Add API endpoint to create new user

bootstrap.php

@@ -7,6 +7,7 @@
 $builder = new DI\ContainerBuilder();
 $builder->addDefinitions(
     [
+        \Movary\HttpController\Web\AuthenticationController::class => DI\Factory([Factory::class, 'createAuthenticationController']),
         \Movary\ValueObject\Config::class => DI\factory([Factory::class, 'createConfig']),
         \Movary\Api\Trakt\TraktApi::class => DI\factory([Factory::class, 'createTraktApi']),
         \Movary\Service\ImageCacheService::class => DI\factory([Factory::class, 'createImageCacheService']),
@@ -18,7 +19,7 @@
         \Movary\HttpController\Web\CreateUserController::class => DI\factory([Factory::class, 'createCreateUserController']),
         \Movary\HttpController\Web\JobController::class => DI\factory([Factory::class, 'createJobController']),
         \Movary\HttpController\Web\LandingPageController::class => DI\factory([Factory::class, 'createLandingPageController']),
-        \Movary\HttpController\Web\Middleware\ServerHasRegistrationEnabled::class => DI\factory([Factory::class, 'createMiddlewareServerHasRegistrationEnabled']),
+        \Movary\HttpController\Api\Middleware\CreateUserMiddleware::class => DI\factory([Factory::class, 'createCreateUserMiddleware']),
         \Movary\ValueObject\Http\Request::class => DI\factory([Factory::class, 'createCurrentHttpRequest']),
         \Movary\Command\CreatePublicStorageLink::class => DI\factory([Factory::class, 'createCreatePublicStorageLink']),
         \Movary\Command\DatabaseMigrationStatus::class => DI\factory([Factory::class, 'createDatabaseMigrationStatusCommand']),

public/js/app.js

@@ -430,7 +430,7 @@ function getCurrentDate() {
  * Rating star logic starting here
  */
 async function fetchRating(tmdbId) {
-    const response = await fetch('/fetchMovieRatingByTmdbdId?tmdbId=' + tmdbId)
+    const response = await fetch('/api/fetchMovieRatingByTmdbdId?tmdbId=' + tmdbId)
 
     if (!response.ok) {
         throw new Error(`HTTP error! status: ${response.status}`)

public/js/createnewuser.js

@@ -0,0 +1,27 @@
+const MOVARY_CLIENT_IDENTIFIER = 'Movary Web';
+const button = document.getElementById('createNewUserBtn');
+
+async function submitNewUser() {
+    await fetch('/api/create-user', {
+        'method': 'POST',
+        'headers': {
+            'Content-Type': 'application/json',
+            'X-Movary-Client': MOVARY_CLIENT_IDENTIFIER
+        },
+        'body': JSON.stringify({
+            "email": document.getElementById('emailInput').value,
+            "username": document.getElementById('usernameInput').value,
+            "password": document.getElementById('passwordInput').value,
+            "repeatPassword": document.getElementById('repeatPasswordInput').value
+        }),
+    }).then(response => {
+        if(response.status === 200) {
+            window.location.href = '/';
+        } else {
+            return response.json();
+        }
+    }).then(error => {
+        document.getElementById('createUserResponse').innerText = error['message'];
+        document.getElementById('createUserResponse').classList.remove('d-none');
+    });
+}

public/js/movie.js

@@ -58,14 +58,16 @@ function getRouteUsername() {
 }
 
 function saveRating() {
-    let newRating = getRatingFromStars('editRatingModal')
+    let newRating = getRatingFromStars('editRatingModal');
 
-    fetch('/users/' + getRouteUsername() + '/movies/' + getMovieId() + '/rating', {
+    fetch('/api/users/' + getRouteUsername() + '/movies/' + getMovieId() + '/rating', {
         method: 'post',
         headers: {
-            'Content-type': 'application/x-www-form-urlencoded; charset=UTF-8'
+            'Content-type': 'application/json'
         },
-        body: 'rating=' + newRating
+        body: JSON.stringify({
+            'rating': newRating
+        })
     }).then(function (response) {
         if (response.ok === false) {
             addAlert('editRatingModalDiv', 'Could not update rating.', 'danger')

settings/routes.php

@@ -19,11 +19,6 @@ function addWebRoutes(RouterService $routerService, FastRoute\RouteCollector $ro
 
