8 files changed, 173 insertions, 9 deletions

diff --git a/main/app/sprinkles/admin/routes/posts.php b/main/app/sprinkles/admin/routes/posts.php
new file mode 100644
index 0000000..2168818
--- /dev/null
+++ b/main/app/sprinkles/admin/routes/posts.php
@@ -0,0 +1,19 @@
+<?php
+/**
+ * UserFrosting (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/UserFrosting
+ * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
+ */
+
+use Slim\Http\Request;
+use Slim\Http\Response;
+use Slim\Http\UploadedFile;
+
+/**
+ * Routes for posting.
+ */
+
+$app->group('/api/posts', function () {
+    $this->post('/image', 'UserFrosting\Sprinkle\Admin\Controller\PostController:postImage');
+})->add('authGuard');
diff --git a/main/app/sprinkles/admin/src/Controller/AdminController.php b/main/app/sprinkles/admin/src/Controller/AdminController.php
index da4da8a..91342de 100644
--- a/main/app/sprinkles/admin/src/Controller/AdminController.php
+++ b/main/app/sprinkles/admin/src/Controller/AdminController.php
@@ -5,6 +5,7 @@
  * @link      https://github.com/userfrosting/UserFrosting
  * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
  */
+
 namespace UserFrosting\Sprinkle\Admin\Controller;
 
 use Carbon\Carbon;
@@ -30,8 +31,7 @@ class AdminController extends SimpleController
      * Renders the admin panel dashboard
      *
      */
-    public function pageDashboard($request, $response, $args)
-    {
+    public function pageDashboard($request, $response, $args) {
         //** @var UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager */
         $authorizer = $this->ci->authorizer;
 
@@ -48,8 +48,8 @@ class AdminController extends SimpleController
 
         // Probably a better way to do this
         $users = $classMapper->staticMethod('user', 'orderBy', 'created_at', 'desc')
-                 ->take(8)
-                 ->get();
+            ->take(8)
+            ->get();
 
         // Transform the `create_at` date in "x days ago" type of string
         $users->transform(function ($item, $key) {
@@ -97,8 +97,7 @@ class AdminController extends SimpleController
      * This route requires authentication.
      * Request type: POST
      */
-    public function clearCache($request, $response, $args)
-    {
+    public function clearCache($request, $response, $args) {
         /** @var UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager */
         $authorizer = $this->ci->authorizer;
 
@@ -128,8 +127,7 @@ class AdminController extends SimpleController
      * This page requires authentication.
      * Request type: GET
      */
-    public function getModalConfirmClearCache($request, $response, $args)
-    {
+    public function getModalConfirmClearCache($request, $response, $args) {
         /** @var UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager */
         $authorizer = $this->ci->authorizer;
 
