allerta-vvf
/
allerta-vvf
mirror of https://github.com/allerta-vvf/allerta-vvf
1
0
Fork 0
Code Issues Releases Wiki Activity
allerta-vvf/backend/apiRouter.php

487 lines
16 KiB
PHP
Raw Blame History

<?php
require_once 'utils.php';
require_once 'telegramBotRouter.php';
require_once 'cronRouter.php';
require_once 'alerts.php';
function apiRouter (FastRoute\RouteCollector $r) {
$r->addGroup('/cron', function (FastRoute\RouteCollector $r) {
cronRouter($r);
});
$r->addGroup('/alerts', function (FastRoute\RouteCollector $r) {
alertsRouter($r);
});
$r->addRoute(
['GET', 'POST'],
'/bot/telegram',
function ($vars) {
telegramBotRouter();
}
);
$r->addRoute(
'GET',
'/owner_image',
function ($vars) {
if(get_option("use_custom_owner_image", false)) {
$owner_image = get_option("owner_image", false);
if($owner_image) {
header('Cache-control: max-age='.(60*60*24*31));
header('Expires: '.gmdate(DATE_RFC1123,time()+60*60*24*31));
header('Content-Type: image/png');
readfile($owner_image);
} else {
statusCode(404);
}
} else {
header('Cache-control: max-age='.(60*60*24*31));
header('Expires: '.gmdate(DATE_RFC1123,time()+60*60*24*31));
header('Content-Type: image/png');
readfile("dist-frontend/assets/img/owner.png");
}
}
);
$r->addRoute(
'GET',
'/place_image',
function ($vars) {
header('Cache-control: max-age='.(60*60*24*31));
header('Expires: '.gmdate(DATE_RFC1123,time()+60*60*24*31));
header('Content-Type: image/png');
readfile("tmp/".md5($_GET["lat"].";".$_GET["lng"]).".jpg");
}
);
$r->addRoute(
'GET',
'/healthcheck',
function ($vars) {
apiResponse(["state" => "SUCCESS", "description" => ""]);
}
);
$r->addRoute(
['GET', 'POST'],
'/debug/request',
function ($vars) {
apiResponse(["get" => $_GET, "post" => $_POST, "server" => $_SERVER]);
}
);
$r->addRoute(
['GET', 'POST'],
'/debug/token',
function ($vars) {
global $users;
$token = isset($_GET['token']) ? $_GET['token'] : $_POST['token'];
$token_parsed = $users->auth->parseToken($token);
$claims = $token_parsed !== false ? $token_parsed->claims() : null;
$jti = isset($claims) ? $claims->get('jti') : null;
$exp = isset($claims) ? $claims->get('exp') : null;
$iat = isset($claims) ? $claims->get('iat') : null;
$nbf = isset($claims) ? $claims->get('nbf') : null;
$user_info = isset($claims) ? $claims->get('user_info') : null;
apiResponse([
"user_info" => $user_info,
"jti" => $jti,
"exp" => $exp,
"iat" => $iat,
"nbf" => $nbf,
"valid" => $users->auth->isTokenValid($token_parsed),
]);
}
);
$r->addRoute(
['GET'],
'/list',
function ($vars) {
global $db, $users;
requireLogin();
$users->online_time_update();
if($users->hasRole(Role::SUPER_EDITOR)) {
$response = $db->select("SELECT * FROM `".DB_PREFIX."_profiles` WHERE `hidden` = 0 ORDER BY available DESC, chief DESC, services ASC, trainings DESC, availability_minutes ASC, name ASC");
} else {
$response = $db->select("SELECT `id`, `chief`, `online_time`, `available`, `availability_minutes`, `name`, `driver`, `services` FROM `".DB_PREFIX."_profiles` WHERE `hidden` = 0 ORDER BY available DESC, chief DESC, services ASC, trainings DESC, availability_minutes ASC, name ASC");
}
apiResponse(
!is_null($response) ? $response : []
);
}
);
$r->addRoute(
['GET'],
'/logs',
function ($vars) {
global $db, $users;
requireLogin();
$users->online_time_update();
$response = $db->select("SELECT * FROM `".DB_PREFIX."_log` ORDER BY `timestamp` DESC");
if(!is_null($response)) {
foreach($response as &$row) {
$row['changed'] = $users->getName($row['changed']);
$row['editor'] = $users->getName($row['editor']);
}
} else {
$response = [];
}
apiResponse($response);
}
);
$r->addRoute(
['GET'],
'/services',
function ($vars) {
global $services, $users;
requireLogin();
$users->online_time_update();
apiResponse($services->list());
}
);
$r->addRoute(
['POST'],
'/services',
function ($vars) {
global $services, $users;
requireLogin();
$users->online_time_update();
