v1.0 Initial commit of project

2026-01-01 10:54:18 +01:00
commit 768cf78b57
990 changed files with 241213 additions and 0 deletions
--- a/pub/api/v1/devices/files/index.php
+++ b/pub/api/v1/devices/files/index.php
@@ -0,0 +1,118 @@
+<?php
+
+use api\classes\API_devices;
+
+session_start();
+require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_devices.php';
+
+$API_devices = new API_devices();
+
+if ($API_devices->request_method === 'POST') {
+
+    $API_devices->checkPermissions('admin-devices-files', 'RW');
+
+    # when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
+    $API_devices->return_url = false;
+
+    $device_slugify = isset($_POST['device_slugify']) ? preg_replace('/[^a-zA-Z0-9_-]/', '_', $_POST['device_slugify']) : '';
+    $filetype = $_POST['filetype'] ?? '';
+
+    $allowedFiletypes = ['documents' => 'pdf', 'firmware' => 'rom'];
+    if (!array_key_exists($filetype, $allowedFiletypes)) {
+        $API_devices->apiOutput(400, ['error' => 'Invalid file type']);
+    }
+
+    if (!isset($_FILES['file']) || $_FILES['file']['error'] !== UPLOAD_ERR_OK) {
+        $API_devices->apiOutput(400, ['error' => 'No file uploaded or upload error']);
+    }
+
+    $filename = basename($_FILES['file']['name']);
+    $filename = preg_replace('/[^a-zA-Z0-9_\.\-]/', '_', $filename);
+    $file_extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
+
+    $expectedExtension = $allowedFiletypes[$filetype];
+    if ($file_extension !== $expectedExtension) {
+        $API_devices->apiOutput(415, ['error' => "Invalid file extension. Expected: $expectedExtension"]);
+    }
+
+    $finfo = finfo_open(FILEINFO_MIME_TYPE);
+    $detectedMime = finfo_file($finfo, $_FILES['file']['tmp_name']);
+    finfo_close($finfo);
+
+    $expectedMimeTypes = [
+        'pdf' => 'application/pdf',
+        'rom' => 'application/octet-stream'
+    ];
+
+    if (!str_starts_with($detectedMime, $expectedMimeTypes[$expectedExtension])) {
+        $API_devices->apiOutput(415, ['error' => 'Invalid MIME type: ' . $detectedMime]);
+    }
+
+    $destination_dir = $_SERVER['DOCUMENT_ROOT'] . '/data/devices/' . $device_slugify . '/' . $filetype;
+    if (!is_dir($destination_dir) && !mkdir($destination_dir, 0775, true) && !is_dir($destination_dir)) {
+        $API_devices->apiOutput(500, ['error' => 'Failed to create directory']);
+    }
+
+
+    $destination = $destination_dir . '/' . $filename;
+    if (file_exists($destination)) {
+        $API_devices->apiOutput(409, ['error' => 'File already exists']);
+    }
+
+    if (move_uploaded_file($_FILES['file']['tmp_name'], $destination)) {
+        chmod($destination, 0644); // Set safe permissions
+        $API_devices->apiOutput(200, ['success' => 'File uploaded succcessfully']);
+    } else {
+        $API_devices->apiOutput(500, ['error' => 'Failed to move uploaded file']);
+    }
+
+} elseif ($API_devices->request_method === 'DELETE') {
+
+    $API_devices->checkPermissions('admin-devices-files', 'RW');
+
+    # when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
+    $API_devices->return_url = false;
+
+    $relativePath = $_POST['file_name'] ?? '';
+
+    // Ensure it's not empty and doesn't contain null byte or backslashes
+    if (empty($relativePath) || str_contains($relativePath, "\0") || str_contains($relativePath, '\\')) {
+        http_response_code(400);
+        echo json_encode(['status' => 'error', 'message' => 'Invalid path input']);
+        exit;
+    }
+
+    // Normalize base root
+    $root = realpath($_SERVER['DOCUMENT_ROOT'] . '/data/devices');
+    if (!$root) {
+        http_response_code(500);
+        echo json_encode(['status' => 'error', 'message' => 'Invalid devices root']);
+        exit;
+    }
+
+    // Resolve full path
+    $requestedPath = realpath($_SERVER['DOCUMENT_ROOT'] . $relativePath);
+
+    // Validate resolved path
+    if (!$requestedPath || strpos($requestedPath, $root) !== 0) {
+        http_response_code(403);
+        echo json_encode(['status' => 'error', 'message' => 'Access denied']);
+        exit;
+    }
+
+    // Check if file exists and is a regular file
+    if (!is_file($requestedPath)) {
+        http_response_code(404);
+        echo json_encode(['status' => 'error', 'message' => 'File does not exist']);
+        exit;
+    }
+
+    // Attempt to delete
+    if (unlink($requestedPath)) {
+        echo json_encode(['status' => 'success', 'message' => 'File deleted']);
+    } else {
+        http_response_code(500);
+        echo json_encode(['status' => 'error', 'message' => 'Failed to delete file']);
+    }
+
+}
--- a/pub/api/v1/devices/index.php
+++ b/pub/api/v1/devices/index.php
@@ -0,0 +1,120 @@
+<?php
+
+use api\classes\API_devices;
+
+session_start();
+require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_devices.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/imageProcessor.php';
