Files
drivetimeplaner/www/api.fahrschultermin.de/public/index.php

223 lines
14 KiB
PHP

<?php
declare(strict_types=1);
/**
* api.fahrschultermin.de — Full API entry point
* Handles all /api/v1/* routes + CORS + Session auth
*/
const BASE_PATH = __DIR__ . '/..';
spl_autoload_register(static function (string $class): void {
$prefix = 'App\\';
if (!str_starts_with($class, $prefix)) {
return;
}
$relativeClass = substr($class, strlen($prefix));
$path = BASE_PATH . '/app/' . str_replace('\\', '/', $relativeClass) . '.php';
if (is_file($path)) {
require_once $path;
}
});
$config = require BASE_PATH . '/config/app.php';
date_default_timezone_set('UTC');
session_name($config['session_name']);
// ── CORS ──────────────────────────────────────────────────────────────────────
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
$allowed = $config['cors_allowed_origins'] ?? [];
$isAllowed = in_array($origin, $allowed, true);
header('Access-Control-Allow-Origin: ' . ($isAllowed ? $origin : ''), true);
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Methods: GET, POST, PATCH, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
header('Access-Control-Max-Age: 86400');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(204);
exit;
}
// ── Session ───────────────────────────────────────────────────────────────────
$sessionPath = $config['session_path'] ?? BASE_PATH . '/storage/sessions';
if (!is_dir($sessionPath)) {
mkdir($sessionPath, 0775, true);
}
session_save_path($sessionPath);
$isHttps = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off';
$sameSite = $isHttps ? 'None' : 'Lax';
session_set_cookie_params([
'lifetime' => 0,
'path' => '/',
'domain' => $config['session_domain'] ?? '',
'secure' => $isHttps,
'httponly' => true,
'samesite' => $sameSite,
]);
session_start();
// ── Database ───────────────────────────────────────────────────────────────────
\App\Support\Database::configure($config);
// ── Router ─────────────────────────────────────────────────────────────────────
use App\Http\Controllers\AppointmentsController;
use App\Http\Controllers\AuthController;
use App\Http\Controllers\BootstrapController;
use App\Http\Controllers\InstructorsController;
use App\Http\Controllers\ReferenceDataController;
use App\Http\Controllers\StudentsController;
use App\Http\Controllers\TenantsController;
use App\Http\Controllers\UsersController;
use App\Http\Controllers\WorkTimesheetController;
use App\Http\Controllers\StudentAuthController;
use App\Http\Controllers\StudentController;
use App\Http\Controllers\InstructorController;
use App\Http\Controllers\TenantController;
use App\Support\Request;
use App\Support\Router;
$request = new Request();
$router = new Router($request);
$path = $request->path();
// ── API Routes ─────────────────────────────────────────────────────────────────
if (str_starts_with($path, '/api/v1')) {
$auth = new AuthController();
$bootstrapController = new BootstrapController();
$students = new StudentsController();
$references = new ReferenceDataController();
$appointments = new AppointmentsController();
$users = new UsersController();
$tenants = new TenantsController();
$instructors = new InstructorsController();
$workTimesheet = new WorkTimesheetController();
$studentAuth = new StudentAuthController();
$student = new StudentController();
$instructorCtrl = new InstructorController();
$tenantCtrl = new TenantController();
// ── Auth (bestehend) ──────────────────────────────────────────────────────
$router->post('/api/v1/auth/login', [$auth, 'login']);
$router->post('/api/v1/auth/logout', [$auth, 'logout']);
$router->get('/api/v1/auth/me', [$auth, 'me']);
