Skip to content

Commit bc251e9

Browse files
vsergionevsergione
committed
some fixes
- replace Basic Auth with JWT - add local apiator copy - redo the frontend to take advantage of apiator
1 parent 63668ad commit bc251e9

File tree

6 files changed

+3813
-501
lines changed

6 files changed

+3813
-501
lines changed

README.md

Lines changed: 99 additions & 67 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ A RESTful API for managing CSV files with JSON:API specification compliance. Thi
44

55
## Features
66

7-
- Basic Authentication
7+
- JWT Authentication
88
- JSON:API specification compliance
99
- File operations (list, upload, delete)
1010
- Record operations (CRUD)
@@ -35,9 +35,10 @@ A RESTful API for managing CSV files with JSON:API specification compliance. Thi
3535
chmod 777 data
3636
```
3737

38-
3. Update the constant `csv_api.php` storing the path to the data directory.
38+
3. Update the constants in `api.php`:
3939

4040
```php
41+
define('JWT_SECRET', 'your-secure-secret-key'); // Change this to a secure secret
4142
define('DATA_DIR', __DIR__.'/data');
4243
```
4344

@@ -50,27 +51,82 @@ A RESTful API for managing CSV files with JSON:API specification compliance. Thi
5051

5152
## Authentication
5253

53-
The API uses Basic Authentication. Default credentials:
54+
The API uses JWT (JSON Web Token) authentication. Default credentials:
5455

5556
- Username: `admin`
5657
- Password: `secret123`
5758

58-
To change the credentials, modify the constants in `csv_api.php`:
59+
### Login Endpoint
60+
61+
To authenticate, make a POST request to the login endpoint:
62+
63+
```http
64+
POST /api/auth/login
65+
Content-Type: application/json
66+
67+
{
68+
"username": "admin",
69+
"password": "secret123"
70+
}
71+
```
72+
73+
Response:
74+
75+
```json
76+
{
77+
"data": {
78+
"type": "auth_token",
79+
"id": "login",
80+
"attributes": {
81+
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
82+
"expires_in": 3600,
83+
"token_type": "Bearer"
84+
}
85+
}
86+
}
87+
```
88+
89+
### Using the Token
90+
91+
Include the JWT token in the Authorization header for all subsequent requests:
92+
93+
```http
94+
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...
95+
```
96+
97+
### Security Configuration
98+
99+
To change the credentials and security settings, modify the constants in `api.php`:
59100

60101
```php
61-
define('AUTH_USERNAME', 'your_username');
62-
define('AUTH_PASSWORD', 'your_password');
63-
define('DATA_DIR', __DIR__.'/data');
102+
// JWT Configuration
103+
define('JWT_SECRET', 'your-secure-secret-key'); // Use a strong, random secret
104+
define('JWT_ALGORITHM', 'HS256');
105+
define('JWT_EXPIRY', 3600); // Token expiry in seconds
106+
107+
// User credentials (in production, use a database)
108+
$validUsers = [
109+
'admin' => password_hash('your_password', PASSWORD_DEFAULT)
110+
];
64111
```
65112

66113
## API Endpoints
67114

115+
### Authentication
116+
117+
#### Login
118+
119+
```http
120+
POST /api/auth/login
121+
```
122+
68123
### File Management
69124

70125
#### List Files
71126

72127
```http
73128
GET /api/csv
129+
Authorization: Bearer <token>
74130
```
75131

76132
Response:
@@ -98,6 +154,7 @@ Response:
98154

99155
```http
100156
POST /api/csv
157+
Authorization: Bearer <token>
101158
Content-Type: multipart/form-data
102159
103160
file: <csv_file>
@@ -123,16 +180,23 @@ Response:
123180

124181
```http
125182
DELETE /api/csv/{filename}
183+
Authorization: Bearer <token>
126184
```
127185

128-
Response: 204 No Content
186+
### Record Operations
129187

130-
### Record Management
188+
#### Get All Records
131189

132-
#### List Records
190+
```http
191+
GET /api/csv/{filename}
192+
Authorization: Bearer <token>
193+
```
194+
195+
With pagination:
133196

