forked from projects/fipamo
ec1dc49ba1
The script that handles logggin in and the form for getting that information were both posting the info which would result in an intemittent uncaught error. An attribute was added to the form so it does not submit at the same time the JS sends a request. A minor bug but it was annoying.
232 lines
8.6 KiB
PHP
232 lines
8.6 KiB
PHP
<?php
|
|
|
|
namespace brain\controller;
|
|
|
|
use Psr\Http\Message\ResponseInterface;
|
|
use Psr\Http\Message\ServerRequestInterface;
|
|
use brain\api\v1\AuthAPI;
|
|
use brain\api\v1\PagesAPI;
|
|
use brain\api\v1\SettingsAPI;
|
|
use brain\api\v1\InitAPI;
|
|
use brain\api\v1\MailerAPI;
|
|
use brain\data\Member;
|
|
use brain\data\Session;
|
|
|
|
class APIControl
|
|
{
|
|
public static function get(
|
|
ServerRequestInterface $request,
|
|
ResponseInterface $response,
|
|
array $args
|
|
): ResponseInterface {
|
|
$filename = '';
|
|
switch (isset($args['third']) ? $args['third'] : 'none') {
|
|
case 'status':
|
|
$result = AuthAPI::status();
|
|
|
|
break;
|
|
case 'page':
|
|
//echo
|
|
if (Member::verifyKey($_GET['key'])) {
|
|
$result = PagesAPI::getPageContent($request, $args);
|
|
} else {
|
|
$result = [
|
|
'message' => 'API access denied, homie',
|
|
'type' => 'API_ERROR',
|
|
];
|
|
}
|
|
break;
|
|
case 'settings':
|
|
$token = $request->getHeader('fipamo-access-token');
|
|
//Verify token to get site info
|
|
if (isset($token[0])) {
|
|
if (Session::verifyToken($token[0])) {
|
|
$result = SettingsAPI::getInfo($request, $args);
|
|
} else {
|
|
$result = [
|
|
'message' => 'Invalid token, API access denied, homie',
|
|
'type' => 'API_ERROR',
|
|
];
|
|
}
|
|
} else {
|
|
$result = [
|
|
'message' => 'No token, API access denied, homie',
|
|
'type' => 'API_ERROR',
|
|
];
|
|
}
|
|
break;
|
|
case 'files':
|
|
if (Session::active()) {
|
|
if ($args['third'] == 'backup') {
|
|
$filename = '../config/backups/latest_backup.zip';
|
|
if (file_exists($filename)) {
|
|
header('Content-Type: application/zip');
|
|
header(
|
|
'Content-Disposition: attachment; filename="' .
|
|
basename($filename) .
|
|
'"'
|
|
);
|
|
header('Content-Length: ' . filesize($filename));
|
|
|
|
flush();
|
|
// return readfile($filename);
|
|
//readfile($filename);
|
|
// delete file
|
|
//unlink($filename);
|
|
}
|
|
}
|
|
} else {
|
|
$result = [
|
|
'message' => 'API access denied, homie',
|
|
'type' => 'API_ERROR',
|
|
];
|
|
}
|
|
// no break
|
|
default:
|
|
break;
|
|
}
|
|
|
|
$freshResponse = $response;
|
|
|
|
if ($args['third'] == 'files') {
|
|
$freshResponse
|
|
->getBody()
|
|
->write(file_get_contents('../config/backups/latest_back.zip'));
|
|
|
|
$freshResponse->withHeader('Content-Type', 'application/zip');
|
|
return $freshResponse->withAddedHeader(
|
|
'Content-Disposition',
|
|
'attachment; filename=latest_backup.zip'
|
|
);
|
|
} else {
|
|
$response->getBody()->write(json_encode($result));
|
|
return $response->withHeader('Content-Type', 'application/json');
|
|
}
|
|
}
|
|
|
|
public static function post(
|
|
ServerRequestInterface $request,
|
|
ResponseInterface $response,
|
|
array $args
|
|
): ResponseInterface {
|
|
