This is a tutorial will show how to make a Blog system REST API using the Nofuzz framework.
The result of this tutorial is a number of endpoints, complete with authentication and reading & writing to the database.
The Tutorial covers the creation of API endpoints for:
- Registering accounts
- Authenticating User
- List, Create, Edit, Delete of Blogs
- List, Create, Edit, Delete of Blog-Articles (posts)
- List, Create, Edit, Delete of Blog-Article-Comments
The API will NOT cover the following:
- A user interface (web page) for the Blog
Download the repository to a new directory, and configure your web server to point to the /public folder.
After installing the files, you need to run composers update to download all dependencies.
$ composer update -o --no-devChange the values in app/Config/config.json to mach your setup. Specifically the Database Host and Username & Password must be changed to match your config.
Only the Registeration and SignIn endpoints have no authentication checks. The other API endpoints will use a JWT token (See jwt.io) to authenticate the requests.
A JWT Token is obtained by calling the SignIn endpoint with correct credentials. Once obtained a client needs to pass the token to all other endpints via the Authorization: Bearer <token> header.
The JSON models of all the tables are docuemnted in the Models.md
Design the application - Steps The following steps were taken when designing this tutorial application:
- The API
- The Database
- Controllers
- Middleware
- Routes definitions
Here we're going to define the API endpoints that will make up the whole API. The API endpoints are grouped into logical groups as per below:
Register
POST /blog/api/v1/register Register a new AccountAuth
POST /blog/api/v1/signin Sign In (obtain session/token)
DELETE /blog/api/v1/signout Sign Out (remove session/token)Accounts
GET /blog/api/v1/accounts[/{uuid}] Get account(s)
POST /blog/api/v1/accounts Create an account
PUT /blog/api/v1/accounts Update an account
DELETE /blog/api/v1/accounts Remove an accountBlogs
GET /blog/api/v1/blogs[/{uuid}] Get blog(s)
POST /blog/api/v1/blogs Create a blog
PUT /blog/api/v1/blogs Update a blog
DELETE /blog/api/v1/blogs Remove a blogArticles
GET /blog/api/v1/articles[/{uuid}] Get article(s)
POST /blog/api/v1/articles Create an article
PUT /blog/api/v1/articles Update an article
DELETE /blog/api/v1/articles Remove an articleComments
GET /blog/api/v1/comments[/{uuid}] Get comment(s)
POST /blog/api/v1/comments Create a comment
PUT /blog/api/v1/comments Update a comment
DELETE /blog/api/v1/comments Remove a commentPlease see MySql Schema for the complete Schema DDL. Use your favorite tool to create the database.
This app uses a MySQL Database by default, but is easily converted to using Firebird, PostgreSql, Oracle or any other DB.
In the /app/Controllers/v1 folder you will find all the Controller classes for each endpoint group. These controllers are:
- RegisterController.php
- SignInController.php
- SignOutController.php
- BlogAccountController.php
- BlogBlogController.php
- BlogArticleController.php
- BlogCommentController.php
In the /app/Middleware folder you will find all the Middleware classes.
There are four types of Middleware:
- Common Before request handling
- Common After request handling
- Group specific Before request handling
- Group specific After request handling
The Middleware that is commonly run before any request processing:
- CorsBeforeMiddleware.php
- RequestIdBeforeMiddleware.php
The Middleware that run After each request are:
- RequestIdAfterMiddleware.php
- ResponseTimeAfterMiddleware.php
- ResponseLogAfterMiddleware.php
The Middleware for the Authenticated endpoints are:
- AuthBeforeMiddleware.php
No After Middleware defined.
The routes.json file contains all the mappings between the Endpoints and the Controllers. We specify each endpoint, and the Controller that will handle it.
The routes are divided into two groups, Anonymous and Authenticated. For each group we specify different Middleware.