meteo/Sentri
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v.1.1 changes 16-04-2026:

Browse Source 
- Minor changes to interface.
- Fixed different missing includes.
- Access now denied to api calls that are related to disabled modules.
- Fixed sorting of CPU and memory in server overview.
This commit is contained in:
Marco Mooij
2026-04-16 15:01:40 +02:00
parent 36b0ebd10c
commit eec1d13cf5
40 changed files with 26451 additions and 26428 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
pub/api/v1/customers/companies/activate/index.php
View File

@@ -1,34 +1,33 @@
<?php
use api\classes\API_companies;
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_companies.php';
# Check permissions
$API_companies = new API_companies();
if ($API_companies->request_method === 'PUT') {
$API_companies->checkPermissions('customer-companies', 'RW');
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_companies->return_url = false;
$requiredFields = [
'company_uuid' => ['type' => 'uuid'],
'company_state' => ['type' => 'enum', 'values' => ['active', 'imported', 'orphaned']]
];
$API_companies->validateData($requiredFields);
$API_companies->updateCompanyState();
<?php
use api\classes\API_companies;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_companies.php';
# Check permissions
$API_companies = new API_companies();
if (!$GLOBALS['modules_enabled']['customers']) {
echo '405 Not Allowed';
exit;
}
if ($API_companies->request_method === 'PUT') {
$API_companies->checkPermissions('customer-companies', 'RW');
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_companies->return_url = false;
$requiredFields = [
'company_uuid' => ['type' => 'uuid'],
'company_state' => ['type' => 'enum', 'values' => ['active', 'imported', 'orphaned']]
];
$API_companies->validateData($requiredFields);
$API_companies->updateCompanyState();
}

84
pub/api/v1/office/stompjes/index.php
View File

@@ -1,43 +1,43 @@
<?php
use api\classes\API_office_stompjes;
if (!$GLOBALS['modules_enabled']['office']) {
echo '405 Not Allowed';
exit;
}
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_office_stompjes.php';
$API_office_stompjes = new API_office_stompjes();
if ($API_office_stompjes->request_method === 'POST') {
$API_office_stompjes->checkPermissions('ofice-stompjes-canstomp', 'RW');
$API_office_stompjes->return_url = false;
$requiredFields = [
'user_uuid' => ['type' => 'uuid']
];
$API_office_stompjes->validateData($requiredFields);
$modules = $API_office_stompjes->addStomp();
$API_office_stompjes->apiOutput($code = 200, ['success' => 'stomp added successfully.']);
} elseif ($API_office_stompjes->request_method === 'DELETE') {
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
$API_office_stompjes->checkPermissions('ofice-stompjes', 'RW');
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_office_stompjes->return_url = false;
$requiredFields = ['stomp_uuid' => ['type' => 'uuid']];
$API_office_stompjes->validateData($requiredFields);
# delete permission
$API_office_stompjes->deleteStomp();
<?php
use api\classes\API_office_stompjes;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_office_stompjes.php';
$API_office_stompjes = new API_office_stompjes();
if (!$GLOBALS['modules_enabled']['office']) {
echo '405 Not Allowed';
exit;
}
if ($API_office_stompjes->request_method === 'POST') {
$API_office_stompjes->checkPermissions('ofice-stompjes-canstomp', 'RW');
$API_office_stompjes->return_url = false;
$requiredFields = [
'user_uuid' => ['type' => 'uuid']
];
$API_office_stompjes->validateData($requiredFields);
$modules = $API_office_stompjes->addStomp();
$API_office_stompjes->apiOutput($code = 200, ['success' => 'stomp added successfully.']);
} elseif ($API_office_stompjes->request_method === 'DELETE') {
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
$API_office_stompjes->checkPermissions('ofice-stompjes', 'RW');
# when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection
$API_office_stompjes->return_url = false;
$requiredFields = ['stomp_uuid' => ['type' => 'uuid']];
$API_office_stompjes->validateData($requiredFields);
# delete permission
$API_office_stompjes->deleteStomp();
}

