feat(api): refactored private API for voting

Author: thorsten

phpmyfaq/.htaccess

@@ -98,7 +98,7 @@ Header set Access-Control-Allow-Headers "Content-Type, Authorization"
     RewriteRule ^admin/api/(.*) admin/api/index.php [L,QSA]
 
     # Private APIs
-    RewriteRule ^api/(autocomplete|bookmark/([0-9]+)|user/data/update|user/password/update|user/request-removal|contact) api/index.php [L,QSA]
+    RewriteRule ^api/(autocomplete|bookmark/([0-9]+)|user/data/update|user/password/update|user/request-removal|contact|voting) api/index.php [L,QSA]
 
     # Setup APIs
     RewriteRule ^api/setup/(check|backup|update-database) api/index.php [L,QSA]

phpmyfaq/api.service.php

@@ -672,62 +672,6 @@
 
         break;
 
-    case 'add-voting':
-        $faq = new Faq($faqConfig);
-        $rating = new Rating($faqConfig);
-
-        $faqId = Filter::filterVar($postData['id'] ?? null, FILTER_VALIDATE_INT, 0);
-        $vote = Filter::filterVar($postData['value'], FILTER_VALIDATE_INT);
-        $userIp = Filter::filterVar($request->server->get('REMOTE_ADDR'), FILTER_VALIDATE_IP);
-
-        if (isset($vote) && $rating->check($faqId, $userIp) && $vote > 0 && $vote < 6) {
-            try {
-                $faqSession->userTracking('save_voting', $faqId);
-            } catch (Exception) {
-                // @todo handle the exception
-            }
-
-            $votingData = [
-                'record_id' => $faqId,
-                'vote' => $vote,
-                'user_ip' => $userIp,
-            ];
-
-            if ($rating->getNumberOfVotings($faqId) === 0) {
-                $rating->addVoting($votingData);
-            } else {
-                $rating->update($votingData);
-            }
-
-            $response->setStatusCode(Response::HTTP_OK);
-            $response->setData([
-                'success' => Translation::get('msgVoteThanks'),
-                'rating' => $rating->getVotingResult($faqId),
-            ]);
-        } elseif (!$rating->check($faqId, $userIp)) {
-            try {
-                $faqSession->userTracking('error_save_voting', $faqId);
-            } catch (Exception $exception) {
-                $response->setStatusCode(Response::HTTP_BAD_REQUEST);
-                $response->setData(['error' => $exception->getMessage()]);
-            }
-
-            $response->setStatusCode(Response::HTTP_BAD_REQUEST);
-            $response->setData(['error' => Translation::get('err_VoteTooMuch')]);
-        } else {
-            try {
-                $faqSession->userTracking('error_save_voting', $faqId);
-            } catch (Exception $exception) {
-                $response->setStatusCode(Response::HTTP_BAD_REQUEST);
-                $response->setData(['error' => $exception->getMessage()]);
-            }
-
-            $response->setStatusCode(Response::HTTP_BAD_REQUEST);
-            $response->setData(['error' => Translation::get('err_noVote')]);
-        }
-
-        break;
-
     // Send mails to friends
     case 'sendtofriends':
         $postData = json_decode(file_get_contents('php://input'), true, 512, JSON_THROW_ON_ERROR);

phpmyfaq/assets/src/api/index.js

@@ -4,3 +4,4 @@ export * from './contact';
 export * from './forms';
 export * from './setup';
 export * from './user';
+export * from './voting';

phpmyfaq/assets/src/api/voting.js

@@ -0,0 +1,41 @@
+/**
+ * Private Voting API functionality
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public License,
+ * v. 2.0. If a copy of the MPL was not distributed with this file, You can
+ * obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * @package   phpMyFAQ
+ * @author    Thorsten Rinne <[email protected]>
+ * @copyright 2024 phpMyFAQ Team
+ * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @link      https://www.phpmyfaq.de
+ * @since     2024-03-09
+ */
+
+export const saveVoting = async (votingId, votingLanguage, selectedIndex) => {
+  try {
+    const response = await fetch('api/voting', {
+      method: 'POST',
+      cache: 'no-cache',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        id: votingId,
+        lang: votingLanguage,
+        value: selectedIndex,
+      }),
+      redirect: 'follow',
+      referrerPolicy: 'no-referrer',
+    });
+
+    if (response.ok) {
+      return await response.json();
+    } else {
+      return await response.json();
+    }
+  } catch (error) {
+    console.error(error);
+  }
+};

phpmyfaq/assets/src/faq/voting.js

@@ -13,6 +13,7 @@
  * @since     2023-03-20
  */
 import { addElement } from '../utils';
+import { saveVoting } from '../api';
 
 export const handleUserVoting = () => {
   const votingForm = document.querySelector('.pmf-voting-form');
@@ -35,7 +36,7 @@ export const handleUserVoting = () => {
 
     votingForm.addEventListener(
       'submit',
-      (event) => {
+      async (event) => {
         event.preventDefault();
 