// ── Student Auth (neu) ──────────────────────────────────────────────────────
$router->post('/api/v1/auth/register-student', [$studentAuth, 'register']);
// ── Student me ─────────────────────────────────────────────────────────────
$router->get('/api/v1/student/me', [$studentAuth, 'me']);
// ── Bootstrap + Reference ──────────────────────────────────────────────────
$router->get('/api/v1/bootstrap', $bootstrapController);
$router->get('/api/v1/students', [$students, 'index']);
$router->post('/api/v1/students', [$students, 'store']);
$router->patch('/api/v1/students/{id}/training', [$students, 'updateTraining']);
$router->patch('/api/v1/students/{id}', [$students, 'update']);
$router->delete('/api/v1/students/{id}', [$students, 'destroy']);
$router->get('/api/v1/lesson-types', [$references, 'lessonTypes']);
$router->post('/api/v1/lesson-types', [$references, 'storeLessonType']);
$router->post('/api/v1/lesson-types/reorder', [$references, 'reorderLessonTypes']);
$router->patch('/api/v1/lesson-types/{id}', [$references, 'updateLessonType']);
$router->delete('/api/v1/lesson-types/{id}', [$references, 'destroyLessonType']);
$router->post('/api/v1/lesson-types/visibility', [$references, 'updateLessonTypeMatrix']);
$router->get('/api/v1/license-class-templates', [$references, 'templates']);
$router->post('/api/v1/license-class-templates', [$references, 'storeTemplate']);
$router->patch('/api/v1/license-class-templates/{id}', [$references, 'updateTemplate']);
// ── Instructors ────────────────────────────────────────────────────────────
$router->get('/api/v1/instructors', [$instructors, 'index']);
$router->post('/api/v1/instructors', [$instructors, 'store']);
$router->patch('/api/v1/instructors/{id}', [$instructors, 'update']);
// ── Instructor Settings (neu) ───────────────────────────────────────────────
$router->get('/api/v1/instructors/{id}/availability', [$instructorCtrl, 'availability']);
$router->put('/api/v1/instructors/{id}/availability', [$instructorCtrl, 'availabilityUpdate']);
$router->get('/api/v1/instructors/{id}/booking-settings', [$instructorCtrl, 'bookingSettings']);
$router->patch('/api/v1/instructors/{id}/booking-settings', [$instructorCtrl, 'bookingSettingsUpdate']);
// ── Instructor Vacations ───────────────────────────────────────────────────
$router->get('/api/v1/instructors/{id}/vacations', [$instructorCtrl, 'vacations']);
$router->post('/api/v1/instructors/{id}/vacations', [$instructorCtrl, 'vacationsCreate']);
$router->delete('/api/v1/instructors/{id}/vacations/{vacation_id}', [$instructorCtrl, 'vacationsDelete']);
// ── Instructor Private Appointments ────────────────────────────────────────
$router->get('/api/v1/instructors/{id}/private-appointments', [$instructorCtrl, 'privateAppointments']);
$router->post('/api/v1/instructors/{id}/private-appointments', [$instructorCtrl, 'privateAppointmentsCreate']);
$router->delete('/api/v1/instructors/{id}/private-appointments/{priv_id}', [$instructorCtrl, 'privateAppointmentsDelete']);
// ── Instructor Multi-Tenant ─────────────────────────────────────────────────
$router->get('/api/v1/instructors/{id}/tenants', [$instructorCtrl, 'tenants']);
$router->post('/api/v1/instructors/{id}/tenants', [$instructorCtrl, 'tenantsAdd']);
$router->delete('/api/v1/instructors/{id}/tenants/{tenant_id}', [$instructorCtrl, 'tenantsRemove']);
$router->get('/api/v1/instructors/{id}/travel-times', [$instructorCtrl, 'travelTimes']);
$router->post('/api/v1/instructors/{id}/travel-times', [$instructorCtrl, 'travelTimesUpsert']);
$router->delete('/api/v1/instructors/{id}/travel-times/{tt_id}', [$instructorCtrl, 'travelTimesDelete']);
