ -0,0 +1,12 @@
+<?php
+
+namespace App\Api\V1;
+
+use Apitte\Core\Annotation\Controller\Path;
+use Apitte\Core\UI\Controller\IController;
+use Apitte\OpenApi\Schema\SecurityScheme;
+
+#[Path("/api/v1")]
+abstract class BaseV1Controller implements IController
+{
+}

app/Api/V1/OpenApiController.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Api\V1;
+
+use Apitte\Core\Annotation\Controller\Method;
+use Apitte\Core\Annotation\Controller\Path;
+use Apitte\Core\Annotation\Controller\Tag;
+use Apitte\Core\Http\ApiRequest;
+use Apitte\Core\Http\ApiResponse;
+use Apitte\Core\UI\Controller\IController;
+use Apitte\OpenApi\ISchemaBuilder;
+
+#[Path("/api/v1/openapi")]
+#[Tag('OpenApi')]
+final class OpenApiController implements IController
+{
+    public function __construct(protected ISchemaBuilder $builder)
+    {
+    }
+
+    #[Path("/")]
+    #[Method('GET')]
+    public function index(ApiRequest $request, ApiResponse $response): ApiResponse
+    {
+        $openApi = $this->builder->build();
+
+        return $response
+            ->withAddedHeader('Access-Control-Allow-Origin', '*')
+            ->withAddedHeader('Access-Control-Allow-Methods', 'GET, POST')
+            ->withAddedHeader('Access-Control-Allow-Headers', 'Content-Type')
+            ->writeJsonBody($openApi->toArray());
+    }
+}

app/Api/V1/Products/Models/Request/ProductNewRequest.php

@@ -0,0 +1,14 @@
+<?php
+
+namespace App\Api\V1\Products\Models\Request;
+
+use Apitte\Core\Mapping\Request\BasicEntity;
+use Symfony\Component\Validator\Constraints\NotBlank;
+
+final class ProductNewRequest extends BasicEntity
+{
+    #[NotBlank]
+    public string $name;
+    #[NotBlank]
+    public float $price;
+}

app/Api/V1/Products/Models/Request/ProductUpdateRequest.php

@@ -0,0 +1,16 @@
+<?php
+
+namespace App\Api\V1\Products\Models\Request;
+
+use Apitte\Core\Mapping\Request\BasicEntity;
+use Symfony\Component\Validator\Constraints\NotBlank;
+
+final class ProductUpdateRequest extends BasicEntity
+{
+    #[NotBlank]
+    public int $id;
+    #[NotBlank]
+    public string $name;
+    #[NotBlank]
+    public float $price;
+}

app/Api/V1/Products/Models/Response/ProductResponse.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Api\V1\Products\Models\Response;
+
+use Apitte\Core\Mapping\Response\BasicEntity;
+use App\Models\Product;
+
+final class ProductResponse extends BasicEntity
+{
+    public int $id;
+    public string $name;
+    public float $price;
+    public \DateTime $createdAt;
+    public ?\DateTime $updatedAt = null;
+    public ?\DateTime $deletedAt = null;
+
+    public static function from(Product $product): self
+    {
+        $self = new self();
+        $self->id = $product->getId();
+        $self->name = $product->getName();
+        $self->price = $product->getPrice();
+        $self->createdAt = $product->getCreatedAt();
+        $self->updatedAt = $product->getUpdatedAt();
+        $self->deletedAt = $product->getDeletedAt();
+
+        return $self;
+    }
+
+}