diff --git a/main/app/sprinkles/admin/src/Controller/PostController.php b/main/app/sprinkles/admin/src/Controller/PostController.php
new file mode 100644
index 0000000..e191207
--- /dev/null
+++ b/main/app/sprinkles/admin/src/Controller/PostController.php
@@ -0,0 +1,118 @@
+<?php
+/**
+ * UserFrosting (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/UserFrosting
+ * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
+ */
+
+namespace UserFrosting\Sprinkle\Admin\Controller;
+
+use UserFrosting\Fortress\RequestDataTransformer;
+use UserFrosting\Fortress\RequestSchema;
+use UserFrosting\Fortress\ServerSideValidator;
+use UserFrosting\Support\Exception\ForbiddenException;
+use UserFrosting\Sprinkle\Core\Controller\SimpleController;
+use UserFrosting\Support\Exception\BadRequestException;
+use Slim\Http\Request;
+use Slim\Http\Response;
+use Slim\Http\UploadedFile;
+
+/**
+ * Controller class for user-related requests, including listing users, CRUD for users, etc.
+ *
+ * @author Alex Weissman (https://alexanderweissman.com)
+ */
+class PostController extends SimpleController
+{
+    public function postImage($request, $response, $args) {
+
+        function moveUploadedFile($directory, UploadedFile $uploadedFile) {
+            $extension = pathinfo($uploadedFile->getClientFilename(), PATHINFO_EXTENSION);
+            $basename = bin2hex(random_bytes(8)); // see http://php.net/manual/en/function.random-bytes.php
+            $filename = sprintf('%s.%0.8s', $basename, $extension);
+
+            $uploadedFile->moveTo($directory . DIRECTORY_SEPARATOR . $filename);
+
+            return $filename;
+        }
+
+        $authorizer = $this->ci->authorizer;
+        $currentUser = $this->ci->currentUser;
+        if (!$authorizer->checkAccess($currentUser, 'uri_dashboard')) {
+            throw new ForbiddenException();
+        }
+
+        $directory = $_SERVER['DOCUMENT_ROOT'] . '/beam/social/main/uploads/';
+        $uploadedFiles = $request->getUploadedFiles();
+        $uploadedFile = $uploadedFiles['example1'];
+        if ($uploadedFile->getError() === UPLOAD_ERR_OK) {
+            $filename = moveUploadedFile($directory, $uploadedFile);
+            $response->write('uploaded ' . $filename . '<br/>');
+        }
+
+        foreach ($uploadedFiles['example2'] as $uploadedFile) {
+            if ($uploadedFile->getError() === UPLOAD_ERR_OK) {
+                $filename = moveUploadedFile($directory, $uploadedFile);
+                $response->write('uploaded ' . $filename . '<br/>');
+            }
+        }
+
+        foreach ($uploadedFiles['example3'] as $uploadedFile) {
+            if ($uploadedFile->getError() === UPLOAD_ERR_OK) {
+                $filename = moveUploadedFile($directory, $uploadedFile);
+                $response->write('uploaded ' . $filename . '<br/>');
+            }
+        }
+    }
+
+    /**
+     * Moves the uploaded file to the upload directory and assigns it a unique name
+     * to avoid overwriting an existing uploaded file.
+     *
+     * @param string $directory directory to which the file is moved
+     * @param UploadedFile $uploaded file uploaded file to move
+     * @return string filename of moved file
+     */
+    function moveUploadedFile($directory, UploadedFile $uploadedFile)
+    {
+        $extension = pathinfo($uploadedFile->getClientFilename(), PATHINFO_EXTENSION);
+        $basename = bin2hex(random_bytes(8)); // see http://php.net/manual/en/function.random-bytes.php
+        $filename = sprintf('%s.%0.8s', $basename, $extension);
+
+        $uploadedFile->moveTo($directory . DIRECTORY_SEPARATOR . $filename);
+
+        return $filename;
+    }
+
+    protected function getUserFromParams($params) {
+        // Load the request schema
+        $schema = new RequestSchema('schema://requests/user/get-by-username.yaml');
+
+        // Whitelist and set parameter defaults
+        $transformer = new RequestDataTransformer($schema);
+        $data = $transformer->transform($params);
+
+        // Validate, and throw exception on validation errors.
+        $validator = new ServerSideValidator($schema, $this->ci->translator);
+        if (!$validator->validate($data)) {
+            // TODO: encapsulate the communication of error messages from ServerSideValidator to the BadRequestException
+            $e = new BadRequestException();
+            foreach ($validator->errors() as $idx => $field) {
+                foreach ($field as $eidx => $error) {
+                    $e->addUserMessage($error);
+                }
+            }
+            throw $e;
+        }
+
+        /** @var UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
+        $classMapper = $this->ci->classMapper;
+
+        // Get the user to delete
+        $user = $classMapper->staticMethod('user', 'where', 'user_name', $data['user_name'])
+            ->first();
+
+        return $user;
+    }
+}
diff --git a/main/app/sprinkles/core/assets/SiteAssets/js/main.js b/main/app/sprinkles/core/assets/SiteAssets/js/main.js
index dbbfc5b..a1806f1 100644
--- a/main/app/sprinkles/core/assets/SiteAssets/js/main.js
+++ b/main/app/sprinkles/core/assets/SiteAssets/js/main.js
@@ -120,7 +120,7 @@ UserSearchBar.keyup(function () {
         error: function () {
             console.log("[SEARCH LOGGER] 404s are not a bug - they're a feature!");
             console.log("[SEARCH LOGGER] " + RequestedUser + " not found...");
-            
+
             SearchResults.empty();
         }
     });
diff --git a/main/app/sprinkles/core/routes/routes.php b/main/app/sprinkles/core/routes/routes.php
index 56a72ea..a33d697 100644
--- a/main/app/sprinkles/core/routes/routes.php
+++ b/main/app/sprinkles/core/routes/routes.php
@@ -14,6 +14,8 @@ $app->get('/', 'UserFrosting\Sprinkle\Core\Controller\CoreController:pageIndex')
     ->add('authGuard')
     ->setName('index');
 
