meteo/Sentri
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0 Initial commit of project

Browse Source
This commit is contained in:
Meteo
2026-01-01 10:54:18 +01:00
commit 768cf78b57
990 changed files with 241213 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
pub/api/v1/access-rights/index.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
use api\classes\API_permissions;
use api\classes\API_usergroups;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_usergroups.php';
$API_permissions = new API_permissions();
$API_usergroups = new API_usergroups();
if ($API_permissions->request_method === 'GET') {
# to be made, get all the access-rights and implement the builder
} elseif ($API_permissions->request_method === 'PUT') {
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_permissions->return_url = false;
$API_permissions->checkPermissions('admin-access-control-permissions', 'RW');
$requiredFields = [
'permission_uuid' => ['type' => 'uuid'],
'user_group_uuid' => ['type' => 'uuid'],
'permission_value' => ['type' => 'enum', 'values' => ['NA', 'RO', 'RW']],
];
$API_permissions->validateData($requiredFields);
# check if the permission exists
$_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
$API_permissions->getPermission();
# check if the user_group_uuid exists
$_GET['builder'] = [1 => ['where' => [0 => 'user_group_uuid', 1 => $API_permissions->data['user_group_uuid']]]];
$API_usergroups->getUsergroup();
# Update the permission
$API_permissions->updateAccessRights();
}

29
pub/api/v1/customers/companies/activate/index.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
use api\classes\API_companies;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_companies.php';
# Check permissions
$API_companies = new API_companies();
if ($API_companies->request_method === 'PUT') {
$API_companies->checkPermissions('customer-companies', 'RW');
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_companies->return_url = false;
$requiredFields = [
'company_uuid' => ['type' => 'uuid'],
'company_state' => ['type' => 'enum', 'values' => ['active', 'imported', 'orphaned']]
];
$API_companies->validateData($requiredFields);
$API_companies->updateCompanyState();
}

66
pub/api/v1/customers/companies/sync/index.php Normal file
View File

@@ -0,0 +1,66 @@
<?php
use api\classes\API_inserve;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_inserve.php';
$API_inserve = new API_inserve();
$API_inserve->setupConnection();
if ($API_inserve->request_method === 'POST') {
# Code below will retrieve all the companies and create or update it in the database
#
$API_inserve->checkPermissions('customer-companies', 'RW');
$allCompanies = [];
$page = 1;
do {
$result = $API_inserve->companies($page);
if (!isset($result['data']) || empty($result['data'])) {
break;
}
foreach ($result['data'] as $item) {
$allCompanies[] = [
'id' => $item['id'],
'name' => $item['name'],
'debtor_code' => $item['debtor_code'],
'archived_at' => $item['archived_at']
];
}
$page++;
} while ($result['next_page_url'] !== null);
foreach ($allCompanies as $company) {
$source_uuid = $API_inserve->inserve_source_uuid;
$company_id = $company['id'];
$debtor_code = $company['debtor_code'];
$company_name = $company['name'];
$created_at = time();
# Add or modify the company if it is not archived
if ($company['archived_at'] == null) {
$query = "INSERT INTO companies (source_uuid, company_source_id, company_source_id2, company_name, company_create_timestamp)
VALUES (?, ?, ?, ?, ?)
ON DUPLICATE KEY UPDATE
company_name = VALUES(company_name),
company_source_id2 = VALUES(company_source_id2),
company_modified_timestamp = VALUES(company_create_timestamp)";
$stmt = $API_inserve->prepareStatement($query);
$stmt->bind_param('ssssi', $source_uuid, $company_id, $debtor_code, $company_name, $created_at);
$API_inserve->executeStatement($stmt);
$stmt->close();
}
}
$API_inserve->apiOutput(200, ['success' => 'Sync is done successfully']);
}

