RESTful API proof of concept to manage customers and users with JWT.

Based on: PHP 7, Slim 4, MySQL, PHPUnit, OpenSSL.

Made with slim4.

![Software License][ico-license]

• PHP 7.2+.
• Composer.
• MySQL/MariaDB.
• OpenSSL

Create a new project:

$ composer create-project r3md3v/slim4api [my-api-name]
$ cd [my-api-name]
$ composer test
$ composer start

Generate private key and public keys with these commands:

$gen_cert.sh
$gen_jwt_key.sh

or

openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Create a new DB and execute db.sql to create 5 tables users customers logins loginlog logtoken (automatic for docker).

Configure error reporting for development or production (below is production):

error_reporting(0);
ini_set('display_errors', '0');
$display_error_details = false;

Configure MySQL connection:

$settings['db'] = [
	'driver' => 'mysql',
	'host' => 'yourMySqlHost',
	'database' => 'yourMySqlDatabase',
	'username' => 'yourMySqlUsername',
	'password' => 'yourMySqlPassword',

Specify redirection if other than 8080:

$settings['redirection'] = [
    'port' => 8080,
    'servername' => 'localhost',
];

Configure JWT:

• Change issuer, lifetime;
• Copy content of private and public keys generated previously;
• Enable/Disable log of logins and tokens;
• Specify Token log retention.

$settings['jwt'] = [
    // The issuer name
    'issuer' => 'www.slim4api.com',
    // Max lifetime in seconds
    'lifetime' => 14400, // 14400 seconds = 4 hours (86400 = 24 hours)
    // Log logins & tokens
    'loglogins' => true, // true or false
    'logtokens' => true, // true or false (to keep stateless)
    // Token log cleanup
    'retention' => 60 * 60 * 24 * 30, // 30 days
    // The private key
    'private_key' => '-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----',
    // The public key
    'public_key' => '-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----',
];

• For POC purpose, users customers loglogins and logtokens tables have 5 lines
• Run these commands as many times a needed, to populate 500 additionnal lines of data thanks to great faker:

$ composer fakercu (customers and users tables)
$ composer fakerlg (loglogins and logtokens tables)

By design, HTTP traffic is redirected to HTTPS tanks to HttpsMiddleware enabled in config/middleware.php:

$app->add(HttpsMiddleware::class);

• For basic app: slim/slim slim/psr7 selective/basepath slim/monolog php-di/php-di
• For Swagger: doctrine/annotations slim/twig-view symfony/yaml
• For JWT: lcobucci/jwt symfony/polyfill-uuid cakephp/chronos

• phpunit/phpunit fzaninotto/faker

• Status: GET / or GET /status

• Hello World: GET /hello
• Hello Name: GET /hello/{name}

• SwaggerUI: GET /docs/v1 (targeting slim4api.yaml and previously petstore.yaml v3)

• Get customer by id: GET /customers/id/{id}
• Delete customer by id: DELETE /customers/id/{id}
• Create customer with data: POST /customers cusname,address,city,phone,email
• Update customer with data: PUT /customers/id/{id} cusname,address,city,phone,email
• List of customers: GET /customers
  • option page = startpage (default 1)
  • option size = page size (default 50)
• Search customer: GET /customers/search/{keyword}
  • option page+size
  • option in = field number where keyword is searched (default 1 / all fields if not set)

• Get user by id: GET /users/id/{id}
• Delete user by id: DELETE /users/id/{id}
• Create user with data: POST /users username,password,firstname,lastname,email,profile
• Update user with data: PUT /users/id/{id} username,password,firstname,lastname,email,profile
• List of users: GET /users
  • option page = startpage (default 1)
  • option size = page size (default 50)
• Search user: GET /users/search/{keyword}?page=1&size=50&in=2
  • option page+size
  • option in = field number where keyword is searched (default 1 / all fields if not set)

• Create token: POST /tokens username or email/password
• Delete token: GET /logout
• Cleanup logins+token: GET /cleanup

• createUserForm.php = CRUD call to API for actions Create/Read/Update/Delete (PHP curl required)
• createCustomerForm.php = CRUD call to API for actions Create/Read/Update/Delete (PHP curl required)
• login.php = triggers /users endpoint
• checkJWTForm.php = gives detail about a JSON Web Token
• hashPWDForm.php = returns a BCRYPT hashed version of a string

• Access to endpoint /users is protected by JWT and requires issuance of a token via endpoint /tokens or form login.php.
• Each login attempt is recorded in table loglogins and each token issued is recorded table logtokens

#info create containers

• https://vonkrafft.fr/console/simple-site-php-avec-docker-nginx/
• https://dev.to/martinpham/symfony-5-development-with-docker-4hj8

docker-compose up -d 

##start db + php + app

docker-compose -f docker-compose-nginx.yml up -d mysql php-fpm
docker-compose -f docker-compose-nginx.yml up -d my_app
docker-compose -f docker-compose-nginx.yml logs -f

• dkr_reload_nginx.sh:

docker-compose -f docker-compose-nginx.yml exec my_app nginx -s reload

• dkr_faker.sh:

docker-compose -f docker-compose-nginx.yml exec php-fpm php faker_customers.php
docker-compose -f docker-compose-nginx.yml exec php-fpm php faker_users.php

Have fun!