Added custom functions, user JWT, and response allowed headers

Author: aymenBenadra

app/config/routes.php

@@ -6,34 +6,50 @@
  * ? Allowed Headers:
  * ? - Allowed origins: *
  * ? - Allowed methods: GET, POST, PUT, DELETE, OPTIONS
- * ? - Allowed headers: headerRef, Content-Type, Authorization, X-Requested-With
+ * ? - Allowed headers: Content-Type, Authorization, X-Requested-With
  * ? - Allowed credentials: true
  * ? - Max age: 86400
  * -----------------------------------------------------------------------------
  * ? Availlable Middlewares:
  * ? - Auth: check if user is logged in with "JWT" or "API KEY in Header" and has the right permissions to access the route
  * ? - Validation: Sanitize input data and check if it is valid (e.g. email, password, etc.)
  * -----------------------------------------------------------------------------
- * ? Auth MIDDLEWARE PARAMETERS:
+ * ? Auth MIDDLEWARE FLAGS:
  * ? - - guest: check if user is not logged in
  * ? - - user: check if user is logged in
  * ? - - admin: check if user is logged in and has the right permissions to access the route
- * ? - Validation MIDDLEWARE PARAMETERS:
+ * 
+ * ? Validation MIDDLEWARE PARAMETERS:
  * ? - - field1|field2|field3: List of fields to check if they are valid (e.g. email, password, etc.)
  * ? - - scope: Scope of the validation rules (e.g. all, Example1, Example2, etc.)
  * -----------------------------------------------------------------------------
  * ? Example:
+ * 
  * ? - GET ROUTE:
  * * $router->get('/', 'HomeController@index');
+ * 
  * ? - POST ROUTE:
  * * $router->post('/', 'HomeController@index');
+ * 
  * ? - PUT ROUTE:
  * * $router->put('/', 'HomeController@index');
+ * 
  * ? - DELETE ROUTE:
  * * $router->delete('/', 'HomeController@index');
+ * 
  * ? - ROUTE WITH MIDDLEWARES:
  * * $router->get('/', 'HomeController@index', ['Auth@guest', Validation@email|password|etc.@Example1']);
  * 
+ * ? - ROUTE WITH CUSTOM FUNCTION:
+ * * $router->get('/', fn($data) => {
+ * *     // Do something
+ * * });
+ * 
+ * ? - ROUTE WITH CUSTOM FUNCTION AND MIDDLEWARES:
+ * * $router->get('/', fn($data) => {
+ * *     // Do something
+ * * }, ['Auth@guest', Validation@email|password|etc.@Example1']);
+ * 
  * @package App\Config
  * @author Mohammed-Aymen Benadra
  */

app/controllers/Auth.php

@@ -65,13 +65,6 @@ public function login($data = [])
     {
         $example = $this->model('Example')->getBy('headerRef', $data['headerRef']);
 
-        if (!$example) {
-            Router::abort(404, json_encode([
-                'status' => 'error',
-                'message' => 'example not found'
-            ]));
-        }
-
         Response::send([
             'status' => 'success',
             'data' => $example
@@ -86,15 +79,6 @@ public function login($data = [])
      */
     public function registerJWT($data = [])
     {
-        $example = $this->model('Example')->getBy('username', $data['username']);
-
-        if ($example) {
-            Router::abort(400, json_encode([
-                'status' => 'error',
-                'message' => 'example already exists'
-            ]));
-        }
-
         // Hash password
         $data['password'] = password_hash($data['password'], PASSWORD_DEFAULT);
 
@@ -123,13 +107,6 @@ public function loginJWT($data = [])
     {
         $example = $this->model('Example')->getBy('username', $data['username']);
 
-        if (!$example) {
-            Router::abort(404, json_encode([
-                'status' => 'error',
-                'message' => 'example not found'
-            ]));
-        }
-
         if (!password_verify($data['password'], $example->password)) {
             Router::abort(401, json_encode([
                 'status' => 'error',
@@ -155,9 +132,8 @@ public function loginJWT($data = [])
         $jwt = JWT::encode($payload, $secret_key, "HS256");
 
         // Set expirable cookie for JWT
-        setcookie('jwt', $jwt, $expire_claim, "/", $_ENV['SERVER_ADDRESS'], false, true);
+        setcookie(name: 'jwt', value: $jwt, expires_or_options: $expire_claim, httponly: true);
 
-        Response::code();
         Response::send(
             array(
                 "message" => "Successful login.",
@@ -166,15 +142,33 @@ public function loginJWT($data = [])
         );
     }
 
+    /**
+     * Logout an User
+     * 
+     * @return void
+     */
+    public function logoutJWT()
+    {
+        setcookie(name: 'jwt', value: '', expires_or_options: time() - 3600, httponly: true);
+
+        Response::send([
+            'status' => 'Logged out successfully!'
+        ]);
+    }
+
     /**
      * Get current authenticated User
      * 
      * @return object
      */
-    public static function user()
+    public static function userJWT()
     {
         $jwt = Request::authorization();
 
+        if (!$jwt) {
+            return null;
+        }
+
         $token = JWT::decode($jwt, new Key($_ENV['JWT_SECRET_KEY'], "HS256"));
 
         return (new Example)->getBy('username', $token->sub);

core/helpers/Response.php

@@ -10,12 +10,13 @@ class Response
     public static function headers(
         $contentType = 'application/json',
         $allowOrigin = '*',
-        $allowMethods = 'GET, POST, PUT, DELETE, OPTIONS'
+        $allowMethods = 'GET, POST, PUT, DELETE, OPTIONS',
+        $allowHeaders = 'X-Requested-With, Content-Type, Authorization'
     ) {
         header('Content-Type: ' . $contentType . '; charset=UTF-8');
         header('Access-Control-Allow-Origin: ' . $allowOrigin);
         header('Access-Control-Allow-Methods: ' . $allowMethods);
-        header('Access-Control-Allow-Headers: clientRef, Content-Type, Authorization, X-Requested-With');
+        header('Access-Control-Allow-Headers: ' . $allowHeaders);
         header('Access-Control-Allow-Credentials: true');
         header('Access-Control-Max-Age: 86400');
     }