     $routes->add('GET', '/', [Web\LandingPageController::class, 'render'], [Web\Middleware\UserIsUnauthenticated::class, Web\Middleware\ServerHasNoUsers::class]);
     $routes->add('GET', '/login', [Web\AuthenticationController::class, 'renderLoginPage'], [Web\Middleware\UserIsUnauthenticated::class]);
-    $routes->add('POST', '/create-user', [Web\CreateUserController::class, 'createUser'], [
-        Web\Middleware\UserIsUnauthenticated::class,
-        Web\Middleware\ServerHasUsers::class,
-        Web\Middleware\ServerHasRegistrationEnabled::class
-    ]);
     $routes->add('GET', '/create-user', [Web\CreateUserController::class, 'renderPage'], [
         Web\Middleware\UserIsUnauthenticated::class,
         Web\Middleware\ServerHasUsers::class,
@@ -184,13 +179,8 @@ function addWebRoutes(RouterService $routerService, FastRoute\RouteCollector $ro
         Web\HistoryController::class,
         'createHistoryEntry'
     ], [Web\Middleware\UserIsAuthenticated::class]);
-    $routes->add('POST', '/users/{username:[a-zA-Z0-9]+}/movies/{id:\d+}/rating', [
-        Web\Movie\MovieRatingController::class,
-        'updateRating'
-    ], [Web\Middleware\UserIsAuthenticated::class]);
     $routes->add('POST', '/log-movie', [Web\HistoryController::class, 'logMovie'], [Web\Middleware\UserIsAuthenticated::class]);
     $routes->add('POST', '/add-movie-to-watchlist', [Web\WatchlistController::class, 'addMovieToWatchlist'], [Web\Middleware\UserIsAuthenticated::class]);
-    $routes->add('GET', '/fetchMovieRatingByTmdbdId', [Web\Movie\MovieRatingController::class, 'fetchMovieRatingByTmdbdId'], [Web\Middleware\UserIsAuthenticated::class]);
 
     $routerService->addRoutesToRouteCollector($routeCollector, $routes, true);
 }
@@ -203,6 +193,10 @@ function addApiRoutes(RouterService $routerService, FastRoute\RouteCollector $ro
     $routes->add('POST', '/authentication/token', [Api\AuthenticationController::class, 'createToken']);
     $routes->add('DELETE', '/authentication/token', [Api\AuthenticationController::class, 'destroyToken']);
     $routes->add('GET', '/authentication/token', [Api\AuthenticationController::class, 'getTokenData']);
+    $routes->add('POST', '/create-user', [Api\CreateUserController::class, 'createUser'], [Api\Middleware\IsUnauthenticated::class, Api\Middleware\CreateUserMiddleware::class]);
+
+    $routes->add('GET', '/users/{username:[a-zA-Z0-9]+}/statistics/dashboard', [Api\StatisticsController::class, 'getDashboardData'], [Api\Middleware\IsAuthorizedToReadUserData::class]);
+    $routes->add('GET', '/users/{username:[a-zA-Z0-9]+}/statistics/{statistic:[a-zA-Z]+}', [Api\StatisticsController::class, 'getStatistic'], [Api\Middleware\IsAuthorizedToReadUserData::class]);
 
     $routeUserHistory = '/users/{username:[a-zA-Z0-9]+}/history/movies';
     $routes->add('GET', $routeUserHistory, [Api\HistoryController::class, 'getHistory'], [Api\Middleware\IsAuthorizedToReadUserData::class]);
@@ -223,6 +217,9 @@ function addApiRoutes(RouterService $routerService, FastRoute\RouteCollector $ro
 
     $routes->add('GET', '/movies/search', [Api\MovieSearchController::class, 'search'], [Api\Middleware\IsAuthenticated::class]);
 
+    $routes->add('POST', '/users/{username:[a-zA-Z0-9]+}/movies/{id:\d+}/rating', [Api\MovieRatingController::class, 'updateRating'], [Api\Middleware\IsAuthorizedToWriteUserData::class]);
+    $routes->add('GET', '/fetchMovieRatingByTmdbdId', [Api\MovieRatingController::class, 'fetchMovieRatingByTmdbdId'], [Api\Middleware\IsAuthenticated::class]);
+
     $routes->add('POST', '/webhook/plex/{id:.+}', [Api\PlexController::class, 'handlePlexWebhook']);
     $routes->add('POST', '/webhook/jellyfin/{id:.+}', [Api\JellyfinController::class, 'handleJellyfinWebhook']);
     $routes->add('POST', '/webhook/emby/{id:.+}', [Api\EmbyController::class, 'handleEmbyWebhook']);

src/Domain/User/Service/Authentication.php

@@ -9,7 +9,7 @@
 use Movary\Domain\User\UserApi;
 use Movary\Domain\User\UserEntity;
 use Movary\Domain\User\UserRepository;
-use Movary\HttpController\Web\CreateUserController;
+use Movary\HttpController\Api\CreateUserController;
 use Movary\Util\SessionWrapper;
 use Movary\ValueObject\DateTime;
 use Movary\ValueObject\Http\Request;

src/Domain/User/Service/Validator.php

@@ -48,6 +48,9 @@ public function ensureNameIsUnique(string $name, ?int $expectUserId = null) : vo
         }
     }
 
