Make better API system
parent
0e094809fa
commit
fb25c4395a
@ -0,0 +1,5 @@
|
||||
# Rewrite for Nextcloud Notes API
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine on
|
||||
RewriteRule ([a-zA-Z0-9]+) index.php?action=$1 [PT]
|
||||
</IfModule>
|
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
sendJsonResp(null, "OK", ["account" => User::byUsername($VARS['username'])->getStatus()->getString()]);
|
@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (!empty($VARS['username'])) {
|
||||
$user = User::byUsername($VARS['username']);
|
||||
} else if (!empty($VARS['uid'])) {
|
||||
$user = new User($VARS['uid']);
|
||||
}
|
||||
|
||||
try {
|
||||
$timestamp = "";
|
||||
if (!empty($VARS['timestamp'])) {
|
||||
$timestamp = date("Y-m-d H:i:s", strtotime($VARS['timestamp']));
|
||||
}
|
||||
$url = "";
|
||||
if (!empty($VARS['url'])) {
|
||||
$url = $VARS['url'];
|
||||
}
|
||||
$nid = Notifications::add($user, $VARS['title'], $VARS['content'], $timestamp, $url, isset($VARS['sensitive']));
|
||||
|
||||
exitWithJson(["status" => "OK", "id" => $nid]);
|
||||
} catch (Exception $ex) {
|
||||
sendJsonResp($ex->getMessage(), "ERROR");
|
||||
}
|
@ -0,0 +1,18 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
engageRateLimit();
|
||||
$appname = "???";
|
||||
if (!empty($VARS['appname'])) {
|
||||
$appname = $VARS['appname'];
|
||||
}
|
||||
$result = User::byUsername($VARS['username'])->sendAlertEmail($appname);
|
||||
if ($result === TRUE) {
|
||||
sendJsonResp();
|
||||
}
|
||||
sendJsonResp($result, "ERROR");
|
@ -0,0 +1,30 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
$user = User::byUsername($VARS['username']);
|
||||
if ($user->checkPassword($VARS['password'])) {
|
||||
Log::insert(LogType::API_AUTH_OK, null, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
||||
sendJsonResp($Strings->get("login successful", false), "OK");
|
||||
} else {
|
||||
Log::insert(LogType::API_AUTH_FAILED, $user->getUID(), "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
||||
if ($user->exists()) {
|
||||
switch ($user->getStatus()->get()) {
|
||||
case AccountStatus::LOCKED_OR_DISABLED:
|
||||
sendJsonResp($Strings->get("account locked", false), "ERROR");
|
||||
case AccountStatus::TERMINATED:
|
||||
sendJsonResp($Strings->get("account terminated", false), "ERROR");
|
||||
case AccountStatus::CHANGE_PASSWORD:
|
||||
sendJsonResp($Strings->get("password expired", false), "ERROR");
|
||||
case AccountStatus::NORMAL:
|
||||
break;
|
||||
default:
|
||||
sendJsonResp($Strings->get("account state error", false), "ERROR");
|
||||
}
|
||||
}
|
||||
sendJsonResp($Strings->get("login incorrect", false), "ERROR");
|
||||
}
|
@ -0,0 +1,24 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
$pin = "";
|
||||
if (!empty($VARS['username'])) {
|
||||
$user = User::byUsername($VARS['username']);
|
||||
} else if (!empty($VARS['uid'])) {
|
||||
$user = new User($VARS['uid']);
|
||||
}
|
||||
|
||||
if ($user->exists()) {
|
||||
$pin = $database->get("accounts", "pin", ["uid" => $user->getUID()]);
|
||||
} else {
|
||||
sendJsonResp($Strings->get("login incorrect", false), "ERROR");
|
||||
}
|
||||
if (is_null($pin) || $pin == "") {
|
||||
exitWithJson(["status" => "ERROR", "pinvalid" => false, "nopinset" => true]);
|
||||
}
|
||||
exitWithJson(["status" => "OK", "pinvalid" => ($pin == $VARS['pin'])]);
|
@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
$database->delete("onetimekeys", ["expires[<]" => date("Y-m-d H:i:s")]); // cleanup
|