118
pub/api/v1/devices/files/index.php Normal file
View File

@@ -0,0 +1,118 @@
<?php
use api\classes\API_devices;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_devices.php';
$API_devices = new API_devices();
if ($API_devices->request_method === 'POST') {
$API_devices->checkPermissions('admin-devices-files', 'RW');
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_devices->return_url = false;
$device_slugify = isset($_POST['device_slugify']) ? preg_replace('/[^a-zA-Z0-9_-]/', '_', $_POST['device_slugify']) : '';
$filetype = $_POST['filetype'] ?? '';
$allowedFiletypes = ['documents' => 'pdf', 'firmware' => 'rom'];
if (!array_key_exists($filetype, $allowedFiletypes)) {
$API_devices->apiOutput(400, ['error' => 'Invalid file type']);
}
if (!isset($_FILES['file']) || $_FILES['file']['error'] !== UPLOAD_ERR_OK) {
$API_devices->apiOutput(400, ['error' => 'No file uploaded or upload error']);
}
$filename = basename($_FILES['file']['name']);
$filename = preg_replace('/[^a-zA-Z0-9_\.\-]/', '_', $filename);
$file_extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
$expectedExtension = $allowedFiletypes[$filetype];
if ($file_extension !== $expectedExtension) {
$API_devices->apiOutput(415, ['error' => "Invalid file extension. Expected: $expectedExtension"]);
}
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$detectedMime = finfo_file($finfo, $_FILES['file']['tmp_name']);
finfo_close($finfo);
$expectedMimeTypes = [
'pdf' => 'application/pdf',
'rom' => 'application/octet-stream'
];
if (!str_starts_with($detectedMime, $expectedMimeTypes[$expectedExtension])) {
$API_devices->apiOutput(415, ['error' => 'Invalid MIME type: ' . $detectedMime]);
}
$destination_dir = $_SERVER['DOCUMENT_ROOT'] . '/data/devices/' . $device_slugify . '/' . $filetype;
if (!is_dir($destination_dir) && !mkdir($destination_dir, 0775, true) && !is_dir($destination_dir)) {
$API_devices->apiOutput(500, ['error' => 'Failed to create directory']);
}
$destination = $destination_dir . '/' . $filename;
if (file_exists($destination)) {
$API_devices->apiOutput(409, ['error' => 'File already exists']);
}
if (move_uploaded_file($_FILES['file']['tmp_name'], $destination)) {
chmod($destination, 0644); // Set safe permissions
$API_devices->apiOutput(200, ['success' => 'File uploaded succcessfully']);
} else {
$API_devices->apiOutput(500, ['error' => 'Failed to move uploaded file']);
}
} elseif ($API_devices->request_method === 'DELETE') {
$API_devices->checkPermissions('admin-devices-files', 'RW');
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_devices->return_url = false;
$relativePath = $_POST['file_name'] ?? '';
// Ensure it's not empty and doesn't contain null byte or backslashes
if (empty($relativePath) || str_contains($relativePath, "\0") || str_contains($relativePath, '\\')) {
http_response_code(400);
echo json_encode(['status' => 'error', 'message' => 'Invalid path input']);
exit;
}
// Normalize base root
$root = realpath($_SERVER['DOCUMENT_ROOT'] . '/data/devices');
if (!$root) {
http_response_code(500);
echo json_encode(['status' => 'error', 'message' => 'Invalid devices root']);
exit;
}
// Resolve full path
$requestedPath = realpath($_SERVER['DOCUMENT_ROOT'] . $relativePath);
// Validate resolved path
if (!$requestedPath || strpos($requestedPath, $root) !== 0) {
http_response_code(403);
echo json_encode(['status' => 'error', 'message' => 'Access denied']);
exit;
}
// Check if file exists and is a regular file
if (!is_file($requestedPath)) {
http_response_code(404);
echo json_encode(['status' => 'error', 'message' => 'File does not exist']);
exit;
}
// Attempt to delete
if (unlink($requestedPath)) {
echo json_encode(['status' => 'success', 'message' => 'File deleted']);
} else {
http_response_code(500);
echo json_encode(['status' => 'error', 'message' => 'Failed to delete file']);
}
}

120
pub/api/v1/devices/index.php Normal file
View File

@@ -0,0 +1,120 @@
<?php
use api\classes\API_devices;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_devices.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/imageProcessor.php';
$API_devices = new API_devices();
if ($API_devices->request_method === 'GET') {
# GET the devices
$API_devices->checkPermissions('admin-devices', 'RO');
} elseif ($API_devices->request_method === 'POST') {
# create an new device
$API_devices->checkPermissions('admin-devices', 'RW');
$ImageData = $API_devices->createDeviceImage(['min_width' => 500, 'max_width' => 1000, 'min_height' => 500, 'max_height' => 1000, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
$ImageDataThumbnail = $API_devices->createDeviceImage(['min_width' => 64, 'max_width' => 64, 'min_height' => 64, 'max_height' => 64, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
$API_devices->postedData['device_eol'] = $_POST['device_eol'] !== ''
? DateTime::createFromFormat('d/m/Y', $_POST['device_eol'])?->getTimestamp()
: null;
$API_devices->postedData['device_extensions'] = isset($_POST['device_extensions']) ? json_encode($_POST['device_extensions']) : '[""]';
$API_devices->postedData['device_extra'] = preg_replace('/\s+/', '', str_replace(["\r", "\n"], '', $_POST['device_extra'] ?? '{}'));
if ($ImageData) {
$API_devices->postedData['device_image'] = $ImageData;
}
if ($ImageDataThumbnail) {
$API_devices->postedData['device_image_thumbnail'] = $ImageDataThumbnail;
}
$requiredFields = [
'device_vendor_uuid' => ['type' => 'uuid'],
'device_type' => ['type' => 'enum', 'values' => ['base', 'handset', 'module', 'phone']],
'device_name' => ['type' => 'string'],
'device_slugify' => ['type' => 'slugify'],
'device_enabled' => ['type' => 'boolean'],
'device_notes' => ['type' => 'string'],
'device_eol' => ['type' => 'timestamp'],
'device_extensions' => ['type' => 'json'],
'device_extra' => ['type' => 'string'],
];
$optionalFields = [
'device_image' => ['type' => 'base64'],
'device_image_thumbnail' => ['type' => 'base64']
];
$API_devices->validateData($requiredFields, $optionalFields);
$API_devices->createDevice();
} elseif ($API_devices->request_method === 'PUT') {
# Edit the device
$API_devices->checkPermissions('admin-devices', 'RW');
# process the posted image (if any)
$ImageData = $API_devices->createDeviceImage(['min_width' => 500, 'max_width' => 1000, 'min_height' => 500, 'max_height' => 1000, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
$ImageDataThumbnail = $API_devices->createDeviceImage(['min_width' => 64, 'max_width' => 64, 'min_height' => 64, 'max_height' => 64, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
$API_devices->postedData['device_eol'] = $_POST['device_eol'] !== ''
? DateTime::createFromFormat('d/m/Y', $_POST['device_eol'])?->getTimestamp()
: null;
$API_devices->postedData['device_extensions'] = isset($_POST['device_extensions']) ? json_encode($_POST['device_extensions']) : '[""]';
$API_devices->postedData['device_extra'] = preg_replace('/\s+/', '', str_replace(["\r", "\n"], '', $_POST['device_extra'] ?? '{}'));
if ($ImageData) {
$API_devices->postedData['device_image'] = $ImageData;
}
if ($ImageDataThumbnail) {
$API_devices->postedData['device_image_thumbnail'] = $ImageDataThumbnail;
}
$requiredFields = [
'device_uuid' => ['type' => 'uuid'],
'device_vendor_uuid' => ['type' => 'uuid'],
'device_name' => ['type' => 'string'],
'device_enabled' => ['type' => 'boolean'],
'device_notes' => ['type' => 'string'],
'device_eol' => ['type' => 'timestamp'],
'device_extensions' => ['type' => 'json'],
'device_extra' => ['type' => 'string'],
];
$optionalFields = [
'device_image' => ['type' => 'base64'],
'device_image_thumbnail' => ['type' => 'base64']
];
$API_devices->validateData($requiredFields, $optionalFields);
$_GET['builder'] = [1 => ['where' => [0 => 'device_uuid', 1 => $API_devices->data['device_uuid']]]];
$API_devices->getDevices();
$API_devices->updateDevice();
} elseif ($API_devices->request_method === 'DELETE') {
# delete an device
$API_devices->checkPermissions('admin-devices', 'RW');
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_devices->return_url = false;
$requiredFields = ['device_uuid' => ['type' => 'uuid']];
$API_devices->validateData($requiredFields);
# check if the device exists
$_GET['builder'] = [1 => ['where' => [0 => 'device_uuid', 1 => $API_devices->data['device_uuid']]]];
# Delete the device from the database.
$API_devices->deleteDevice();
}

