Typos in API code fixed
This commit is contained in:
@@ -1,6 +1,9 @@
|
||||
<?php
|
||||
|
||||
namespace api\classes;
|
||||
|
||||
use JetBrains\PhpStorm\NoReturn;
|
||||
|
||||
class API
|
||||
{
|
||||
public $conn;
|
||||
@@ -9,7 +12,7 @@ class API
|
||||
# The user uuid that requested the API
|
||||
protected $user_uuid;
|
||||
|
||||
# $user_type is either an API call (api) or an call from the frontend (frontend)
|
||||
# $user_type is either an API call (api) or a call from the frontend (frontend)
|
||||
protected $user_type;
|
||||
|
||||
# Either GET POST PUT or DELETE
|
||||
@@ -44,7 +47,7 @@ class API
|
||||
public $baseQuery = false;
|
||||
|
||||
# Used for the general get function, this prevents SQL injecting by only allowing these columns instead of
|
||||
# Whatever the user inputs straigt into the query.
|
||||
# Whatever the user inputs straight into the query.
|
||||
public $allowedGetColumns = false;
|
||||
|
||||
# Cache the columns of the tables for some small performance improvements.
|
||||
@@ -573,7 +576,7 @@ class API
|
||||
# api will need to post with an application/json type Content type.
|
||||
# frontend will post with application/x-www-form-urlencoded content type but also is capable of application/json
|
||||
# frontend can also post multipart/form-data
|
||||
# GET requests dont have an content type
|
||||
# GET requests don't have a content type
|
||||
|
||||
$contentType = $_SERVER['CONTENT_TYPE'] ?? '';
|
||||
|
||||
@@ -610,6 +613,7 @@ class API
|
||||
return $this->user_uuid;
|
||||
}
|
||||
|
||||
#[NoReturn]
|
||||
public function apiOutput($code = 200, $data = [], $frontendMessage = false)
|
||||
{
|
||||
if ($this->user_type === 'api') {
|
||||
@@ -629,10 +633,10 @@ class API
|
||||
if (in_array($this->request_method, ['POST', 'PUT', 'DELETE'])) {
|
||||
http_response_code($code);
|
||||
|
||||
if ($this->return_url) { # sometimes the PUT doesnt need an return or response set (Think of js actions to api from frontend)
|
||||
if ($this->return_url) { # sometimes the PUT doesn't need a return or response set (Think of js actions to api from frontend)
|
||||
$_SESSION['response'] = json_encode($data);
|
||||
|
||||
# When a request is successfull the api will recieve the data, the frontend needs a friendly message
|
||||
# When a request is successfully the api will receive the data, the frontend needs a friendly message
|
||||
if ($frontendMessage) {
|
||||
$_SESSION['response'] = json_encode([key($data) => __($frontendMessage)]);
|
||||
}
|
||||
|
||||
@@ -37,7 +37,7 @@ class API_apitoken extends API
|
||||
|
||||
public function checkTokenPermissions()
