From 707a8c191df572171cc22d07dd6db72754afc772 Mon Sep 17 00:00:00 2001
From: Andrew Forward <aforward@gmail.com>
Date: Sun, 22 Mar 2020 18:26:34 -0400
Subject: [PATCH 1/6] Add a clients table

---
 README.md                                     | 37 +++++++++++++++++--
 .../20200322173700-create-clients.sql         | 14 +++++++
 db/schema.sql                                 | 15 +++++++-
 3 files changed, 62 insertions(+), 4 deletions(-)
 create mode 100644 db/migrations/20200322173700-create-clients.sql

diff --git a/README.md b/README.md
index bd2da52..f8ccef8 100644
--- a/README.md
+++ b/README.md
@@ -83,15 +83,16 @@ Let's run a few queries against our database.
 phpapp=# \dt+
 ```
 
-We should see two tables, like
+We should see three tables, like
 
 ```
                             List of relations
  Schema |       Name        | Type  |  Owner   |    Size    | Description
 --------+-------------------+-------+----------+------------+-------------
  public | actions           | table | aforward | 8192 bytes |
+ public | clients           | table | aforward | 8192 bytes |
  public | schema_migrations | table | aforward | 8192 bytes |
-(2 rows)
+(3 rows)
 ```
 
 Let's look at the data within the `schema_migrations` table.
@@ -107,9 +108,39 @@ The output should look similar to:
 --------------------------------------+----------------------------
  20200202110100-create-migrations.sql | 2020-02-02 11:39:55.014702
  20200202110200-create-actions.sql    | 2020-02-02 11:39:55.014702
-(2 rows)
+ 20200322173700-create-clients.sql    | 2020-03-22 18:15:50.238449
+(3 rows)
 ```
 
+#### seeding database
+
+You can run the following to insert some sample data into your database.
+
+```sql
+INSERT INTO clients
+  (name, data)
+VALUES
+  ('Big Co.', '{"credits": 100}'::json),
+  ('Small Co.', '{"credits": 100}'::json);
+```
+
+You can verify the automatically generated tokens, for example:
+
+```sql
+SELECT name,
+       token,
+       data
+FROM clients;
+```
+
+Returning something similar to:
+
+   name    |              token               |       data
+-----------+----------------------------------+------------------
+ Big Co.   | d7d85f7eac7360d725b44d327445473e | {"credits": 100}
+ Small Co. | 9f8983a8494c8a003e064374ffb77cb6 | {"credits": 100}
+
+
 ## Running
 
 To start the PHP server, run the following from
diff --git a/db/migrations/20200322173700-create-clients.sql b/db/migrations/20200322173700-create-clients.sql
new file mode 100644
index 0000000..0969847
--- /dev/null
+++ b/db/migrations/20200322173700-create-clients.sql
@@ -0,0 +1,14 @@
+CREATE SEQUENCE clients_id_seq;
+CREATE TABLE clients (
+  id int DEFAULT nextval('clients_id_seq'),
+  name varchar(255),
+  token varchar(100) NOT NULL DEFAULT md5(random()::text),
+  data jsonb,
+  inserted_at timestamp DEFAULT NOW(),
+  updated_at timestamp DEFAULT NOW(),
+  PRIMARY KEY (id),
+  UNIQUE (token)
+);
+
+INSERT INTO schema_migrations (migration, migrated_at)
+VALUES ('20200322173700-create-clients.sql', NOW()::timestamp);
diff --git a/db/schema.sql b/db/schema.sql
index a8b774a..b6a74fa 100644
--- a/db/schema.sql
+++ b/db/schema.sql
@@ -17,6 +17,18 @@ CREATE TABLE actions (
   PRIMARY KEY (id)
 );
 
+CREATE SEQUENCE clients_id_seq;
+CREATE TABLE clients (
+  id int DEFAULT nextval('clients_id_seq'),
+  name varchar(255),
+  token varchar(100) NOT NULL DEFAULT md5(random()::text),
+  data jsonb,
+  inserted_at timestamp DEFAULT NOW(),
+  updated_at timestamp DEFAULT NOW(),
+  PRIMARY KEY (id),
+  UNIQUE (token)
+);
+
 CREATE TABLE schema_migrations (
   migration varchar(255),
   migrated_at timestamp DEFAULT NOW(),
@@ -28,4 +40,5 @@ INSERT INTO schema_migrations
   (migration)
 VALUES
   ('20200202110100-create-migrations.sql'),
-  ('20200202110200-create-actions.sql');
\ No newline at end of file
+  ('20200202110200-create-actions.sql'),
+  ('20200322173700-create-clients.sql');
\ No newline at end of file

From d79849b1f0164fb28dde3b8cfdaa94b8d4e949cc Mon Sep 17 00:00:00 2001
From: Andrew Forward <aforward@gmail.com>
Date: Sun, 22 Mar 2020 20:53:00 -0400
Subject: [PATCH 2/6] Add hello world api.php to the client

---
 public/api.php | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 public/api.php

diff --git a/public/api.php b/public/api.php
new file mode 100644
index 0000000..2e771cc
--- /dev/null
+++ b/public/api.php
@@ -0,0 +1,5 @@
+<?php
+
+$reply = ["hello" => "world"];
+header("Content-Type: application/json");
+echo json_encode($reply);