112
pub/api/v1/servers/index.php
View File

@@ -1,57 +1,57 @@
<?php
use api\classes\API_servers;
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_servers.php';
$API_servers = new API_servers();
if ($API_servers->request_method === 'POST') {
$API_servers->checkPermissions('servers', 'RW');
$requiredFields = [
'server_vm_id' => ['type' => 'string'],
];
$optionalFields = [
'server_vm_host_id' => ['type' => 'string'],
'server_vm_host_name' => ['type' => 'string'],
'company_uuid' => ['type' => 'string'],
'server_power_state' => ['type' => 'enum', 'values' => ['Running', 'Off']],
'server_state' => ['type' => 'enum', 'values' => ['new', 'active', 'deleted', 'trial', 'disabled']],
'server_hostname' => ['type' => 'string'],
'server_os' => ['type' => 'string'],
'server_cpu' => ['type' => 'int'],
'server_memory' => ['type' => 'int'],
'server_memory_demand' => ['type' => 'int'],
'server_disks' => ['type' => 'json'],
'server_ipv4' => ['type' => 'json'],
'server_ipv6' => ['type' => 'json'],
'server_vm_generation' => ['type' => 'int'],
'server_vm_snapshot' => ['type' => 'int'],
'server_licenses' => ['type' => 'json'],
'server_backup' => ['type' => 'json'],
'server_description' => ['type' => 'string'],
];
if (isset($API_servers->postedData['servers'])) {
// multiple servers are posted
$allServers = $API_servers->postedData['servers'];
foreach ($allServers as $server) {
$API_servers->processServerData($server, $requiredFields, $optionalFields);
}
} else {
// Single server update
$API_servers->processServerData($API_servers->postedData, $requiredFields, $optionalFields);
}
$API_servers->apiOutput(200, ['success' => "Server(s) modified or updated successfully."]);
<?php
use api\classes\API_servers;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_servers.php';
$API_servers = new API_servers();
if (!$GLOBALS['modules_enabled']['servers']) {
echo '405 Not Allowed';
exit;
}
if ($API_servers->request_method === 'POST') {
$API_servers->checkPermissions('servers', 'RW');
$requiredFields = [
'server_vm_id' => ['type' => 'string'],
];
$optionalFields = [
'server_vm_host_id' => ['type' => 'string'],
'server_vm_host_name' => ['type' => 'string'],
'company_uuid' => ['type' => 'string'],
'server_power_state' => ['type' => 'enum', 'values' => ['Running', 'Off']],
'server_state' => ['type' => 'enum', 'values' => ['new', 'active', 'deleted', 'trial', 'disabled']],
'server_hostname' => ['type' => 'string'],
'server_os' => ['type' => 'string'],
'server_cpu' => ['type' => 'int'],
'server_memory' => ['type' => 'int'],
'server_memory_demand' => ['type' => 'int'],
'server_disks' => ['type' => 'json'],
'server_ipv4' => ['type' => 'json'],
'server_ipv6' => ['type' => 'json'],
'server_vm_generation' => ['type' => 'int'],
'server_vm_snapshot' => ['type' => 'int'],
'server_licenses' => ['type' => 'json'],
'server_backup' => ['type' => 'json'],
'server_description' => ['type' => 'string'],
];
if (isset($API_servers->postedData['servers'])) {
// multiple servers are posted
$allServers = $API_servers->postedData['servers'];
foreach ($allServers as $server) {
$API_servers->processServerData($server, $requiredFields, $optionalFields);
}
} else {
// Single server update
$API_servers->processServerData($API_servers->postedData, $requiredFields, $optionalFields);
}
$API_servers->apiOutput(200, ['success' => "Server(s) modified or updated successfully."]);
}

48
pub/api/v1/sources/inserve/index.php
View File

@@ -1,24 +1,24 @@
<?php
use api\classes\API_inserve;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_inserve.php';
$API_inserve = new API_inserve();
$API_inserve->setupConnection();
if ($API_inserve->request_method === 'GET') {
if ($_GET['action'] = 'auth/me') {
$API_inserve->checkPermissions('admin-sources', 'RO');
# This api call, when called from the frontend will not be forwarding to a url.
$API_inserve->return_url = false;
$auth = $API_inserve->authMe();
http_response_code($API_inserve->httpCode);
}
}
<?php
use api\classes\API_inserve;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_inserve.php';
$API_inserve = new API_inserve();
$API_inserve->setupConnection();
if ($API_inserve->request_method === 'GET') {
if ($_GET['action'] = 'auth/me') {
$API_inserve->checkPermissions('admin-sources', 'RO');
# This api call, when called from the frontend will not be forwarding to a url.
$API_inserve->return_url = false;
$auth = $API_inserve->authMe();
http_response_code($API_inserve->httpCode);
}
}

