[FEAT] First functional version.

2026-02-18 10:08:48 +01:00
parent 5c93000873
commit bc6e603af4
32 changed files with 5618 additions and 30 deletions
--- a/api/index.php
+++ b/api/index.php
@@ -0,0 +1,245 @@
+<?php
+
+header('Content-Type: application/json');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
+header('Access-Control-Allow-Headers: Authorization, Content-Type');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+
+require_once __DIR__ . '/lib/Auth.php';
+require_once __DIR__ . '/lib/ScoreScanner.php';
+
+$auth = new Auth();
+$scanner = new ScoreScanner('/home/jbnadal/sources/jb/ohmj/ohmj2/legacy/Scores/');
+
+// Get Authorization header
+$token = null;
+$headers = getallheaders();
+if (isset($headers['Authorization'])) {
+    $authHeader = $headers['Authorization'];
+    if (preg_match('/Bearer\s+(.+)/i', $authHeader, $matches)) {
+        $token = $matches[1];
+    }
+}
+
+// Parse request
+$method = $_SERVER['REQUEST_METHOD'];
+$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
+$path = trim($uri, '/');
+
+// GET /download/:path - Download PDF (BEFORE auth check)
+if (preg_match('#^download/([^?]+)#', $path, $matches) && $method === 'GET') {
+    $filePath = urldecode($matches[1]);
+    
+    // Check token from header or query parameter
+    $downloadToken = $_GET['token'] ?? $token;
+    $downloadToken = urldecode($downloadToken ?? '');
+    
+    if ($downloadToken === null || $downloadToken === '') {
+        http_response_code(401);
+        echo json_encode(['error' => 'Authorization required']);
+        exit;
+    }
+    
+    $user = $auth->verifyToken($downloadToken);
+    if ($user === null) {
+        http_response_code(401);
+        echo json_encode(['error' => 'Invalid token']);
+        exit;
+    }
+    
+    $fullPath = '/home/jbnadal/sources/jb/ohmj/ohmj2/legacy/Scores/' . $filePath;
+    
+    if (!file_exists($fullPath) || !is_file($fullPath)) {
+        http_response_code(404);
+        echo json_encode(['error' => 'File not found', 'path' => $fullPath]);
+        exit;
+    }
+    
+    header('Content-Type: application/pdf');
+    header('Content-Length: ' . filesize($fullPath));
+    header('Content-Disposition: attachment; filename="' . basename($fullPath) . '"');
+    readfile($fullPath);
+    exit;
+}
+
+// Route matching
+if ($path === 'login' && $method === 'POST') {
+    $input = json_decode(file_get_contents('php://input'), true);
+    $username = $input['username'] ?? '';
+    $password = $input['password'] ?? '';
+    
+    $result = $auth->login($username, $password);
+    
+    if ($result['success']) {
+        echo json_encode([
+            'success' => true,
+            'token' => $result['token'],
+            'user' => $result['user']
+        ]);
+    } else {
+        http_response_code(401);
+        echo json_encode([
+            'success' => false,
+            'error' => $result['error']
+        ]);
+    }
+    exit;
+}
+
+// Protected routes - require auth
+if ($token === null) {
+    http_response_code(401);
+    echo json_encode(['error' => 'Authorization required']);
+    exit;
+}
+
+$user = $auth->verifyToken($token);
+if ($user === null) {
+    http_response_code(401);
+    echo json_encode(['error' => 'Invalid token']);
+    exit;
+}
+
+// GET /scores - List all scores
+if ($path === 'scores' && $method === 'GET') {
+    $scores = $scanner->listScores();
+    echo json_encode(['success' => true, 'scores' => $scores]);
+    exit;
+}
+
+// GET /scores/:id - Get score details
+if (preg_match('#^scores/(\d+)$#', $path, $matches) && $method === 'GET') {
+    $scoreId = $matches[1];
+    $score = $scanner->getScore($scoreId);
+    
+    if ($score === null) {
+        http_response_code(404);
+        echo json_encode(['error' => 'Score not found']);