apiResponse(["response" => $services->add($_POST["start"], $_POST["end"], $_POST["code"], $_POST["chief"], $_POST["drivers"], $_POST["crew"], $_POST["place"], $_POST["notes"], $_POST["type"], $users->auth->getUserId())]);
}
);
$r->addRoute(
['GET'],
'/services/{id}',
function ($vars) {
global $services, $users;
requireLogin();
$users->online_time_update();
apiResponse($services->get($vars['id']));
}
);
$r->addRoute(
['DELETE'],
'/services/{id}',
function ($vars) {
global $services, $users;
requireLogin();
$users->online_time_update();
apiResponse(["response" => $services->delete($vars["id"])]);
}
);
$r->addRoute(
['GET'],
'/place_details',
function ($vars) {
global $db, $users;
requireLogin();
$users->online_time_update();
$response = $db->selectRow("SELECT * FROM `".DB_PREFIX."_places_info` WHERE `lat` = ? and `lng` = ? LIMIT 0,1;", [$_GET["lat"], $_GET["lng"]]);
apiResponse(!is_null($response) ? $response : []);
}
);
$r->addRoute(
['GET'],
'/trainings',
function ($vars) {
global $db, $users;
requireLogin();
$users->online_time_update();
$response = $db->select("SELECT * FROM `".DB_PREFIX."_trainings` ORDER BY date DESC, beginning desc");
apiResponse(
!is_null($response) ? $response : []
);
}
);
$r->addRoute(
['GET'],
'/users',
function ($vars) {
global $users, $users;
requireLogin();
$users->online_time_update();
apiResponse($users->get_users());
}
);
$r->addRoute(
['POST'],
'/users',
function ($vars) {
global $users;
requireLogin();
if(!$users->hasRole(Role::SUPER_EDITOR)){
exit;
}
apiResponse(["userId" => $users->add_user($_POST["email"], $_POST["name"], $_POST["username"], $_POST["password"], $_POST["phone_number"], $_POST["birthday"], $_POST["chief"], $_POST["driver"], $_POST["hidden"], $_POST["disabled"], "unknown")]);
}
);
$r->addRoute(
['GET'],
'/users/{userId}',
function ($vars) {
global $users;
requireLogin();
if(!$users->hasRole(Role::SUPER_EDITOR) && $_POST["id"] !== $users->auth->getUserId()){
exit;
}
apiResponse($users->getUserById($vars["userId"]));
}
);
$r->addRoute(
['DELETE'],
'/users/{userId}',
function ($vars) {
global $users;
requireLogin();
if(!$users->hasRole(Role::SUPER_EDITOR) && $_POST["id"] !== $users->auth->getUserId()){
exit;
}
$users->remove_user($vars["userId"], "unknown");
apiResponse(["status" => "success"]);
}
);
$r->addRoute(
['GET'],
'/availability',
function ($vars) {
global $users, $db;
requireLogin();
$users->online_time_update();
$row = $db->selectRow(
"SELECT `available`, `manual_mode` FROM `".DB_PREFIX."_profiles` WHERE `id` = ?",
[$users->auth->getUserId()]
);
apiResponse([
"available" => $row["available"],
"manual_mode" => $row["manual_mode"]
]);
}
);
$r->addRoute(
['POST'],
'/availability',
function ($vars) {
global $users, $availability;
requireLogin();
$users->online_time_update();
if(!$users->hasRole(Role::SUPER_EDITOR) && (int) $_POST["id"] !== $users->auth->getUserId()){
statusCode(401);
apiResponse(["status" => "error", "message" => "You don't have permission to change other users availability", "t" => $users->auth->getUserId()]);
return;
}
$user_id = is_numeric($_POST["id"]) ? $_POST["id"] : $users->auth->getUserId();
apiResponse([
"response" => $availability->change($_POST["available"], $user_id, true),
"updated_user" => $user_id,
"updated_user_name" => $users->getName($user_id)
]);
}
);
$r->addRoute(
"POST",
"/manual_mode",
function ($vars) {
global $users, $availability;
requireLogin();
$users->online_time_update();
$availability->change_manual_mode($_POST["manual_mode"]);
apiResponse(["status" => "success"]);
}
);
$r->addRoute(
['GET'],
'/schedules',
function ($vars) {
global $users, $schedules;
requireLogin();
$users->online_time_update();
apiResponse($schedules->get());
}
);
$r->addRoute(
['POST'],
'/schedules',
function ($vars) {
global $users, $schedules;
requireLogin();
$users->online_time_update();
$new_schedules = !is_string($_POST["schedules"]) ? json_encode($_POST["schedules"]) : $_POST["schedules"];
apiResponse([