||||
if ($database->has("onetimekeys", ["key" => $VARS['code'], "expires[>]" => date("Y-m-d H:i:s")])) {
|
||||
$user = $database->get("onetimekeys", ["[>]accounts" => ["uid" => "uid"]], ["username", "realname", "accounts.uid"], ["key" => $VARS['code']]);
|
||||
exitWithJson(["status" => "OK", "user" => $user]);
|
||||
} else {
|
||||
sendJsonResp($Strings->get("no such code or code expired", false), "ERROR");
|
||||
}
|
@ -0,0 +1,20 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (!empty($VARS['username'])) {
|
||||
$user = User::byUsername($VARS['username']);
|
||||
} else if (!empty($VARS['uid'])) {
|
||||
$user = new User($VARS['uid']);
|
||||
}
|
||||
|
||||
try {
|
||||
Notifications::delete($user, $VARS['id']);
|
||||
sendJsonResp();
|
||||
} catch (Exception $ex) {
|
||||
sendJsonResp($ex->getMessage(), "ERROR");
|
||||
}
|
@ -0,0 +1,10 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
$groups = $database->select('groups', ['groupid (id)', 'groupname (name)']);
|
||||
exitWithJson(["status" => "OK", "groups" => $groups]);
|
@ -0,0 +1,23 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (!empty($VARS['uid'])) {
|
||||
if ($database->has("accounts", ['uid' => $VARS['uid']])) {
|
||||
$empid = $VARS['uid'];
|
||||
} else {
|
||||
sendJsonResp($Strings->get("user does not exist", false), "ERROR");
|
||||
}
|
||||
} else if (!empty($VARS['username'])) {
|
||||
if ($database->has("accounts", ['username' => strtolower($VARS['username'])])) {
|
||||
$empid = $database->select('accounts', 'uid', ['username' => strtolower($VARS['username'])]);
|
||||
} else {
|
||||
sendJsonResp($Strings->get("user does not exist", false), "ERROR");
|
||||
}
|
||||
}
|
||||
$groups = $database->select('assigned_groups', ["[>]groups" => ["groupid" => "groupid"]], ['groups.groupid (id)', 'groups.groupname (name)'], ['uid' => $empid]);
|
||||
exitWithJson(["status" => "OK", "groups" => $groups]);
|
@ -0,0 +1,23 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (!empty($VARS['uid'])) {
|
||||
$manager = new User($VARS['uid']);
|
||||
} else if (!empty($VARS['username'])) {
|
||||
$manager = User::byUsername($VARS['username']);
|
||||
}
|
||||
|
||||
if (!$manager->exists()) {
|
||||
exitWithJson(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false)]);
|
||||
}
|
||||
if (!empty($VARS['get']) && $VARS['get'] == "username") {
|
||||
$managed = $database->select('managers', ['[>]accounts' => ['employeeid' => 'uid']], 'username', ['managerid' => $manager->getUID()]);
|
||||
} else {
|
||||
$managed = $database->select('managers', 'employeeid', ['managerid' => $manager->getUID()]);
|
||||
}
|
||||
exitWithJson(["status" => "OK", "employees" => $managed]);
|
@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (!empty($VARS['uid'])) {
|
||||
$emp = new User($VARS['uid']);
|
||||
} else if (!empty($VARS['username'])) {
|
||||
$emp = User::byUsername($VARS['username']);
|
||||
}
|
||||
|
||||
if (!$emp->exists()) {
|
||||
exitWithJson(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false)]);
|
||||
}
|
||||
$managers = $database->select('managers', 'managerid', ['employeeid' => $emp->getUID()]);
|
||||
exitWithJson(["status" => "OK", "managers" => $managers]);
|
@ -0,0 +1,20 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (!empty($VARS['username'])) {
|
||||
$user = User::byUsername($VARS['username']);
|
||||
} else if (!empty($VARS['uid'])) {
|
||||
$user = new User($VARS['uid']);
|
||||
}
|
||||
|
||||
try {
|
||||