         const selectedButton = document.activeElement;
@@ -64,47 +65,24 @@ export const handleUserVoting = () => {
         // Save to backend
         const votingId = document.getElementById('voting-id').value;
         const votingLanguage = document.getElementById('voting-language').value;
-        fetch(`api.service.php?action=add-voting`, {
-          method: 'POST',
-          headers: {
-            Accept: 'application/json, text/plain, */*',
-            'Content-Type': 'application/json',
-          },
-          body: JSON.stringify({
-            id: votingId,
-            lang: votingLanguage,
-            value: selectedIndex,
-          }),
-        })
-          .then(async (response) => {
-            if (response.ok) {
-              return response.json();
-            }
-            throw new Error('Network response was not ok: ', { cause: { response } });
-          })
-          .then((response) => {
-            if (response.success) {
-              const message = document.getElementById('pmf-voting-result');
-              message.insertAdjacentElement(
-                'afterend',
-                addElement('div', { classList: 'alert alert-success', innerText: response.success })
-              );
-            } else {
-              const element = document.getElementById('pmf-voting-result');
-              element.insertAdjacentElement(
-                'afterend',
-                addElement('div', { classList: 'alert alert-danger', innerText: response.error })
-              );
-            }
-          })
-          .catch(async (error) => {
-            const element = document.getElementById('pmf-voting-result');
-            const errorMessage = await error.cause.response.json();
-            element.insertAdjacentElement(
-              'afterend',
-              addElement('div', { classList: 'alert alert-danger', innerText: errorMessage.error })
-            );
-          });
+
+        const response = await saveVoting(votingId, votingLanguage, selectedIndex);
+
+        if (response.success) {
+          const message = document.getElementById('pmf-voting-result');
+          message.insertAdjacentElement(
+            'afterend',
+            addElement('div', { classList: 'alert alert-success', innerText: response.success })
+          );
+        }
+
+        if (response.error) {
+          const element = document.getElementById('pmf-voting-result');
+          element.insertAdjacentElement(
+            'afterend',
+            addElement('div', { classList: 'alert alert-danger', innerText: response.error })
+          );
+        }
       },
       false
     );

phpmyfaq/src/api-routes.php

@@ -35,6 +35,7 @@
 use phpMyFAQ\Controller\Frontend\BookmarkController;
 use phpMyFAQ\Controller\Frontend\ContactController;
 use phpMyFAQ\Controller\Frontend\UserController;
+use phpMyFAQ\Controller\Frontend\VotingController;
 use phpMyFAQ\Controller\Setup\SetupController;
 use phpMyFAQ\System;
 use Symfony\Component\Routing\Route;
@@ -184,6 +185,10 @@
     'api.user.update',
     new Route('user/data/update', ['_controller' => [UserController::class, 'updateData'], '_methods' => 'PUT'])
 );
+$routes->add(
+    'api.voting',
+    new Route('voting', ['_controller' => [VotingController::class, 'create'], '_methods' => 'POST'])
+);
 
 // Setup REST API
 $routes->add(

phpmyfaq/src/phpMyFAQ/Controller/Frontend/VotingController.php

@@ -2,13 +2,80 @@
 
 namespace phpMyFAQ\Controller\Frontend;
 
+use Exception;
+use phpMyFAQ\Configuration;
 use phpMyFAQ\Controller\AbstractController;
+use phpMyFAQ\Filter;
+use phpMyFAQ\Rating;
+use phpMyFAQ\Session;
+use phpMyFAQ\Translation;
+use phpMyFAQ\User\CurrentUser;
 use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
 
 class VotingController extends AbstractController
 {
-    public function create(): JsonResponse
+    /**
+     * @throws Exception
+     */
+    public function create(Request $request): JsonResponse
     {
-        return $this->json(['status' => 'ok']);
+        $configuration = Configuration::getConfigurationInstance();
+        $user = CurrentUser::getCurrentUser($configuration);
+
+        $rating = new Rating($configuration);
+        $session = new Session($configuration);
+        $session->setCurrentUser($user);
+
+        $data = json_decode($request->getContent());
+
+        $faqId = Filter::filterVar($data->id ?? null, FILTER_VALIDATE_INT, 0);
+        $vote = Filter::filterVar($data->value, FILTER_VALIDATE_INT);
+        $userIp = Filter::filterVar($request->server->get('REMOTE_ADDR'), FILTER_VALIDATE_IP);
+
+        if (isset($vote) && $rating->check($faqId, $userIp) && $vote > 0 && $vote < 6) {
+            try {
+                $session->userTracking('save_voting', $faqId);
+            } catch (Exception $exception) {
+                $configuration->getLogger()->error('Error saving voting', ['exception' => $exception]);
+            }
+
+            $votingData = [
+                'record_id' => $faqId,
+                'vote' => $vote,
+                'user_ip' => $userIp,
+            ];
+
+            if ($rating->getNumberOfVotings($faqId) === 0) {
+                $rating->addVoting($votingData);
+            } else {
+                $rating->update($votingData);
+            }
+
+            return $this->json(
+                [
+                    'success' => Translation::get('msgVoteThanks'),
+                    'rating' => $rating->getVotingResult($faqId),
+                ],
+                Response::HTTP_OK
+            );
+        } elseif (!$rating->check($faqId, $userIp)) {
+            try {
+                $session->userTracking('error_save_voting', $faqId);
+            } catch (Exception $exception) {
+                return $this->json(['error' => $exception->getMessage()], Response::HTTP_BAD_REQUEST);
+            }
+
+            return $this->json(['error' => Translation::get('err_VoteTooMuch')], Response::HTTP_BAD_REQUEST);
+        } else {
+            try {
+                $session->userTracking('error_save_voting', $faqId);
+            } catch (Exception $exception) {
+                return $this->json(['error' => $exception->getMessage()], Response::HTTP_BAD_REQUEST);
+            }
+
+            return $this->json(['error' => Translation::get('err_noVote')], Response::HTTP_BAD_REQUEST);
+        }
     }
 }