43
pub/api/v1/mailsettings/index.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
use api\classes\API_mailsettings;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_mailsettings.php';
$API_mailsettings = new API_mailsettings();
if ($API_mailsettings->request_method === 'PUT') {
# Edit the mailsettings of the platform
$API_mailsettings->checkPermissions('admin-mailsettings', 'RW');
$requiredFields = [
'portal_uuid' => ['type' => 'uuid'],
'mail_from_name' => ['type' => 'string'],
'mail_from_address' => ['type' => 'email'],
'mail_smtp_host' => ['type' => 'string'],
'mail_smtp_secure' => ['type' => 'enum', 'values' => ['tls', 'ssl', 'no']],
'mail_smtp_port' => ['type' => 'int', 'min' => 4, 'max' => 65535],
'mail_smtp_auth' => ['type' => 'boolean'],
'mail_smtp_user' => ['type' => 'email'],
'mail_smtp_pass' => ['type' => 'string']
];
# check if the password is changed
$updatePassword = str_contains($API_mailsettings->postedData['mail_smtp_pass'], '******') ? false : true;
if ($updatePassword) {
if (strlen($API_mailsettings->postedData['mail_smtp_pass']) < 12) {
$API_mailsettings->apiOutput(400, ['error' => 'Password too short']);
}
if (preg_match('/^(.)\1{5,}$/', $API_mailsettings->postedData['mail_smtp_pass'])) {
$API_mailsettings->apiOutput(400, ['error' => 'Password insecure']);
}
}
$API_mailsettings->validateData($requiredFields);
# Update the permission
$API_mailsettings->updateMailSettings($updatePassword);
}

38
pub/api/v1/office/stompjes/index.php Normal file
View File

@@ -0,0 +1,38 @@
<?php
use api\classes\API_office_stompjes;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_office_stompjes.php';
$API_office_stompjes = new API_office_stompjes();
if ($API_office_stompjes->request_method === 'POST') {
$API_office_stompjes->checkPermissions('ofice-stompjes-canstomp', 'RW');
$API_office_stompjes->return_url = false;
$requiredFields = [
'user_uuid' => ['type' => 'uuid']
];
$API_office_stompjes->validateData($requiredFields);
$modules = $API_office_stompjes->addStomp();
$API_office_stompjes->apiOutput($code = 200, ['success' => 'stomp added successfully.']);
} elseif ($API_office_stompjes->request_method === 'DELETE') {
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
$API_office_stompjes->checkPermissions('ofice-stompjes', 'RW');
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_office_stompjes->return_url = false;
$requiredFields = ['stomp_uuid' => ['type' => 'uuid']];
$API_office_stompjes->validateData($requiredFields);
# delete permission
$API_office_stompjes->deleteStomp();
}

