Add bulk operations and Response helper class

Co-authored-by: BitsHost <23263143+BitsHost@users.noreply.github.com>

Author: Copilot

CHANGELOG.md

@@ -1,18 +1,23 @@
 # Changelog
 
-## 1.1.0 - Enhanced Query Capabilities
+## 1.1.0 - Enhanced Query Capabilities and Bulk Operations
 
 ### New Features
 - **Advanced Filter Operators**: Support for comparison operators (eq, neq, gt, gte, lt, lte, like, in, notin, null, notnull)
 - **Field Selection**: Select specific fields in list queries using the `fields` parameter
+- **Bulk Operations**: 
+  - `bulk_create` - Create multiple records in a single transaction
+  - `bulk_delete` - Delete multiple records by IDs in a single query
 - **Input Validation**: Added comprehensive input validation for table names, column names, IDs, and query parameters
+- **Response Helper**: Added Response class for standardized API responses (for future use)
 - **Backward Compatibility**: Old filter format (`col:value`) still works alongside new format (`col:op:value`)
 
 ### Improvements
 - Fixed SQL injection vulnerability in filter parameter by using parameterized queries with unique parameter names
 - Added Validator class for centralized input validation and sanitization
 - Improved error messages with proper HTTP status codes
 - Enhanced documentation with detailed examples of new features
+- Transaction support for bulk create operations
 
 ### Filter Operators
 - `eq` - Equals
@@ -31,6 +36,8 @@
 - Field selection: `/index.php?action=list&table=users&fields=id,name,email`
 - Advanced filtering: `/index.php?action=list&table=users&filter=age:gt:18,status:eq:active`
 - IN operator: `/index.php?action=list&table=orders&filter=status:in:pending|processing|shipped`
+- Bulk create: `POST /index.php?action=bulk_create&table=users` with JSON array
+- Bulk delete: `POST /index.php?action=bulk_delete&table=users` with `{"ids":[1,2,3]}`
 
 ## 1.0.0
 

README.md

@@ -10,6 +10,7 @@ OpenAPI (Swagger) docs, and zero code generation.
 
 - Auto-discovers tables and columns
 - Full CRUD endpoints for any table
+- **Bulk operations** - Create or delete multiple records efficiently
 - Configurable authentication (API Key, Basic Auth, JWT, or none)
 - **Advanced query features:**
   - **Field selection** - Choose specific columns to return
@@ -92,28 +93,104 @@ return [
 
 All requests go through `public/index.php` with `action` parameter.
 
-| Action    | Method | Usage Example                                               |
-|-----------|--------|------------------------------------------------------------|
-| tables    | GET    | `/index.php?action=tables`                                 |
-| columns   | GET    | `/index.php?action=columns&table=users`                    |
-| list      | GET    | `/index.php?action=list&table=users`                       |
-| read      | GET    | `/index.php?action=read&table=users&id=1`                  |
-| create    | POST   | `/index.php?action=create&table=users` (form POST)         |
-| update    | POST   | `/index.php?action=update&table=users&id=1` (form POST)    |
-| delete    | POST   | `/index.php?action=delete&table=users&id=1`                |
-| openapi   | GET    | `/index.php?action=openapi`                                |
-| login     | POST   | `/index.php?action=login` (JWT only)                       |
+| Action       | Method | Usage Example                                               |
+|--------------|--------|-------------------------------------------------------------|
+| tables       | GET    | `/index.php?action=tables`                                  |
+| columns      | GET    | `/index.php?action=columns&table=users`                     |
+| list         | GET    | `/index.php?action=list&table=users`                        |
+| read         | GET    | `/index.php?action=read&table=users&id=1`                   |
+| create       | POST   | `/index.php?action=create&table=users` (form POST or JSON)  |
+| update       | POST   | `/index.php?action=update&table=users&id=1` (form POST or JSON) |
+| delete       | POST   | `/index.php?action=delete&table=users&id=1`                 |
+| bulk_create  | POST   | `/index.php?action=bulk_create&table=users` (JSON array)    |
+| bulk_delete  | POST   | `/index.php?action=bulk_delete&table=users` (JSON with ids) |
+| openapi      | GET    | `/index.php?action=openapi`                                 |
+| login        | POST   | `/index.php?action=login` (JWT only)                        |
 
 ---
 
 ## 🤖 Example `curl` Commands
 
 ```sh
+# List tables
 curl http://localhost/index.php?action=tables
+
+# List users with API key
 curl -H "X-API-Key: changeme123" "http://localhost/index.php?action=list&table=users"
+
+# JWT login
 curl -X POST -d "username=admin&password=secret" http://localhost/index.php?action=login
+
+# List with JWT token
 curl -H "Authorization: Bearer <token>" "http://localhost/index.php?action=list&table=users"
+
+# Basic auth
 curl -u admin:secret "http://localhost/index.php?action=list&table=users"
+
+# Bulk create
+curl -X POST -H "Content-Type: application/json" \
+  -d '[{"name":"Alice","email":"alice@example.com"},{"name":"Bob","email":"bob@example.com"}]' \
+  "http://localhost/index.php?action=bulk_create&table=users"
+
+# Bulk delete
+curl -X POST -H "Content-Type: application/json" \
+  -d '{"ids":[1,2,3]}' \
+  "http://localhost/index.php?action=bulk_delete&table=users"
+```
+
+---
+
+### 💪 Bulk Operations
+
+The API supports bulk operations for efficient handling of multiple records:
+
+#### Bulk Create
+
+Create multiple records in a single transaction. If any record fails, the entire operation is rolled back.
+
+**Endpoint:** `POST /index.php?action=bulk_create&table=users`
+
+**Request Body (JSON array):**
+```json
+[
+  {"name": "Alice", "email": "alice@example.com", "age": 25},
+  {"name": "Bob", "email": "bob@example.com", "age": 30},
+  {"name": "Charlie", "email": "charlie@example.com", "age": 35}
+]
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "created": 3,
+  "data": [
+    {"id": 1, "name": "Alice", "email": "alice@example.com", "age": 25},
+    {"id": 2, "name": "Bob", "email": "bob@example.com", "age": 30},
+    {"id": 3, "name": "Charlie", "email": "charlie@example.com", "age": 35}
+  ]
+}
+```
+
+#### Bulk Delete
+
+Delete multiple records by their IDs in a single query.
+
+**Endpoint:** `POST /index.php?action=bulk_delete&table=users`
+
+**Request Body (JSON):**
+```json
+{
+  "ids": [1, 2, 3, 4, 5]
+}
+```
+
+**Response:**
+```json
+{
+  "success": true,
+  "deleted": 5
+}
 ```
 
 ---

src/ApiGenerator.php

@@ -261,4 +261,60 @@ public function delete(string $table, $id): array
         }
         return ['success' => true];
     }
+
+    /**
+     * Bulk create multiple records
+     */
+    public function bulkCreate(string $table, array $records): array
+    {
+        if (empty($records)) {
+            return ['error' => 'No records provided for bulk create'];
+        }
+
+        $this->pdo->beginTransaction();
+        try {
+            $created = [];
+            foreach ($records as $data) {
+                $created[] = $this->create($table, $data);
+            }
+            $this->pdo->commit();
+            return [
+                'success' => true,
+                'created' => count($created),
+                'data' => $created
+            ];
+        } catch (\Exception $e) {
+            $this->pdo->rollBack();
+            return ['error' => 'Bulk create failed: ' . $e->getMessage()];
+        }
+    }
+
+    /**
+     * Bulk delete multiple records by IDs
+     */
+    public function bulkDelete(string $table, array $ids): array
+    {
+        if (empty($ids)) {
+            return ['error' => 'No IDs provided for bulk delete'];
+        }
+
+        $pk = $this->inspector->getPrimaryKey($table);
+        $placeholders = [];
+        $params = [];
+        
+        foreach ($ids as $i => $id) {
+            $key = "id_$i";
+            $placeholders[] = ":$key";
+            $params[$key] = $id;
+        }
+
+        $sql = "DELETE FROM `$table` WHERE `$pk` IN (" . implode(',', $placeholders) . ")";
+        $stmt = $this->pdo->prepare($sql);
+        $stmt->execute($params);
+        
+        return [
+            'success' => true,
+            'deleted' => $stmt->rowCount()
+        ];
+    }
 }

