update v1

.gitignore

@@ -0,0 +1,38 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+# See http://help.github.com/ignore-files/ for more about ignoring files.
+
+.env
+.env.local
+
+# Mac OS X
+.DS_Store
+._.*
+._*
+
+# Compiler files
+node_modules/
+*.lock 
+*.local
+
+# DB Files
+app/data/*.db
+*.db
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

CHANGELOG.md

@@ -0,0 +1 @@
+# Change log

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 PIGMIL.COM
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,35 @@
+# Free API
+
+![Maintenance](https://img.shields.io/maintenance/yes/2024?logo=github)
+![Build Status](https://github.com/asilvafx/free-api/actions/workflows/deploy.yml/badge.svg)
+![PHP Version](https://img.shields.io/badge/php-%3E%3D7.4-blue)
+![SQLite](https://img.shields.io/badge/sqlite-v3.36.0-green)
+
+## Overview
+
+Welcome to the Free API project! This is a PHP API backend built using the F3 Fat-Free Framework and Webpack 5. The goal of this project is to provide a robust and easy-to-implement backend framework that supports REST API, JWT authentication, MVC architecture, user authentication, two-factor authentication (2-FA), WebAuthn, SQLite databases, and a user-friendly administration layout.
+
+## Features
+
+- **REST API**: Easily create and manage RESTful services.
+- **JWT Authentication**: Secure your API with JSON Web Tokens.
+- **MVC Architecture**: Organize your code with the Model-View-Controller pattern.
+- **User  Authentication**: Implement user registration and login functionalities.
+- **Two-Factor Authentication (2-FA)**: Enhance security with an additional layer of authentication.
+- **WebAuthn**: Support for modern passwordless authentication methods.
+- **SQLite Database**: Lightweight and easy-to-use database solution.
+- **User -Friendly UI/UX**: An intuitive administration layout for easy management.
+
+## Installation
+
+To get started with the Free API, follow these steps:
+
+1. **Clone the Repository**:
+   ```bash
+   git clone https://github.com/asilvafx/free-api.git
+   cd free-api
+
+2. **Install Dependencies**:
+  ```bash 
+    composer install
+    npm install

SECURITY.md

@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+The following release versions of the template are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.x   | :white_check_mark: |
+| < 4.x | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a security issue in this webpack boilerplate, please report it by sending an email to [email protected].
+
+This will allow us to assess the risk, and make a fix available before we add a bug report to the GitHub repository.
+
+Thanks for helping make this boilerplate safe for everyone!