|
||||
{
|
||||
# First we need to find to what user the api_token belongs to if its not given.
|
||||
# First we need to find to what user the api_token belongs to if it's not given.
|
||||
# If the user_uuid is unknown, get the user_uuid based on the api_token_being.
|
||||
if (!$this->data['user_uuid']) {
|
||||
$_GET['builder'] = [1 => ['where' => [0 => 'api_token_uuid', 1 => $this->data['api_token_uuid']]]];
|
||||
@@ -144,7 +144,7 @@ class API_apitoken extends API
|
||||
$stmt->bind_param('is', $api_token_revoked, $this->data['api_token_uuid']);
|
||||
|
||||
if ($this->executeStatement($stmt)) {
|
||||
$this->apiOutput(200, ['success' => 'API token ' . ($api_token_revoked ? 're' : 'en') . 'voked successfully.']);
|
||||
$this->apiOutput(200, ['success' => 'API token ' . ($api_token_revoked ? 'revoked' : 'envoked') . ' successfully.']);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -23,7 +23,7 @@ class API_inserve extends API
|
||||
|
||||
public $response = false;
|
||||
|
||||
private $cloudDistrubutor = false;
|
||||
private $cloudDistributor = false;
|
||||
|
||||
public function setupConnection()
|
||||
{
|
||||
@@ -64,14 +64,14 @@ class API_inserve extends API
|
||||
|
||||
public function getLinkedCompanies()
|
||||
{
|
||||
# init the clouddistrubutor name
|
||||
if (!isset($this->inserve_custom_data['clouddistrubutor']) || $this->inserve_custom_data['clouddistrubutor'] === '') {
|
||||
$this->apiOutput(400, ['error' => 'missing clouddistrubutor in custom source data']);
|
||||
# init the cloudDistributor name
|
||||
if (!isset($this->inserve_custom_data['cloudDistributor']) || $this->inserve_custom_data['cloudDistributor'] === '') {
|
||||
$this->apiOutput(400, ['error' => 'missing cloudDistributor in custom source data']);
|
||||
} else {
|
||||
$this->cloudDistrubutor = $this->inserve_custom_data['clouddistrubutor'];
|
||||
$this->cloudDistributor = $this->inserve_custom_data['cloudDistributor'];
|
||||
}
|
||||
|
||||
$this->ch = curl_init($this->inserve_url . 'cloud-distributors/' . $this->cloudDistrubutor . '/companies');
|
||||
$this->ch = curl_init($this->inserve_url . 'cloud-distributors/' . $this->cloudDistributor . '/companies');
|
||||
curl_setopt_array($this->ch, [
|
||||
CURLOPT_RETURNTRANSFER => true,
|
||||
CURLOPT_HTTPHEADER => [
|
||||
@@ -128,11 +128,11 @@ class API_inserve extends API
|
||||
|
||||
public function syncCompaniesFromSentri()
|
||||
{
|
||||
# init the clouddistrubutor name
|
||||
if (!isset($this->inserve_custom_data['clouddistrubutor']) || $this->inserve_custom_data['clouddistrubutor'] === '') {
|
||||
$this->apiOutput(400, ['error' => 'missing clouddistrubutor in custom source data']);
|
||||
# init the cloudDistributor name
|
||||
if (!isset($this->inserve_custom_data['cloudDistributor']) || $this->inserve_custom_data['cloudDistributor'] === '') {
|
||||
$this->apiOutput(400, ['error' => 'missing cloudDistributor in custom source data']);
|
||||
} else {
|
||||
$this->cloudDistrubutor = $this->inserve_custom_data['clouddistrubutor'];
|
||||
$this->cloudDistributor = $this->inserve_custom_data['cloudDistributor'];
|
||||
}
|
||||
|
||||
# First retrieve all the active companies to sync to the Inserve cloud distributor
|
||||
@@ -148,7 +148,7 @@ class API_inserve extends API
|
||||
];
|
||||
}
|
||||
|
||||
$url = $this->inserve_url . 'cloud-distributors/' . $this->cloudDistrubutor . '/companies';
|
||||
$url = $this->inserve_url . 'cloud-distributors/' . $this->cloudDistributor . '/companies';
|
||||
|
||||
$this->ch = curl_init($url);
|
||||
|
||||
@@ -430,7 +430,7 @@ class API_inserve extends API
|
||||
$item['subscriptionInserveCompanyId'] = $inserveLookup[$item['md5']]['cloud_distribution_company_id'];
|
||||
$item['subscriptionInserveName'] = $inserveLookup[$item['md5']]['name'];
|
||||
//$item['subscriptionInserveStatus'] = $inserveLookup[$item['md5']]['status'];
|
||||
} else { # Subscription does not exists in Inserve
|
||||
} else { # Subscription does not exist in Inserve
|
||||
$item['sentriCompanyId'] = (int)$allCompaniesIds[$row['company_source_id']] ?? 0;
|
||||
$item['subscriptionInserveExists'] = false;
|
||||
$item['subscriptionInserveId'] = false;
|
||||
@@ -458,7 +458,7 @@ class API_inserve extends API
|
||||
} else {
|
||||
$namePart = ucfirst($first) . ' - ' . $second;
|
||||
}
|
||||
} //Handle keys without . but with a space (expmale directadmin.Standard Discounted)
|
||||
} //Handle keys without . but with a space (example directadmin.Standard Discounted)
|
||||
elseif (strpos($key, ' ') !== false) {
|
||||
// explode on first .