$notifications = Notifications::get($user);
|
||||
exitWithJson(["status" => "OK", "notifications" => $notifications]);
|
||||
} catch (Exception $ex) {
|
||||
sendJsonResp($ex->getMessage(), "ERROR");
|
||||
}
|
@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if ($database->has("groups", ['groupid' => $VARS['gid']])) {
|
||||
$groupid = $VARS['gid'];
|
||||
} else {
|
||||
sendJsonResp($Strings->get("group does not exist", false), "ERROR");
|
||||
}
|
||||
|
||||
if (!empty($VARS["get"]) && $VARS['get'] == "username") {
|
||||
$users = $database->select('assigned_groups', ['[>]accounts' => ['uid' => 'uid']], 'username', ['groupid' => $groupid, "ORDER" => "username"]);
|
||||
} else if (!empty($VARS["get"]) && $VARS['get'] == "detail") {
|
||||
$users = $database->select('assigned_groups', ['[>]accounts' => ['uid' => 'uid']], ['username', 'realname (name)', 'accounts.uid', 'pin'], ['groupid' => $groupid, "ORDER" => "realname"]);
|
||||
for ($i = 0; $i < count($users); $i++) {
|
||||
if (is_null($users[$i]['pin']) || $users[$i]['pin'] == "") {
|
||||
$users[$i]['pin'] = false;
|
||||
} else {
|
||||
$users[$i]['pin'] = true;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$users = $database->select('assigned_groups', 'uid', ['groupid' => $groupid]);
|
||||
}
|
||||
exitWithJson(["status" => "OK", "users" => $users]);
|
@ -0,0 +1,13 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (strlen($VARS['search']) < 2) {
|
||||
exitWithJson(["status" => "OK", "result" => []]);
|
||||
}
|
||||
$data = $database->select('groups', ['groupid (id)', 'groupname (name)'], ['groupname[~]' => $VARS['search'], "LIMIT" => 10]);
|
||||
exitWithJson(["status" => "OK", "result" => $data]);
|
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
sendJsonResp(null, "OK", ["otp" => User::byUsername($VARS['username'])->has2fa()]);
|
@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (!empty($VARS['uid']) && $VARS['uid'] == "1") {
|
||||
$manager = new User($VARS['manager']);
|
||||
$employee = new User($VARS['employee']);
|
||||
} else {
|
||||
$manager = User::byUsername($VARS['manager']);
|
||||
$employee = User::byUsername($VARS['employee']);
|
||||
}
|
||||
if (!$manager->exists()) {
|
||||
exitWithJson(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false), "user" => $VARS['manager']]);
|
||||
}
|
||||
if (!$employee->exists()) {
|
||||
exitWithJson(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false), "user" => $VARS['employee']]);
|
||||
}
|
||||
|
||||
if ($database->has('managers', ['AND' => ['managerid' => $manager->getUID(), 'employeeid' => $employee->getUID()]])) {
|
||||
exitWithJson(["status" => "OK", "managerof" => true]);
|
||||
} else {
|
||||
exitWithJson(["status" => "OK", "managerof" => false]);
|
||||
}
|
@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
$apps = EXTERNAL_APPS;
|
||||
// Format paths as absolute URLs
|
||||
foreach ($apps as $k => $v) {
|
||||
if (strpos($apps[$k]['url'], "http") === FALSE) {
|
||||
$apps[$k]['url'] = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . ($_SERVER['SERVER_PORT'] != 80 || $_SERVER['SERVER_PORT'] != 443 ? ":" . $_SERVER['SERVER_PORT'] : "") . $apps[$k]['url'];
|
||||
}
|
||||
}
|
||||
exitWithJson(["status" => "OK", "apps" => $apps]);
|
@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
engageRateLimit();
|
||||
$user = User::byUsername($VARS['username']);
|
||||
if ($user->checkPassword($VARS['password'])) {
|
||||
switch ($user->getStatus()->getString()) {
|
||||
case "LOCKED_OR_DISABLED":