$contentType = $request->getHeader('Content-Type');
|
|
switch ($contentType[0]) {
|
|
case 'application/json':
|
|
$body = json_decode(file_get_contents('php://input'), true);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
switch (isset($args['third']) ? $args['third'] : 'none') {
|
|
case 'restore': //move to 'api/auth'
|
|
case 'init': //move to 'api/auth'
|
|
$task = $args['third'];
|
|
$result = InitApi::handleInitTasks(
|
|
$task,
|
|
$task == 'init' ? $body : $request
|
|
);
|
|
break;
|
|
case 'backup': //move to 'api/auth'
|
|
$token = $request->getHeader('fipamo-access-token');
|
|
//Verify token for admin tasks
|
|
$result = SettingsAPI::createBackup();
|
|
/*
|
|
|
|
if (Session::verifyToken($token[0])) {
|
|
$result = SettingsAPI::createBackup();
|
|
} else {
|
|
$result = [
|
|
"message" => "API access denied, homie",
|
|
"type" => "API_ERROR",
|
|
];
|
|
}
|
|
*/
|
|
break;
|
|
case 'login': //move to 'api/auth'
|
|
//check if request is remote and if so, verify token
|
|
if ($body['remote'] || $body['remote'] == 'true') {
|
|
if (Member::verifyKey($body['key'])) {
|
|
$result = AuthAPI::login($body);
|
|
} else {
|
|
$result = [
|
|
'message' => 'API access denied, homie',
|
|
'type' => 'API_ERROR',
|
|
];
|
|
}
|
|
} else {
|
|
//request is local, so it's cool
|
|
$result = AuthAPI::login($body);
|
|
}
|
|
|
|
break;
|
|
case 'logout': //move to 'api/auth'
|
|
$result = AuthAPI::logout($body);
|
|
break;
|
|
case 'get-secret': //move to 'api/auth'
|
|
$result = AuthAPI::requestSecret($body);
|
|
break;
|
|
case 'reset-password': //move to 'api/auth'
|
|
$result = AuthAPI::resetPassword($body);
|
|
break;
|
|
case 'page':
|
|
$token = $request->getHeader('fipamo-access-token');
|
|
//Verify token for admin tasks
|
|
if (isset($token[0])) {
|
|
if (Session::verifyToken($token[0])) {
|
|
$result = PagesAPI::handlePageTask($request, $args);
|
|
} else {
|
|
$result = [
|
|
'message' => 'Invalid token, API access denied, homie',
|
|
'type' => 'API_ERROR',
|
|
];
|
|
}
|
|
} else {
|
|
$result = [
|
|
'message' => 'No token, API access denied, homie',
|
|
'type' => 'API_ERROR',
|
|
];
|
|
}
|
|
|
|
break;
|
|
case 'settings':
|
|
if (isset($body)) {
|
|
$postBody = $body;
|
|
} else {
|
|
$postBody = null;
|
|
}
|
|
$task = $args['fourth'];
|
|
if ($task == 'add-feature-background' || $task == 'add-avatar') {
|
|
$result = SettingsAPI::handleSettingsTask($request, $args, $postBody);
|
|
} else {
|
|
$token = $request->getHeader('fipamo-access-token');
|
|
if (Session::verifyToken($token[0])) {
|
|
$result = SettingsAPI::handleSettingsTask(
|
|
$request,
|
|
$args,
|
|
$postBody
|
|
);
|
|
} else {
|
|
$result = [
|
|
'message' => 'API access denied, homie',
|
|
'type' => 'API_ERROR',
|
|
];
|
|
}
|
|
}
|
|
|
|
break;
|
|
case 'mailer':
|
|
$result = MailerAPI::handleMail($request, $body, $response);
|
|
break;
|
|
default:
|
|
$result = [
|
|
'message' => "Oh, nothing to do. That's unfortunate",
|
|
'type' => 'TASK_NONE',
|
|
];
|
|
break;
|
|
}
|
|
$response->getBody()->write(json_encode($result));
|
|
return $response->withHeader('Content-Type', 'application/json');
|
|
}
|
|
}
|