2020-07-10 12:06:00 +02:00
|
|
|
<?php
|
2021-03-24 15:20:42 +01:00
|
|
|
define('REQUEST_USING_API', true);
|
2020-07-10 12:06:00 +02:00
|
|
|
require 'core.php';
|
|
|
|
use Spatie\ArrayToXml\ArrayToXml;
|
2020-12-30 23:57:56 +01:00
|
|
|
use Brick\PhoneNumber\PhoneNumber;
|
|
|
|
use Brick\PhoneNumber\PhoneNumberFormat;
|
|
|
|
use Brick\PhoneNumber\PhoneNumberParseException;
|
2020-07-10 12:06:00 +02:00
|
|
|
|
|
|
|
$user_info = [];
|
|
|
|
|
2020-11-13 18:57:47 +01:00
|
|
|
$dispatcher = FastRoute\simpleDispatcher(
|
|
|
|
function (FastRoute\RouteCollector $r) {
|
|
|
|
$r->addRoute(
|
|
|
|
'GET', '/healthcheck', function ($vars) {
|
|
|
|
return ["state" => "SUCCESS", "description" => ""];
|
2020-07-10 12:06:00 +02:00
|
|
|
}
|
2020-11-13 18:57:47 +01:00
|
|
|
);
|
2021-01-29 16:15:04 +01:00
|
|
|
$r->addRoute(
|
|
|
|
['GET', 'POST'], '/requestDebug', function ($vars) {
|
|
|
|
return ["get" => $_GET, "post" => $_POST, "server" => $_SERVER];
|
|
|
|
}
|
|
|
|
);
|
2020-11-13 18:57:47 +01:00
|
|
|
$r->addRoute(
|
|
|
|
'POST', '/login', function ($vars) {
|
2021-05-03 23:29:27 +02:00
|
|
|
global $tools, $db, $user;
|
2020-11-13 18:57:47 +01:00
|
|
|
try {
|
|
|
|
$user->auth->loginWithUsername($_POST['username'], $_POST['password']);
|
2021-02-23 15:01:54 +01:00
|
|
|
$apiKey = $tools->createKey();
|
2021-05-03 23:29:27 +02:00
|
|
|
$db->insert(
|
|
|
|
DB_PREFIX."_api_keys",
|
|
|
|
["apikey" => $apiKey, "user" => $user->auth->getUserId(), "permissions" => "all"]
|
|
|
|
);
|
2020-11-13 18:57:47 +01:00
|
|
|
return ["status" => "ok", "apiKey" => $apiKey];
|
|
|
|
}
|
|
|
|
catch (\Delight\Auth\UnknownUsernameException $e) {
|
|
|
|
http_response_code(401);
|
|
|
|
return ["status" => "error", "message" => "Username unknown"];
|
|
|
|
}
|
|
|
|
catch (\Delight\Auth\AmbiguousUsernameException $e) {
|
|
|
|
http_response_code(401);
|
|
|
|
return ["status" => "error", "message" => "Ambiguous Username"];
|
|
|
|
}
|
|
|
|
catch (\Delight\Auth\InvalidPasswordException $e) {
|
|
|
|
http_response_code(401);
|
|
|
|
return ["status" => "error", "message" => "Wrong password"];
|
|
|
|
}
|
|
|
|
catch (\Delight\Auth\EmailNotVerifiedException $e) {
|
|
|
|
http_response_code(401);
|
|
|
|
return ["status" => "error", "message" => "Email not verified"];
|
|
|
|
}
|
|
|
|
catch (\Delight\Auth\TooManyRequestsException $e) {
|
|
|
|
http_response_code(429);
|
|
|
|
return ["status" => "error", "message" => "Too many requests"];
|
|
|
|
}
|
2020-09-23 20:36:12 +02:00
|
|
|
}
|
2020-11-13 18:57:47 +01:00
|
|
|
);
|
|
|
|
$r->addRoute(
|
|
|
|
'GET', '/users', function ($vars) {
|
|
|
|
requireToken();
|
2021-05-03 23:29:27 +02:00
|
|
|
global $db;
|
|
|
|
$users = $db->select("SELECT * FROM `".DB_PREFIX."_users`");
|
|
|
|