|
||||
$parts = explode('.', $key, 2);
|
||||
@@ -487,13 +487,13 @@ class API_inserve extends API
|
||||
// if subscriptionInserveExists is false create a new subscription
|
||||
if ($item['subscriptionInserveExists'] === false) {
|
||||
$payload = [
|
||||
"cloud_distribution_id" => $item['md5'], #md5 hash based on the server_uuid from sentri and the subscription name (eg. server_cpu_count)
|
||||
"cloud_distribution_id" => $item['md5'], #md5 hash based on the server_uuid from sentri and the subscription name (e.g. server_cpu_count)
|
||||
"cloud_subscription_id" => "sentri-servers", # Mark all the sentri-servers subscriptions so we can filter the subscriptions better
|
||||
"name" => $item['subscriptionSentriName'],
|
||||
"quantity" => ($row['server_state'] === 'deleted') ? 0 : $item['countSentri'],
|
||||
"cloud_distribution_company_id" => $item['sentriCompanyId'], # this is generated by inserve
|
||||
"status" => $item['SentriStatus'],
|
||||
"period_type" => 0, # 0 = monthly, 1 = anual, 2 = one time cost
|
||||
"period_type" => 0, # 0 = monthly, 1 = annual, 2 = one time cost
|
||||
"start_date" => date('Y-m-d')
|
||||
];
|
||||
|
||||
@@ -502,8 +502,8 @@ class API_inserve extends API
|
||||
continue;
|
||||
}
|
||||
|
||||
// update the subscription if the countInserve and countSentri dont match
|
||||
// Or when sentriCompanyId and subscriptionInserveCompanyId dont match
|
||||
// update the subscription if the countInserve and countSentri don't match
|
||||
// Or when sentriCompanyId and subscriptionInserveCompanyId don't match
|
||||
if ((
|
||||
(int)$item['countInserve'] !== (int)$item['countSentri'] ||
|
||||
(int)$item['sentriCompanyId'] !== (int)$item['subscriptionInserveCompanyId'] ||
|
||||
@@ -680,7 +680,7 @@ class API_inserve extends API
|
||||
$existingLines[$item['product_code']] = $item;
|
||||
}
|
||||
|
||||
# Check if there are products that dont exists yet or have different descriptions
|
||||
# Check if there are products that don't exist yet or have different descriptions
|
||||
foreach ($subscriptionLines['lines'] as $subscriptionLine) {
|
||||
$product_code = $subscriptionLine['product_code'];
|
||||
|
||||
|
||||
@@ -123,7 +123,7 @@ class API_servers extends API
|
||||
VALUES (" . implode(',', $insertValues) . ")
|
||||
ON DUPLICATE KEY UPDATE ";
|
||||
|
||||
# Build the ON DUPLICATE KEY UPDATE, only foor fields that exist
|
||||
# Build the ON DUPLICATE KEY UPDATE, only for fields that exist
|
||||
$updateParts = [];
|
||||
foreach ($insertFields as $field) {
|
||||
if (!in_array($field, ['server_create_timestamp', 'server_uuid'])) {
|
||||
@@ -241,7 +241,7 @@ class API_servers extends API
|
||||
|
||||
public function processServerData($server, $requiredFields, $optionalFields)
|
||||
{
|
||||
// since the disk data is sent as an array we need to check it seperatly from the other data validations
|
||||
// since the disk data is sent as an array we need to check it separately from the other data validations
|
||||
|
||||
if (!empty($server['server_disks']) && is_array($server['server_disks'])) {
|
||||
$server['server_disks'] = $this->validateDiskData($server['server_disks']);
|
||||
|
||||
@@ -25,7 +25,7 @@ class API_usergroups extends API
|
||||
if ($this->getUsergroup(true)) {
|
||||
$this->apiOutput(409, ['error' => 'Usergroup already exists.']);
|
||||
}
|
||||
$this->baseQuery = ''; # reset the base query set $_GET['builder]
|
||||
$this->baseQuery = ''; # reset the base query set $_GET['builder']
