API Index — Namespaces, Packages, Reports, Indices
ZealAPI
extends REST
in package
File-based API dispatcher.
URL convention
GET /api/users/get → api/users/get.php must define $get = function(...){...}
POST /api/users/create → api/users/create.php must define $create = function(...){...}
GET /api/php/sapi_name → api/php/sapi_name.php must define $sapi_name = function(...){...}
The variable name MUST match basename($file, '.php'). The closure is
Closure::bind'd to a ZealAPI instance, so inside the handler $this is the
ZealAPI object and you can call $this->paramsExists(), $this->die(), etc.
Parameter injection (by name)
$app → the ZealAPI instance
$request → ZealPHP\HTTP\Request
$response → ZealPHP\HTTP\Response
$server → OpenSwoole server
any other → null (or its declared default value)
Error responses
All ZealAPI failures emit JSON with an "error" key and an HTTP status:
400 invalid_module — path component fails the strict regex
400 invalid_request — method name contains slashes/dots/etc
404 method_not_found — file or expected variable name missing
404 undefined_method — handler called $this->X() but X is not a
method on ZealAPI/REST. Response includes
a "hint" and, if a close match is found via
levenshtein, a "did_you_mean" suggestion:
`{ "error": "undefined_method",
"method": "paramExist",
"hint": "...Did you mean $this->paramsExists()?",
"did_you_mean": "paramsExists" }`
Prior to this change, an undefined-method
call inside the handler caused `__call` to
re-invoke the same closure → infinite
recursion. `processApi()` now dispatches the
closure directly, so `__call` is only
reached on real typos.
500 (PHP exception) — uncaught throwable inside the handler;
stack trace logged via elog().
Table of Contents
Properties
- $_allow : array<int|string, mixed>
- $_content_type : string
- $_request : mixed
- $_response : mixed
- $cwd : string|null
- $data : string
- $request : mixed
- $_undefinedMethodError : array<string, mixed>|null
- $api_rpc : Closure|null
- $reflectionCache : array<string, array<int, ReflectionParameter>>
Methods
- __call() : mixed
- Catch missing-method calls from inside an API handler closure (e.g. a typo
like
$this->paramExistinstead of$this->paramsExists). - __construct() : mixed
- die() : void
- get_referer() : mixed
- get_request_method() : mixed
- getUsername() : string|null
- The current user's display name (or null when unauthenticated).
- isAdmin() : bool
- Whether the current user is an admin. Consults the callback
registered with
App::adminChecker()—fn(): bool— or returnsfalseif none. SeeisAuthenticated()for the design. - isAuthenticated() : bool
- Whether the current request is authenticated.
- paramsExists() : bool
- Checks if all supplied parameters exists
- processApi() : mixed
- requirePostAuth() : bool
- POST + authenticated guard. Returns false and sends 403 if check fails.
- response() : void
- setContentType() : void
- json() : string
Properties
$_allow
public
array<int|string, mixed>
$_allow
= array()
$_content_type
public
string
$_content_type
= "application/json"
$_request
public
mixed
$_request
= array()
$_response
public
mixed
$_response
= null
$cwd
public
string|null
$cwd
= null
$data
public
string
$data
= ""
$request
public
mixed
$request
= null
$_undefinedMethodError
private
array<string, mixed>|null
$_undefinedMethodError
= null
$api_rpc
private
Closure|null
$api_rpc
$reflectionCache
private
static array<string, array<int, ReflectionParameter>>
$reflectionCache
= []
Methods
__call()
Catch missing-method calls from inside an API handler closure (e.g. a typo
like $this->paramExist instead of $this->paramsExists).
public
__call(string $method, array<int, mixed> $args) : mixed
Previously this proxied to $this->api_rpc — but api_rpc IS the closure
we're currently executing, so the proxy re-invoked it and infinitely
recursed until stack overflow. processApi() now invokes the closure
directly, so __call is only reached on actual typos. Surface the typo
loudly with a "did you mean" hint so developers don't waste time
staring at "method_not_callable" wondering what's wrong.
Parameters
- $method : string
- $args : array<int, mixed>
__construct()
public
__construct(mixed $request, mixed $response, string $cwd) : mixed
Parameters
- $request : mixed
- $response : mixed
- $cwd : string
die()
public
die(Throwable $e) : void
Parameters
- $e : Throwable
get_referer()
public
get_referer() : mixed
get_request_method()
public
get_request_method() : mixed
getUsername()
The current user's display name (or null when unauthenticated).
public
getUsername() : string|null
Consults the callback registered with App::usernameProvider() —
fn(): ?string — or returns null if none.
Return values
string|nullisAdmin()
Whether the current user is an admin. Consults the callback
registered with App::adminChecker() — fn(): bool — or returns
false if none. See isAuthenticated() for the design.
public
isAdmin() : bool
Return values
boolisAuthenticated()
Whether the current request is authenticated.
public
isAuthenticated() : bool
Consults the callback registered with App::authChecker(). Without
one, returns false (safe fail-closed default). The callback shape is
fn(): bool — typically reads $_SESSION, $g->session, or your
auth system's own state.
See issue #13. Earlier versions hardcoded return false;, breaking
every endpoint guarded by requirePostAuth().
Return values
boolparamsExists()
Checks if all supplied parameters exists
public
paramsExists([array<int, string> $parms = array() ]) : bool
Parameters
- $parms : array<int, string> = array()
-
Http Parameters
Return values
boolprocessApi()
public
processApi(string $module[, string|null $request = null ]) : mixed
Parameters
- $module : string
- $request : string|null = null
requirePostAuth()
POST + authenticated guard. Returns false and sends 403 if check fails.
public
requirePostAuth() : bool
Return values
boolresponse()
public
response(mixed $data, int|null $status) : void
Parameters
- $data : mixed
- $status : int|null
setContentType()
public
setContentType(string $type) : void
Parameters
- $type : string
json()
private
json(mixed $data) : string
Parameters
- $data : mixed