134197
```http
135198
GET /api/csv/{filename}?page[offset]=0&page[limit]=10
199+
Authorization: Bearer <token>
136200
```
137201

138202
Response:
@@ -151,7 +215,11 @@ Response:
151215
}
152216
],
153217
"meta": {
154-
"total": 1
218+
"total": 1,
219+
"page": {
220+
"offset": 0,
221+
"limit": 10
222+
}
155223
}
156224
}
157225
```
@@ -160,47 +228,32 @@ Response:
160228

161229
```http
162230
GET /api/csv/{filename}/{id}
163-
```
164-
165-
Response:
166-
167-
```json
168-
{
169-
"data": {
170-
"type": "example",
171-
"id": "0",
172-
"attributes": {
173-
"id": "1",
174-
"name": "John Doe",
175-
"email": "john@example.com"
176-
}
177-
}
178-
}
231+
Authorization: Bearer <token>
179232
```
180233

181234
#### Create Record
182235

183236
```http
184237
POST /api/csv/{filename}
238+
Authorization: Bearer <token>
185239
Content-Type: application/vnd.api+json
186240
187241
{
188242
"data": {
189243
"attributes": {
190-
"id": "2",
191-
"name": "Jane Smith",
192-
"email": "jane@example.com"
244+
"id": "3",
245+
"name": "Bob Wilson",
246+
"email": "bob@example.com"
193247
}
194248
}
195249
}
196250
```
197251

198-
Response: 201 Created
199-
200252
#### Update Record
201253

202254
```http
203255
PUT /api/csv/{filename}/{id}
256+
Authorization: Bearer <token>
204257
Content-Type: application/vnd.api+json
205258
206259
{
@@ -214,49 +267,25 @@ Content-Type: application/vnd.api+json
214267
}
215268
```
216269

217-
Response: 200 OK
218-
219270
#### Delete Record
220271

221272
```http
222273
DELETE /api/csv/{filename}/{id}
274+
Authorization: Bearer <token>
223275
```
224276

225-
Response: 204 No Content
226-
227-
### Search and Structure
228-
229277
#### Search Records
230278

231279
```http
232-
GET /api/csv/{filename}/search?name=John&exact=true&page[offset]=0&page[limit]=10
233-
```
234-
235-
Response:
236-
237-
```json
238-
{
239-
"data": [
240-
{
241-
"type": "example",
242-
"id": "0",
243-
"attributes": {
244-
"id": "1",
245-
"name": "John Doe",
246-
"email": "john@example.com"
247-
}
248-
}
249-
],
250-
"meta": {
251-
"total": 1
252-
}
253-
}
280+
GET /api/csv/{filename}/search?{field}={value}&exact=true
281+
Authorization: Bearer <token>
254282
```
255283

256284
#### Get File Structure
257285

258286
```http
259287
GET /api/csv/{filename}/structure
288+
Authorization: Bearer <token>
260289
```
261290

262291
Response:
@@ -306,13 +335,14 @@ A web interface is available for managing CSV files. To use it:
306335

307336
1. Open `index.html` in a web browser
308337
2. Log in with the default credentials (admin/secret123)
309-
3. Use the interface to:
338+
3. The interface will automatically handle JWT token management
339+
4. Use the interface to:
310340
- Upload CSV files
311341
- View file contents
312342
- Edit records
313343
- Delete files and records
314344
- Search records
315-
4. Double click on the row to open the edit row dialog
345+
5. Double click on the row to open the edit row dialog
316346

317347
## Testing
318348

@@ -325,11 +355,13 @@ composer install
325355

326356
## Security Considerations
327357

328-
1. Change the default authentication credentials
329-
2. Ensure the data directory is not publicly accessible
330-
3. Validate file uploads
331-
4. Implement rate limiting in production
332-
5. Use HTTPS in production
358+
1. Change the default JWT secret to a secure, random value
359+
2. Use HTTPS in production
360+
3. Implement proper user management in production (database instead of hardcoded users)
361+
4. Consider implementing token refresh mechanisms
362+
5. Ensure the data directory is not publicly accessible
363+
6. Validate file uploads
364+
7. Implement rate limiting in production
333365

334366
## License
335367

0 commit comments

Comments
 (0)