42
pub/api/v1/sources/inserve/sync-cloud-distributor/index.php
View File

@@ -1,22 +1,22 @@
<?php
use api\classes\API_inserve;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_inserve.php';
$API_inserve = new API_inserve();
if ($API_inserve->request_method === 'GET' || $API_inserve->request_method === 'POST') {
# This syncs the company id's from Sentri to the Inserve cloudDistributor
# These are the same id's but it Inserve requires it to be synced to the cloudDistributor
$API_inserve->checkPermissions('servers', 'RW');
$API_inserve->setupConnection();
$API_inserve->syncCompaniesFromSentri();
$API_inserve->apiOutput(200, ['success' => 'Sync is done successfully']);
<?php
use api\classes\API_inserve;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_inserve.php';
$API_inserve = new API_inserve();
if ($API_inserve->request_method === 'GET' || $API_inserve->request_method === 'POST') {
# This syncs the company id's from Sentri to the Inserve cloudDistributor
# These are the same id's but it Inserve requires it to be synced to the cloudDistributor
$API_inserve->checkPermissions('servers', 'RW');
$API_inserve->setupConnection();
$API_inserve->syncCompaniesFromSentri();
$API_inserve->apiOutput(200, ['success' => 'Sync is done successfully']);
}

130
pub/api/v1/sources/inserve/sync-companies/index.php
View File

@@ -1,65 +1,65 @@
<?php
use api\classes\API_inserve;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_inserve.php';
$API_inserve = new API_inserve();
$API_inserve->setupConnection();
if ($API_inserve->request_method === 'POST' || $API_inserve->request_method === 'GET') {
# Code below will retrieve all the companies and create or update it in the database
$API_inserve->checkPermissions('customer-companies', 'RW');
$allCompanies = [];
$page = 1;
do {
$result = $API_inserve->companies($page);
if (!isset($result['data']) || empty($result['data'])) {
break;
}
foreach ($result['data'] as $item) {
$allCompanies[] = [
'id' => $item['id'],
'name' => $item['name'],
'debtor_code' => $item['debtor_code'],
'archived_at' => $item['archived_at']
];
}
$page++;
} while ($result['next_page_url'] !== null);
foreach ($allCompanies as $company) {
$source_uuid = $API_inserve->inserve_source_uuid;
$company_id = $company['id'];
$debtor_code = $company['debtor_code'];
$company_name = $company['name'];
$created_at = time();
# Add or modify the company if it is not archived
if ($company['archived_at'] == null) {
$query = "INSERT INTO companies (source_uuid, company_source_id, company_source_id2, company_name, company_create_timestamp)
VALUES (?, ?, ?, ?, ?)
ON DUPLICATE KEY UPDATE
company_name = VALUES(company_name),
company_source_id2 = VALUES(company_source_id2),
company_modified_timestamp = VALUES(company_create_timestamp)";
$stmt = $API_inserve->prepareStatement($query);
$stmt->bind_param('ssssi', $source_uuid, $company_id, $debtor_code, $company_name, $created_at);
$API_inserve->executeStatement($stmt);
$stmt->close();
}
}
$API_inserve->apiOutput(200, ['success' => 'Sync is done successfully']);
}
<?php
use api\classes\API_inserve;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_inserve.php';
$API_inserve = new API_inserve();
$API_inserve->setupConnection();
if ($API_inserve->request_method === 'POST' || $API_inserve->request_method === 'GET') {
# Code below will retrieve all the companies and create or update it in the database
$API_inserve->checkPermissions('customer-companies', 'RW');
$allCompanies = [];
$page = 1;
do {
$result = $API_inserve->companies($page);
if (!isset($result['data']) || empty($result['data'])) {
break;
}
foreach ($result['data'] as $item) {
$allCompanies[] = [
'id' => $item['id'],
'name' => $item['name'],
'debtor_code' => $item['debtor_code'],
'archived_at' => $item['archived_at']
];
}
$page++;
} while ($result['next_page_url'] !== null);
foreach ($allCompanies as $company) {
$source_uuid = $API_inserve->inserve_source_uuid;
$company_id = $company['id'];
$debtor_code = $company['debtor_code'];
$company_name = $company['name'];
$created_at = time();
# Add or modify the company if it is not archived
if ($company['archived_at'] == null) {
$query = "INSERT INTO companies (source_uuid, company_source_id, company_source_id2, company_name, company_create_timestamp)
VALUES (?, ?, ?, ?, ?)
ON DUPLICATE KEY UPDATE
company_name = VALUES(company_name),
company_source_id2 = VALUES(company_source_id2),
company_modified_timestamp = VALUES(company_create_timestamp)";
$stmt = $API_inserve->prepareStatement($query);
$stmt->bind_param('ssssi', $source_uuid, $company_id, $debtor_code, $company_name, $created_at);
$API_inserve->executeStatement($stmt);
$stmt->close();
}
}
$API_inserve->apiOutput(200, ['success' => 'Sync is done successfully']);
}