|
||||
Log::insert(LogType::API_LOGIN_FAILED, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
||||
exitWithJson(["status" => "ERROR", "msg" => $Strings->get("account locked", false)]);
|
||||
case "TERMINATED":
|
||||
Log::insert(LogType::API_LOGIN_FAILED, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
||||
exitWithJson(["status" => "ERROR", "msg" => $Strings->get("account terminated", false)]);
|
||||
case "CHANGE_PASSWORD":
|
||||
Log::insert(LogType::API_LOGIN_FAILED, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
||||
exitWithJson(["status" => "ERROR", "msg" => $Strings->get("password expired", false)]);
|
||||
case "NORMAL":
|
||||
Log::insert(LogType::API_LOGIN_OK, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
||||
exitWithJson(["status" => "OK"]);
|
||||
case "ALERT_ON_ACCESS":
|
||||
$user->sendAlertEmail();
|
||||
Log::insert(LogType::API_LOGIN_OK, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
||||
exitWithJson(["status" => "OK", "alert" => true]);
|
||||
default:
|
||||
Log::insert(LogType::API_LOGIN_FAILED, $uid, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
||||
exitWithJson(["status" => "ERROR", "msg" => $Strings->get("account state error", false)]);
|
||||
}
|
||||
} else {
|
||||
Log::insert(LogType::API_LOGIN_FAILED, null, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
||||
exitWithJson(["status" => "ERROR", "msg" => $Strings->get("login incorrect", false)]);
|
||||
}
|
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
exitWithJson(["status" => "OK", "mobile" => MOBILE_ENABLED]);
|
@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (empty($VARS['username']) || empty($VARS['code'])) {
|
||||
http_response_code(400);
|
||||
die("\"400 Bad Request\"");
|
||||
}
|
||||
$code = strtoupper($VARS['code']);
|
||||
$user_key_valid = $database->has('mobile_codes', ['[>]accounts' => ['uid' => 'uid']], ["AND" => ['mobile_codes.code' => $code, 'accounts.username' => strtolower($VARS['username'])]]);
|
||||
exitWithJson(["status" => "OK", "valid" => $user_key_valid]);
|
@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
$perm = $VARS['code'];
|
||||
if (!empty($VARS['uid'])) {
|
||||
$user = new User($VARS['uid']);
|
||||
} else if (!empty($VARS['username'])) {
|
||||
$user = User::byUsername($VARS['username']);
|
||||
}
|
||||
|
||||
if (!$user->exists()) {
|
||||
exitWithJson(["status" => "ERROR", "msg" => $Strings->get("user does not exist", false)]);
|
||||
}
|
||||
exitWithJson(["status" => "OK", "has_permission" => $user->hasPermission($perm)]);
|
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
sendJsonResp();
|
@ -0,0 +1,25 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (!empty($VARS['username'])) {
|
||||
$user = User::byUsername($VARS['username']);
|
||||
} else if (!empty($VARS['uid'])) {
|
||||
$user = new User($VARS['uid']);
|
||||
} else {
|
||||
http_response_code(400);
|
||||
die("\"400 Bad Request\"");
|
||||
}
|
||||
if (empty($VARS['id'])) {
|
||||
exit(json_encode(["status" => "ERROR", "msg" => $Strings->get("invalid parameters", false)]));
|
||||
}
|
||||
try {
|
||||
Notifications::read($user, $VARS['id']);
|
||||
sendJsonResp();
|
||||
} catch (Exception $ex) {
|
||||
sendJsonResp($ex->getMessage(), "ERROR");
|
||||
}
|
@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (!empty($VARS['uid'])) {
|
||||
$user = new User($VARS['uid']);
|
||||
} else if (!empty($VARS['username'])) {
|
||||
$user = User::byUsername($VARS['username']);
|
||||