+        exit;
+    }
+    
+    echo json_encode(['success' => true, 'score' => $score]);
+    exit;
+}
+
+// GET /scores/:id/instruments - Get instruments for a score
+// GET /scores/:id/instruments?piece=1 - Get instruments for a specific piece
+if (preg_match('#^scores/(\d+)/instruments$#', $path, $matches) && $method === 'GET') {
+    $scoreId = $matches[1];
+    $pieceId = $_GET['piece'] ?? null;
+    $instruments = $scanner->getInstruments($scoreId, $pieceId);
+    
+    echo json_encode(['success' => true, 'instruments' => $instruments]);
+    exit;
+}
+
+// GET /pieces/:scoreId - Get pieces for a score
+if (preg_match('#^pieces/(\d+)$#', $path, $matches) && $method === 'GET') {
+    $scoreId = $matches[1];
+    $pieces = $scanner->getPieces($scoreId);
+    
+    echo json_encode(['success' => true, 'pieces' => $pieces]);
+    exit;
+}
+
+// ADMIN ROUTES - require admin role
+if ($user['role'] !== 'admin') {
+    http_response_code(403);
+    echo json_encode(['error' => 'Admin access required']);
+    exit;
+}
+
+// POST /admin/scores - Create new score
+if ($path === 'admin/scores' && $method === 'POST') {
+    $input = json_decode(file_get_contents('php://input'), true);
+    
+    $id = $input['id'] ?? null;
+    $name = $input['name'] ?? '';
+    $compositor = $input['compositor'] ?? '';
+    
+    if (empty($id) || empty($name)) {
+        http_response_code(400);
+        echo json_encode(['error' => 'ID and name required']);
+        exit;
+    }
+    
+    $result = $scanner->createScore($id, $name, $compositor);
+    
+    if ($result['success']) {
+        echo json_encode(['success' => true, 'score' => $result['score']]);
+    } else {
+        http_response_code(400);
+        echo json_encode(['error' => $result['error']]);
+    }
+    exit;
+}
+
+// PUT /admin/scores/:id - Update score
+if (preg_match('#^admin/scores/(\d+)$#', $path, $matches) && $method === 'PUT') {
+    $scoreId = $matches[1];
+    $input = json_decode(file_get_contents('php://input'), true);
+    
+    $name = $input['name'] ?? null;
+    $compositor = $input['compositor'] ?? null;
+    
+    $result = $scanner->updateScore($scoreId, $name, $compositor);
+    
+    if ($result['success']) {
+        echo json_encode(['success' => true]);
+    } else {
+        http_response_code(400);
+        echo json_encode(['error' => $result['error']]);
+    }
+    exit;
+}
+
+// DELETE /admin/scores/:id - Delete score
+if (preg_match('#^admin/scores/(\d+)$#', $path, $matches) && $method === 'DELETE') {
+    $scoreId = $matches[1];
+    
+    $result = $scanner->deleteScore($scoreId);
+    
+    if ($result['success']) {
+        echo json_encode(['success' => true]);
+    } else {
+        http_response_code(400);
+        echo json_encode(['error' => $result['error']]);
+    }
+    exit;
+}
+
+// POST /admin/scores/:id/upload - Upload PDF
+if (preg_match('#^admin/scores/(\d+)/upload$#', $path, $matches) && $method === 'POST') {
+    $scoreId = $matches[1];
+    
+    if (!isset($_FILES['file'])) {
+        http_response_code(400);
+        echo json_encode(['error' => 'No file uploaded']);
+        exit;
+    }
+    
+    $file = $_FILES['file'];
+    $piece = $_POST['piece'] ?? '1';
+    $instrument = $_POST['instrument'] ?? '';
+    $version = $_POST['version'] ?? '1';
+    $filename = $_POST['filename'] ?? '';
+    
+    $result = $scanner->uploadPdf($scoreId, $file, $piece, $instrument, $version, $filename);
+    
+    if ($result['success']) {
+        echo json_encode(['success' => true, 'path' => $result['path']]);
+    } else {
+        http_response_code(400);
+        echo json_encode(['error' => $result['error']]);
+    }
+    exit;
+}
+
+// 404 Not Found
+http_response_code(404);
+echo json_encode(['error' => 'Not found']);