72 lines
2.3 KiB
PHP
72 lines
2.3 KiB
PHP
<?php
|
|
|
|
require_once __DIR__ . '/../includes/api_bootstrap.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
sendJson(['success' => false, 'error' => 'Method not allowed'], 405);
|
|
}
|
|
|
|
$people = normalizePeopleList(readJsonFile('people.json'));
|
|
if (count($people) === 0) {
|
|
sendJson(['success' => false, 'error' => 'Use first-time setup to create the initial Head of Household'], 400);
|
|
}
|
|
assertHoHCanManagePeople($people);
|
|
|
|
$body = readJsonBody();
|
|
$name = isset($body['name']) ? trim((string) $body['name']) : '';
|
|
$role = isset($body['role']) ? (string) $body['role'] : '';
|
|
$pin = isset($body['pin']) ? (string) $body['pin'] : '';
|
|
|
|
if ($name === '') {
|
|
sendJson(['success' => false, 'error' => 'Name is required'], 400);
|
|
}
|
|
|
|
$allowedRoles = [ROLE_HEAD, ROLE_ADULT, ROLE_CHILD];
|
|
if (!in_array($role, $allowedRoles, true)) {
|
|
sendJson(['success' => false, 'error' => 'Invalid role'], 400);
|
|
}
|
|
|
|
if ($role === ROLE_HEAD) {
|
|
if (strlen($pin) < 4) {
|
|
sendJson(['success' => false, 'error' => 'PIN must be at least 4 characters'], 400);
|
|
}
|
|
$pinHash = password_hash($pin, PASSWORD_DEFAULT);
|
|
} else {
|
|
$pinHash = null;
|
|
}
|
|
|
|
$icon = isset($body['icon']) ? trim((string) $body['icon']) : '';
|
|
$description = isset($body['description']) ? trim((string) $body['description']) : '';
|
|
$birthday = isset($body['birthday']) ? trim((string) $body['birthday']) : '';
|
|
$favoriteColor = isset($body['favoriteColor']) ? trim((string) $body['favoriteColor']) : '#4a90e2';
|
|
|
|
if ($favoriteColor !== '' && !preg_match('/^#[0-9A-Fa-f]{6}$/', $favoriteColor)) {
|
|
sendJson(['success' => false, 'error' => 'favoriteColor must be a #RRGGBB value'], 400);
|
|
}
|
|
|
|
if ($birthday !== '' && !preg_match('/^\d{4}-\d{2}-\d{2}$/', $birthday)) {
|
|
sendJson(['success' => false, 'error' => 'birthday must be YYYY-MM-DD'], 400);
|
|
}
|
|
|
|
$newPerson = [
|
|
'id' => bin2hex(random_bytes(8)),
|
|
'name' => $name,
|
|
'role' => $role,
|
|
'pin_hash' => $pinHash,
|
|
'icon' => $icon,
|
|
'description' => $description,
|
|
'birthday' => $birthday,
|
|
'favoriteColor' => $favoriteColor,
|
|
'currency_balance' => 0,
|
|
'created_at' => gmdate('c'),
|
|
];
|
|
|
|
$people[] = $newPerson;
|
|
if (!writeJsonFile('people.json', $people)) {
|
|
sendJson(['success' => false, 'error' => 'Failed to save people'], 500);
|
|
}
|
|
|
|
$safe = $newPerson;
|
|
unset($safe['pin_hash']);
|
|
sendJson(['success' => true, 'person' => $safe]);
|