+    /**
+     * @throws PasswordTooShort
+     */
     public function ensurePasswordIsValid(string $password) : void
     {
         if (strlen($password) < self::PASSWORD_MIN_LENGTH) {

src/Factory.php

@@ -13,14 +13,14 @@
 use Movary\Api\Trakt\Cache\User\Movie\Watched;
 use Movary\Api\Trakt\TraktApi;
 use Movary\Api\Trakt\TraktClient;
-use Movary\Command;
 use Movary\Command\CreatePublicStorageLink;
 use Movary\Domain\Movie\MovieApi;
 use Movary\Domain\Movie\Watchlist\MovieWatchlistApi;
 use Movary\Domain\User;
 use Movary\Domain\User\Service\Authentication;
 use Movary\Domain\User\UserApi;
 use Movary\HttpController\Api\OpenApiController;
+use Movary\HttpController\Web\AuthenticationController;
 use Movary\HttpController\Web\CreateUserController;
 use Movary\HttpController\Web\JobController;
 use Movary\HttpController\Web\LandingPageController;
@@ -65,6 +65,15 @@ class Factory
 
     private const DEFAULT_ENABLE_FILE_LOGGING = true;
 
+    public static function createAuthenticationController(ContainerInterface $container) : AuthenticationController
+    {
+        return new AuthenticationController(
+            $container->get(Twig\Environment::class),
+            $container->get(Authentication::class),
+            $container->get(SessionWrapper::class)
+        );
+    }
+
     public static function createConfig(ContainerInterface $container) : Config
     {
         $dotenv = Dotenv::createMutable(self::createDirectoryAppRoot());
@@ -92,9 +101,7 @@ public static function createCreateUserController(ContainerInterface $container)
     {
         return new CreateUserController(
             $container->get(Twig\Environment::class),
-            $container->get(Authentication::class),
             $container->get(UserApi::class),
-            $container->get(SessionWrapper::class),
         );
     }
 
@@ -241,9 +248,10 @@ public static function createLogger(ContainerInterface $container, Config $confi
         return $logger;
     }
 
-    public static function createMiddlewareServerHasRegistrationEnabled(Config $config) : HttpController\Web\Middleware\ServerHasRegistrationEnabled
+    public static function createCreateUserMiddleware(Config $config, ContainerInterface $container) : HttpController\Api\Middleware\CreateUserMiddleware
     {
-        return new HttpController\Web\Middleware\ServerHasRegistrationEnabled(
+        return new HttpController\Api\Middleware\CreateUserMiddleware(
+            $container->get(UserApi::class),
             $config->getAsBool('ENABLE_REGISTRATION', false)
         );
     }

