-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapi_controller.cpp
More file actions
130 lines (111 loc) · 4.97 KB
/
api_controller.cpp
File metadata and controls
130 lines (111 loc) · 4.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#include "api_controller.h"
#include <QDebug>
#include <QHttpServerResponder>
#include <QJsonArray>
#include <QJsonDocument>
#include <QJsonObject>
ApiController::ApiController(QObject *parent) : QObject(parent) {}
void ApiController::registerRoutes(QHttpServer &server) {
server.route("/register", QHttpServerRequest::Method::Post,
[this](const QHttpServerRequest &request,
QHttpServerResponder &responder) {
handleRegisterUser(request, responder);
});
server.route("/login", QHttpServerRequest::Method::Post,
[this](const QHttpServerRequest &request,
QHttpServerResponder &responder) {
handleLoginUser(request, responder);
});
// Example of a protected route
server.route(
"/protected", QHttpServerRequest::Method::Get,
[this](const QHttpServerRequest &request,
QHttpServerResponder &responder) {
QString userEmail;
if (!verifyToken(request, userEmail)) {
responder.write(QByteArray("Unauthorized"), "text/plain",
QHttpServerResponder::StatusCode::Unauthorized);
return;
}
responder.write(QByteArray("Welcome, " + userEmail.toUtf8()),
"text/plain", QHttpServerResponder::StatusCode::Ok);
});
}
void ApiController::handleRegisterUser(const QHttpServerRequest &request,
QHttpServerResponder &responder) {
const auto payload = request.body();
QJsonDocument jsonDoc = QJsonDocument::fromJson(payload);
if (!jsonDoc.isObject()) {
responder.write(QByteArray("Invalid JSON payload."), "text/plain",
QHttpServerResponder::StatusCode::BadRequest);
return;
}
QJsonObject jsonObj = jsonDoc.object();
QString name = jsonObj.value("name").toString();
QString email = jsonObj.value("email").toString();
QString password = jsonObj.value("password").toString();
QString role = jsonObj.value("role").toString();
QString phoneNumber = jsonObj.value("phone_number").toString();
QString homeAddress = jsonObj.value("home_address").toString();
QString dateOfBirth = jsonObj.value("date_of_birth").toString();
bool isActive = jsonObj.value("is_active").toBool();
QJsonArray specialtiesArray = jsonObj.value("specialties").toArray();
QStringList specialties;
for (const auto &specialty : specialtiesArray) {
specialties.append(specialty.toString());
}
qDebug() << "Registering user:" << name << email << password << role
<< phoneNumber << homeAddress << dateOfBirth << isActive
<< specialties;
responder.write(QByteArray("User registered successfully."), "text/plain",
QHttpServerResponder::StatusCode::Ok);
}
void ApiController::handleLoginUser(const QHttpServerRequest &request,
QHttpServerResponder &responder) {
const auto payload = request.body();
QJsonDocument jsonDoc = QJsonDocument::fromJson(payload);
if (!jsonDoc.isObject()) {
responder.write(QByteArray("Invalid JSON payload."), "text/plain",
QHttpServerResponder::StatusCode::BadRequest);
return;
}
QJsonObject jsonObj = jsonDoc.object();
QString email = jsonObj.value("email").toString();
QString password = jsonObj.value("password").toString();
// For demonstration purposes, we'll simply check if the email is
// "user@example.com" and the password is "password"
if (email == "user@example.com" && password == "password") {
qDebug() << "User logged in:" << email;
// Generate a simple token (e.g., a JWT would be more secure)
QString token = "simple_token_for_" + email;
QJsonObject responseObj;
responseObj["token"] = token;
responder.write(QJsonDocument(responseObj).toJson(), "application/json",
QHttpServerResponder::StatusCode::Ok);
} else {
responder.write(QByteArray("Invalid email or password."), "text/plain",
QHttpServerResponder::StatusCode::Unauthorized);
}
}
bool ApiController::verifyToken(const QHttpServerRequest &request,
QString &userEmail) {
// Step 1: Check if the Authorization header exists
if (!request.headers().contains("Authorization")) {
qWarning() << "Authorization header is missing";
return false;
}
// Step 2: Get the Authorization header value as QByteArrayView
const QByteArrayView authHeaderValueView =
request.headers().value("Authorization");
// Step 3: Convert QByteArrayView to QString
const QString authHeaderValue =
QString::fromUtf8(authHeaderValueView.data(), authHeaderValueView.size());
// Step 4: Check if the Authorization header starts with "Bearer "
if (!authHeaderValue.startsWith("Bearer ")) {
qWarning() << "Invalid Authorization header format";
return false;
}
// Step 5: Extract the token from the Authorization header
const QString token = authHeaderValue.mid(7); // Remove "Bearer " prefix
return true;
}