create-berna-stencil 1.0.44 → 1.0.46
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.eleventy.js +1 -1
- package/package.json +1 -1
- package/src/backend/_core/index.php +7 -11
- package/src/backend/api/protected/auth-system.php +5 -1
- package/src/backend/api/protected/{example-protected.php → subfolder/example-protected.php} +5 -1
- package/src/backend/api/public/auth/login.php +5 -1
- package/src/backend/api/public/auth/register.php +6 -1
- package/src/backend/api/public/example-public.php +5 -1
- package/src/backend/config.example.php +8 -2
- package/src/backend/config.php +8 -2
- package/src/backend/web.config +0 -3
- package/src/frontend/.htaccess +1 -6
- package/src/frontend/web.config +3 -3
package/.eleventy.js
CHANGED
|
@@ -33,7 +33,7 @@ module.exports = function (eleventyConfig) {
|
|
|
33
33
|
outdir: `${OUTPUT_DIR}/js/pages`,
|
|
34
34
|
minify: true,
|
|
35
35
|
});
|
|
36
|
-
copyRecursiveSync("src/backend", `${OUTPUT_DIR}/
|
|
36
|
+
copyRecursiveSync("src/backend", `${OUTPUT_DIR}/backend`);
|
|
37
37
|
});
|
|
38
38
|
|
|
39
39
|
// =====================================================
|
package/package.json
CHANGED
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
declare(strict_types=1);
|
|
4
4
|
|
|
5
5
|
define('CORE_ACCESS', true);
|
|
6
|
+
define('CORE_PATH', __DIR__);
|
|
6
7
|
|
|
7
8
|
/**
|
|
8
9
|
* Load dependencies and initial configuration.
|
|
@@ -87,15 +88,7 @@ if (!$endpointFile) {
|
|
|
87
88
|
header('Content-Type: application/json; charset=UTF-8');
|
|
88
89
|
header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS');
|
|
89
90
|
header('Access-Control-Allow-Headers: Content-Type, X-Api-Key');
|
|
90
|
-
|
|
91
|
-
$allowedOrigins = array_filter(array_map('trim', explode(',', $config['CORS_ALLOWED_ORIGINS'] ?? '')));
|
|
92
|
-
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
|
|
93
|
-
|
|
94
|
-
if (in_array($origin, $allowedOrigins, true) || in_array('*', $allowedOrigins, true)) {
|
|
95
|
-
header("Access-Control-Allow-Origin: $origin");
|
|
96
|
-
} else {
|
|
97
|
-
header("Access-Control-Allow-Origin: " . ($allowedOrigins[0] ?? ''));
|
|
98
|
-
}
|
|
91
|
+
header('Access-Control-Allow-Origin: *');
|
|
99
92
|
|
|
100
93
|
if ($method === 'OPTIONS') {
|
|
101
94
|
http_response_code(204);
|
|
@@ -107,8 +100,11 @@ if ($method === 'OPTIONS') {
|
|
|
107
100
|
// =====================================================
|
|
108
101
|
|
|
109
102
|
if ($isProtected) {
|
|
110
|
-
$
|
|
111
|
-
$
|
|
103
|
+
$relPath = str_replace($baseProtected, '', $endpointFile);
|
|
104
|
+
$relPath = str_replace('.php', '', str_replace('\\', '/', $relPath));
|
|
105
|
+
|
|
106
|
+
$validKey = $config['ENDPOINT_KEYS'][$relPath] ?? $config['API_KEY'] ?? '';
|
|
107
|
+
$apiKey = $_SERVER['HTTP_X_API_KEY'] ?? '';
|
|
112
108
|
|
|
113
109
|
if ($validKey === '' || $apiKey !== $validKey) {
|
|
114
110
|
Response::error('Unauthorized. X_API_KEY is incorrect or missing', 401);
|
|
@@ -3,9 +3,13 @@ declare(strict_types=1);
|
|
|
3
3
|
|
|
4
4
|
|
|
5
5
|
// 2. Richiamo il tuo modulo Response e il Modello
|
|
6
|
-
require_once
|
|
6
|
+
require_once CORE_PATH . '/modules/Response.php';
|
|
7
7
|