$users_profiles = $db->select("SELECT * FROM `".DB_PREFIX."_profiles`");
|
2020-11-13 18:57:47 +01:00
|
|
|
foreach ($users_profiles as $key=>$value){
|
|
|
|
if(is_null($users_profiles[$key]["name"])) {
|
|
|
|
$users_profiles[$key]["name"] = $users[$key]["username"];
|
|
|
|
}
|
|
|
|
$users_profiles[$key]["email"] = $users[$key]["email"];
|
|
|
|
}
|
|
|
|
return $users_profiles;
|
2020-09-23 20:36:12 +02:00
|
|
|
}
|
2020-11-13 18:57:47 +01:00
|
|
|
);
|
|
|
|
$r->addRoute(
|
|
|
|
'GET', '/user', function ($vars) {
|
|
|
|
requireToken();
|
2021-05-03 23:29:27 +02:00
|
|
|
global $db, $user_info;
|
|
|
|
$users = $db->select("SELECT * FROM `".DB_PREFIX."_users` WHERE id = :id", ["id" => $user_info["id"]])[0];
|
|
|
|
$users_profiles = $db->select("SELECT * FROM `".DB_PREFIX."_profiles` WHERE id = :id", ["id" => $user_info["id"]])[0];
|
2020-11-13 18:57:47 +01:00
|
|
|
if(is_null($users_profiles["name"])) {
|
|
|
|
$users_profiles["name"] = $users["username"];
|
|
|
|
}
|
|
|
|
$users_profiles["email"] = $users["email"];
|
|
|
|
return $users_profiles;
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$r->addRoute(
|
|
|
|
'GET', '/user/{id:\d+}', function ($vars) {
|
|
|
|
requireToken();
|
2021-05-03 23:29:27 +02:00
|
|
|
global $db;
|
|
|
|
$users = $db->select("SELECT * FROM `".DB_PREFIX."_users` WHERE id = :id", ["id" => $vars["id"]])[0];
|
|
|
|
$users_profiles = $db->select("SELECT * FROM `".DB_PREFIX."_profiles` WHERE id = :id", ["id" => $vars["id"]])[0];
|
2020-11-13 18:57:47 +01:00
|
|
|
if(is_null($users_profiles["name"])) {
|
|
|
|
$users_profiles["name"] = $users["username"];
|
|
|
|
}
|
|
|
|
$users_profiles["email"] = $users["email"];
|
|
|
|
return $users_profiles;
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$r->addRoute(
|
|
|
|
'POST', '/user', function ($vars) {
|
|
|
|
requireToken();
|
|
|
|
global $user, $user_info;
|
2020-11-25 11:29:19 +01:00
|
|
|
$chief = isset($_POST["chief"]) ? $_POST["chief"]==1 : false;
|
|
|
|
$driver = isset($_POST["driver"]) ? $_POST["driver"]==1 : false;
|
2020-11-13 18:57:47 +01:00
|
|
|
$hidden = isset($_POST["hidden"]) ? $_POST["hidden"]==1 : false;
|
|
|
|
$disabled = isset($_POST["disabled"]) ? $_POST["disabled"]==1 : false;
|
2020-12-30 23:57:56 +01:00
|
|
|
if(isset($_POST["mail"], $_POST["name"], $_POST["username"], $_POST["password"], $_POST["phone_number"], $_POST["birthday"])) {
|
|
|
|
try {
|
|
|
|
$phone_number = PhoneNumber::parse($_POST["phone_number"]);
|
|
|
|
if (!$phone_number->isValidNumber()) {
|
|
|
|
return ["status" => "error", "message" => "Bad phone number"];
|
|
|
|
} else {
|
|
|
|
$phone_number = $phone_number->format(PhoneNumberFormat::E164);
|
|
|
|
}
|
|
|
|
} catch (PhoneNumberParseException $e) {
|
|
|
|