}
|
||||
|
||||
sendJsonResp(null, "OK", ["exists" => $user->exists()]);
|
@ -0,0 +1,20 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (!empty($VARS['username'])) {
|
||||
$user = User::byUsername($VARS['username']);
|
||||
} else if (!empty($VARS['uid'])) {
|
||||
$user = new User($VARS['uid']);
|
||||
}
|
||||
if ($user->exists()) {
|
||||
$data = $database->get("accounts", ["uid", "username", "realname (name)", "email", "phone" => ["phone1 (1)", "phone2 (2)"], 'pin'], ["uid" => $user->getUID()]);
|
||||
$data['pin'] = (is_null($data['pin']) || $data['pin'] == "" ? false : true);
|
||||
sendJsonResp(null, "OK", ["data" => $data]);
|
||||
} else {
|
||||
sendJsonResp($Strings->get("login incorrect", false), "ERROR");
|
||||
}
|
@ -0,0 +1,13 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
if (strlen($VARS['search']) < 3) {
|
||||
exitWithJson(["status" => "OK", "result" => []]);
|
||||
}
|
||||
$data = $database->select('accounts', ['uid', 'username', 'realname (name)'], ["OR" => ['username[~]' => $VARS['search'], 'realname[~]' => $VARS['search']], "LIMIT" => 10]);
|
||||
exitWithJson(["status" => "OK", "result" => $data]);
|
@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
$user = User::byUsername($VARS['username']);
|
||||
if ($user->check2fa($VARS['code'])) {
|
||||
sendJsonResp(null, "OK", ["valid" => true]);
|
||||
} else {
|
||||
Log::insert(LogType::API_BAD_2FA, null, "Username: " . strtolower($VARS['username']) . ", Key: " . getCensoredKey());
|
||||
sendJsonResp($Strings->get("2fa incorrect", false), "ERROR", ["valid" => false]);
|
||||
}
|
@ -0,0 +1,215 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
$APIS = [
|
||||
"ping" => [
|
||||
"load" => "ping.php",
|
||||
"vars" => [
|
||||
],
|
||||
"permission" => [
|
||||
]
|
||||
],
|
||||
"auth" => [
|
||||
"load" => "auth.php",
|
||||
"vars" => [
|
||||
"username" => "string",
|
||||
"password" => "string"
|
||||
]
|
||||
],
|
||||
"userinfo" => [
|
||||
"load" => "userinfo.php",
|
||||
"vars" => [
|
||||
"OR" => [
|
||||
"username" => "string",
|
||||
"uid" => "numeric"
|
||||
]
|
||||
]
|
||||
],
|
||||
"userexists" => [
|
||||
"load" => "userexists.php",
|
||||
"vars" => [
|
||||
"OR" => [
|
||||
"username" => "string",
|
||||
"uid" => "numeric"
|
||||
]
|
||||
]
|
||||
],
|
||||
"hastotp" => [
|
||||
"load" => "hastotp.php",
|
||||
"vars" => [
|
||||
"username" => "string"
|
||||
]
|
||||
],
|
||||
"verifytotp" => [
|
||||
"load" => "verifytotp.php",
|
||||
"vars" => [
|
||||
"username" => "string",
|
||||
"code" => "string"
|
||||
]
|
||||
],
|
||||
"acctstatus" => [
|
||||
"load" => "acctstatus.php",
|
||||
"vars" => [
|
||||
"username" => "string"
|
||||
]
|
||||
],
|
||||
"login" => [
|
||||
"load" => "login.php",
|
||||
"vars" => [
|
||||
"username" => "string",
|
||||
"password" => "string"
|
||||
]
|
||||
],
|
||||
"ismanagerof" => [
|
||||
"load" => "ismanagerof.php",
|
||||
"vars" => [
|
||||
"manager" => "string",
|
||||
"employee" => "string",
|
||||
"uid (optional)" => "numeric"
|
||||
]
|
||||
],
|
||||
"getmanaged" => [
|
||||
"load" => "getmanaged.php",
|
||||
"vars" => [
|
||||
"OR" => [
|
||||
"username" => "string",
|
||||
"uid" => "numeric"
|
||||
],
|
||||
"get (optional)" => "string"
|
||||
]
|
||||
],
|
||||
"getmanagers" => [
|
||||
"load" => "getmanagers.php",
|
||||
"vars" => [
|
||||
"OR" => [
|
||||
"username" => "string",
|
||||
"uid" => "numeric"
|
||||
]
|
||||
]
|
||||
],
|
||||
"usersearch" => [
|
||||
"load" => "usersearch.php",