require_once __DIR__ . '/../../database/models/User.php';
|
|
8
8
|
|
|
9
|
+
//
|
|
10
|
+
// Your protected endpoint logic here. You can access route parameters in $requestParams array
|
|
11
|
+
//
|
|
12
|
+
|
|
9
13
|
$user = new User();
|
|
10
14
|
$id = isset($requestParams[0]) ? (int)$requestParams[0] : null;
|
|
11
15
|
$input = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
@@ -1,12 +1,16 @@
|
|
|
1
1
|
<?php
|
|
2
2
|
declare(strict_types=1);
|
|
3
3
|
|
|
4
|
-
require_once
|
|
4
|
+
require_once CORE_PATH . '/modules/Response.php';
|
|
5
5
|
|
|
6
6
|
if ($method !== 'GET') {
|
|
7
7
|
Response::error('Method not allowed', 405);
|
|
8
8
|
}
|
|
9
9
|
|
|
10
|
+
//
|
|
11
|
+
// Your protected endpoint logic here. You can access route parameters in $requestParams array
|
|
12
|
+
//
|
|
13
|
+
|
|
10
14
|
Response::success([
|
|
11
15
|
'message' => 'Protected endpoint is working',
|
|
12
16
|
'params' => $requestParams,
|
|
@@ -1,13 +1,17 @@
|
|
|
1
1
|
<?php
|
|
2
2
|
declare(strict_types=1);
|
|
3
3
|
|
|
4
|
-
require_once
|
|
4
|
+
require_once CORE_PATH . '/modules/Response.php';
|
|
5
5
|
require_once __DIR__ . '/../../../database/models/User.php';
|
|
6
6
|
|
|
7
7
|
if ($method !== 'POST') {
|
|
8
8
|
Response::error('Method not allowed', 405);
|
|
9
9
|
}
|
|
10
10
|
|
|
11
|
+
//
|
|
12
|
+
// Your protected endpoint logic here. You can access route parameters in $requestParams array
|
|
13
|
+
//
|
|
14
|
+
|
|
11
15
|
$input = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
12
16
|
|
|
13
17
|
$email = trim(filter_var($input['email'] ?? '', FILTER_SANITIZE_EMAIL));
|
|
@@ -1,13 +1,18 @@
|
|
|
1
1
|
<?php
|
|
2
2
|
declare(strict_types=1);
|
|
3
3
|
|
|
4
|
-
require_once
|
|
4
|
+
require_once CORE_PATH . '/modules/Response.php';
|
|
5
5
|
require_once __DIR__ . '/../../../database/models/User.php';
|
|
6
6
|
|
|
7
7
|
if ($method !== 'POST') {
|
|
8
8
|
Response::error('Method not allowed', 405);
|
|
9
9
|
}
|
|
10
10
|
|
|
11
|
+
//
|
|
12
|
+
// Your protected endpoint logic here. You can access route parameters in $requestParams array
|
|
13
|
+
//
|
|
14
|
+
|
|
15
|
+
|
|
11
16
|
$input = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
12
17
|
|
|
13
18
|
$nickname = htmlspecialchars(strip_tags(trim($input['nickname'] ?? '')));
|
|
@@ -1,12 +1,16 @@
|
|
|
1
1
|
<?php
|
|
2
2
|
declare(strict_types=1);
|
|
3
3
|
|
|
4
|
-
require_once
|
|
4
|
+
require_once CORE_PATH . '/modules/Response.php';
|
|
5
5
|
|
|
6
6
|
if ($method !== 'GET') {
|
|
7
7
|
Response::error('Method not allowed', 405);
|
|
8
8
|
}
|
|
9
9
|
|
|
10
|
+
//
|
|
11
|
+
// Your protected endpoint logic here. You can access route parameters in $requestParams array
|
|
12
|
+
//
|
|
13
|
+
|
|
10
14
|
Response::success([
|
|
11
15
|
'message' => 'Public endpoint is working',
|
|
12
16
|
'params' => $requestParams,
|
|
@@ -2,9 +2,15 @@
|
|
|
2
2
|
declare(strict_types=1);
|
|
3
3
|
|
|
4
4
|
return [
|
|
5
|
-
'API_KEY' => '
|
|
6
|
-
'CORS_ALLOWED_ORIGINS' => '*',
|
|
5
|
+
'API_KEY' => 'DEFAULT_KEY', // Default key for protected endpoints that don't have a specific key in ENDPOINT_KEYS
|
|
7
6
|
|
|
7
|
+
// If you want restrict access to protected endpoints to specific clients, you can define custom keys for each endpoint