$router->get('/api/v1/instructors/{id}/home-to-tenant', [$instructorCtrl, 'homeToTenant']);
$router->post('/api/v1/instructors/{id}/home-to-tenant', [$instructorCtrl, 'homeToTenantUpsert']);
$router->delete('/api/v1/instructors/{id}/home-to-tenant/{ht_id}', [$instructorCtrl, 'homeToTenantDelete']);
// ── Instructor Break Rules ─────────────────────────────────────────────────
$router->get('/api/v1/instructors/{id}/break-rules', [$instructorCtrl, 'breakRules']);
$router->post('/api/v1/instructors/{id}/break-rules', [$instructorCtrl, 'breakRulesCreate']);
$router->put('/api/v1/instructors/{id}/break-rules/{rule_id}', [$instructorCtrl, 'breakRulesUpdate']);
$router->patch('/api/v1/instructors/{id}/break-rules/{rule_id}/toggle', [$instructorCtrl, 'breakRulesToggle']);
$router->delete('/api/v1/instructors/{id}/break-rules/{rule_id}', [$instructorCtrl, 'breakRulesDelete']);
// ── Instructor Appointment Requests ─────────────────────────────────────────
$router->get('/api/v1/instructor/appointment-requests', [$instructorCtrl, 'appointmentRequests']);
$router->patch('/api/v1/instructor/appointment-requests/{id}/respond', [$instructorCtrl, 'appointmentRequestsRespond']);
// ── Users ───────────────────────────────────────────────────────────────────
$router->get('/api/v1/users', [$users, 'index']);
$router->post('/api/v1/users', [$users, 'store']);
$router->patch('/api/v1/users/{id}', [$users, 'update']);
// ── Tenants ────────────────────────────────────────────────────────────────
$router->get('/api/v1/tenants', [$tenants, 'index']);
$router->post('/api/v1/tenants', [$tenants, 'store']);
$router->patch('/api/v1/tenants/{id}', [$tenants, 'update']);
$router->patch('/api/v1/tenant/profile', [$tenants, 'updateOwn']);
// ── Tenant Admin (neu) ─────────────────────────────────────────────────────
$router->get('/api/v1/tenant/pending-registrations', [$tenantCtrl, 'pendingRegistrations']);
$router->patch('/api/v1/tenant/student-tenants/{id}/confirm', [$tenantCtrl, 'confirmStudentTenant']);
$router->get('/api/v1/tenant/registration-code', [$tenantCtrl, 'getRegistrationCode']);
$router->put('/api/v1/tenant/registration-code', [$tenantCtrl, 'updateRegistrationCode']);
$router->patch('/api/v1/tenant/cancellation-settings', [$tenantCtrl, 'cancellationSettings']);
// ── Student Portal (neu) ──────────────────────────────────────────────────
$router->get('/api/v1/student/instructors', [$student, 'instructors']);
$router->get('/api/v1/student/instructors/{id}/slots', [$student, 'instructorSlots']);
$router->post('/api/v1/student/appointment-requests', [$student, 'createAppointmentRequest']);
$router->get('/api/v1/student/appointment-requests', [$student, 'appointmentRequests']);
$router->post('/api/v1/student/add-tenant', [$student, 'addTenant']);
// ── Appointments ──────────────────────────────────────────────────────────
$router->get('/api/v1/appointments', [$appointments, 'index']);
$router->post('/api/v1/appointments/validate', [$appointments, 'validate']);
$router->post('/api/v1/appointments', [$appointments, 'store']);
$router->patch('/api/v1/appointments/{id}', [$appointments, 'update']);
$router->delete('/api/v1/appointments/{id}', [$appointments, 'destroy']);
// ── Reports ───────────────────────────────────────────────────────────────
$router->get('/api/v1/reports/work-timesheet', [$workTimesheet, 'index']);
$router->dispatch();
exit;
}
// ── 404 ────────────────────────────────────────────────────────────────────────
http_response_code(404);
header('Content-Type: application/json');
echo json_encode(['message' => 'Not Found']);