+
+$API_devices = new API_devices();
+
+if ($API_devices->request_method === 'GET') {
+
+    # GET the devices
+
+    $API_devices->checkPermissions('admin-devices', 'RO');
+
+} elseif ($API_devices->request_method === 'POST') {
+
+    # create an new device
+
+    $API_devices->checkPermissions('admin-devices', 'RW');
+
+    $ImageData = $API_devices->createDeviceImage(['min_width' => 500, 'max_width' => 1000, 'min_height' => 500, 'max_height' => 1000, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
+    $ImageDataThumbnail = $API_devices->createDeviceImage(['min_width' => 64, 'max_width' => 64, 'min_height' => 64, 'max_height' => 64, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
+    $API_devices->postedData['device_eol'] = $_POST['device_eol'] !== ''
+        ? DateTime::createFromFormat('d/m/Y', $_POST['device_eol'])?->getTimestamp()
+        : null;
+    $API_devices->postedData['device_extensions'] = isset($_POST['device_extensions']) ? json_encode($_POST['device_extensions']) : '[""]';
+    $API_devices->postedData['device_extra'] = preg_replace('/\s+/', '', str_replace(["\r", "\n"], '', $_POST['device_extra'] ?? '{}'));
+
+    if ($ImageData) {
+        $API_devices->postedData['device_image'] = $ImageData;
+    }
+    if ($ImageDataThumbnail) {
+        $API_devices->postedData['device_image_thumbnail'] = $ImageDataThumbnail;
+    }
+
+    $requiredFields = [
+        'device_vendor_uuid' => ['type' => 'uuid'],
+        'device_type' => ['type' => 'enum', 'values' => ['base', 'handset', 'module', 'phone']],
+        'device_name' => ['type' => 'string'],
+        'device_slugify' => ['type' => 'slugify'],
+        'device_enabled' => ['type' => 'boolean'],
+        'device_notes' => ['type' => 'string'],
+        'device_eol' => ['type' => 'timestamp'],
+        'device_extensions' => ['type' => 'json'],
+        'device_extra' => ['type' => 'string'],
+    ];
+
+    $optionalFields = [
+        'device_image' => ['type' => 'base64'],
+        'device_image_thumbnail' => ['type' => 'base64']
+    ];
+
+    $API_devices->validateData($requiredFields, $optionalFields);
+
+    $API_devices->createDevice();
+
+} elseif ($API_devices->request_method === 'PUT') {
+
+    # Edit the device
+    $API_devices->checkPermissions('admin-devices', 'RW');
+
+    # process the posted image (if any)
+    $ImageData = $API_devices->createDeviceImage(['min_width' => 500, 'max_width' => 1000, 'min_height' => 500, 'max_height' => 1000, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
+    $ImageDataThumbnail = $API_devices->createDeviceImage(['min_width' => 64, 'max_width' => 64, 'min_height' => 64, 'max_height' => 64, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
+    $API_devices->postedData['device_eol'] = $_POST['device_eol'] !== ''
+        ? DateTime::createFromFormat('d/m/Y', $_POST['device_eol'])?->getTimestamp()
+        : null;
+    $API_devices->postedData['device_extensions'] = isset($_POST['device_extensions']) ? json_encode($_POST['device_extensions']) : '[""]';
+    $API_devices->postedData['device_extra'] = preg_replace('/\s+/', '', str_replace(["\r", "\n"], '', $_POST['device_extra'] ?? '{}'));
+
+    if ($ImageData) {
+        $API_devices->postedData['device_image'] = $ImageData;
+    }
+    if ($ImageDataThumbnail) {
+        $API_devices->postedData['device_image_thumbnail'] = $ImageDataThumbnail;
+    }
+
+    $requiredFields = [
+        'device_uuid' => ['type' => 'uuid'],
+        'device_vendor_uuid' => ['type' => 'uuid'],
+        'device_name' => ['type' => 'string'],
+        'device_enabled' => ['type' => 'boolean'],
+        'device_notes' => ['type' => 'string'],
+        'device_eol' => ['type' => 'timestamp'],
+        'device_extensions' => ['type' => 'json'],
+        'device_extra' => ['type' => 'string'],
+    ];
+
+    $optionalFields = [
+        'device_image' => ['type' => 'base64'],
+        'device_image_thumbnail' => ['type' => 'base64']
+    ];
+
+    $API_devices->validateData($requiredFields, $optionalFields);
+
+    $_GET['builder'] = [1 => ['where' => [0 => 'device_uuid', 1 => $API_devices->data['device_uuid']]]];
+    $API_devices->getDevices();
+
+    $API_devices->updateDevice();
+
+} elseif ($API_devices->request_method === 'DELETE') {
+
+    # delete an device
+
+    $API_devices->checkPermissions('admin-devices', 'RW');
+
+    # when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
+    $API_devices->return_url = false;
+
+    $requiredFields = ['device_uuid' => ['type' => 'uuid']];
+    $API_devices->validateData($requiredFields);
+
+    # check if the device exists
+    $_GET['builder'] = [1 => ['where' => [0 => 'device_uuid', 1 => $API_devices->data['device_uuid']]]];
+
+    # Delete the device from the database.
+    $API_devices->deleteDevice();
+}