+$app->get('/test', 'UserFrosting\Sprinkle\Core\Controller\CoreController:pageTest');
+
 $app->get('/about','UserFrosting\Sprinkle\Core\Controller\CoreController:pageAbout')->add('checkEnvironment');
 
 $app->get('/alerts', 'UserFrosting\Sprinkle\Core\Controller\CoreController:jsonAlerts');
diff --git a/main/app/sprinkles/core/src/Controller/CoreController.php b/main/app/sprinkles/core/src/Controller/CoreController.php
index 9a73e66..be5fd8f 100644
--- a/main/app/sprinkles/core/src/Controller/CoreController.php
+++ b/main/app/sprinkles/core/src/Controller/CoreController.php
@@ -42,6 +42,11 @@ class CoreController extends SimpleController
         ]);
     }
 
+
+    public function pageTest($request, $response, $args) {
+        return $this->ci->view->render($response, 'pages/test.html.twig');
+    }
+
     /**
      * Renders a sample "about" page for UserFrosting.
      *
diff --git a/main/app/sprinkles/core/src/ServicesProvider/ServicesProvider.php b/main/app/sprinkles/core/src/ServicesProvider/ServicesProvider.php
index c67b886..3f562a9 100644
--- a/main/app/sprinkles/core/src/ServicesProvider/ServicesProvider.php
+++ b/main/app/sprinkles/core/src/ServicesProvider/ServicesProvider.php
@@ -235,6 +235,9 @@ class ServicesProvider
             // Hacky fix to prevent sessions from being hit too much: ignore CSRF middleware for requests for raw assets ;-)
             // See https://github.com/laravel/framework/issues/8172#issuecomment-99112012 for more information on why it's bad to hit Laravel sessions multiple times in rapid succession.
             $csrfBlacklist = $config['csrf.blacklist'];
+            $csrfBlacklist['^/api/posts/image'] = [
+                'POST'
+            ];
             $csrfBlacklist['^/' . $config['assets.raw.path']] = [
                 'GET'
             ];
diff --git a/main/app/sprinkles/core/templates/pages/test.html.twig b/main/app/sprinkles/core/templates/pages/test.html.twig
new file mode 100644
index 0000000..8df9b89
--- /dev/null
+++ b/main/app/sprinkles/core/templates/pages/test.html.twig
@@ -0,0 +1,19 @@
+<form method="post" enctype="multipart/form-data" action="{{site.uri.public}}/api/posts/image">
+    {% include "forms/csrf.html.twig" %}
+    <p>
+        <label>Add file (single): </label><br/>
+        <input type="file" name="example1"/>
+    </p>
+    <p>
+        <label>Add files (up to 2): </label><br/>
+        <input type="file" name="example2[]"/><br/>
+        <input type="file" name="example2[]"/>
+    </p>
+    <p>
+        <label>Add files (multiple): </label><br/>
+        <input type="file" name="example3[]" multiple="multiple"/>
+    </p>
+    <p>
+        <input type="submit"/>
+    </p>
+</form>
\ No newline at end of file