38
pub/api/v1/sources/inserve/sync-server-licenses/index.php
View File

@@ -1,20 +1,20 @@
<?php
use api\classes\API_inserve;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_inserve.php';
$API_inserve = new API_inserve();
if ($API_inserve->request_method === 'GET' || $API_inserve->request_method === 'POST') {
$API_inserve->checkPermissions('servers', 'RW');
$API_inserve->setupConnection();
$API_inserve->syncCompaniesFromSentri();
$API_inserve->syncServerLicencesToInserve();
$API_inserve->apiOutput(200, ['success' => 'Sync is done successfully']);
<?php
use api\classes\API_inserve;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_inserve.php';
$API_inserve = new API_inserve();
if ($API_inserve->request_method === 'GET' || $API_inserve->request_method === 'POST') {
$API_inserve->checkPermissions('servers', 'RW');
$API_inserve->setupConnection();
$API_inserve->syncCompaniesFromSentri();
$API_inserve->syncServerLicencesToInserve();
$API_inserve->apiOutput(200, ['success' => 'Sync is done successfully']);
}

74
pub/api/v1/system/modules/index.php
View File

@@ -1,37 +1,37 @@
<?php
use api\classes\API_system_modules;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_system_modules.php';
$API_system_modules = new API_system_modules();
if ($API_system_modules->request_method === 'GET') {
# this part here is not tested (the whole GET part)
$API_system_modules->checkPermissions('admin-modules', 'RO');
$requiredFields = [];
$API_system_modules->validateData($requiredFields);
$modules = $API_system_modules->getModules();
$API_system_modules->apiOutput($code = 200, ['success' => $modules], '');
} elseif ($API_system_modules->request_method === 'PUT') {
# Enable or disable a module
$API_system_modules->checkPermissions('admin-modules', 'RW');
# This api call, when called from the frontend will not be forwarding to a url.
$API_system_modules->return_url = false;
$requiredFields = [
'module_uuid' => ['type' => 'uuid'],
'module_enabled' => ['type' => 'boolean'],
];
$API_system_modules->validateData($requiredFields);
$API_system_modules->enableModule();
}
<?php
use api\classes\API_system_modules;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_system_modules.php';
$API_system_modules = new API_system_modules();
if ($API_system_modules->request_method === 'GET') {
# this part here is not tested (the whole GET part)
$API_system_modules->checkPermissions('admin-modules', 'RO');
$requiredFields = [];
$API_system_modules->validateData($requiredFields);
$modules = $API_system_modules->getModules();
$API_system_modules->apiOutput($code = 200, ['success' => $modules], '');
} elseif ($API_system_modules->request_method === 'PUT') {
# Enable or disable a module
$API_system_modules->checkPermissions('admin-modules', 'RW');
# This api call, when called from the frontend will not be forwarding to a url.
$API_system_modules->return_url = false;
$requiredFields = [
'module_uuid' => ['type' => 'uuid'],
'module_enabled' => ['type' => 'boolean'],
];
$API_system_modules->validateData($requiredFields);
$API_system_modules->enableModule();
}

60
pub/api/v1/system/sources/inserve/index.php
View File

@@ -1,30 +1,30 @@
<?php
use api\classes\API_system_sources;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_system_sources.php';
$API_system_sources = new API_system_sources();
if ($API_system_sources->request_method === 'POST') {
# Enable or disable a module
$API_system_sources->checkPermissions('admin-sources', 'RW');
if ($_POST['source_name'] == 'inserve') {
$requiredFields = [
'source_name' => ['type' => 'string'],
'source_url' => ['type' => 'string'],
'source_auth_token' => ['type' => 'string'],
];
} else {
$API_system_sources->apiOutput(400, ['error' => 'Error: no valid source_name posted']);
}
$API_system_sources->validateData($requiredFields);
if ($_POST['source_name'] == 'inserve') {
$API_system_sources->inserveUpdate();
}
}
<?php
use api\classes\API_system_sources;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_system_sources.php';
$API_system_sources = new API_system_sources();
if ($API_system_sources->request_method === 'POST') {
# Enable or disable a module
$API_system_sources->checkPermissions('admin-sources', 'RW');
if ($_POST['source_name'] == 'inserve') {
$requiredFields = [
'source_name' => ['type' => 'string'],
'source_url' => ['type' => 'string'],
'source_auth_token' => ['type' => 'string'],
];
} else {
$API_system_sources->apiOutput(400, ['error' => 'Error: no valid source_name posted']);
}
$API_system_sources->validateData($requiredFields);
if ($_POST['source_name'] == 'inserve') {
$API_system_sources->inserveUpdate();
}
}