src/Response.php

@@ -0,0 +1,95 @@
+<?php
+
+namespace App;
+
+class Response
+{
+    /**
+     * Send a success response
+     */
+    public static function success($data, int $statusCode = 200): void
+    {
+        http_response_code($statusCode);
+        header('Content-Type: application/json');
+        echo json_encode($data);
+    }
+
+    /**
+     * Send an error response
+     */
+    public static function error(string $message, int $statusCode = 400, array $details = []): void
+    {
+        http_response_code($statusCode);
+        header('Content-Type: application/json');
+        $response = ['error' => $message];
+        if (!empty($details)) {
+            $response['details'] = $details;
+        }
+        echo json_encode($response);
+    }
+
+    /**
+     * Send a created response (201)
+     */
+    public static function created($data): void
+    {
+        self::success($data, 201);
+    }
+
+    /**
+     * Send a no content response (204)
+     */
+    public static function noContent(): void
+    {
+        http_response_code(204);
+        header('Content-Type: application/json');
+    }
+
+    /**
+     * Send a not found response (404)
+     */
+    public static function notFound(string $message = 'Resource not found'): void
+    {
+        self::error($message, 404);
+    }
+
+    /**
+     * Send an unauthorized response (401)
+     */
+    public static function unauthorized(string $message = 'Unauthorized'): void
+    {
+        self::error($message, 401);
+    }
+
+    /**
+     * Send a forbidden response (403)
+     */
+    public static function forbidden(string $message = 'Forbidden'): void
+    {
+        self::error($message, 403);
+    }
+
+    /**
+     * Send a method not allowed response (405)
+     */
+    public static function methodNotAllowed(string $message = 'Method Not Allowed'): void
+    {
+        self::error($message, 405);
+    }
+
+    /**
+     * Send a server error response (500)
+     */
+    public static function serverError(string $message = 'Internal Server Error'): void
+    {
+        self::error($message, 500);
+    }
+
+    /**
+     * Send a validation error response (422)
+     */
+    public static function validationError(string $message, array $errors = []): void
+    {
+        self::error($message, 422, $errors);
+    }
+}

src/Router.php

@@ -207,6 +207,48 @@ public function route(array $query)
                     }
                     break;
 
+                case 'bulk_create':
+                    if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+                        http_response_code(405);
+                        echo json_encode(['error' => 'Method Not Allowed']);
+                        break;
+                    }
+                    if (!isset($query['table']) || !Validator::validateTableName($query['table'])) {
+                        http_response_code(400);
+                        echo json_encode(['error' => 'Invalid or missing table parameter']);
+                        break;
+                    }
+                    $this->enforceRbac('create', $query['table']);
+                    $data = json_decode(file_get_contents('php://input'), true) ?? [];
+                    if (!is_array($data) || empty($data)) {
+                        http_response_code(400);
+                        echo json_encode(['error' => 'Invalid or empty JSON array']);
+                        break;
+                    }
+                    echo json_encode($this->api->bulkCreate($query['table'], $data));
+                    break;
+
+                case 'bulk_delete':
+                    if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+                        http_response_code(405);
+                        echo json_encode(['error' => 'Method Not Allowed']);
+                        break;
+                    }
+                    if (!isset($query['table']) || !Validator::validateTableName($query['table'])) {
+                        http_response_code(400);
+                        echo json_encode(['error' => 'Invalid or missing table parameter']);
+                        break;
+                    }
+                    $this->enforceRbac('delete', $query['table']);
+                    $data = json_decode(file_get_contents('php://input'), true) ?? [];
+                    if (!isset($data['ids']) || !is_array($data['ids']) || empty($data['ids'])) {
+                        http_response_code(400);
+                        echo json_encode(['error' => 'Invalid or empty ids array. Send JSON with "ids" field.']);
+                        break;
+                    }
+                    echo json_encode($this->api->bulkDelete($query['table'], $data['ids']));
+                    break;
+
                 case 'openapi':
                     // No per-table RBAC needed by default
                     echo json_encode(OpenApiGenerator::generate(