"response" => $schedules->update($new_schedules)
]);
}
);
$r->addRoute(
['GET'],
'/service_types',
function ($vars) {
global $users, $db;
requireLogin();
$users->online_time_update();
$response = $db->select("SELECT * FROM `".DB_PREFIX."_type`");
apiResponse(is_null($response) ? [] : $response);
}
);
$r->addRoute(
['POST'],
'/service_types',
function ($vars) {
global $users, $db;
requireLogin();
$users->online_time_update();
$response = $db->insert(DB_PREFIX."_type", ["name" => $_POST["name"]]);
apiResponse($response);
}
);
$r->addRoute(
['GET'],
'/places/search',
function ($vars) {
global $places;
requireLogin();
apiResponse($places->search($_GET["q"]));
}
);
$r->addRoute(
['POST'],
'/telegram_login_token',
function ($vars) {
global $users, $db;
requireLogin();
$users->online_time_update();
$token = bin2hex(random_bytes(16));
apiResponse([
"response" => $db->insert(
DB_PREFIX.'_bot_telegram',
[
'user' => $users->auth->getUserId(),
'tmp_login_token' => $token
]
),
"start_link" => "https://t.me/".BOT_TELEGRAM_USERNAME."?start=".$token,
"token" => $token
]);
}
);
$r->addRoute(
['POST'],
'/login',
function ($vars) {
global $users;
try {
$token = $users->loginAndReturnToken($_POST["username"], $_POST["password"]);
logger("Login effettuato");
apiResponse(["status" => "success", "access_token" => $token]);
}
catch (\Delight\Auth\InvalidEmailException $e) {
statusCode(401);
apiResponse(["status" => "error", "message" => "Wrong email address"]);
}
catch (\Delight\Auth\InvalidPasswordException $e) {
statusCode(401);
apiResponse(["status" => "error", "message" => "Wrong password"]);
}
catch (\Delight\Auth\EmailNotVerifiedException $e) {
statusCode(401);
apiResponse(["status" => "error", "message" => "Email not verified"]);
}
catch (\Delight\Auth\UnknownUsernameException $e) {
statusCode(401);
apiResponse(["status" => "error", "message" => "Wrong username"]);
}
catch (\Delight\Auth\TooManyRequestsException $e) {
statusCode(401);
apiResponse(["status" => "error", "message" => "Too many requests"]);
}
catch (Exception $e) {
statusCode(401);
apiResponse(["status" => "error", "message" => "Unknown error", "error" => $e]);
}
}
);
$r->addRoute(
['POST'],
'/impersonate',
function ($vars) {
global $users;
requireLogin();
if(!$users->hasRole(Role::SUPER_ADMIN)) {
statusCode(401);
apiResponse(["status" => "error", "message" => "You don't have permission to impersonate"]);
return;
}
try {
$token = $users->loginAsUserIdAndReturnToken($_POST["user_id"]);
apiResponse(["status" => "success", "access_token" => $token]);
}
catch (\Delight\Auth\UnknownIdException $e) {
statusCode(400);
apiResponse(["status" => "error", "message" => "Wrong user ID"]);
}
catch (\Delight\Auth\EmailNotVerifiedException $e) {
statusCode(400);
apiResponse(["status" => "error", "message" => "Email not verified"]);
}
catch (Exception $e) {
statusCode(400);
apiResponse(["status" => "error", "message" => "Unknown error", "error" => $e]);
}
}
);
$r->addRoute(
['POST'],
'/stop_impersonating',
function ($vars) {
global $users;
requireLogin();
if(array_key_exists("impersonating_user", $users->auth->user_info) && array_key_exists("precedent_user_id", $users->auth->user_info)) {
$precedent_user_id = $users->auth->user_info["precedent_user_id"];
$users->auth->logOut();
$token = $users->loginAsUserIdAndReturnToken($precedent_user_id);
apiResponse(["status" => "success", "access_token" => $token, "user_id" => $users->auth->getUserId()]);
}
}
);
$r->addRoute(
['GET', 'POST'],
'/refreshToken',
function ($vars) {
global $users;
requireLogin(false);
apiResponse([
"token" => $users->generateToken()
]);
}
);
$r->addRoute(
['GET', 'POST'],
'/validateToken',
function ($vars) {
global $users;
$token = isset($_GET['token']) ? $_GET['token'] : $_POST['token'];
$token_parsed = $users->auth->parseToken($token);
apiResponse([
"valid" => $users->auth->isTokenValid($token_parsed),
]);
}
);
}
View Git Blame Copy Permalink