app/Api/V1/Products/ProductController.php

@@ -0,0 +1,130 @@
+<?php
+
+namespace App\Api\V1\Products;
+
+use Apitte\Core\Annotation\Controller\Method;
+use Apitte\Core\Annotation\Controller\Path;
+use Apitte\Core\Annotation\Controller\RequestBody;
+use Apitte\Core\Annotation\Controller\RequestParameter;
+use Apitte\Core\Annotation\Controller\Response;
+use Apitte\Core\Annotation\Controller\Tag;
+use Apitte\Core\Exception\Api\ClientErrorException;
+use Apitte\Core\Exception\Api\ServerErrorException;
+use Apitte\Core\Http\ApiRequest;
+use Apitte\Core\Http\ApiResponse;
+use Apitte\Negotiation\Http\ArrayEntity;
+use App\Api\V1\BaseV1Controller;
+use App\Api\V1\Products\Models\Request\ProductNewRequest;
+use App\Api\V1\Products\Models\Request\ProductUpdateRequest;
+use App\Api\V1\Products\Models\Response\ProductResponse;
+use App\Facades\ProductFacade;
+use Nette\Http\IResponse;
+use Nette\InvalidStateException;
+
+#[Path('/product')]
+#[Tag('Product')]
+class ProductController extends BaseV1Controller
+{
+    public function __construct(protected ProductFacade $productFacade)
+    {
+    }
+
+    #[Path('/all')]
+    #[Method('GET')]
+    #[RequestParameter(name:"limit", type:"int", in:"query", required:false, description:"Data limit")]
+    #[RequestParameter(name:"offset", type:"int", in:"query", required:false, description:"Data offset")]
+    #[Response(description: "Success", code: "200", entity: ProductResponse::class)]
+    #[Response(description: "Not found", code: "404")]
+    public function getAllProducts(ApiRequest $request, ApiResponse $response): ApiResponse
+    {
+        $limit = $request->getParameter('limit', 10);
+        $offset = $request->getParameter('offset', 0);
+        return $response->withStatus(ApiResponse::S200_OK)
+            ->withEntity(ArrayEntity::from($this->productFacade->getAllProducts(limit: $limit, offset: $offset)));
+    }
+
+    #[Path('/one')]
+    #[Method('GET')]
+    #[RequestParameter(name: "id", type: "int", in: "query", description: "Product ID")]
+    #[Response(description: "Success", code: "200", entity: ProductResponse::class)]
+    #[Response(description: "Not found", code: "404")]
+    public function getOneProduct(ApiRequest $request, ApiResponse $response): ApiResponse
+    {
+        try {
+            $id = self::toInt($request->getParameter('id'));
+            return $response->withStatus(ApiResponse::S200_OK)
+                ->withEntity(ArrayEntity::from([$this->productFacade->getProductById($id)]));
+        } catch (\Throwable $ex) {
+            throw ClientErrorException::create()
+                ->withMessage('Product not found')
+                ->withCode(IResponse::S404_NotFound);
+        }
+    }
+
+    #[Path('/new')]
+    #[Method('POST')]
+    #[Response(description: "Successfully created", code: "201")]
+    #[Response(description: "Failed to create", code: "404")]
+    #[RequestBody('Create new product by structure', ProductNewRequest::class)]
+    public function createProduct(ApiRequest $request, ApiResponse $response): ApiResponse
+    {
+        /** @var ProductNewRequest $entity */
+        $entity = $request->getEntity();
+        try {
+            return $response->withStatus(IResponse::S201_Created)
+                ->withEntity(ArrayEntity::from([$this->productFacade->createNewProductFromRequest($entity)]))
+                ->withHeader('Content-Type', 'application/json');
+        } catch (\Throwable $e) {
+            throw ServerErrorException::create()
+                ->withMessage('Cannot create the product')
+                ->withPrevious($e);
+        }
+    }
+
+    #[Path('/update')]
+    #[Method('PUT')]
+    #[Response(description: "Successfully updated", code: "201")]
+    #[Response(description: "Failed to update", code: "404")]
+    #[RequestBody('Update product by structure', ProductUpdateRequest::class)]
+    public function updateProductById(ApiRequest $request, ApiResponse $response): ApiResponse
+    {
+        /** @var ProductUpdateRequest $entity */
+        $entity = $request->getEntity();
+        try {
+            return $response->withStatus(IResponse::S201_Created)
+                ->withEntity(ArrayEntity::from([$this->productFacade->updateProductByEntity($entity)]))
+                ->withHeader('Content-Type', 'application/json');
+        } catch (\Throwable $e) {
+            throw ServerErrorException::create()
+                ->withMessage('Cannot create the product')
+                ->withPrevious($e);
+        }
+    }
+
+    #[Path('/delete')]
+    #[Method('DELETE')]
+    #[RequestParameter(name: "id", type: "int", in: "query", description: "Product ID")]
+    #[Response(description: "Success", code: "200", entity: ProductResponse::class)]
+    #[Response(description: "Not found", code: "404")]
+    public function deleteProductById(ApiRequest $request, ApiResponse $response): ApiResponse
+    {
+        $id = self::toInt($request->getParameter('id'));
+        try {
+            return $response->withStatus(ApiResponse::S200_OK)
+                ->withEntity(ArrayEntity::from([$this->productFacade->deleteProductById($id)]));
+        } catch (\Throwable $ex) {
+            throw ClientErrorException::create()
+                ->withMessage('Product not found')
+                ->withCode(IResponse::S404_NotFound);
+        }
+    }
+
+    private static function toInt(mixed $value): int
+    {
+        if (is_string($value) || is_int($value) || is_float($value)) {
+            return (int)$value;
+        }
+
+        throw new InvalidStateException('Cannot cast to integer');
+    }
+}