src/HttpController/Api/CreateUserController.php

@@ -0,0 +1,115 @@
+<?php
+
+namespace Movary\HttpController\Api;
+
+use Movary\Domain\User\Exception\EmailNotUnique;
+use Movary\Domain\User\Exception\PasswordTooShort;
+use Movary\Domain\User\Exception\UsernameInvalidFormat;
+use Movary\Domain\User\Exception\UsernameNotUnique;
+use Movary\Domain\User\Service\Authentication;
+use Movary\Domain\User\UserApi;
+use Movary\Util\Json;
+use Movary\ValueObject\Http\Header;
+use Movary\ValueObject\Http\Request;
+use Movary\ValueObject\Http\Response;
+use Exception;
+
+class CreateUserController
+{
+    public const STRING MOVARY_WEB_CLIENT = 'Movary Web';
+    public function __construct(
+        private readonly Authentication $authenticationService,
+        private readonly UserApi $userApi,
+    ) {
+    }
+
+    // phpcs:ignore Generic.Metrics.CyclomaticComplexity.TooHigh
+    public function createUser(Request $request) : Response
+    {
+        $hasUsers = $this->userApi->hasUsers();
+        $jsonData = Json::decode($request->getBody());
+
+        $deviceName = $request->getHeaders()['X-Movary-Client'] ?? null;
+        if(empty($deviceName)) {
+            return Response::createBadRequest('No client header');
+        }
+        $userAgent = $request->getUserAgent();
+
+        $email = empty($jsonData['email']) === true ? null : (string)$jsonData['email'];
+        $username = empty($jsonData['username']) === true ? null : (string)$jsonData['username'];
+        $password = empty($jsonData['password']) === true ? null : (string)$jsonData['password'];
+        $repeatPassword = empty($jsonData['repeatPassword']) === true ? null : (string)$jsonData['repeatPassword'];
+
+        if ($email === null || $username === null || $password === null || $repeatPassword === null) {
+            return Response::createBadRequest(
+                Json::encode([
+                    'error' => 'MissingInput',
+                    'message' => 'Email, username, password or the password repeat is missing'
+                ]),
+                [Header::createContentTypeJson()],
+            );
+        }
+
+        if ($password !== $repeatPassword) {
+            return Response::createBadRequest(
+                Json::encode([
+                    'error' => 'PasswordsNotEqual',
+                    'message' => 'The repeated password is not the same as the password'
+                ]),
+                [Header::createContentTypeJson()],
+            );
+        }
+
+        try {
+            $this->userApi->createUser($email, $password, $username, $hasUsers === false);
+            $userAndAuthToken = $this->authenticationService->login($email, $password, false, $deviceName, $userAgent);
+
+            return Response::createJson(
+                Json::encode([
+                    'userId' => $userAndAuthToken['user']->getId(),
+                    'authToken' => $userAndAuthToken['token']
+                ]),
+            );
+        } catch (UsernameInvalidFormat) {
+            return Response::createBadRequest(
+                Json::encode([
+                    'error' => 'UsernameInvalidFormat',
+                    'message' => 'Username can only contain letters or numbers'
+                ]),
+                [Header::createContentTypeJson()],
+            );
+        } catch (UsernameNotUnique) {
+            return Response::createBadRequest(
+                Json::encode([
+                    'error' => 'UsernameNotUnique',
+                    'message' => 'Username is already taken'
+                ]),
+                [Header::createContentTypeJson()],
+            );
+        } catch (EmailNotUnique) {
+            return Response::createBadRequest(
+                Json::encode([
+                    'error' => 'EmailNotUnique',
+                    'message' => 'Email is already taken'
+                ]),
+                [Header::createContentTypeJson()],
+            );
+        } catch(PasswordTooShort) {
+            return Response::createBadRequest(
+                Json::encode([
+                    'error' => 'PasswordTooShort',
+                    'message' => 'Password must be at least 8 characters'
+                ]),
+                [Header::createContentTypeJson()],
+            );
+        } catch (Exception) {
+            return Response::createBadRequest(
+                Json::encode([
+                    'error' => 'GenericError',
+                    'message' => 'Something has gone wrong. Please check the logs and try again later.'
+                ]),
+                [Header::createContentTypeJson()],
+            );
+        }
+    }
+}

src/HttpController/Api/Middleware/CreateUserMiddleware.php

@@ -0,0 +1,25 @@
+<?php declare(strict_types=1);
+
+namespace Movary\HttpController\Api\Middleware;
+
+use Movary\Domain\User\UserApi;
+use Movary\HttpController\Web\Middleware\MiddlewareInterface;
+use Movary\ValueObject\Http\Response;
+
+class CreateUserMiddleware implements MiddlewareInterface
+{
+    public function __construct(
+        readonly private UserApi $userApi,
+        readonly private bool $registrationEnabled
+    ) {
+    }
+
+    public function __invoke() : ?Response
+    {
+        if ($this->registrationEnabled === false && $this->userApi->hasUsers() === true) {
+            return Response::createForbidden();
+        }
+
+        return null;
+    }
+}

src/HttpController/Api/Middleware/IsUnauthenticated.php

@@ -0,0 +1,24 @@
+<?php declare(strict_types=1);
+
+namespace Movary\HttpController\Api\Middleware;
+
+use Movary\Domain\User\Service\Authentication;
+use Movary\ValueObject\Http\Request;
+use Movary\ValueObject\Http\Response;
+
+class IsUnauthenticated implements MiddlewareInterface
+{
+    public function __construct(
+        private readonly Authentication $authenticationService,
+    ) {
+    }
+
+    public function __invoke(Request $request) : ?Response
+    {
+        if ($this->authenticationService->getUserIdByApiToken($request) !== null) {
+            return Response::createForbidden();
+        }
+
+        return null;
+    }
+}