87
pub/api/v1/permissions/index.php Normal file
View File

@@ -0,0 +1,87 @@
<?php
use api\classes\API_permissions;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_permissions.php';
$API_permissions = new API_permissions();
if ($API_permissions->request_method === 'GET') {
# Retrieve all the permissions a user and return them.
$API_permissions->checkPermissions('admin-access-control-permissions', 'RO');
$requiredFields = [];
$optionalFields = [
'permission_uuid' => ['type' => 'uuid'],
'permission_name' => ['type' => 'string'],
'permission_slugify' => ['type' => 'slugify'],
'permission_description' => ['type' => 'string'],
'permission_create_timestamp' => ['type' => 'timestamp'],
'permission_modified_timestamp' => ['type' => 'timestamp']
];
$API_permissions->validateData($requiredFields, $optionalFields);
$permissions = $API_permissions->getPermission();
$API_permissions->apiOutput($code = 200, ['success' => $permissions], 'permission_created');
} elseif ($API_permissions->request_method === 'POST') {
# Only superuser can create permission due to fact that the backend needs programming when setting a permission
if (!$API_permissions->isSuperuser()) {
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$requiredFields = [
'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
'permission_slugify' => ['type' => 'slugify', 'min' => 6, 'max' => 255],
'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
'module_uuid' => ['type' => 'uuid'],
];
$API_permissions->validateData($requiredFields);
$API_permissions->createPermission();
} elseif ($API_permissions->request_method === 'PUT') {
# Update the permission name and description
$API_permissions->checkPermissions('admin-access-control-permissions', 'RW');
$requiredFields = [
'permission_uuid' => ['type' => 'uuid'],
'permission_name' => ['type' => 'string', 'min' => 6, 'max' => 255],
'permission_description' => ['type' => 'string', 'min' => 1, 'max' => 512],
'module_uuid' => ['type' => 'uuid'],
];
$API_permissions->validateData($requiredFields);
# check if the permission exists
$_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
$API_permissions->getPermission();
# Update the permission
$API_permissions->updatePermission();
} elseif ($API_permissions->request_method === 'DELETE') {
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
if (!$API_permissions->isSuperuser()) {
$API_permissions->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_permissions->return_url = false;
$requiredFields = ['permission_uuid' => ['type' => 'uuid']];
$API_permissions->validateData($requiredFields);
# check if the permission exists
$_GET['builder'] = [1 => ['where' => [0 => 'permission_uuid', 1 => $API_permissions->data['permission_uuid']]]];
$API_permissions->getPermission();
# delete permission
$API_permissions->deletePermission();
}

94
pub/api/v1/platforms/index.php Normal file
View File

@@ -0,0 +1,94 @@
<?php
use api\classes\API_platforms;
use api\classes\imageProcessor;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_platforms.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/imageProcessor.php';
$API_platforms = new API_platforms();
if ($API_platforms->request_method === 'GET') {
# get all the platforms
$API_platforms->checkPermissions('admin-platforms', 'RO');
} elseif ($API_platforms->request_method === 'POST') {
# create a new platform
$API_platforms->checkPermissions('admin-platforms', 'RW');
try {
$imageProcessor = new imageProcessor('platform_image');
$imageProcessor->imageRestrictions = [
'min_width' => 200,
'max_width' => 200,
'min_height' => 200,
'max_height' => 200,
'square' => true,
'allowed_types' => ['image/png'],
'max_size_kb' => 1024
];
$imageProcessor->validateAndProcess();
$finalImageData = $imageProcessor->returnBase64image();
} catch (Exception $e) {
$API_platforms->apiOutput(401, ['error' => 'Error: ' . $e->getMessage()]);
}
$API_platforms->postedData['platform_image'] = $finalImageData;
$requiredFields = [
'platform_name' => ['type' => 'string'],
'platform_slugify' => ['type' => 'slugify'],
'platform_enabled' => ['type' => 'boolean'],
'platform_description' => ['type' => 'string'],
];
$optionalFields = ['platform_image' => ['type' => 'string']];
$API_platforms->validateData($requiredFields, $optionalFields);
$API_platforms->createPlatforms();
} elseif ($API_platforms->request_method === 'PUT') {
# edit a platform
$API_platforms->checkPermissions('admin-platforms', 'RW');
try {
$imageProcessor = new imageProcessor('platform_image');
$imageProcessor->imageRestrictions = [
'min_width' => 200,
'max_width' => 200,
'min_height' => 200,
'max_height' => 200,
'square' => true,
'allowed_types' => ['image/png'],
'max_size_kb' => 1024
];
$imageProcessor->validateAndProcess();
$finalImageData = $imageProcessor->returnBase64image();
} catch (Exception $e) {
$API_platforms->apiOutput(401, ['error' => 'Error: ' . $e->getMessage()]);
}
if ($finalImageData) {
$API_platforms->postedData['platform_image'] = $finalImageData;
}
$requiredFields = [
'platform_uuid' => ['type' => 'uuid'],
'platform_name' => ['type' => 'string'],
'platform_enabled' => ['type' => 'boolean'],
'platform_description' => ['type' => 'string'],
];
$optionalFields = ['platform_image' => ['type' => 'string']];
$API_platforms->validateData($requiredFields, $optionalFields);
$_GET['builder'] = [1 => ['where' => [0 => 'platform_uuid', 1 => $API_platforms->data['platform_uuid']]]];
$API_platforms->getPlatforms();
$API_platforms->editPlatforms();
}

28
pub/api/v1/portalsettings/index.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
use api\classes\API_portalsettings;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_portalsettings.php';
$API_portalsettings = new API_portalsettings();
if ($API_portalsettings->request_method === 'PUT') {
# Edit the portal settings of the platform
$API_portalsettings->checkPermissions('admin-portalsettings', 'RW');
$requiredFields = [
'portal_uuid' => ['type' => 'uuid'],
'portal_name' => ['type' => 'string'],
'portal_provider_name' => ['type' => 'string'],
'admin_auth_methods' => ['type' => 'string']
];
$API_portalsettings->validateData($requiredFields);
# Update the permission
$API_portalsettings->updatePortalSettings();
}

52
pub/api/v1/servers/index.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
use api\classes\API_servers;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_servers.php';
$API_servers = new API_servers();
if ($API_servers->request_method === 'POST') {
$API_servers->checkPermissions('servers', 'RW');
$requiredFields = [
'server_vm_id' => ['type' => 'string'],
];
$optionalFields = [
'server_vm_host_id' => ['type' => 'string'],
'server_vm_host_name' => ['type' => 'string'],
'company_uuid' => ['type' => 'string'],
'server_power_state' => ['type' => 'enum', 'values' => ['Running', 'Off']],
'server_state' => ['type' => 'enum', 'values' => ['new', 'active', 'deleted', 'trial', 'disabled']],
'server_hostname' => ['type' => 'string'],
'server_os' => ['type' => 'string'],
'server_cpu' => ['type' => 'int'],
'server_memory' => ['type' => 'int'],
'server_memory_demand' => ['type' => 'int'],
'server_disks' => ['type' => 'json'],
'server_ipv4' => ['type' => 'json'],
'server_ipv6' => ['type' => 'json'],
'server_vm_generation' => ['type' => 'int'],
'server_vm_snapshot' => ['type' => 'int'],
'server_licenses' => ['type' => 'json'],
'server_backup' => ['type' => 'json'],
'server_description' => ['type' => 'string'],
];
if (isset($API_servers->postedData['servers'])) {
// multiple servers are posted
$allServers = $API_servers->postedData['servers'];
foreach ($allServers as $server) {
$API_servers->processServerData($server, $requiredFields, $optionalFields);
}
} else {
// Single server update
$API_servers->processServerData($API_servers->postedData, $requiredFields, $optionalFields);
}
$API_servers->apiOutput(200, ['success' => "Server(s) modified or updated successfully."]);
}

26
pub/api/v1/sources/inserve/index.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
use api\classes\API_inserve;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_inserve.php';
$API_inserve = new API_inserve();
$API_inserve->setupConnection();
if ($API_inserve->request_method === 'GET') {
if ($_GET['action'] = 'auth/me') {
# This api call, when called from the frontend will not be forwarding to a url.
$API_inserve->return_url = false;
$auth = $API_inserve->authMe();
http_response_code($API_inserve->httpCode);
}
}

32
pub/api/v1/sources/inserve/subscriptions/index.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
use api\classes\API_inserve;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_inserve.php';
$API_inserve = new API_inserve();
if ($API_inserve->request_method === 'GET') {
if ($_GET['action'] == 'sync-companies') {
# This syncs the company id's from Sentri to the Inserve cloudDistributor
# These are the same id's but it Inserve requires it to be synced to the cloudDistributor
$API_inserve->checkPermissions('servers', 'RW');
$API_inserve->setupConnection();
$API_inserve->syncCompaniesFromSentri();
}
if ($_GET['action'] == 'sync-subscriptions') {
$API_inserve->checkPermissions('servers', 'RW');
$API_inserve->setupConnection();
$API_inserve->syncServerLicencesToInserve();
}
}

37
pub/api/v1/system/modules/index.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
use api\classes\API_system_modules;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_system_modules.php';
$API_system_modules = new API_system_modules();
if ($API_system_modules->request_method === 'GET') {
# this part here is not tested (the whole GET part)
$API_system_modules->checkPermissions('admin-modules', 'RO');
$requiredFields = [];
$API_system_modules->validateData($requiredFields);
$modules = $API_system_modules->getModules();
$API_system_modules->apiOutput($code = 200, ['success' => $modules], '');
} elseif ($API_system_modules->request_method === 'PUT') {
# Enable or disable a module
$API_system_modules->checkPermissions('admin-modules', 'RW');
# This api call, when called from the frontend will not be forwarding to a url.
$API_system_modules->return_url = false;
$requiredFields = [
'module_uuid' => ['type' => 'uuid'],
'module_enabled' => ['type' => 'boolean'],
];
$API_system_modules->validateData($requiredFields);
$API_system_modules->enableModule();
}

30
pub/api/v1/system/sources/inserve/index.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
use api\classes\API_system_sources;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_system_sources.php';
$API_system_sources = new API_system_sources();
if ($API_system_sources->request_method === 'POST') {
# Enable or disable a module
$API_system_sources->checkPermissions('admin-sources', 'RW');
if ($_POST['source_name'] == 'inserve') {
$requiredFields = [
'source_name' => ['type' => 'string'],
'source_url' => ['type' => 'string'],
'source_auth_token' => ['type' => 'string'],
];
} else {
$API_system_sources->apiOutput(400, ['error' => 'Error: no valid source_name posted']);
}
$API_system_sources->validateData($requiredFields);
if ($_POST['source_name'] == 'inserve') {
$API_system_sources->inserveUpdate();
}
}