app/.gitignore

@@ -0,0 +1 @@
+vendor

app/.htaccess

@@ -0,0 +1 @@
+Deny from all

app/autoload.php

@@ -0,0 +1,190 @@
+<?php
+
+// Load core of the framework
+$f3 = require_once(ROOT . 'lib/base.php');
+
+// Load server configuration files
+$f3->config(ROOT . 'config/server.ini');
+
+// Server errors
+$debug = 0;
+if ($f3->get('DEBUG') > 0) {
+    $debug = 1;
+    error_reporting(E_ALL);
+} else {
+    error_reporting($debug);
+}
+ini_set('display_errors', $debug);
+ini_set('display_startup_errors', $debug);
+
+// Headers Config
+header('Access-Control-Allow-Origin: *');
+header("Access-Control-Allow-Headers: *");
+header("Access-Control-Allow-Methods: *");
+
+ini_set('session.save_path', ROOT . 'tmp/session/');
+
+// Start session
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
+$public_path = $f3->get('SCHEME') . '://' . $f3->get('HOST') . $f3->get('BASE') . '/';
+
+$f3->set('ROOT', ROOT);
+$f3->set('PUBLIC', 'public');
+
+// Load Site Db
+$dbConn = $f3->get('db') . ':' . $f3->get('dbPath');
+$db = new DB\SQL($dbConn);
+$siteDb = null;
+
+$site = new DB\SQL\Mapper($db, 'site');
+$site->load(array('id>? AND setup_wizzard>?', 0, 0));
+
+if ($site->dry()) {
+    $f3->set('SITE.wizzard', true);
+    $f3->route('GET|POST /', 'Setup->wizzard');
+    $f3->route('GET|POST /setup/@slug*', 'Setup->wizzard');
+} else {
+    $f3->set('SITE.wizzard', false);
+
+    // Load site configuration
+    $f3->set('SITE.name', $site->site_name); // Site Name
+    $f3->set('SITE.title', $site->site_title); // Site Title
+    $f3->set('SITE.description', $site->site_description); // Site Description
+    $f3->set('SITE.keywords', $site->site_keywords); // Site Keywords
+    $f3->set('SITE.logo', $site->site_logo); // Site Logo
+
+    $f3->set('SITE.currencyCode', 'EUR'); // Site Currency code (ex: USD)
+    $f3->set('SITE.currencySymbol', '€'); // Site Currency symbol (ex: $)
+
+    $f3->set('SITE.smtp_host', $site->smtp_host);  // SMTP Host
+    $f3->set('SITE.smtp_mail', $site->smtp_mail);  // SMTP Sender
+    $f3->set('SITE.smtp_port', $site->smtp_port);  // SMTP Port (Default: 465)
+    $f3->set('SITE.smtp_scheme', $site->smtp_scheme);  // SMTP Scheme: SSL/TSL
+    $f3->set('SITE.smtp_user', $site->smtp_mail);  // SMTP Username
+    $f3->set('SITE.smtp_pass', $site->smtp_pass);  // SMTP Password
+    $f3->set('SITE.uri_backend', $site->uri_backend);  // Backend URI (path)
+    $f3->set('SITE.uri_auth', $site->uri_auth);  // Backend URI (path)
+
+    $f3->set('SITE.color_primary',  $site->color_primary); // Primary Color
+    $f3->set('SITE.color_primary_text',  $site->color_primary_text); // Primary Text Color
+    $f3->set('SITE.color_dark',  $site->color_dark); // Dark Theme Color
+    $f3->set('SITE.color_light',  $site->color_light); // Light Theme Color
+    $f3->set('SITE.color_dark_secondary',  $site->color_dark_secondary); // Dark Theme Accent Color
+    $f3->set('SITE.color_light_secondary',  $site->color_light_secondary); // Light Theme Accent Color
+
+    $baseUrl = $f3->get('SCHEME') . '://' . $f3->get('HOST');
+    $f3->set('SITE.base_url', $baseUrl); // Site Base URL 
+    $f3->set('API.base_url', $baseUrl . '/v1'); // Sever RestAPI Base URL 
+
+    // Enable Frontend
+    $enable_frontend = false;
+    if ($site->enable_frontend > 0) {
+        $enable_frontend = true;
+    }
+    $f3->set('SITE.enable_frontend', $enable_frontend);  // Enable Frontend (true/false) 
+
+    // Enable API
+    $enable_api = false;
+    if ($site->enable_api > 0) {
+        $enable_api = true;
+    }
+    $f3->set('SITE.enable_api', $enable_api);  // Enable `API` (true/false) 
+
+    // Enable Register
+    $enable_register = false;
+    if ($site->enable_register > 0) {
+        $enable_register = true;
+    }
+    $f3->set('SITE.enable_register', $enable_register);  // Enable `Register` (true/false) 
+
+    // Load frontend routes
+    $f3->route('GET|POST|PUT /', 'Frontend->Base');
+    $f3->route('GET|POST|PUT /@slug*', 'Frontend->Base');
+
+    // Load auth routes
+    $f3->route('GET /' . $f3->get('SITE.uri_auth'), 'Authenticate->Base');
+    $f3->route('GET|POST /' . $f3->get('SITE.uri_auth') . '/@slug*', 'Authenticate->Base');
+    $f3->route('GET /' . $f3->get('SITE.uri_auth') . '/logout', 'Authenticate->Logout');
+
+    // Load backend routes
+    $f3->route('GET /' . $f3->get('SITE.uri_backend'), 'Backend->Base');
+    $f3->route('GET|POST /' . $f3->get('SITE.uri_backend') . '/@slug*', 'Backend->Base');
+
+    // Load api routes
+    $f3->route('GET|POST|PUT|DELETE /v1/@slug', 'Api->Base');
+    $f3->route('GET /v1/@slug/@search/@value', 'Api->Base');
+
+    // Load WebAuthn Routes
+    $f3->route('GET|POST /web/authn/attestation/options', 'WebAuthn->Options');
+    $f3->route('GET|POST /web/authn/attestation/result', 'WebAuthn->Options');
+    $f3->route('GET|POST /web/authn/assertion/options', 'WebAuthn->Options');
+    $f3->route('GET|POST /web/authn/assertion/result', 'WebAuthn->Options');
+
+    $custom_db_path = ROOT . 'data/db/site.db';
+    if (!file_exists($custom_db_path)) {
+        new SQLite3($custom_db_path);
+    }
+    $dbConn = $f3->get('db') . ':' . $custom_db_path;
+    $siteDb = new DB\SQL($dbConn);
+
+
+// Load Integrations
+  $integrationsPath = ROOT.'views/admin/integrations/';
+  define('INTEGRATIONS', $integrationsPath);
+  foreach(glob(INTEGRATIONS.'*', GLOB_ONLYDIR) as $folder){
+    // Get the folder name by using basename()
+    $folderName = basename($folder);
+
+    // Build the full path to the file you're checking
+    $loadFile = INTEGRATIONS.$folderName.'/autoload.php';
+
+    if(file_exists($loadFile)){
+      require_once($loadFile);
+    }
+  }
+}
+
+$f3->route('GET /public/@slug*', 'Frontend->Public');
+
+if (empty($f3->get('SESSION.loggedin'))) {
+    $f3->set('SESSION.loggedin', false);
+}
+
+if (filter_var(@$_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP)) {
+    $client_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+} else if (filter_var(@$_SERVER['HTTP_CLIENT_IP'], FILTER_VALIDATE_IP)) {
+    $client_ip = $_SERVER['HTTP_CLIENT_IP'];
+} else {
+    $client_ip = $_SERVER["REMOTE_ADDR"];
+}
+$f3->set('CLIENT.ip', $client_ip);
+
+// Accepted languages
+$languages = array(
+    "en" => "en",
+    "es" => "es",
+    "fr" => "fr",
+    "pt" => "pt",
+    "de" => "de",
+);
+
+// Get 2 char lang code
+$lang2 = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
+
+// Set default language if a `$lang` version of site is not available
+if (!in_array($lang2, array_keys($languages))) {
+    $lang2 = $f3->get('SITE.lang');
+}
+
+if (is_null($f3->get('SESSION.locale')) || empty($f3->get('SESSION.locale'))) {
+    // Auto site translation
+    $f3->set('SESSION.locale', $languages[$lang2]);
+}
+
+$f3->set('YearNow', date("Y"));
+
+// Load application
+$f3->run();

