From a45580b69618b2e98cbdbb80164673d1118c5593 Mon Sep 17 00:00:00 2001 From: scriptPilot Date: Sun, 3 Mar 2024 20:34:19 +0100 Subject: [PATCH 1/4] multi tenant support by default closes #11 --- src/templates/public/api.php | 38 ++++++++++++++++++++++++------------ src/templates/schema.sql | 7 ++++--- src/templates/testdata.sql | 3 --- 3 files changed, 30 insertions(+), 18 deletions(-) diff --git a/src/templates/public/api.php b/src/templates/public/api.php index d14e7c9..85f792e 100644 --- a/src/templates/public/api.php +++ b/src/templates/public/api.php @@ -1,44 +1,58 @@ MYSQL_DATABASE === 'development', - // Database Credentials + // Credentials 'address' => MYSQL_HOST, 'database' => MYSQL_DATABASE, 'username' => MYSQL_USERNAME, 'password' => MYSQL_PASSWORD, - // Database Authentication - 'middlewares' => 'dbAuth,authorization', + // Middlewares + 'middlewares' => 'dbAuth,authorization,multiTenancy', + + // Database authentication 'dbAuth.mode' => 'optional', 'dbAuth.registerUser' => '1', + 'dbAuth.passwordLength' => '3', + + // Database Authorization 'authorization.tableHandler' => function ($operation, $tableName) { + + // No access to the users table if ($tableName === 'users') return false; + + // Access to all other tables return true; - } - + + }, + + // Multi Tenancy + 'multiTenancy.handler' => function ($operation, $tableName) { + + // For all tables, limit access to the current user + return ['userId' => $_SESSION['user']['id'] ?? 0]; + + }, + ]); // Initialization diff --git a/src/templates/schema.sql b/src/templates/schema.sql index 46c62fb..2f86c63 100644 --- a/src/templates/schema.sql +++ b/src/templates/schema.sql @@ -1,11 +1,12 @@ CREATE TABLE IF NOT EXISTS `users` ( - `id` INTEGER(4) NOT NULL PRIMARY KEY AUTO_INCREMENT, + `id` INTEGER(8) NOT NULL PRIMARY KEY AUTO_INCREMENT, `username` VARCHAR(255) NOT NULL, `password` VARCHAR(255) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; CREATE TABLE IF NOT EXISTS `tasks` ( - `id` INTEGER(4) NOT NULL PRIMARY KEY AUTO_INCREMENT, - `title` VARCHAR(255) NOT NULL, + `id` INTEGER(8) NOT NULL PRIMARY KEY AUTO_INCREMENT, + `userId` INTEGER(8) NOT NULL DEFAULT 0, + `title` VARCHAR(255) NOT NULL DEFAULT "", `done` TINYINT(1) NOT NULL DEFAULT 0 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; \ No newline at end of file diff --git a/src/templates/testdata.sql b/src/templates/testdata.sql index 7732132..4d13f7f 100644 --- a/src/templates/testdata.sql +++ b/src/templates/testdata.sql @@ -1,5 +1,2 @@ -INSERT IGNORE INTO `users` (`id`, `username`, `password`) -VALUES (1, "root", "cm9vdA=="); - INSERT IGNORE INTO `tasks` (`id`, `title`, `done`) VALUES (1, "First Task", 1), (2, "Second Task", 0), (3, "Third Task", 1); \ No newline at end of file From fa4c773df6f63c6a073254f6fee5691ded2b3b29 Mon Sep 17 00:00:00 2001 From: scriptPilot Date: Sun, 3 Mar 2024 20:34:21 +0100 Subject: [PATCH 2/4] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6c1d612..e1f5cee 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ You might be interested in a simple [Synchronization between local IndexedDB and - Run `npm run backend` to start the backend - Open the PHP server at http://localhost:8000 + - API endpoint at http://localhost:8000/api.php [.../records/tasks](http://localhost:8000/api.php/records/tasks) - Open phpMyAdmin at http://localhost:8080 - Login with username `root` and password `root` - Use the PHP CRUD API in frontend with `/api.php` From f190a7e8daf449abec4728aeb9dda7eb54df1c6a Mon Sep 17 00:00:00 2001 From: scriptPilot Date: Sun, 3 Mar 2024 20:35:21 +0100 Subject: [PATCH 3/4] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e1f5cee..f86cbdd 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,8 @@ You might be interested in a simple [Synchronization between local IndexedDB and - Run `npm run backend` to start the backend - Open the PHP server at http://localhost:8000 - - API endpoint at http://localhost:8000/api.php [.../records/tasks](http://localhost:8000/api.php/records/tasks) + - API endpoint at http://localhost:8000/api.php + - example: http://localhost:8000/api.php/records/tasks - Open phpMyAdmin at http://localhost:8080 - Login with username `root` and password `root` - Use the PHP CRUD API in frontend with `/api.php` From 9e8f9d1683643eeba7c2d12f6ba69235eab6249d Mon Sep 17 00:00:00 2001 From: scriptPilot Date: Sun, 3 Mar 2024 20:35:32 +0100 Subject: [PATCH 4/4] 1.10.0 --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index e369262..a7573ea 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "add-php-backend", - "version": "1.9.0", + "version": "1.10.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "add-php-backend", - "version": "1.9.0", + "version": "1.10.0", "license": "MIT", "dependencies": { "fs-extra": "^11.2.0", diff --git a/package.json b/package.json index 4cb8dd4..651f1e5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "add-php-backend", - "version": "1.9.0", + "version": "1.10.0", "description": "", "main": "src/index.js", "bin": "src/index.js",