2021-12-22 23:05:32 +01:00
< ? php
require_once 'utils.php' ;
2022-01-04 15:02:40 +01:00
require_once 'telegramBotRouter.php' ;
2021-12-29 00:06:17 +01:00
require_once 'cronRouter.php' ;
2022-03-11 22:04:47 +01:00
require_once 'alerts.php' ;
2021-12-29 00:06:17 +01:00
2021-12-22 23:05:32 +01:00
function apiRouter ( FastRoute\RouteCollector $r ) {
2021-12-29 00:06:17 +01:00
$r -> addGroup ( '/cron' , function ( FastRoute\RouteCollector $r ) {
cronRouter ( $r );
});
2022-03-11 22:04:47 +01:00
$r -> addGroup ( '/alerts' , function ( FastRoute\RouteCollector $r ) {
alertsRouter ( $r );
});
2022-01-04 15:02:40 +01:00
$r -> addRoute (
[ 'GET' , 'POST' ],
'/bot/telegram' ,
function ( $vars ) {
telegramBotRouter ();
}
);
2021-12-29 17:30:49 +01:00
$r -> addRoute (
'GET' ,
'/owner_image' ,
function ( $vars ) {
if ( get_option ( " use_custom_owner_image " , false )) {
$owner_image = get_option ( " owner_image " , false );
if ( $owner_image ) {
header ( 'Cache-control: max-age=' . ( 60 * 60 * 24 * 31 ));
header ( 'Expires: ' . gmdate ( DATE_RFC1123 , time () + 60 * 60 * 24 * 31 ));
header ( 'Content-Type: image/png' );
readfile ( $owner_image );
} else {
statusCode ( 404 );
}
} else {
header ( 'Cache-control: max-age=' . ( 60 * 60 * 24 * 31 ));
header ( 'Expires: ' . gmdate ( DATE_RFC1123 , time () + 60 * 60 * 24 * 31 ));
header ( 'Content-Type: image/png' );
readfile ( " dist-frontend/assets/img/owner.png " );
}
}
);
2022-01-10 12:18:55 +01:00
$r -> addRoute (
'GET' ,
'/place_image' ,
function ( $vars ) {
header ( 'Cache-control: max-age=' . ( 60 * 60 * 24 * 31 ));
header ( 'Expires: ' . gmdate ( DATE_RFC1123 , time () + 60 * 60 * 24 * 31 ));
header ( 'Content-Type: image/png' );
readfile ( " tmp/ " . md5 ( $_GET [ " lat " ] . " ; " . $_GET [ " lng " ]) . " .jpg " );
}
);
2021-12-29 17:30:49 +01:00
2021-12-22 23:05:32 +01:00
$r -> addRoute (
'GET' ,
'/healthcheck' ,
function ( $vars ) {
apiResponse ([ " state " => " SUCCESS " , " description " => " " ]);
}
);
$r -> addRoute (
[ 'GET' , 'POST' ],
2021-12-23 18:38:23 +01:00
'/debug/request' ,
2021-12-22 23:05:32 +01:00
function ( $vars ) {
apiResponse ([ " get " => $_GET , " post " => $_POST , " server " => $_SERVER ]);
}
);
2021-12-23 18:38:23 +01:00
$r -> addRoute (
[ 'GET' , 'POST' ],
'/debug/token' ,
function ( $vars ) {
global $users ;
$token = isset ( $_GET [ 'token' ]) ? $_GET [ 'token' ] : $_POST [ 'token' ];
$token_parsed = $users -> auth -> parseToken ( $token );
$claims = $token_parsed !== false ? $token_parsed -> claims () : null ;
$jti = isset ( $claims ) ? $claims -> get ( 'jti' ) : null ;
$exp = isset ( $claims ) ? $claims -> get ( 'exp' ) : null ;
$iat = isset ( $claims ) ? $claims -> get ( 'iat' ) : null ;
$nbf = isset ( $claims ) ? $claims -> get ( 'nbf' ) : null ;
$user_info = isset ( $claims ) ? $claims -> get ( 'user_info' ) : null ;
apiResponse ([
" user_info " => $user_info ,
" jti " => $jti ,
" exp " => $exp ,
" iat " => $iat ,
" nbf " => $nbf ,
" valid " => $users -> auth -> isTokenValid ( $token_parsed ),
]);
}
);
2021-12-22 23:05:32 +01:00
$r -> addRoute (
[ 'GET' ],
'/list' ,
function ( $vars ) {
2021-12-27 14:24:56 +01:00
global $db , $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2021-12-27 14:24:56 +01:00
$users -> online_time_update ();
2022-02-10 09:46:40 +01:00
if ( $users -> hasRole ( Role :: SUPER_EDITOR )) {
2022-01-12 21:11:39 +01:00
$response = $db -> select ( " SELECT * FROM ` " . DB_PREFIX . " _profiles` WHERE `hidden` = 0 ORDER BY available DESC, chief DESC, services ASC, trainings DESC, availability_minutes ASC, name ASC " );
2021-12-27 19:58:38 +01:00
} else {
2022-01-12 21:11:39 +01:00
$response = $db -> select ( " SELECT `id`, `chief`, `online_time`, `available`, `availability_minutes`, `name`, `driver`, `services` FROM ` " . DB_PREFIX . " _profiles` WHERE `hidden` = 0 ORDER BY available DESC, chief DESC, services ASC, trainings DESC, availability_minutes ASC, name ASC " );
2021-12-27 19:58:38 +01:00
}
2021-12-22 23:05:32 +01:00
apiResponse (
! is_null ( $response ) ? $response : []
);
}
);
$r -> addRoute (
[ 'GET' ],
'/logs' ,
function ( $vars ) {
2021-12-27 14:24:56 +01:00
global $db , $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2021-12-27 14:24:56 +01:00
$users -> online_time_update ();
2021-12-22 23:05:32 +01:00
$response = $db -> select ( " SELECT * FROM ` " . DB_PREFIX . " _log` ORDER BY `timestamp` DESC " );
2021-12-27 15:19:17 +01:00
if ( ! is_null ( $response )) {
foreach ( $response as & $row ) {
$row [ 'changed' ] = $users -> getName ( $row [ 'changed' ]);
$row [ 'editor' ] = $users -> getName ( $row [ 'editor' ]);
}
} else {
$response = [];
}
apiResponse ( $response );
2021-12-22 23:05:32 +01:00
}
);
$r -> addRoute (
[ 'GET' ],
'/services' ,
function ( $vars ) {
2021-12-27 14:24:56 +01:00
global $services , $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2021-12-27 14:24:56 +01:00
$users -> online_time_update ();
2021-12-22 23:39:12 +01:00
apiResponse ( $services -> list ());
}
);
$r -> addRoute (
[ 'POST' ],
'/services' ,
function ( $vars ) {
2021-12-27 14:24:56 +01:00
global $services , $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2021-12-27 14:24:56 +01:00
$users -> online_time_update ();
2022-01-10 00:56:00 +01:00
apiResponse ([ " response " => $services -> add ( $_POST [ " start " ], $_POST [ " end " ], $_POST [ " code " ], $_POST [ " chief " ], $_POST [ " drivers " ], $_POST [ " crew " ], $_POST [ " place " ], $_POST [ " notes " ], $_POST [ " type " ], $users -> auth -> getUserId ())]);
2021-12-22 23:05:32 +01:00
}
);
2022-01-11 23:52:06 +01:00
$r -> addRoute (
[ 'GET' ],
'/services/{id}' ,
function ( $vars ) {
global $services , $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2022-01-11 23:52:06 +01:00
$users -> online_time_update ();
apiResponse ( $services -> get ( $vars [ 'id' ]));
}
);
2022-01-11 13:33:39 +01:00
$r -> addRoute (
[ 'DELETE' ],
'/services/{id}' ,
function ( $vars ) {
global $services , $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2022-01-11 13:33:39 +01:00
$users -> online_time_update ();
apiResponse ([ " response " => $services -> delete ( $vars [ " id " ])]);
}
);
2021-12-22 23:05:32 +01:00
2022-01-11 00:32:21 +01:00
$r -> addRoute (
[ 'GET' ],
'/place_details' ,
function ( $vars ) {
global $db , $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2022-01-11 00:32:21 +01:00
$users -> online_time_update ();
$response = $db -> selectRow ( " SELECT * FROM ` " . DB_PREFIX . " _places_info` WHERE `lat` = ? and `lng` = ? LIMIT 0,1; " , [ $_GET [ " lat " ], $_GET [ " lng " ]]);
apiResponse ( ! is_null ( $response ) ? $response : []);
}
);
2021-12-22 23:05:32 +01:00
$r -> addRoute (
[ 'GET' ],
'/trainings' ,
function ( $vars ) {
2021-12-27 14:24:56 +01:00
global $db , $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2021-12-27 14:24:56 +01:00
$users -> online_time_update ();
2021-12-22 23:05:32 +01:00
$response = $db -> select ( " SELECT * FROM ` " . DB_PREFIX . " _trainings` ORDER BY date DESC, beginning desc " );
apiResponse (
! is_null ( $response ) ? $response : []
);
}
);
$r -> addRoute (
[ 'GET' ],
'/users' ,
function ( $vars ) {
2021-12-27 14:24:56 +01:00
global $users , $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2021-12-27 14:24:56 +01:00
$users -> online_time_update ();
2021-12-22 23:05:32 +01:00
apiResponse ( $users -> get_users ());
}
);
$r -> addRoute (
[ 'POST' ],
'/users' ,
function ( $vars ) {
global $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2022-02-10 09:46:40 +01:00
if ( ! $users -> hasRole ( Role :: SUPER_EDITOR ) && $_POST [ " id " ] !== $users -> auth -> getUserId ()){
2021-12-27 19:58:38 +01:00
exit ;
}
2021-12-22 23:05:32 +01:00
apiResponse ([ " userId " => $users -> add_user ( $_POST [ " email " ], $_POST [ " name " ], $_POST [ " username " ], $_POST [ " password " ], $_POST [ " phone_number " ], $_POST [ " birthday " ], $_POST [ " chief " ], $_POST [ " driver " ], $_POST [ " hidden " ], $_POST [ " disabled " ], " unknown " )]);
}
);
$r -> addRoute (
[ 'GET' ],
'/users/{userId}' ,
function ( $vars ) {
global $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2022-02-10 09:46:40 +01:00
if ( ! $users -> hasRole ( Role :: SUPER_EDITOR ) && $_POST [ " id " ] !== $users -> auth -> getUserId ()){
2021-12-27 19:58:38 +01:00
exit ;
}
2022-03-12 20:58:49 +01:00
apiResponse ( $users -> getUserById ( $vars [ " userId " ]));
2021-12-22 23:05:32 +01:00
}
);
$r -> addRoute (
[ 'DELETE' ],
'/users/{userId}' ,
function ( $vars ) {
global $users ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2022-02-10 09:46:40 +01:00
if ( ! $users -> hasRole ( Role :: SUPER_EDITOR ) && $_POST [ " id " ] !== $users -> auth -> getUserId ()){
2021-12-27 19:58:38 +01:00
exit ;
}
2021-12-22 23:05:32 +01:00
$users -> remove_user ( $vars [ " userId " ], " unknown " );
apiResponse ([ " status " => " success " ]);
}
);
2021-12-23 18:38:23 +01:00
2021-12-24 15:21:22 +01:00
$r -> addRoute (
[ 'GET' ],
'/availability' ,
function ( $vars ) {
global $users , $db ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2021-12-27 14:24:56 +01:00
$users -> online_time_update ();
2022-01-06 22:16:15 +01:00
$row = $db -> selectRow (
" SELECT `available`, `manual_mode` FROM ` " . DB_PREFIX . " _profiles` WHERE `id` = ? " ,
[ $users -> auth -> getUserId ()]
);
2021-12-24 15:21:22 +01:00
apiResponse ([
2022-01-06 22:16:15 +01:00
" available " => $row [ " available " ],
" manual_mode " => $row [ " manual_mode " ]
2021-12-24 15:21:22 +01:00
]);
}
);
$r -> addRoute (
[ 'POST' ],
'/availability' ,
function ( $vars ) {
2022-01-05 18:31:03 +01:00
global $users , $availability ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2021-12-27 14:24:56 +01:00
$users -> online_time_update ();
2022-02-14 11:40:47 +01:00
if ( ! $users -> hasRole ( Role :: SUPER_EDITOR ) && ( int ) $_POST [ " id " ] !== $users -> auth -> getUserId ()){
statusCode ( 401 );
2022-04-02 22:28:00 +02:00
apiResponse ([ " status " => " error " , " message " => " You don't have permission to change other users availability " , " t " => $users -> auth -> getUserId ()]);
2022-02-14 11:40:47 +01:00
return ;
2021-12-27 19:58:38 +01:00
}
2021-12-29 15:03:02 +01:00
$user_id = is_numeric ( $_POST [ " id " ]) ? $_POST [ " id " ] : $users -> auth -> getUserId ();
2021-12-24 15:21:22 +01:00
apiResponse ([
2022-01-06 22:16:15 +01:00
" response " => $availability -> change ( $_POST [ " available " ], $user_id , true ),
2021-12-29 15:03:02 +01:00
" updated_user " => $user_id ,
" updated_user_name " => $users -> getName ( $user_id )
2021-12-24 15:21:22 +01:00
]);
}
);
2022-01-06 22:16:15 +01:00
$r -> addRoute (
" POST " ,
" /manual_mode " ,
function ( $vars ) {
2022-01-06 23:24:23 +01:00
global $users , $availability ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2022-01-06 22:16:15 +01:00
$users -> online_time_update ();
2022-01-06 23:24:23 +01:00
$availability -> change_manual_mode ( $_POST [ " manual_mode " ]);
2022-01-06 22:16:15 +01:00
apiResponse ([ " status " => " success " ]);
}
);
2021-12-24 15:21:22 +01:00
2021-12-29 01:07:37 +01:00
$r -> addRoute (
[ 'GET' ],
'/schedules' ,
function ( $vars ) {
global $users , $schedules ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2021-12-29 01:07:37 +01:00
$users -> online_time_update ();
apiResponse ( $schedules -> get ());
}
);
$r -> addRoute (
[ 'POST' ],
'/schedules' ,
function ( $vars ) {
global $users , $schedules ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2021-12-29 01:07:37 +01:00
$users -> online_time_update ();
$new_schedules = ! is_string ( $_POST [ " schedules " ]) ? json_encode ( $_POST [ " schedules " ]) : $_POST [ " schedules " ];
apiResponse ([
" response " => $schedules -> update ( $new_schedules )
]);
}
);
2022-01-06 22:16:15 +01:00
$r -> addRoute (
[ 'GET' ],
'/service_types' ,
function ( $vars ) {
global $users , $db ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2022-01-06 22:16:15 +01:00
$users -> online_time_update ();
$response = $db -> select ( " SELECT * FROM ` " . DB_PREFIX . " _type` " );
apiResponse ( is_null ( $response ) ? [] : $response );
}
);
$r -> addRoute (
[ 'POST' ],
'/service_types' ,
function ( $vars ) {
global $users , $db ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2022-01-06 22:16:15 +01:00
$users -> online_time_update ();
$response = $db -> insert ( DB_PREFIX . " _type " , [ " name " => $_POST [ " name " ]]);
apiResponse ( $response );
}
);
2022-01-08 00:09:10 +01:00
$r -> addRoute (
[ 'GET' ],
'/places/search' ,
function ( $vars ) {
global $places ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2022-01-08 00:09:10 +01:00
apiResponse ( $places -> search ( $_GET [ " q " ]));
}
);
2022-01-05 00:51:59 +01:00
$r -> addRoute (
[ 'POST' ],
'/telegram_login_token' ,
function ( $vars ) {
global $users , $db ;
2022-02-13 01:26:41 +01:00
requireLogin ();
2022-01-05 00:51:59 +01:00
$users -> online_time_update ();
$token = bin2hex ( random_bytes ( 16 ));
apiResponse ([
" response " => $db -> insert (
DB_PREFIX . '_bot_telegram' ,
[
'user' => $users -> auth -> getUserId (),
'tmp_login_token' => $token
]
),
" start_link " => " https://t.me/ " . BOT_TELEGRAM_USERNAME . " ?start= " . $token ,
" token " => $token
]);
}
);
2021-12-23 18:38:23 +01:00
$r -> addRoute (
[ 'POST' ],
'/login' ,
function ( $vars ) {
global $users ;
try {
$token = $users -> loginAndReturnToken ( $_POST [ " username " ], $_POST [ " password " ]);
2022-04-02 22:28:00 +02:00
logger ( " Login effettuato " );
2021-12-24 15:21:22 +01:00
apiResponse ([ " status " => " success " , " access_token " => $token ]);
2021-12-23 18:38:23 +01:00
}
catch ( \Delight\Auth\InvalidEmailException $e ) {
statusCode ( 401 );
2022-04-02 22:28:00 +02:00
apiResponse ([ " status " => " error " , " message " => " Wrong email address " ]);
2021-12-23 18:38:23 +01:00
}
catch ( \Delight\Auth\InvalidPasswordException $e ) {
statusCode ( 401 );
2022-04-02 22:28:00 +02:00
apiResponse ([ " status " => " error " , " message " => " Wrong password " ]);
2021-12-23 18:38:23 +01:00
}
catch ( \Delight\Auth\EmailNotVerifiedException $e ) {
statusCode ( 401 );
2022-04-02 22:28:00 +02:00
apiResponse ([ " status " => " error " , " message " => " Email not verified " ]);
2021-12-23 18:38:23 +01:00
}
catch ( \Delight\Auth\UnknownUsernameException $e ) {
statusCode ( 401 );
2022-04-02 22:28:00 +02:00
apiResponse ([ " status " => " error " , " message " => " Wrong username " ]);
2021-12-23 18:38:23 +01:00
}
catch ( \Delight\Auth\TooManyRequestsException $e ) {
statusCode ( 401 );
2022-04-02 22:28:00 +02:00
apiResponse ([ " status " => " error " , " message " => " Too many requests " ]);
2021-12-23 18:38:23 +01:00
}
catch ( Exception $e ) {
statusCode ( 401 );
2022-04-02 22:28:00 +02:00
apiResponse ([ " status " => " error " , " message " => " Unknown error " , " error " => $e ]);
2021-12-23 18:38:23 +01:00
}
}
);
2022-02-14 11:40:47 +01:00
$r -> addRoute (
[ 'POST' ],
'/impersonate' ,
function ( $vars ) {
global $users ;
requireLogin ();
if ( ! $users -> hasRole ( Role :: SUPER_ADMIN )) {
statusCode ( 401 );
2022-04-02 22:28:00 +02:00
apiResponse ([ " status " => " error " , " message " => " You don't have permission to impersonate " ]);
2022-02-14 11:40:47 +01:00
return ;
}
try {
$token = $users -> loginAsUserIdAndReturnToken ( $_POST [ " user_id " ]);
apiResponse ([ " status " => " success " , " access_token " => $token ]);
}
catch ( \Delight\Auth\UnknownIdException $e ) {
statusCode ( 400 );
2022-04-02 22:28:00 +02:00
apiResponse ([ " status " => " error " , " message " => " Wrong user ID " ]);
2022-02-14 11:40:47 +01:00
}
catch ( \Delight\Auth\EmailNotVerifiedException $e ) {
statusCode ( 400 );
2022-04-02 22:28:00 +02:00
apiResponse ([ " status " => " error " , " message " => " Email not verified " ]);
2022-02-14 11:40:47 +01:00
}
catch ( Exception $e ) {
statusCode ( 400 );
2022-04-02 22:28:00 +02:00
apiResponse ([ " status " => " error " , " message " => " Unknown error " , " error " => $e ]);
2022-02-14 11:40:47 +01:00
}
}
);
2022-02-14 16:49:55 +01:00
$r -> addRoute (
[ 'POST' ],
'/stop_impersonating' ,
function ( $vars ) {
global $users ;
requireLogin ();
if ( array_key_exists ( " impersonating_user " , $users -> auth -> user_info ) && array_key_exists ( " precedent_user_id " , $users -> auth -> user_info )) {
$precedent_user_id = $users -> auth -> user_info [ " precedent_user_id " ];
$users -> auth -> logOut ();
$token = $users -> loginAsUserIdAndReturnToken ( $precedent_user_id );
apiResponse ([ " status " => " success " , " access_token " => $token , " user_id " => $users -> auth -> getUserId ()]);
}
}
);
2022-02-13 01:26:41 +01:00
$r -> addRoute (
[ 'GET' , 'POST' ],
'/refreshToken' ,
function ( $vars ) {
global $users ;
requireLogin ( false );
apiResponse ([
" token " => $users -> generateToken ()
]);
}
);
2021-12-23 18:38:23 +01:00
$r -> addRoute (
[ 'GET' , 'POST' ],
'/validateToken' ,
function ( $vars ) {
global $users ;
$token = isset ( $_GET [ 'token' ]) ? $_GET [ 'token' ] : $_POST [ 'token' ];
$token_parsed = $users -> auth -> parseToken ( $token );
apiResponse ([
" valid " => $users -> auth -> isTokenValid ( $token_parsed ),
]);
}
);
2021-12-22 23:05:32 +01:00
}