return ["status" => "error", "message" => "Bad phone number"];
|
|
|
|
}
|
2020-11-13 18:57:47 +01:00
|
|
|
try{
|
2020-12-30 23:57:56 +01:00
|
|
|
$userId = $user->add_user($_POST["mail"], $_POST["name"], $_POST["username"], $_POST["password"], $phone_number, $_POST["birthday"], $chief, $driver, $hidden, $disabled, $user_info["id"]);
|
2020-11-13 18:57:47 +01:00
|
|
|
} catch (\Delight\Auth\InvalidEmailException $e) {
|
|
|
|
return ["status" => "error", "message" => "Invalid email address"];
|
|
|
|
} catch (\Delight\Auth\InvalidPasswordException $e) {
|
|
|
|
return ["status" => "error", "message" => "Invalid password"];
|
|
|
|
} catch (\Delight\Auth\UserAlreadyExistsException $e) {
|
|
|
|
return ["status" => "error", "message" => "User already exists"];
|
|
|
|
}
|
|
|
|
if($userId) {
|
|
|
|
return ["userId" => $userId];
|
|
|
|
} else {
|
|
|
|
return ["status" => "error", "message" => "Unknown error"];
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
return ["status" => "error", "message" => "User info required"];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
);
|
|
|
|
$r->addRoute(
|
|
|
|
'GET', '/availability', function ($vars) {
|
|
|
|
requireToken();
|
2021-05-03 23:29:27 +02:00
|
|
|
global $db, $user_info;
|
|
|
|
return $db->select("SELECT * FROM `".DB_PREFIX."_profiles` WHERE id = :id", ["id" => $user_info["id"]])[0]["available"];
|
2020-11-13 18:57:47 +01:00
|
|
|
}
|
|
|
|
);
|
|
|
|
$r->addRoute(
|
|
|
|
'GET', '/availability/{id:\d+}', function ($vars) {
|
|
|
|
requireToken();
|
2021-05-03 23:29:27 +02:00
|
|
|
global $db;
|
|
|
|
return $db->select("SELECT * FROM `".DB_PREFIX."_profiles` WHERE id = :id", ["id" => $vars["id"]])[0]["available"];
|
2020-11-13 18:57:47 +01:00
|
|
|
}
|
|
|
|
);
|
|
|
|
$r->addRoute(
|
|
|
|
'GET', '/changeAvailability/{available:\d+}', function ($vars) {
|
|
|
|
requireToken();
|
2021-05-03 23:29:27 +02:00
|
|
|
global $user, $db, $user_info;
|
2020-11-13 18:57:47 +01:00
|
|
|
$vars["available"] = (int) $vars["available"];
|
|
|
|
if($vars["available"] !== 0 && $vars["available"] !== 1) {
|
|
|
|
return ["status" => "error", "message" => "Availability code not allowed"];
|
|
|
|
}
|
2021-03-24 17:10:44 +01:00
|
|
|
$log_message = $vars["available"] ? "Status changed to 'available'" : "Status changed to 'not available'";
|
2021-05-03 23:29:27 +02:00
|
|
|
$db->select("UPDATE `".DB_PREFIX."_profiles` SET `available` = :available WHERE `id` = :id", ["id" => $user_info["id"], "available" => $vars["available"]]);
|
2021-03-24 17:10:44 +01:00
|
|
|
$user->log($log_message);
|
2020-11-13 18:57:47 +01:00
|
|
|
}
|
|
|
|
);
|
|
|
|
$r->addRoute(
|
|
|
|
'GET', '/changeAvailability/{id:\d+}/{available:\d+}', function ($vars) {
|
|
|
|
requireToken();
|
2021-05-03 23:29:27 +02:00
