-
-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathapi.php
176 lines (159 loc) · 5.57 KB
/
api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
<?php
define('pvault_panel', TRUE);
define('__ROOT__', dirname(__FILE__));
define('LOG_PATH', '/tmp/logs/');
define('DEFAULT_IMAGE', __ROOT__ . '/img/pv_molecule.png');
define('LOG_API_FILE', 'pv-api.log');
require_once(__ROOT__.'/inc/opendb.php');
require_once(__ROOT__.'/inc/settings.php');
require_once(__ROOT__.'/func/rgbToHex.php');
// Check if API is enabled in system settings
if (!isset($system_settings['API_enabled']) || $system_settings['API_enabled'] != 1) {
header('Content-Type: application/json; charset=utf-8');
echo json_encode([
'draw' => intval($_REQUEST['draw'] ?? 0),
'recordsTotal' => 0,
'recordsFiltered' => 0,
'data' => [],
'error' => 'API is administratively disabled'
]);
return;
}
// Default image for formulas
$defImage = base64_encode(file_get_contents(DEFAULT_IMAGE));
// Create log directory and file
if (!file_exists(LOG_PATH)) {
if (!mkdir(LOG_PATH, 0740, true)) {
die(json_encode(['error' => 'Failed to create log directory']));
}
}
if (!file_exists(LOG_PATH . LOG_API_FILE)) {
if (!touch(LOG_PATH . LOG_API_FILE)) {
die(json_encode(['error' => 'Failed to create log file']));
}
}
// Log incoming requests
$reqDump = print_r($_REQUEST, true);
file_put_contents(LOG_PATH . LOG_API_FILE, $reqDump, FILE_APPEND);
/**
* Check API authentication
*/
function apiCheckAuth($key, $conn) {
global $userID;
$query = "SELECT id FROM users WHERE isAPIActive = '1' AND isActive = '1' AND API_key = ?";
$stmt = mysqli_prepare($conn, $query);
mysqli_stmt_bind_param($stmt, 's', $key);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
mysqli_stmt_bind_result($stmt, $id);
if (mysqli_stmt_fetch($stmt)) {
$userID = $id;
}
return mysqli_stmt_num_rows($stmt) > 0;
}
/**
* Validate API Key and Execute Request
*/
function validateKeyAndExecute($conn, $key, $callback) {
if (!apiCheckAuth($key, $conn)) {
header('Content-Type: application/json; charset=utf-8');
echo json_encode(['status' => 'Auth failed']);
return false;
}
return $callback();
}
// Validate required parameters
$key = $_REQUEST['key'] ?? null;
$do = strtolower($_REQUEST['do'] ?? '');
$type = $_REQUEST['type'] ?? null;
if ($key && $do === 'auth') {
if(!apiCheckAuth($key, $conn)) {
header('Content-Type: application/json; charset=utf-8');
echo json_encode(['type'=>'auth','status' => 'failed']);
return;
} else {
header('Content-Type: application/json; charset=utf-8');
echo json_encode(['type'=>'auth','status' => 'success']);
return;
}
}
$validEndpoints = [
'upload' => ['formula', 'ingredients'],
'get' => ['formulas', 'ingredients', 'categories', 'suppliers', 'documents', 'ifra'],
'manage' => ['makeformula']
];
// Function to return valid endpoints
function getValidEndpoints($endpoints) {
$formatted = [];
foreach ($endpoints as $do => $types) {
foreach ($types as $type) {
$formatted[] = ['method' => 'POST','do' => $do, 'type' => $type];
}
}
return $formatted;
}
// Route requests
switch ($do) {
case 'upload':
if ($type === 'formulas') {
validateKeyAndExecute($conn, $key, function () {
require_once(__ROOT__ . '/api-functions/formulas_upload.php');
});
} elseif ($type === 'ingredients') {
validateKeyAndExecute($conn, $key, function () {
require_once(__ROOT__ . '/api-functions/ingredients_upload.php');
});
} else {
header('Content-Type: application/json; charset=utf-8');
echo json_encode([
'status' => 'Invalid type for upload',
'valid_endpoints' => getValidEndpoints($validEndpoints)
], JSON_PRETTY_PRINT);
return;
}
break;
case 'get':
$apiFileMap = [
'formulas' => '/api-functions/formulas_get.php',
'ingredients' => '/api-functions/ingredients_get.php',
'categories' => '/api-functions/categories_get.php',
'suppliers' => '/api-functions/suppliers_get.php',
'documents' => '/api-functions/documents_get.php',
'ifra' => '/api-functions/ifra_get.php'
];
if (isset($apiFileMap[$type])) {
validateKeyAndExecute($conn, $key, function () use ($type, $apiFileMap) {
require_once(__ROOT__ . $apiFileMap[$type]);
});
} else {
header('Content-Type: application/json; charset=utf-8');
echo json_encode([
'status' => 'Invalid type for get',
'valid_endpoints' => getValidEndpoints($validEndpoints)
], JSON_PRETTY_PRINT);
return;
}
break;
case 'manage':
if ($type === 'makeformula') {
validateKeyAndExecute($conn, $key, function () {
require_once(__ROOT__ . '/api-functions/manage_makeformula.php');
});
} else {
header('Content-Type: application/json; charset=utf-8');
echo json_encode([
'status' => 'Invalid type for manage',
'valid_endpoints' => getValidEndpoints($validEndpoints)
], JSON_PRETTY_PRINT);
return;
}
break;
default:
header('Content-Type: application/json; charset=utf-8');
echo json_encode([
'status' => 'Unknown action',
'valid_endpoints' => getValidEndpoints($validEndpoints)
], JSON_PRETTY_PRINT);
return;
}
?>