67
pub/api/v1/user-groups/index.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
use api\classes\API_usergroups;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_usergroups.php';
$API_usergroups = new API_usergroups();
if ($API_usergroups->request_method === 'GET') {
# GET a user group(s)
} elseif ($API_usergroups->request_method === 'POST') {
# Create a new user group
$API_usergroups->checkPermissions('admin-access-control-user-groups', 'RW');
$requiredFields = [
'user_group_name' => ['type' => 'string'],
'user_group_slugify' => ['type' => 'slugify'],
'user_group_weight' => ['type' => 'int'],
'user_group_type' => ['type' => 'enum', 'values' => ['admin', 'user']],
];
$API_usergroups->validateData($requiredFields);
# superuser group is a fixed group name for the superuser
if ($API_usergroups->data['user_group_name'] === 'superuser' || $API_usergroups->data['user_group_slugify'] === 'superuser') {
$API_usergroups->apiOutput(400, ['error' => 'superuser group cannot be created'], 'cannot_add_superuser_group');
}
$API_usergroups->createUsergroups();
} elseif ($API_usergroups->request_method === 'PUT') {
# Update a user group
$requiredFields = [
'user_group_uuid' => ['type' => 'uuid'],
'user_group_name' => ['type' => 'string'],
'user_group_weight' => ['type' => 'int'],
];
$API_usergroups->validateData($requiredFields);
$API_usergroups->updateUserGroup();
} elseif ($API_usergroups->request_method === 'DELETE') {
# Delete a user group
$API_usergroups->checkPermissions('admin-access-control-user-groups', 'RW');
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_usergroups->return_url = false;
$requiredFields = ['user_group_uuid' => ['type' => 'uuid']];
$API_usergroups->validateData($requiredFields);
# Delete the device from the database.
$API_usergroups->deleteUsergroup();
}

116
pub/api/v1/users/apitoken/index.php Normal file
View File

@@ -0,0 +1,116 @@
<?php
use api\classes\API_apitoken;
use api\classes\API_users;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_apitoken.php';
$API_apitoken = new API_apitoken();
if ($API_apitoken->request_method === 'GET') {
# Retrieve all the API tokens from a user and return them.
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
];
$API_apitoken->validateData($requiredFields);
if ($API_apitoken->getUserUuid() === $API_apitoken->data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
$API_apitoken->checkPermissions('user-apitoken-others', 'RO');
}
$apitokens = $API_apitoken->getTokens();
$API_apitoken->apiOutput($code = 200, ['success' => $apitokens], 'api_token_created');
} elseif ($API_apitoken->request_method === 'POST') {
# Creates a new API Token. First check if the uuid is correct and then check the permission
# After that create a new token, retrieve the newly created api_token and give a response.
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
];
$API_apitoken->validateData($requiredFields);
# First retrieve the user_uuid from the post and lookup the user
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
$API_users = new API_users();
$_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $API_apitoken->data['user_uuid']]]];
$user_data = $API_users->getUser()[0];
$API_apitoken->validateData($requiredFields);
if ($API_apitoken->getUserUuid() === $API_apitoken->data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
if ($user_data['user_email'] === 'superuser') {
$API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$API_apitoken->checkPermissions('user-apitoken-others', 'RW');
}
$API_apitoken->createNewToken();
} elseif ($API_apitoken->request_method === 'PUT') {
# Change the revoked status of an API token
# This api call, when called from the frontend will not be forwarding to a url.
$API_apitoken->return_url = false;
$requiredFields = [
'api_token_uuid' => ['type' => 'uuid'],
'api_token_revoked' => ['type' => 'boolean'],
];
$API_apitoken->validateData($requiredFields);
$api_token_data = $API_apitoken->getToken();
if ($API_apitoken->getUserUuid() === $api_token_data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
if ($api_token_data['user_email'] === 'superuser') {
$API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$API_apitoken->checkPermissions('user-apitoken-others', 'RW');
}
$API_apitoken->revokeToken();
} elseif ($API_apitoken->request_method === 'DELETE') {
# Deletes an API token, requies DELETE with 'api_token_uuid' first retrieve the uuid of the user with getToken then check
# if the user is another user or itself
# This api call, when called from the frontend will not be forwarding to a url.
$API_apitoken->return_url = false;
$requiredFields = [
'api_token_uuid' => ['type' => 'uuid'],
];
$API_apitoken->validateData($requiredFields);
$api_token_data = $API_apitoken->getToken();
if ($API_apitoken->getUserUuid() === $api_token_data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
if ($api_token_data['user_email'] === 'superuser') {
$API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$API_apitoken->checkPermissions('user-apitoken-others', 'RW');
}
$API_apitoken->deleteToken();
}

41
pub/api/v1/users/avatar/index.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
use api\classes\API_usersavatar;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_usersavatar.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/imageProcessor.php';
$API_usersavatar = new API_usersavatar();
if ($API_usersavatar->request_method === 'GET') {
} elseif ($API_usersavatar->request_method === 'POST') {
# Reset a users password and send a email to the user to set a new password
$API_usersavatar->postedData['user_profile_picture'] = $API_usersavatar->createUserImage(['min_width' => 500, 'max_width' => 1000, 'min_height' => 500, 'max_height' => 1000, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
$API_usersavatar->postedData['user_profile_picture_thumbnail'] = $API_usersavatar->createUserImage(['min_width' => 64, 'max_width' => 64, 'min_height' => 64, 'max_height' => 64, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
'user_profile_picture' => ['type' => 'base64'],
'user_profile_picture_thumbnail' => ['type' => 'base64'],
];
$API_usersavatar->validateData($requiredFields);
# if the user is different from the user logged in, check the required permissions
if ($API_usersavatar->data['user_uuid'] != $API_usersavatar->getUserUuid()) {
$API_usersavatar->checkPermissions('admin-access-admins', 'RW');
}
$API_usersavatar->updateUserImage();
$API_usersavatar->apiOutput(200, ['success' => 'Avatar was successfully changed.']);
} elseif ($API_usersavatar->request_method === 'PUT') {
} elseif ($API_usersavatar->request_method === 'DELETE') {
}

