setBasePath(get_public_path() . "/api"); $router->map("POST", "/tactic/[i:id]/edit/name", Action::auth(fn(int $id, Account $acc) => getTacticController()->updateName($id, $acc))); $router->map("POST", "/auth", Action::noAuth(fn() => getAuthController()->authorize())); return $router; } /** * Defines the way of being authorised through the API * By checking if an Authorisation header is set, and by expecting its value to be a valid token of an account. * If the header is not set, fallback to the App's PHP session system, and try to extract the account from it. * @return Account|null * @throws Exception */ function tryGetAuthorization(): ?Account { $headers = getallheaders(); // If no authorization header is set, try fallback to php session. if (!isset($headers['Authorization'])) { $session = PhpSessionHandle::init(); return $session->getAccount(); } $token = $headers['Authorization']; $gateway = new AccountGateway(new Connection(get_database())); return $gateway->getAccountFromToken($token); } Api::render(API::handleMatch(getRoutes()->match(), fn() => tryGetAuthorization()));