|
|
8
|
+
// For subfolder endpoints, use the relative path ('subfolder/endpoint')
|
|
9
|
+
'ENDPOINT_KEYS' => [
|
|
10
|
+
'subfolder/example-protected' => 'example-key',
|
|
11
|
+
],
|
|
12
|
+
|
|
13
|
+
// Database configuration
|
|
8
14
|
'DB_HOST' => '127.0.0.1',
|
|
9
15
|
'DB_NAME' => 'example_db',
|
|
10
16
|
'DB_USER' => 'root',
|
package/src/backend/config.php
CHANGED
|
@@ -2,9 +2,15 @@
|
|
|
2
2
|
declare(strict_types=1);
|
|
3
3
|
|
|
4
4
|
return [
|
|
5
|
-
'API_KEY' => '
|
|
6
|
-
'CORS_ALLOWED_ORIGINS' => '*',
|
|
5
|
+
'API_KEY' => 'DEFAULT_KEY', // Default key for protected endpoints that don't have a specific key in ENDPOINT_KEYS
|
|
7
6
|
|
|
7
|
+
// If you want restrict access to protected endpoints to specific clients, you can define custom keys for each endpoint
|
|
8
|
+
// For subfolder endpoints, use the relative path ('subfolder/endpoint')
|
|
9
|
+
'ENDPOINT_KEYS' => [
|
|
10
|
+
'subfolder/example-protected' => 'example-key',
|
|
11
|
+
],
|
|
12
|
+
|
|
13
|
+
// Database configuration
|
|
8
14
|
'DB_HOST' => '127.0.0.1',
|
|
9
15
|
'DB_NAME' => 'example_db',
|
|
10
16
|
'DB_USER' => 'root',
|
package/src/backend/web.config
CHANGED
|
@@ -4,14 +4,11 @@
|
|
|
4
4
|
<rewrite>
|
|
5
5
|
<rules>
|
|
6
6
|
|
|
7
|
-
<!-- 1. Permetti l'esecuzione diretta solo a index.php -->
|
|
8
7
|
<rule name="Allow API index.php" stopProcessing="true">
|
|
9
8
|
<match url="^_core/index\.php$" ignoreCase="true" />
|
|
10
9
|
<action type="None" />
|
|
11
10
|
</rule>
|
|
12
11
|
|
|
13
|
-
<!-- 2. Front Controller: Invia TUTTO il resto a index.php -->
|
|
14
|
-
<!-- Nessun controllo sull'esistenza di file o directory. -->
|
|
15
12
|
<rule name="API Endpoints Front Controller Catch-All" stopProcessing="true">
|
|
16
13
|
<match url="^(.*)$" ignoreCase="true" />
|
|
17
14
|
<action type="Rewrite" url="_core/index.php" appendQueryString="true" />
|
package/src/frontend/.htaccess
CHANGED
|
@@ -1,18 +1,13 @@
|
|
|
1
|
-
# Forza Apache a usare il file 404.html di Eleventy per ogni errore 404
|
|
2
1
|
ErrorDocument 404 /404.html
|
|
3
2
|
|
|
4
3
|
<IfModule mod_rewrite.c>
|
|
5
4
|
RewriteEngine On
|
|
6
5
|
RewriteBase /
|
|
7
6
|
|
|
8
|
-
|
|
9
|
-
# (se ne occupa l'altro .htaccess dentro /api/)
|
|
10
|
-
RewriteRule ^api/ - [L]
|
|
7
|
+
RewriteRule ^api/(.*)$ backend/_core/index.php [QSA,L]
|
|
11
8
|
|
|
12
|
-
# 2. Se il file o la cartella richiesti esistono fisicamente, servili normalmente
|
|
13
9
|
RewriteCond %{REQUEST_FILENAME} -f [OR]
|
|
14
10
|
RewriteCond %{REQUEST_FILENAME} -d
|
|
15
11
|
RewriteRule ^ - [L]
|
|
16
12
|
|
|
17
|
-
# 3. Se non esistono e non siamo in /api, Apache userà l'ErrorDocument 404 sopra
|
|
18
13
|
</IfModule>
|
package/src/frontend/web.config
CHANGED
|
@@ -16,9 +16,9 @@
|
|
|
16
16
|
|
|
17
17
|
<rewrite>
|
|
18
18
|
<rules>
|
|
19
|
-
<rule name="
|
|
20
|
-
<match url="^api(
|
|
21
|
-
<action type="
|
|
19
|
+
<rule name="Pass API to Backend" stopProcessing="true">
|
|
20
|
+
<match url="^api/(.*)$" ignoreCase="true" />
|
|
21
|
+
<action type="Rewrite" url="backend/{R:1}" />
|
|
22
22
|
</rule>
|
|
23
23
|
</rules>
|
|
24
24
|
</rewrite>
|