89
pub/api/v1/users/index.php Normal file
View File

@@ -0,0 +1,89 @@
<?php
use api\classes\API_users;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
$API_users = new API_users();
if ($API_users->request_method === 'GET') {
#echo json_encode($api->getAllUsers());
} elseif ($API_users->request_method === 'POST') {
# create a new user
$API_users->checkPermissions('admin-access-admins', 'RW');
$requiredFields = [
'user_group_uuid' => ['type' => 'uuid'],
'user_email' => ['type' => 'email'],
'user_first_name' => ['type' => 'string'],
'user_last_name' => ['type' => 'string'],
'user_full_name' => ['type' => 'string'],
'user_phone_number' => ['type' => 'string'],
'user_status' => ['type' => 'enum', 'values' => ['active', 'inactive', 'banned', 'pending']],
'user_password' => ['type' => 'string'],
'user_pref_language' => ['type' => 'string'],
'user_password_reset_token' => ['type' => 'string'],
'user_password_reset_expires' => ['type' => 'int'],
];
# The user will need to verify their email, the password field cannot be NULL so set an random password for now till the user resets it on when verifing there email
$random_string = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01', 64)), 0, rand(50, 64));
$user_password = password_hash($random_string, PASSWORD_BCRYPT, ["cost" => 12]);
$API_users->postedData['user_password'] = $user_password;
$API_users->postedData['user_full_name'] = trim($_POST['user_first_name'] . ' ' . $_POST['user_last_name']);
$API_users->postedData['user_pref_language'] = $_POST['user_pref_language'] ?? 'en';
# Password reset token that will be send to the newly created user
$API_users->postedData['user_password_reset_token'] = bin2hex(random_bytes(32));
$API_users->postedData['user_password_reset_expires'] = time() + 86400;
$API_users->validateData($requiredFields);
$API_users->createUser();
} elseif ($API_users->request_method === 'PUT') {
# Edit a user
$API_users->checkPermissions('admin-access-admins', 'RW');
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
'user_group_uuid' => ['type' => 'uuid'],
'user_email' => ['type' => 'email'],
'user_first_name' => ['type' => 'string'],
'user_last_name' => ['type' => 'string'],
'user_full_name' => ['type' => 'string'],
'user_phone_number' => ['type' => 'string'],
'user_status' => ['type' => 'enum', 'values' => ['active', 'inactive', 'banned', 'pending']],
'user_pref_language' => ['type' => 'string'],
'user_stompable' => ['type' => 'boolean']
];
$API_users->postedData['user_full_name'] = trim($_POST['user_first_name'] . ' ' . $_POST['user_last_name']);
$API_users->postedData['user_pref_language'] = $_POST['user_pref_language'] ?? 'en';
$API_users->postedData['user_stompable'] = (bool)$_POST['user_stompable'];
$API_users->validateData($requiredFields);
$API_users->updateUser();
} elseif ($API_users->request_method === 'DELETE') {
$API_users->return_url = false;
$API_users->checkPermissions('admin-access-admins', 'RW');
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
];
$API_users->validateData($requiredFields);
$API_users->deleteUser();
}

68
pub/api/v1/users/mfa/index.php Normal file
View File

@@ -0,0 +1,68 @@
<?php
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_mfa.php';
require $_SERVER['DOCUMENT_ROOT'] . '/../vendor/autoload.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
use api\classes\API_mfa;
use RobThree\Auth\TwoFactorAuth;
use RobThree\Auth\Providers\Qr\EndroidQrCodeWithLogoProvider;
$API_mfa = new API_mfa();
if ($API_mfa->request_method === 'GET') {
} elseif ($API_mfa->request_method === 'POST') {
# Setup a new MFA secret its posted from mfaSetup.php where it generated a secret
if (checkLoginAttempts() > 10) {
echo 'too many attempts, please try again later.';
exit;
}
# check if the secret is in the session created at the mfaSetup.php file
if (!isset($_SESSION['mfasetup']['secret'])) {
$this->apiOutput(400, ['error' => 'secret not found.']);
}
$tfa = new TwoFactorAuth(new EndroidQrCodeWithLogoProvider());
$API_mfa->postedData['user_uuid'] = $_SESSION['user']['user_uuid'];
$API_mfa->postedData['user_two_factor_secret'] = $_SESSION['mfasetup']['secret'];
$API_mfa->postedData['verificationCode'] = linkVerificationPosts(); # The code is entered in six loose posts this wil link it togheter
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
'user_two_factor_secret' => ['type' => 'string'],
'verificationCode' => ['type' => 'string', 'min' => 6, 'max' => 6],
];
$API_mfa->validateData($requiredFields);
$result = $tfa->verifyCode($API_mfa->postedData['user_two_factor_secret'], $API_mfa->postedData['verificationCode']);
if (!$result) {
addLoginAttempts();
$API_mfa->apiOutput(401, ['error' => 'Invalid verification code.']);
}
$API_mfa->enableMFA();
} elseif ($API_mfa->request_method === 'PUT') {
} elseif ($API_mfa->request_method === 'DELETE') {
# Delete a mfa code for a user
$API_mfa->return_url = false;
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
];
$API_mfa->validateData($requiredFields);
$API_mfa->disableMFA();
}