From cc5e8ba613b1467aea7e89061789edaef58ea2f1 Mon Sep 17 00:00:00 2001
From: Andrew Forward <aforward@gmail.com>
Date: Sun, 22 Mar 2020 20:57:57 -0400
Subject: [PATCH 3/6] Return all headers via api

---
 public/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/api.php b/public/api.php
index 2e771cc..3340cc8 100644
--- a/public/api.php
+++ b/public/api.php
@@ -1,5 +1,5 @@
 <?php
 
-$reply = ["hello" => "world"];
+$reply = getallheaders();
 header("Content-Type: application/json");
 echo json_encode($reply);

From 59e42bfc29889e7bbbe844cb56af7de3aea8dc95 Mon Sep 17 00:00:00 2001
From: Andrew Forward <aforward@gmail.com>
Date: Sun, 22 Mar 2020 21:10:59 -0400
Subject: [PATCH 4/6] Provide the X-Men names in the API

---
 public/api.php | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/public/api.php b/public/api.php
index 3340cc8..e0ad026 100644
--- a/public/api.php
+++ b/public/api.php
@@ -1,5 +1,27 @@
 <?php
 
-$reply = getallheaders();
+$headers = getallheaders();
+
+if (isset($headers["X-Men"])) {
+    http_response_code(200);
+    switch($mutant = $headers["X-Men"]) {
+    case "Wolverine":
+        $name = "Logan";
+        break;
+    case "Magento":
+        $name = "Eric";
+        break;
+    default:
+        $name = "Unknown";
+    }
+    $reply = ["mutant" => $mutant, "name" => $name];
+} else {
+    http_response_code(400);
+    $reply = [
+        "error" => "Please provide an X-Men mutant and reveal their human name.",
+        "headers" => $headers,
+    ];
+}
+
 header("Content-Type: application/json");
 echo json_encode($reply);

From b564a9230c9cb1ef5d4ff3271af01ea0891f78eb Mon Sep 17 00:00:00 2001
From: Andrew Forward <aforward@gmail.com>
Date: Sun, 22 Mar 2020 21:42:47 -0400
Subject: [PATCH 5/6] Authenticate the API with professorcharlesxavier

---
 public/api.php | 52 ++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 38 insertions(+), 14 deletions(-)

diff --git a/public/api.php b/public/api.php
index e0ad026..320ce66 100644
--- a/public/api.php
+++ b/public/api.php
@@ -2,26 +2,50 @@
 
 $headers = getallheaders();
 
-if (isset($headers["X-Men"])) {
-    http_response_code(200);
-    switch($mutant = $headers["X-Men"]) {
-    case "Wolverine":
-        $name = "Logan";
-        break;
-    case "Magento":
-        $name = "Eric";
-        break;
-    default:
-        $name = "Unknown";
+header("Content-Type: application/json");
+
+if (isset($headers["Authentication"])) {
+    list($type, $token) = explode(" ", $headers["Authentication"], 2);
+    if ($token != "professorcharlesxavier") {
+      http_response_code(401);
+      $reply = [
+          "error" => "Invalid token.",
+          "token" => $token,
+          "type" => $type,
+      ];
+      echo json_encode($reply);
+      exit;
     }
-    $reply = ["mutant" => $mutant, "name" => $name];
 } else {
+    http_response_code(400);
+    $reply = [
+        "error" => "Please provide a valid Authentication header for this API.",
+        "headers" => $headers,
+    ];
+    echo json_encode($reply);
+    exit;
+}
+
+if (!isset($headers["X-Men"])) {
     http_response_code(400);
     $reply = [
         "error" => "Please provide an X-Men mutant and reveal their human name.",
         "headers" => $headers,
     ];
+    echo json_encode($reply);
+    exit;
 }
 
-header("Content-Type: application/json");
-echo json_encode($reply);
+http_response_code(200);
+switch($mutant = $headers["X-Men"]) {
+case "Wolverine":
+    $name = "Logan";
+    break;
+case "Magento":
+    $name = "Eric";
+    break;
+default:
+    $name = "Unknown";
+}
+$reply = ["mutant" => $mutant, "name" => $name];
+echo json_encode($reply);
\ No newline at end of file

From a119ea77599e669b1a96c89071e60cadd17085cc Mon Sep 17 00:00:00 2001
From: Andrew Forward <aforward@gmail.com>
Date: Sun, 22 Mar 2020 21:50:39 -0400
Subject: [PATCH 6/6] Check token against clients table

---
 public/api.php | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/public/api.php b/public/api.php
index 320ce66..95a49cf 100644
--- a/public/api.php
+++ b/public/api.php
@@ -6,15 +6,21 @@
 
 if (isset($headers["Authentication"])) {
     list($type, $token) = explode(" ", $headers["Authentication"], 2);
-    if ($token != "professorcharlesxavier") {
-      http_response_code(401);
-      $reply = [
-          "error" => "Invalid token.",
-          "token" => $token,
-          "type" => $type,
-      ];
-      echo json_encode($reply);
-      exit;
+
+    $dbconn = pg_connect("host=localhost port=5432 dbname=phpapp");
+    $sql = 'SELECT name, data FROM clients WHERE token = $1';
+    $result = pg_query_params($dbconn, $sql, [$token]);
+    $data = pg_fetch_all($result);
+
+    if (empty($data)) {
+        http_response_code(401);
+        $reply = [
+            "error" => "Invalid token.",
+            "token" => $token,
+            "type" => $type,
+        ];
+        echo json_encode($reply);
+        exit;
     }
 } else {
     http_response_code(400);