|
||||
|
||||
$this->data['user_group_weight'] = $this->get_next_available_user_group_weight($this->data['user_group_weight']);
|
||||
|
||||
@@ -77,7 +77,7 @@ class API_usergroups extends API
|
||||
$user_group = $this->getUsergroup();
|
||||
|
||||
# superuser cannot be deleted
|
||||
if ($user_group[0]['user_group_slufigy'] === 'superuser') {
|
||||
if ($user_group[0]['user_group_slugify'] === 'superuser') {
|
||||
$this->apiOutput(400, ['error' => 'superuser cannot be deleted.']);
|
||||
}
|
||||
|
||||
@@ -120,7 +120,7 @@ class API_usergroups extends API
|
||||
$user_group = $this->getUsergroup();
|
||||
|
||||
# superuser cannot be modified
|
||||
if ($user_group[0]['user_group_slufigy'] === 'superuser') {
|
||||
if ($user_group[0]['user_group_slugify'] === 'superuser') {
|
||||
$this->apiOutput(500, ['error' => 'superuser cannot be modified']);
|
||||
}
|
||||
|
||||
|
||||
@@ -137,14 +137,14 @@ The Sentri gnomes';
|
||||
{
|
||||
# delete an user
|
||||
|
||||
# chect if the user exists
|
||||
# check if the user exists
|
||||
$_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $this->data['user_uuid']]]];
|
||||
$user_data = $this->getUser()[0];
|
||||
|
||||
|
||||
$this->data['user_group_uuid'] = $user_data['user_group_uuid'];
|
||||
|
||||
# check group weigth
|
||||
# check group weight
|
||||
if ($this->getUserGroupWeight() < $_SESSION['user']['user_group_weight']) {
|
||||
$this->apiOutput(400, ['error' => 'You cannot delete a user with an lower weight then yourself!']);
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ if ($API_devices->request_method === 'POST') {
|
||||
|
||||
$API_devices->checkPermissions('admin-devices-files', 'RW');
|
||||
|
||||
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
|
||||
# when called from the frontend will not be forwarding to a url since when it's called from the frontend it doesn't need a redirection
|
||||
$API_devices->return_url = false;
|
||||
|
||||
$device_slugify = isset($_POST['device_slugify']) ? preg_replace('/[^a-zA-Z0-9_-]/', '_', $_POST['device_slugify']) : '';
|
||||
@@ -61,7 +61,7 @@ if ($API_devices->request_method === 'POST') {
|
||||
|
||||
if (move_uploaded_file($_FILES['file']['tmp_name'], $destination)) {
|
||||
chmod($destination, 0644); // Set safe permissions
|
||||
$API_devices->apiOutput(200, ['success' => 'File uploaded succcessfully']);
|
||||
$API_devices->apiOutput(200, ['success' => 'File uploaded successfully']);
|
||||
} else {
|
||||
$API_devices->apiOutput(500, ['error' => 'Failed to move uploaded file']);
|
||||
}
|
||||
@@ -70,7 +70,7 @@ if ($API_devices->request_method === 'POST') {
|
||||
|
||||
$API_devices->checkPermissions('admin-devices-files', 'RW');
|
||||
|
||||
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
|
||||
# when called from the frontend will not be forwarding to a url since when it's called from the frontend it doesn't need a redirection
|
||||
$API_devices->return_url = false;
|
||||
|
||||
$relativePath = $_POST['file_name'] ?? '';
|
||||
|
||||
@@ -16,7 +16,7 @@ if ($API_devices->request_method === 'GET') {
|
||||
|
||||
} elseif ($API_devices->request_method === 'POST') {
|
||||
|
||||
# create an new device
|
||||
# create a new device
|
||||
|
||||
$API_devices->checkPermissions('admin-devices', 'RW');
|
||||
|
||||
@@ -106,7 +106,7 @@ if ($API_devices->request_method === 'GET') {
|
||||
|
||||
$API_devices->checkPermissions('admin-devices', 'RW');
|
||||
|
||||
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
|
||||
# when called from the frontend will not be forwarding to a url since when it's called from the frontend it doesn't need a redirection
|
||||
$API_devices->return_url = false;
|
||||
|
||||
$requiredFields = ['device_uuid' => ['type' => 'uuid']];
|
||||
|
||||
@@ -17,7 +17,7 @@ if (!$GLOBALS['modules_enabled']['customers']) {
|
||||
if ($API_companies->request_method === 'PUT') {
|
||||
$API_companies->checkPermissions('customer-companies', 'RW');
|
||||
|
||||
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
|
||||
# when called from the frontend will not be forwarding to a url since when it's called from the frontend it doesn't need a redirection
|
||||
$API_companies->return_url = false;
|
||||
|
||||
$requiredFields = [
|
||||
|
||||
@@ -4,7 +4,7 @@ use api\classes\API_office_stompjes;
|
||||
|
||||
session_start();
|
||||
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_office_stompjes.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/api/classes/API_office_stompjes.php";
|
||||
|
||||
$API_office_stompjes = new API_office_stompjes();
|
||||
|
||||
@@ -30,15 +30,16 @@ if ($API_office_stompjes->request_method === 'GET') {
|
||||
|
||||
$API_office_stompjes->validateData($requiredFields);
|
||||
|
||||
$modules = $API_office_stompjes->addStomp();
|
||||
$API_office_stompjes->addStomp();
|
||||
|
||||
$API_office_stompjes->apiOutput($code = 200, ['success' => 'stomp added successfully.']);
|
||||
|
||||
} elseif ($API_office_stompjes->request_method === 'DELETE') {
|
||||
|
||||
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
|
||||
$API_office_stompjes->checkPermissions('office-stompjes', 'RW');
|
||||
|
||||
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
|
||||
# when called from the frontend will not be forwarding to a url since when it's called from the frontend it doesn't need a redirection
|
||||
$API_office_stompjes->return_url = false;
|
||||
|
||||
$requiredFields = ['stomp_uuid' => ['type' => 'uuid']];
|
||||
|
||||
@@ -18,7 +18,7 @@ if ($API_permissions->request_method === 'GET') {
|
||||
$API_permissions->apiOutput($code = 200, ['success' => $permissions]);
|
||||
|
||||
} elseif ($API_permissions->request_method === 'PUT') {
|
||||
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
|
||||
# when called from the frontend will not be forwarding to a url since when it's called from the frontend it doesn't need a redirection
|
||||
$API_permissions->return_url = false;
|
||||
|
||||
$API_permissions->checkPermissions('admin-access-control-permissions', 'RW');
|
||||
|
||||
@@ -61,7 +61,7 @@ if ($API_permissions->request_method === 'GET') {
|
||||
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
|
||||
}
|
||||
|
||||
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
|
||||
# when called from the frontend will not be forwarding to a url since when it's called from the frontend it doesn't need a redirection
|
||||
$API_permissions->return_url = false;
|
||||
|
||||
$requiredFields = ['permission_uuid' => ['type' => 'uuid']];
|
||||
|
||||
@@ -65,7 +65,7 @@ if ($API_apitoken->request_method === 'GET') {
|
||||
|
||||
} elseif ($API_apitoken->request_method === 'DELETE') {
|
||||
|
||||
# Deletes an API token, requies DELETE with 'api_token_uuid' first retrieve the uuid of the user with getToken then check
|
||||
# Deletes an API token, requires DELETE with 'api_token_uuid' first retrieve the uuid of the user with getToken then check
|
||||
# if the user is another user or itself
|
||||
|
||||
# This api call, when called from the frontend will not be forwarding to a url.
|
||||
|
||||
@@ -12,7 +12,7 @@ $API_usersavatar = new API_usersavatar();
|
||||
if ($API_usersavatar->request_method === 'GET') {
|
||||
|
||||
} elseif ($API_usersavatar->request_method === 'POST') {
|
||||
# Reset a users password and send a email to the user to set a new password
|
||||
# Reset a users password and send an email the user to set a new password
|
||||
|
||||
$API_usersavatar->postedData['user_profile_picture'] = $API_usersavatar->createUserImage(['min_width' => 500, 'max_width' => 1000, 'min_height' => 500, 'max_height' => 1000, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
|
||||
$API_usersavatar->postedData['user_profile_picture_thumbnail'] = $API_usersavatar->createUserImage(['min_width' => 64, 'max_width' => 64, 'min_height' => 64, 'max_height' => 64, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
|
||||
|
||||
@@ -14,7 +14,7 @@ $API_mfa = new API_mfa();
|
||||
if ($API_mfa->request_method === 'GET') {
|
||||
|
||||
} elseif ($API_mfa->request_method === 'POST') {
|
||||
# Setup a new MFA secret its posted from mfaSetup.php where it generated a secret
|
||||
# Set up a new MFA secret its posted from mfaSetup.php where it generated a secret
|
||||
|
||||
if (checkLoginAttempts() > 10) {
|
||||
echo 'too many attempts, please try again later.';
|
||||
@@ -30,7 +30,7 @@ if ($API_mfa->request_method === 'GET') {
|
||||
|
||||
$API_mfa->postedData['user_uuid'] = $_SESSION['user']['user_uuid'];
|
||||
$API_mfa->postedData['user_two_factor_secret'] = $_SESSION['mfasetup']['secret'];
|
||||
$API_mfa->postedData['verificationCode'] = linkVerificationPosts(); # The code is entered in six loose posts this wil link it togheter
|
||||
$API_mfa->postedData['verificationCode'] = linkVerificationPosts(); # The code is entered in six loose posts this wil link it together
|
||||
|
||||
$requiredFields = [
|
||||
'user_uuid' => ['type' => 'uuid'],
|
||||
|
||||
@@ -15,16 +15,16 @@ $API_resetpassword = new API_resetpassword();
|
||||
if ($API_resetpassword->request_method === 'GET') {
|
||||
|
||||
} elseif ($API_resetpassword->request_method === 'POST') {
|
||||
# Reset a users password and send a email to the user to set a new password
|
||||
# Reset a users password and send a mail to the user to set a new password
|
||||
|
||||
$API_resetpassword->checkPermissions('admin-access-admins-resetpassword', 'RW');
|
||||
|
||||
# The user will need to verify their email, the password field cannot be NULL so set an random password for now till the user resets it on when verifing there email
|
||||
# The user will need to verify their email, the password field cannot be NULL so set a random password for now till the user resets it on when verifying there email
|
||||
$random_string = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01', 64)), 0, rand(50, 64));
|
||||
$user_password = password_hash($random_string, PASSWORD_BCRYPT, ["cost" => 12]);
|
||||
$API_resetpassword->postedData['user_password'] = $user_password;
|
||||
|
||||
# Password reset token that will be send to the user
|
||||
# Password reset token that will be sent to the user
|
||||
$API_resetpassword->postedData['user_password_reset_token'] = bin2hex(random_bytes(32));
|
||||
$API_resetpassword->postedData['user_password_reset_expires'] = time() + 86400;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user