|
||||
"vars" => [
|
||||
"search" => "string"
|
||||
]
|
||||
],
|
||||
"permission" => [
|
||||
"load" => "permission.php",
|
||||
"vars" => [
|
||||
"OR" => [
|
||||
"username" => "string",
|
||||
"uid" => "numeric"
|
||||
],
|
||||
"code" => "string"
|
||||
]
|
||||
],
|
||||
"mobileenabled" => [
|
||||
"load" => "mobileenabled.php"
|
||||
],
|
||||
"mobilevalid" => [
|
||||
"load" => "mobilevalid.php",
|
||||
"vars" => [
|
||||
"username" => "string",
|
||||
"code" => "string"
|
||||
]
|
||||
],
|
||||
"alertemail" => [
|
||||
"load" => "alertemail.php",
|
||||
"vars" => [
|
||||
"username" => "string",
|
||||
"appname (optional)" => "string"
|
||||
]
|
||||
],
|
||||
"codelogin" => [
|
||||
"load" => "codelogin.php",
|
||||
"vars" => [
|
||||
"code" => "string"
|
||||
]
|
||||
],
|
||||
"listapps" => [
|
||||
"load" => "listapps.php"
|
||||
],
|
||||
"getusersbygroup" => [
|
||||
"load" => "getusersbygroup.php",
|
||||
"vars" => [
|
||||
"gid" => "numeric",
|
||||
"get (optional)" => "string"
|
||||
]
|
||||
],
|
||||
"getgroupsbyuser" => [
|
||||
"load" => "getgroupsbyuser.php",
|
||||
"vars" => [
|
||||
"OR" => [
|
||||
"uid" => "numeric",
|
||||
"username" => "string"
|
||||
]
|
||||
]
|
||||
],
|
||||
"getgroups" => [
|
||||
"load" => "getgroups.php"
|
||||
],
|
||||
"groupsearch" => [
|
||||
"load" => "groupsearch.php",
|
||||
"vars" => [
|
||||
"search" => "string"
|
||||
]
|
||||
],
|
||||
"checkpin" => [
|
||||
"load" => "checkpin.php",
|
||||
"vars" => [
|
||||
"pin" => "string",
|
||||
"OR" => [
|
||||
"uid" => "numeric",
|
||||
"username" => "string"
|
||||
]
|
||||
]
|
||||
],
|
||||
"getnotifications" => [
|
||||
"load" => "getnotifications.php",
|
||||
"vars" => [
|
||||
"OR" => [
|
||||
"uid" => "numeric",
|
||||
"username" => "string"
|
||||
]
|
||||
]
|
||||
],
|
||||
"readnotification" => [
|
||||
"load" => "readnotification.php",
|
||||
"vars" => [
|
||||
"OR" => [
|
||||
"uid" => "numeric",
|
||||
"username" => "string"
|
||||
],
|
||||
"id" => "numeric"
|
||||
]
|
||||
],
|
||||
"addnotification" => [
|
||||
"load" => "addnotification.php",
|
||||
"vars" => [
|
||||
"OR" => [
|
||||
"uid" => "numeric",
|
||||
"username" => "string"
|
||||
],
|
||||
"title" => "string",
|
||||
"content" => "string",
|
||||
"timestamp (optional)" => "string",
|
||||
"url (optional)" => "string",
|
||||
"sensitive (optional)" => "string"
|
||||
]
|
||||
],
|
||||
"deletenotification" => [
|
||||
"load" => "deletenotification.php",
|
||||
"vars" => [
|
||||
"OR" => [
|
||||
"uid" => "numeric",
|
||||
"username" => "string"
|
||||
],
|
||||
"id" => "numeric"
|
||||
]
|
||||
],
|
||||
];
|
@ -0,0 +1,123 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Build and send a simple JSON response.
|
||||
* @param string $msg A message
|
||||
* @param string $status "OK" or "ERROR"
|
||||
* @param array $data More JSON data
|
||||
*/
|
||||
function sendJsonResp(string $msg = null, string $status = "OK", array $data = null) {
|
||||
$resp = [];
|
||||
if (!is_null($data)) {
|
||||
$resp = $data;
|
||||
}
|
||||
if (!is_null($msg)) {
|
||||
$resp["msg"] = $msg;
|
||||
}
|
||||
$resp["status"] = $status;
|
||||
header("Content-Type: application/json");
|
||||
exit(json_encode($resp));
|
||||
}
|
||||
|
||||
function exitWithJson(array $json) {
|
||||
header("Content-Type: application/json");
|
||||
exit(json_encode($json));
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the API key with most of the characters replaced with *s.
|
||||
* @global string $key
|
||||
* @return string
|
||||
*/
|
||||
function getCensoredKey() {
|
||||
global $key;
|
||||
$resp = $key;
|
||||
if (strlen($key) > 5) {
|
||||
for ($i = 2; $i < strlen($key) - 2; $i++) {
|
||||
$resp[$i] = "*";
|
||||
}
|
||||
}
|
||||
return $resp;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the request is allowed
|
||||
* @global type $VARS
|
||||
* @global type $database
|
||||
* @return bool true if the request should continue, false if the request is bad
|
||||
*/
|
||||
function authenticate(): bool {
|
||||
global $VARS, $database;
|
||||
if (empty($VARS['key'])) {
|
||||
return false;
|
||||
} else {
|
||||
$key = $VARS['key'];
|
||||
if ($database->has('apikeys', ['key' => $key]) !== TRUE) {
|
||||
engageRateLimit();
|
||||
http_response_code(403);
|
||||
Log::insert(LogType::API_BAD_KEY, null, "Key: " . $key);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
function checkVars($vars, $or = false) {
|
||||
global $VARS;
|
||||
$ok = [];
|
||||
foreach ($vars as $key => $val) {
|
||||
if (strpos($key, "OR") === 0) {
|
||||
checkVars($vars[$key], true);
|
||||
continue;
|
||||
}
|
||||
|
||||
// Only check type of optional variables if they're set, and don't
|
||||
// mark them as bad if they're not set
|
||||
if (strpos($key, " (optional)") !== false) {
|
||||
$key = str_replace(" (optional)", "", $key);
|
||||
if (empty($VARS[$key])) {
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
if (empty($VARS[$key])) {
|
||||
$ok[$key] = false;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
$checkmethod = "is_$val";
|
||||
if ($checkmethod($VARS[$key]) !== true) {
|
||||
$ok[$key] = false;
|
||||
} else {
|
||||
$ok[$key] = true;
|
||||
}
|
||||
}
|
||||
if ($or) {
|
||||
$success = false;
|
||||
$bad = "";
|
||||
foreach ($ok as $k => $v) {
|
||||
if ($v) {
|
||||
$success = true;
|
||||
break;
|
||||
} else {
|
||||
$bad = $k;
|
||||
}
|
||||
}
|
||||
if (!$success) {
|
||||
http_response_code(400);
|
||||
die("400 Bad request: variable $bad is missing or invalid");
|
||||
}
|
||||
} else {
|
||||
foreach ($ok as $key => $bool) {
|
||||
if (!$bool) {
|
||||
http_response_code(400);
|
||||
die("400 Bad request: variable $key is missing or invalid");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,77 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*/
|
||||
|
||||
require __DIR__ . '/../required.php';
|
||||
require __DIR__ . '/functions.php';
|
||||
require __DIR__ . '/apisettings.php';
|
||||
|
||||
$VARS = $_GET;
|
||||
if ($_SERVER['REQUEST_METHOD'] != "GET") {
|
||||
$VARS = array_merge($VARS, $_POST);
|
||||
}
|
||||
|
||||
$requestbody = file_get_contents('php://input');
|
||||
$requestjson = json_decode($requestbody, TRUE);
|
||||
if (json_last_error() == JSON_ERROR_NONE) {
|
||||
$requestdata = array_merge($requestdata, $requestjson);
|
||||
}
|
||||
|
||||
// If we're not using the old api.php file, allow more flexible requests
|
||||
if (strpos($_SERVER['REQUEST_URI'], "/api.php") === FALSE) {
|
||||
$route = explode("/", substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], "api/") + 4));
|
||||
|
||||
if (count($route) > 1) {
|
||||
$VARS["action"] = $route[0];
|
||||
}
|
||||
if (count($route) >= 2 && strpos($route[1], "?") !== 0) {
|
||||
$VARS["key"] = $route[1];
|
||||
|
||||
for ($i = 2; $i < count($route); $i++) {
|
||||
$key = explode("=", $route[$i], 2)[0];
|
||||
$val = explode("=", $route[$i], 2)[1];
|
||||
$VARS[$key] = $val;
|
||||
}
|
||||
}
|
||||
|
||||
if (strpos($route[count($route) - 1], "?") === 0) {
|
||||
$morevars = explode("&", substr($route[count($route) - 1], 1));
|
||||
foreach ($morevars as $var) {
|
||||
$key = explode("=", $var, 2)[0];
|
||||
$val = explode("=", $var, 2)[1];
|
||||
$VARS[$key] = $val;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!authenticate()) {
|
||||
http_response_code(403);
|
||||
die("403 Unauthorized");
|
||||
}
|
||||
|
||||
if (empty($VARS['action'])) {
|
||||
http_response_code(404);
|
||||
die("404 No action specified");
|
||||
}
|
||||
|
||||
if (!isset($APIS[$VARS['action']])) {
|
||||
http_response_code(404);
|
||||
die("404 Action not defined");
|
||||
}
|
||||
|
||||
$APIACTION = $APIS[$VARS["action"]];
|
||||
|
||||
if (!file_exists(__DIR__ . "/actions/" . $APIACTION["load"])) {
|
||||
http_response_code(404);
|
||||
die("404 Action not found");
|
||||
}
|
||||
|
||||
if (!empty($APIACTION["vars"])) {
|
||||
checkVars($APIACTION["vars"]);
|
||||
}
|
||||
|
||||
require_once __DIR__ . "/actions/" . $APIACTION["load"];
|
Loading…
Reference in New Issue