ng pruebas & cambiado origin por explicito, si no las cookies no van

crud/src/app/app.component.ts

@@ -1,5 +1,6 @@
 import { Component } from '@angular/core';
 import { ApiService } from './services/api.service';
+import { AuthService } from './services/auth.service';
 
 @Component({
   selector: 'app-root',
@@ -9,10 +10,20 @@ import { ApiService } from './services/api.service';
 export class AppComponent {
   title = 'WeekFood';
 
-  constructor(private apiService: ApiService) {
+  constructor(private apiService: ApiService, private authService: AuthService) {
     this.apiService.getCarrusel()
       .subscribe((carrusel) => {
-        console.log(carrusel);
-      })
+        console.log('GET carrusel', carrusel);
+      });
+
+    this.apiService.deleteTest()
+      .subscribe((res) => {
+        console.log('DELETE test', res);
+      });
+
+    this.authService.postLogin('juan', 'juan123')
+      .subscribe((res) => {
+        console.log('POST login', res);
+      });
   }
 }

crud/src/app/services/api.service.ts

@@ -6,11 +6,15 @@ import { HttpClient } from '@angular/common/http';
 })
 export class ApiService {
 
+  private static API = 'http://localhost:7272/api';
+
   constructor(private http: HttpClient) { }
 
   getCarrusel() {
-    const API = 'http://localhost:7272/api';
+    return this.http.get(`${ApiService.API}/carrusel`);
+  }
 
-    return this.http.get(`${API}/carrusel`);
+  deleteTest() {
+    return this.http.delete(`${ApiService.API}/test`);
   }
 }

crud/src/app/services/auth.service.spec.ts

@@ -0,0 +1,12 @@
+import { TestBed } from '@angular/core/testing';
+
+import { AuthService } from './auth.service';
+
+describe('AuthService', () => {
+  beforeEach(() => TestBed.configureTestingModule({}));
+
+  it('should be created', () => {
+    const service: AuthService = TestBed.get(AuthService);
+    expect(service).toBeTruthy();
+  });
+});

crud/src/app/services/auth.service.ts

@@ -0,0 +1,25 @@
+import { Injectable } from '@angular/core';
+import { HttpClient, HttpHeaders } from '@angular/common/http';
+
+@Injectable({
+  providedIn: 'root'
+})
+export class AuthService {
+
+  private static API_AUTH = 'http://localhost:7272/api/auth';
+
+  constructor(private http: HttpClient) {}
+
+  postLogin(nick: string, contraseña: string) {
+    let cuerpo = new URLSearchParams();
+    cuerpo.set('nick', nick);
+    cuerpo.set('contraseña', contraseña);
+
+    return this.http.post(`${AuthService.API_AUTH}/login`, cuerpo.toString(), {
+      headers: new HttpHeaders({
+        'Content-Type': 'application/x-www-form-urlencoded'
+      }),
+      withCredentials: true // necesario para enviar Y RECIBIR cookies
+    });
+  }
+}

src/app/resources/ApiResource.php

@@ -6,4 +6,12 @@ class ApiResource extends Resource {
     public function errorAction() {
         $this->setError(400, 'Petición incorrecta');
     }
+
+    public function testAction() {
+        $this->data = [
+            "deleted" => true
+        ];
+
+        $this->setData();
+    }
 }

src/configs/routes.php

@@ -108,5 +108,10 @@
         ]
     ],
     "delete" => [
+        "API, test" => [
+            "route" => "api/test",
+            "resource" => "api",
+            "action" => "test"
+        ]
     ]
 ];

src/index.php

@@ -4,11 +4,14 @@
 $config = require_once "./configs/config.php";
 
 // CORS: permitir acceso desde otros dominios
-header('Access-Control-Allow-Origin: *');
+// no sirve la wildcard si se manejan cookies, tiene que ser explicito
+header('Access-Control-Allow-Origin: http://localhost:4200');
 // CORS: permitir más métodos aparte de los permitidos en "simple request"
 header('Access-Control-Allow-Methods: *');
 // CORS: permitir cookies
 header('Access-Control-Allow-Credentials: true');
+// CORS: permitir headers aparte de las permitidas de normal
+header('Access-Control-Allow-Headers: Content-Type');
 
 // CORS: devolver 200 (y no seguir con el enrutamiento) para peticiones OPTIONS
 if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {