Merge branch 'mevdschee:main' into main

Author: apps-caraga

.gitattributes

@@ -0,0 +1,12 @@
+/docker/ export-ignore
+/examples/ export-ignore
+/extras/ export-ignore
+/src/index.php export-ignore
+/tests/ export-ignore
+/.gitattributes export-ignore
+/.gitignore export-ignore
+/.htaccess export-ignore
+/*.php export-ignore
+/*.sh export-ignore
+/docker-compose.yml export-ignore
+/Dockerfile export-ignore

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021 Maurits van der Schee
+Copyright (c) 2022 Maurits van der Schee
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -16,6 +16,11 @@ NB: This is the [TreeQL](https://treeql.org) reference implementation in PHP.
 
 ## Installation
 
+Download the "`api.php`" file from the latest release:
+
+https://github.com/mevdschee/php-crud-api/releases/latest or direct from:  
+https://raw.githubusercontent.com/mevdschee/php-crud-api/main/api.php
+
 This is a single file application! Upload "`api.php`" somewhere and enjoy!
 
 For local development you may run PHP's built-in web server:
@@ -134,8 +139,9 @@ Related projects:
   - [PHP-CRUD-UI](https://github.com/mevdschee/php-crud-ui): Single file PHP script that adds a UI to a PHP-CRUD-API project.
   - [PHP-CRUD-ADMIN](https://github.com/mevdschee/php-crud-admin): Single file PHP script that adds a database admin interface to a PHP-CRUD-API project.
   - [PHP-SP-API](https://github.com/mevdschee/php-sp-api): Single file PHP script that adds a REST API to a SQL database.
-  - [VUE-CRUD-UI](https://github.com/nlware/vue-crud-ui): Single file Vue.js script that adds a UI to a PHP-CRUD-API project.
   - [ra-data-treeql](https://github.com/nkappler/ra-data-treeql): NPM package that provides a [Data Provider](https://marmelab.com/react-admin/DataProviderIntroduction.html) for [React Admin](https://marmelab.com/react-admin/).
+  - [scriptPilot/vueuse](https://github.com/scriptPilot/vueuse/): Vue [Composables](https://vuejs.org/guide/reusability/composables.html) in addition to [VueUse.org](https://vueuse.org/) (that support PHP-CRUD-API).
+  - [VUE-CRUD-UI](https://github.com/nlware/vue-crud-ui): Single file Vue.js script that adds a UI to a PHP-CRUD-API project.
 
 There are also ports of this script in:
 
@@ -285,7 +291,7 @@ On list operations you may apply filters and joins.
 ### Filters
 
 Filters provide search functionality, on list calls, using the "filter" parameter. You need to specify the column
-name, a comma, the match type, another commma and the value you want to filter on. These are supported match types:
+name, a comma, the match type, another comma and the value you want to filter on. These are supported match types:
 
   - "cs": contain string (string contains value)
   - "sw": start with (string starts with value)
@@ -572,7 +578,7 @@ This adjusts the titles of the posts. And the return values are the number of ro
     [1,1]
 
 Which means that there were two update operations and each of them had set one row. Batch operations use database
-transactions, so they either all succeed or all fail (successful ones get roled back). If they fail the body will
+transactions, so they either all succeed or all fail (successful ones get rolled back). If they fail the body will
 contain the list of error documents. In the following response the first operation succeeded and the second operation
 of the batch failed due to an integrity violation:
 
@@ -667,7 +673,7 @@ You can enable the following middleware using the "middlewares" config parameter
 - "multiTenancy": Restricts tenants access in a multi-tenant scenario
 - "pageLimits": Restricts list operations to prevent database scraping
 - "joinLimits": Restricts join parameters to prevent database scraping
-- "textSearch": Search in all text fields with a simple paramater
+- "textSearch": Search in all text fields with a simple parameter
 - "customization": Provides handlers for request and response customization
 - "json": Support read/write of JSON strings as JSON objects/arrays
 - "xml": Translates all input and output from JSON to XML
@@ -709,6 +715,7 @@ You can tune the middleware behavior using middleware specific configuration par
 - "dbAuth.passwordFormField": The name of the form field that holds the password ("password")
 - "dbAuth.newPasswordFormField": The name of the form field that holds the new password ("newPassword")
 - "dbAuth.registerUser": JSON user data (or "1") in case you want the /register endpoint enabled ("")
+- "dbAuth.loginAfterRegistration": 1 or zero if registered users should be logged in after registration ("")
 - "dbAuth.passwordLength": Minimum length that the password must have ("12")
 - "dbAuth.sessionName": The name of the PHP session that is started ("")
 - "jwtAuth.mode": Set to "optional" if you want to allow anonymous access ("required")
@@ -765,7 +772,7 @@ In the sections below you find more information on the built-in middleware.
 ### Authentication
 
 Currently there are five types of authentication supported. They all store the authenticated user in the `$_SESSION` super global.
-This variable can be used in the authorization handlers to decide wether or not sombeody should have read or write access to certain tables, columns or records.
+This variable can be used in the authorization handlers to decide wether or not somebody should have read or write access to certain tables, columns or records.
 The following overview shows the kinds of authentication middleware that you can enable.
 
 | Name       | Middleware   | Authenticated via      | Users are stored in | Session variable        |
@@ -782,7 +789,7 @@ Below you find more information on each of the authentication types.
 
 API key authentication works by sending an API key in a request header.
 The header name defaults to "X-API-Key" and can be configured using the 'apiKeyAuth.header' configuration parameter.
-Valid API keys must be configured using the 'apiKeyAuth.keys' configuration parameter (comma seperated list).
+Valid API keys must be configured using the 'apiKeyAuth.keys' configuration parameter (comma separated list).
 
     X-API-Key: 02c042aa-c3c2-4d11-9dae-1a6e230ea95e
 
@@ -832,7 +839,7 @@ Note that this middleware uses session cookies and stores the logged in state on
 
 **Login using views with joined table**
 
-For login operations, it is possible to use a view as the usersTable. Such view can return a filtered result from the users table, e.g., *where active = true* or it may also return a result multiple tables thru a table join. At a minimum, the view should include the ***username*** and ***password***.
+For login operations, it is possible to use a view as the usersTable. Such view can return a filtered result from the users table, e.g., *where active = true* or it may also return a result multiple tables thru a table join. At a minimum, the view should include the ***username*** and ***password*** and a field named ***id***.
 
 However, views with joined tables are not insertable ([see issue 907](https://github.com/mevdschee/php-crud-api/issues/907) ). As a workaround, use the property ***loginTable*** to set a different reference table for login. The **usersTable** will still be set to the normal, insertable users table. 
 
@@ -1394,6 +1401,9 @@ The following errors may be reported:
 | 1017  | 403 Forbidden             | Bad or missing XSRF token 
 | 1018  | 403 Forbidden             | Only AJAX requests allowed 
 | 1019  | 403 Forbidden             | Pagination Forbidden 
+| 1020  | 409 Conflict              | User already exists
+| 1021  | 422 Unprocessable entity  | Password too short
+| 1022  | 422 Unprocessable entity  | Username is empty
 | 9999  | 500 Internal server error | Unknown error 
 
 The following JSON structure is used: