Initial API support and composer update

server/api.php

@@ -0,0 +1,154 @@
+<?php
+require 'core.php';
+use Spatie\ArrayToXml\ArrayToXml;
+
+init_class(false);
+
+$user_info = [];
+
+$dispatcher = FastRoute\simpleDispatcher(function(FastRoute\RouteCollector $r) {
+    $r->addRoute('GET', '/users', function($vars)
+    {
+        requireToken();
+        global $database;
+        $users = $database->exec("SELECT * FROM `%PREFIX%_users`;", true);
+        $users_profiles = $database->exec("SELECT * FROM `%PREFIX%_profiles`;", true);
+        foreach ($users_profiles as $key=>$value){
+            if(is_null($users_profiles[$key]["name"])){
+                $users_profiles[$key]["name"] = $users[$key]["username"];
+            }
+            $users_profiles[$key]["email"] = $users[$key]["email"];
+        }
+        return $users_profiles;
+    });
+    $r->addRoute('GET', '/user/{id:\d+}', function($vars)
+    {
+        requireToken();
+        global $database;
+        $users = $database->exec("SELECT * FROM `%PREFIX%_users` WHERE id = :id;", true, [":id" => $vars["id"]])[0];
+        $users_profiles = $database->exec("SELECT * FROM `%PREFIX%_profiles` WHERE id = :id;", true, [":id" => $vars["id"]])[0];
+        if(is_null($users_profiles["name"])){
+            $users_profiles["name"] = $users["username"];
+        }
+        $users_profiles["email"] = $users["email"];
+        return $users_profiles;
+    });
+    $r->addRoute('GET', '/availability', function($vars)
+    {
+        requireToken();
+        global $database, $user_info;
+        return $database->exec("SELECT * FROM `%PREFIX%_profiles` WHERE id = :id;", true, [":id" => $user_info["id"]])[0]["available"];
+    });
+    $r->addRoute('GET', '/availability/{id:\d+}', function($vars)
+    {
+        requireToken();
+        global $database;
+        return $database->exec("SELECT * FROM `%PREFIX%_profiles` WHERE id = :id;", true, [":id" => $vars["id"]])[0]["available"];
+    });
+    $r->addRoute('GET', '/changeAvailability/{available:\d+}', function($vars)
+    {
+        requireToken();
+        global $user, $database, $user_info;
+        $vars["available"] = (int) $vars["available"];
+        if($vars["available"] !== 0 && $vars["available"] !== 1) {
+            return ["status" => "error", "message" => "Availability code not allowed"];
+        }
+        $user->log("Cambiamento disponibilita' (API) a ".$vars["available"], $user_info["id"], $user_info["id"], date("d/m/Y"), date("H:i.s"));
+        $database->exec("UPDATE `%PREFIX%_profiles` SET `available` = :available WHERE `id` = :id;", true, [":id" => $user_info["id"], ":available" => $vars["available"]]);
+    });
+    $r->addRoute('GET', '/changeAvailability/{id:\d+}/{available:\d+}', function($vars)
+    {
+        requireToken();
+        global $user, $database, $user_info;
+        $vars["available"] = (int) $vars["available"];
+        if($vars["available"] !== 0 && $vars["available"] !== 1) {
+            return ["status" => "error", "message" => "Availability code not allowed"];
+        }
+        $user->log("Cambiamento disponibilita' (API) a ".$vars["available"], $vars["id"], $user_info["id"], date("d/m/Y"), date("H:i.s"));
+        $database->exec("UPDATE `%PREFIX%_profiles` SET `available` = :available WHERE `id` = :id;", true, [":id" => $vars["id"], ":available" => $vars["available"]]);
+    });
+});
+
+// Fetch method and URI from somewhere
+$httpMethod = $_SERVER['REQUEST_METHOD'];
+$uri = $_SERVER['REQUEST_URI'];
+$uri = str_replace("/allerta", "", $uri);
+$uri = str_replace("api.php", "", $uri);
+$uri = str_replace("//", "/", $uri);
+
+// Strip query string (?foo=bar) and decode URI
+if (false !== $pos = strpos($uri, '?')) {
+    $uri = substr($uri, 0, $pos);
+}
+$uri = rawurldecode($uri);
+
+// Get response format
+if (isset($_GET["xml"])) {
+    $response = "xml";
+    $responseType = "application/xml";
+} else if (isset($_GET["json"])) {
+    $response = "json";
+    $responseType = "application/json";
+} else if (false !== strpos($uri, 'xml')) {
+    $response = "xml";
+    $responseType = "application/xml";
+    $uri = str_replace(".xml", "", $uri);
+} else if (false !== strpos($uri, 'json')) {
+    $response = "json";
+    $responseType = "application/json";
+    $uri = str_replace(".json", "", $uri);
+} else {
+    $response = "json";
+    $responseType = "application/json";
+}
+
+$routeInfo = $dispatcher->dispatch($httpMethod, $uri);
+
+bdump($httpMethod, $uri);
+bdump($response);
+
+function responseApi($content, $status_code=200){
+    global $response, $responseType;
+    header("Content-type: ".$responseType);
+    if($response == "json"){
+        echo(json_encode($content));
+    } else {
+        echo(ArrayToXml::convert($content));
+    }
+}
+
+function validToken(){
+    global $database, $user_info;
+    $token = isset($_SERVER['HTTP_TOKEN']) ? $_SERVER['HTTP_TOKEN'] : (isset($_SERVER['HTTP_token']) ? $_SERVER['HTTP_token'] : (isset($_SERVER['HTTP_Token']) ? $_SERVER['HTTP_Token'] : (isset($_POST['TOKEN']) ? $_POST['TOKEN'] : false)));
+    if($token == false){
+        return false;
+    }
+    if(!empty($api_key_row = $database->exec("SELECT * FROM `%PREFIX%_api_keys` WHERE apikey = :apikey;", true, [":apikey" => $token]))){
+        $user_info["id"] = $database->exec("SELECT * FROM `%PREFIX%_profiles` WHERE id = :id;", true, [":id" => $api_key_row[0]["user"]])[0]["id"];
+        return true;
+    } else {
+        return false;
+    }
+}
+
+function requireToken(){
+    if(!validToken()){
+        responseApi(["status" => "error", "message" => "Access Denied"], 403);
+        exit();
+    }
+}
+switch ($routeInfo[0]) {
+    case FastRoute\Dispatcher::NOT_FOUND:
+        // ... 404 Not Found
+        break;
+    case FastRoute\Dispatcher::METHOD_NOT_ALLOWED:
+        $allowedMethods = $routeInfo[1];
+        // ... 405 Method Not Allowed
+        break;
+    case FastRoute\Dispatcher::FOUND:
+        $handler = $routeInfo[1];
+        $vars = $routeInfo[2];
+        responseApi($handler($vars));
+        bdump($vars);
+        break;
+}

server/composer.json

@@ -1,12 +1,14 @@
 {
-    "name": "matteo/allerta",
+    "name": "matteo/allerta-vvf",
     "description": "Un software di allertamento per i vvf",
     "type": "project",
     "require": {
         "twig/twig": "3.x-dev",
         "tracy/tracy": "^2.7@dev",
         "delight-im/auth": "dev-master",
-        "ulrichsg/getopt-php": "dev-master"
+        "ulrichsg/getopt-php": "dev-master",
+        "nikic/fast-route": "^2.0@dev",
+        "spatie/array-to-xml": "^2.12"
     },
     "license": "GPL-3.0-or-later",
     "authors": [
@@ -15,7 +17,7 @@
             "email": "matteo@matteogheza.it"
         }
     ],
-    "minimum-stability": "dev",
+    "minimum-stability": "stable",
     "require-dev": {
         "codeception/codeception": "4.x-dev",
         "codeception/module-asserts": "*",

server/core.php

@@ -559,7 +559,7 @@ class translations{
   }
 }
 
-function init_class(){
+function init_class($enableDebugger=true){
   global $tools, $database, $user, $translations;
   if(!isset($tools) && !isset($database) && !isset($translations)){
     $database = new database();
@@ -567,11 +567,13 @@ function init_class(){
     $user = new user($database, $tools);
     $translations = new translations();
   }
+  if($enableDebugger){
   //if($user->requireRole(Role::DEVELOPER)){
     Debugger::enable(Debugger::DEVELOPMENT, __DIR__ . '/error-log');
   //} else {
     //Debugger::enable(Debugger::PRODUCTION, __DIR__ . '/error-log');
   //}
+  }
 }
 
 function t($string, $echo=true){

server/install/installHelper.php

@@ -289,7 +289,7 @@ PRIMARY KEY (`id`),
 UNIQUE KEY `selector` (`selector`),
 KEY `email_expires` (`email`,`expires`),
 KEY `user_id` (`user_id`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 CREATE TABLE IF NOT EXISTS `".$prefix."_users_remembered` (
 `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
 `user` int(10) unsigned NOT NULL,
@@ -299,7 +299,7 @@ CREATE TABLE IF NOT EXISTS `".$prefix."_users_remembered` (
 PRIMARY KEY (`id`),
 UNIQUE KEY `selector` (`selector`),
 KEY `user` (`user`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 CREATE TABLE IF NOT EXISTS `".$prefix."_users_resets` (
 `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
 `user` int(10) unsigned NOT NULL,
@@ -309,7 +309,7 @@ CREATE TABLE IF NOT EXISTS `".$prefix."_users_resets` (
 PRIMARY KEY (`id`),
 UNIQUE KEY `selector` (`selector`),
 KEY `user_expires` (`user`,`expires`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 CREATE TABLE IF NOT EXISTS `".$prefix."_users_throttling` (
 `bucket` varchar(44) CHARACTER SET latin1 COLLATE latin1_general_cs NOT NULL,
 `tokens` float unsigned NOT NULL,
@@ -317,7 +317,7 @@ CREATE TABLE IF NOT EXISTS `".$prefix."_users_throttling` (
 `expires_at` int(10) unsigned NOT NULL,
 PRIMARY KEY (`bucket`),
 KEY `expires_at` (`expires_at`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
 CREATE TABLE IF NOT EXISTS `".$prefix."_options` (
 `id` INT NOT NULL AUTO_INCREMENT,
 `name` TEXT NOT NULL, `value` MEDIUMTEXT NOT NULL,
@@ -335,6 +335,14 @@ CREATE TABLE `".$prefix."_dbversion` (
 PRIMARY KEY (`id`),
 KEY `Id` (`id`)
 )ENGINE=InnoDB DEFAULT CHARSET=latin1;
+CREATE TABLE `".$prefix."_api_keys` (
+`id` INT NOT NULL AUTO_INCREMENT,
+`apikey` VARCHAR(128) NOT NULL,
+`user` INT NOT NULL,
+`permissions` VARCHAR(128) NOT NULL DEFAULT 'ALL',
+PRIMARY KEY (`id`),
+KEY `Id` (`id`)
+) ENGINE = InnoDB DEFAULT CHARSET=latin1;
 INSERT INTO `".$prefix."_dbversion` (`version`, `timestamp`) VALUES('1', current_timestamp());
 INSERT INTO `".$prefix."_tipo` (`id`, `name`) VALUES (NULL, 'type1'), (NULL, 'type2');");
     } catch (Exception $e) {