|
|
|
global $user, $db, $user_info;
|
2020-11-13 18:57:47 +01:00
|
|
|
$vars["available"] = (int) $vars["available"];
|
|
|
|
if($vars["available"] !== 0 && $vars["available"] !== 1) {
|
|
|
|
return ["status" => "error", "message" => "Availability code not allowed"];
|
|
|
|
}
|
2021-03-24 17:10:44 +01:00
|
|
|
$log_message = $vars["available"] ? "Status changed to 'available'" : "Status changed to 'not available'";
|
2021-05-03 23:29:27 +02:00
|
|
|
$db->select("UPDATE `".DB_PREFIX."_profiles` SET `available` = :available WHERE `id` = :id", ["id" => $vars["id"], "available" => $vars["available"]]);
|
2021-03-24 17:10:44 +01:00
|
|
|
$user->log($log_message, $vars["id"], $user_info["id"]);
|
2020-11-13 18:57:47 +01:00
|
|
|
}
|
|
|
|
);
|
|
|
|
}
|
|
|
|
);
|
2020-07-10 12:06:00 +02:00
|
|
|
|
|
|
|
$httpMethod = $_SERVER['REQUEST_METHOD'];
|
|
|
|
$uri = $_SERVER['REQUEST_URI'];
|
2020-11-14 14:58:19 +01:00
|
|
|
$uri = str_replace($_SERVER['SCRIPT_NAME'], "", $uri);
|
|
|
|
$uri = str_replace("///", "/", $uri);
|
2020-07-10 12:06:00 +02:00
|
|
|
$uri = str_replace("//", "/", $uri);
|
2020-11-14 14:58:19 +01:00
|
|
|
$uri = "/" . trim($uri, "/");
|
2020-07-10 12:06:00 +02:00
|
|
|
|
|
|
|
// Strip query string (?foo=bar) and decode URI
|
|
|
|
if (false !== $pos = strpos($uri, '?')) {
|
|
|
|
$uri = substr($uri, 0, $pos);
|
|
|
|
}
|
|
|
|
$uri = rawurldecode($uri);
|
|
|
|
|
|
|
|
// Get response format
|
|
|
|
if (isset($_GET["xml"])) {
|
2020-12-30 23:57:56 +01:00
|
|
|
$responseFormat = "xml";
|
|
|
|
$responseFormatType = "application/xml";
|
2020-07-10 12:06:00 +02:00
|
|
|
} else if (isset($_GET["json"])) {
|
2020-12-30 23:57:56 +01:00
|
|
|
$responseFormat = "json";
|
|
|
|
$responseFormatType = "application/json";
|
2020-07-10 12:06:00 +02:00
|
|
|
} else if (false !== strpos($uri, 'xml')) {
|
2020-12-30 23:57:56 +01:00
|
|
|
$responseFormat = "xml";
|
|
|
|
$responseFormatType = "application/xml";
|
2020-07-10 12:06:00 +02:00
|
|
|
$uri = str_replace(".xml", "", $uri);
|
|
|
|
} else if (false !== strpos($uri, 'json')) {
|
2020-12-30 23:57:56 +01:00
|
|
|
$responseFormat = "json";
|
|
|
|
$responseFormatType = "application/json";
|
2020-07-10 12:06:00 +02:00
|
|
|
$uri = str_replace(".json", "", $uri);
|
|
|
|
} else {
|
2020-12-30 23:57:56 +01:00
|
|
|
$responseFormat = "json";
|
|
|
|
$responseFormatType = "application/json";
|
2020-07-10 12:06:00 +02:00
|
|
|
}
|
|
|
|
|
2021-01-29 16:15:04 +01:00
|
|
|
header("Access-Control-Allow-Origin: *");
|
|
|
|
header("Access-Control-Allow-Headers: *");
|
|
|
|
header("Access-Control-Allow-Methods: *");
|
|
|
|
header("Access-Control-Max-Age: *");
|
2020-12-30 23:57:56 +01:00
|
|
|
header("Content-type: ".$responseFormatType);
|
2021-03-04 09:52:11 +01:00
|
|
|