app/config/.htaccess

@@ -0,0 +1 @@
+Deny from all

app/config/server.ini

@@ -0,0 +1,35 @@
+[globals]
+; App Version
+VERSION="1.0"
+; App Debug (0-Live / 1-Dev)
+DEBUG=1
+; Where the framework autoloader will look for app files
+AUTOLOAD=app/core/controllers/|app/core/models/|app/core/functions/
+; Host base path (default: empty)
+BASE=""
+; Where errors are logged
+LOGS=app/logs/
+; Where temporary files are stored
+TEMP=app/tmp/cache/
+; Our custom error handler, so we also get a pretty page for our users
+ONERROR="Report->error"
+; Where the framework will look for templates and related HTML-support files
+UI=ui/
+; Where the framework will look for build files
+BUILD=ui/
+; Where uploads will be saved
+UPLOADS="public/uploads/"
+; SQLite DSN (mysql)
+db="sqlite" 
+; SQLite Path
+dbPath="app/data/db/cms.db" 
+; Define cookies timeout (in seconds, default: 24h > 86400)
+TIMEOUT=86400
+; Number of hours before session expires
+expiry=24
+; How timestamps look like on the pages
+time_format="d M Y h:ia"  
+; Display eurocookie notices
+eurocookie=FALSE
+;automatically logout after this many seconds of inactivity
+auto_logout=14400

app/core/.htaccess

@@ -0,0 +1 @@
+Deny from all

app/core/controllers/.htaccess

@@ -0,0 +1 @@
+Deny from all

app/core/functions/.htaccess

@@ -0,0 +1 @@
+Deny from all

app/core/models/.htaccess

@@ -0,0 +1 @@
+Deny from all