78
pub/api/v1/users/resetpassword/index.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
use api\classes\API_resetpassword;
use api\classes\API_users;
use bin\php\Classes\mailBuilder;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_resetpassword.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Classes/mailBuilder.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
$API_resetpassword = new API_resetpassword();
if ($API_resetpassword->request_method === 'GET') {
} elseif ($API_resetpassword->request_method === 'POST') {
# Reset a users password and send a email to the user to set a new password
$API_resetpassword->checkPermissions('admin-access-admins-resetpassword', 'RW');
# The user will need to verify their email, the password field cannot be NULL so set an random password for now till the user resets it on when verifing there email
$random_string = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01', 64)), 0, rand(50, 64));
$user_password = password_hash($random_string, PASSWORD_BCRYPT, ["cost" => 12]);
$API_resetpassword->postedData['user_password'] = $user_password;
# Password reset token that will be send to the user
$API_resetpassword->postedData['user_password_reset_token'] = bin2hex(random_bytes(32));
$API_resetpassword->postedData['user_password_reset_expires'] = time() + 86400;
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
'user_password' => ['type' => 'string'],
'user_password_reset_token' => ['type' => 'string'],
'user_password_reset_expires' => ['type' => 'int'],
];
$API_resetpassword->validateData($requiredFields);
$API_resetpassword->resetPassword();
$API_users = new API_users();
$_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $API_resetpassword->data['user_uuid']]]];
$user_data = $API_users->getUser()[0];
# Sending an email to the user
$host = $_SERVER['HTTP_HOST'];
$verifyLink = "https://{$host}/login/verifyEmail.php?token={$API_resetpassword->data['user_password_reset_token']}";
$mail = new mailBuilder();
$mail->subject = "Hello " . $user_data['user_full_name'] . ", Heres Your Password Reset Link";
$mail->addAddress($user_data['user_email'], $user_data['user_first_name']);
$mail->mailText = '
Hello ' . $user_data['user_first_name'] . ',<br><br>
We received a request to reset the password for your account. As a security measure, your password has been reset.<br><br>
To set a new password of your choice, click the text below:<br>
<a href="' . $verifyLink . '">Reset Password</a><br><br>
Or copy and paste the following link into your browser: <br>' . $verifyLink . '<br><br>
This link is valid for 24 hours from the time of this request.<br><br>
If you did not request this, you can safely ignore this email. No further action is required, and your account remains secure.<br><br>
Best regards,<br><br>
The Sentri gnomes
';
$mail->sendMail();
$API_resetpassword->apiOutput(200, ['success' => 'Password reset link sent successfully.']);
} elseif ($API_resetpassword->request_method === 'PUT') {
} elseif ($API_resetpassword->request_method === 'DELETE') {
}

100
pub/api/v1/vendors/index.php vendored Normal file
View File

@@ -0,0 +1,100 @@
<?php
use api\classes\API_vendors;
use api\classes\imageProcessor;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_vendors.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/imageProcessor.php';
$API_vendors = new API_vendors();
if ($API_vendors->request_method === 'GET') {
# get all the vendor
$API_vendors->checkPermissions('admin-vendors', 'RO');
} elseif ($API_vendors->request_method === 'POST') {
# create a new vendor
$API_vendors->checkPermissions('admin-vendors', 'RW');
try {
$imageProcessor = new imageProcessor('vendor_image');
$imageProcessor->imageRestrictions = [
'min_width' => 200,
'max_width' => 200,
'min_height' => 200,
'max_height' => 200,
'square' => true,
'allowed_types' => ['image/png'],
'max_size_kb' => 1024
];
$imageProcessor->validateAndProcess();
$finalImageData = $imageProcessor->returnBase64image();
} catch (Exception $e) {
$API_vendors->apiOutput(401, ['error' => 'Error: ' . $e->getMessage()]);
}
$API_vendors->postedData['vendor_image'] = $finalImageData;
$requiredFields = [
'vendor_name' => ['type' => 'string'],
'vendor_slugify' => ['type' => 'slugify'],
'vendor_enabled' => ['type' => 'boolean'],
'vendor_description' => ['type' => 'string'],
];
$optionalFields = ['vendor_image' => ['type' => 'string']];
$API_vendors->validateData($requiredFields, $optionalFields);
$API_vendors->createVendor();
} elseif ($API_vendors->request_method === 'PUT') {
# edit a vendor
$API_vendors->checkPermissions('admin-vendors', 'RW');
try {
$imageProcessor = new imageProcessor('vendor_image');
$imageProcessor->imageRestrictions = [
'min_width' => 200,
'max_width' => 200,
'min_height' => 200,
'max_height' => 200,
'square' => true,
'allowed_types' => ['image/png'],
'max_size_kb' => 1024
];
$imageProcessor->validateAndProcess();
$finalImageData = $imageProcessor->returnBase64image();
} catch (Exception $e) {
$API_vendors->apiOutput(401, ['error' => 'Error: ' . $e->getMessage()]);
}
if ($finalImageData) {
$API_vendors->postedData['vendor_image'] = $finalImageData;
}
$requiredFields = [
'vendor_name' => ['type' => 'string'],
'vendor_uuid' => ['type' => 'slugify'],
'vendor_enabled' => ['type' => 'boolean'],
'vendor_description' => ['type' => 'string'],
];
$optionalFields = ['vendor_image' => ['type' => 'string']];
$API_vendors->validateData($requiredFields, $optionalFields);
$_GET['builder'] = [1 => ['where' => [0 => 'vendor_uuid', 1 => $API_vendors->data['vendor_uuid']]]];
$API_vendors->getVendors();
$API_vendors->editVendor();
}