init_class(false, false); //initialize classes after Content-type header
|
2020-12-30 23:57:56 +01:00
|
|
|
|
2020-07-10 12:06:00 +02:00
|
|
|
$routeInfo = $dispatcher->dispatch($httpMethod, $uri);
|
|
|
|
|
2020-11-13 18:57:47 +01:00
|
|
|
function responseApi($content, $status_code=200)
|
|
|
|
{
|
2021-04-04 21:44:35 +02:00
|
|
|
global $responseFormat;
|
2020-11-13 18:57:47 +01:00
|
|
|
if($status_code !== 200) {
|
2020-07-12 10:57:02 +02:00
|
|
|
http_response_code($status_code);
|
|
|
|
}
|
2020-12-30 23:57:56 +01:00
|
|
|
if($responseFormat == "json") {
|
2020-07-10 12:06:00 +02:00
|
|
|
echo(json_encode($content));
|
|
|
|
} else {
|
|
|
|
echo(ArrayToXml::convert($content));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-13 18:57:47 +01:00
|
|
|
function validToken()
|
|
|
|
{
|
2021-05-03 23:29:27 +02:00
|
|
|
global $db, $user_info;
|
2021-01-29 16:15:04 +01:00
|
|
|
$token = isset($_REQUEST['apiKey']) ? $_REQUEST['apiKey'] : (isset($_REQUEST['apikey']) ? $_REQUEST['apikey'] : (isset($_SERVER['HTTP_APIKEY']) ? $_SERVER['HTTP_APIKEY'] : false));
|
2020-11-13 18:57:47 +01:00
|
|
|
if($token == false) {
|
2020-07-10 12:06:00 +02:00
|
|
|
return false;
|
|
|
|
}
|
2021-05-03 23:29:27 +02:00
|
|
|
if(!empty($api_key_row = $db->select("SELECT * FROM `".DB_PREFIX."_api_keys` WHERE apikey = :apikey", ["apikey" => $token]))) {
|
|
|
|
$user_info["id"] = $db->select("SELECT * FROM `".DB_PREFIX."_profiles` WHERE id = :id", ["id" => $api_key_row[0]["user"]])[0]["id"];
|
2020-07-10 12:06:00 +02:00
|
|
|
return true;
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-13 18:57:47 +01:00
|
|
|
function requireToken()
|
|
|
|
{
|
|
|
|
if(!validToken()) {
|
2020-07-12 10:57:02 +02:00
|
|
|
responseApi(["status" => "error", "message" => "Access Denied"], 401);
|
2020-07-10 12:06:00 +02:00
|
|
|
exit();
|
|
|
|
}
|
|
|
|
}
|
2021-01-29 16:15:04 +01:00
|
|
|
|
|
|
|
if($_SERVER['REQUEST_METHOD'] == "OPTIONS"){
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
|
2020-07-10 12:06:00 +02:00
|
|
|
switch ($routeInfo[0]) {
|
2020-11-13 18:57:47 +01:00
|
|
|
case FastRoute\Dispatcher::NOT_FOUND:
|
|
|
|
http_response_code(404);
|
|
|
|
responseApi(["status" => "error", "message" => "Route not found"]);
|
|
|
|
break;
|
|
|
|
case FastRoute\Dispatcher::METHOD_NOT_ALLOWED:
|
|
|
|
$allowedMethods = $routeInfo[1];
|
|
|
|
http_response_code(405);
|
2021-01-29 16:15:04 +01:00
|
|
|
responseApi(["status" => "error", "message" => "Method not allowed", "usedMethod" => $_SERVER['REQUEST_METHOD']]);
|
2020-11-13 18:57:47 +01:00
|
|
|
break;
|
|
|
|
case FastRoute\Dispatcher::FOUND:
|
|
|
|
$handler = $routeInfo[1];
|
|
|
|
$vars = $routeInfo[2];
|
|
|
|
responseApi($handler($vars));
|
|
|
|
bdump($vars);
|
|
|
|
break;
|
|
|
|
}
|