Got started adding internal usage. A lot more work to handle this than I originally thought

7 years ago · fddd3de664
parent e21c26689a
commit fddd3de664
6 changed files with 115 additions and 9 deletions
--- a/api/BusinessLogic/Exceptions/InternalUseOnlyException.php
+++ b/api/BusinessLogic/Exceptions/InternalUseOnlyException.php
@ -0,0 +1,10 @@
+<?php
+
+namespace BusinessLogic\Exceptions;
+
+
+class InternalUseOnlyException extends ApiFriendlyException {
+    function __construct() {
+        parent::__construct("This endpoint can only be used internally", "Internal Use Only", 400);
+    }
+}
--- a/api/BusinessLogic/Exceptions/SessionNotActiveException.php
+++ b/api/BusinessLogic/Exceptions/SessionNotActiveException.php
@ -0,0 +1,16 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: cokoch
+ * Date: 5/2/2017
+ * Time: 12:28 PM
+ */
+
+namespace BusinessLogic\Exceptions;
+
+
+class SessionNotActiveException extends ApiFriendlyException {
+    function __construct() {
+        parent::__construct("You must be logged in to call internal API methods", "Authentication Required", 401);
+    }
+}
--- a/api/Controllers/InternalApiController.php
+++ b/api/Controllers/InternalApiController.php
@ -0,0 +1,16 @@
+<?php
+
+namespace Controllers;
+
+
+use BusinessLogic\Exceptions\InternalUseOnlyException;
+use BusinessLogic\Helpers;
+
+abstract class InternalApiController {
+    function checkForInternalUseOnly() {
+        $tokenHeader = Helpers::getHeader('X-AUTH-TOKEN');
+        if ($tokenHeader === null || trim($tokenHeader) === '') {
+            throw new InternalUseOnlyException();
+        }
+    }
+}
--- a/api/Controllers/Tickets/ResendTicketEmailToCustomerController.php
+++ b/api/Controllers/Tickets/ResendTicketEmailToCustomerController.php
@ -0,0 +1,26 @@
+<?php
+
+namespace Controllers\Tickets;
+
+
+use BusinessLogic\Tickets\TicketRetriever;
+use Controllers\InternalApiController;
+
+class ResendTicketEmailToCustomerController extends InternalApiController {
+    function get($ticketId) {
+        global $applicationContext, $userContext, $hesk_settings;
+
+        $this->checkForInternalUseOnly();
+
+        /* @var $ticketRetriever TicketRetriever */
+        $ticketRetriever = $applicationContext->get[TicketRetriever::class];
+        $ticket = $ticketRetriever->getTicketById($ticketId, $hesk_settings, $userContext);
+
+        $reply = -1;
+        if (isset($_GET['replyId'])) {
+            $reply = $_GET['replyId'];
+        }
+
+        //-- TODO Get reply if necessary including all attachments :O
+    }
+}
--- a/api/index.php
+++ b/api/index.php
@ -18,8 +18,14 @@ function handle404() {
 function before() {
    assertApiIsEnabled();

-    $token = \BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN');
-    buildUserContext($token);
+    $internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');
+
+    if ($internalUse === 'true') {
+        buildUserContextFromSession();
+    } else {
+        $token = \BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN');
+        buildUserContext($token);
+    }
 }

 function assertApiIsEnabled() {
@ -36,6 +42,19 @@ function assertApiIsEnabled() {
    return;
 }

+function buildUserContextFromSession() {
+    global $userContext;
+
+    hesk_session_start();
+
+    if (!hesk_isLoggedIn(false)) {
+        throw new \BusinessLogic\Exceptions\SessionNotActiveException();
+    }
+
+    /* @var $userContext \BusinessLogic\Security\UserContext */
+    $userContext = \BusinessLogic\Security\UserContext::fromDataRow($_SESSION);
+}
+
 function buildUserContext($xAuthToken) {
    global $applicationContext, $userContext, $hesk_settings;

@ -161,6 +180,10 @@ Link::all(array(
    // Settings
    '/v1/settings' => \Controllers\Settings\SettingsController::class,

+    /* Internal use only routes */
+    // Resend email response
+    '/v1/staff/tickets/{i}/resend-email' => \Controllers\Tickets\ResendTicketEmailToCustomerController::class,
+
    // Any URL that doesn't match goes to the 404 handler
    '404' => 'handle404'
 ));
--- a/inc/admin_functions.inc.php
+++ b/inc/admin_functions.inc.php
@ -460,7 +460,7 @@ function hesk_autoLogin($noredirect = 0)
 } // END hesk_autoLogin()


-function hesk_isLoggedIn()
+function hesk_isLoggedIn($redirect_if_not_logged_in = true)
 {
    global $hesk_settings;

@ -482,8 +482,13 @@ function hesk_isLoggedIn()
        }

        hesk_session_stop();
-        header('Location: ' . $url);
-        exit();
+
+        if ($redirect_if_not_logged_in) {
+            header('Location: ' . $url);
+            exit();
+        } else {
+            return false;
+        }
    } else {
        hesk_session_regenerate_id();

@ -493,8 +498,13 @@ function hesk_isLoggedIn()
        // Exit if user not found
        if (hesk_dbNumRows($res) != 1) {
            hesk_session_stop();
-            header('Location: ' . $url);
-            exit();
+
+            if ($redirect_if_not_logged_in) {
+                header('Location: ' . $url);
+                exit();
+            } else {
+                return false;
+            }
        }

        // Fetch results from database
@ -503,8 +513,13 @@ function hesk_isLoggedIn()
        // Verify this session is still valid
        if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) {
            hesk_session_stop();
-            header('Location: ' . $url);
-            exit();
+
+            if ($redirect_if_not_logged_in) {
+                header('Location: ' . $url);
+                exit();
+            } else {
+                return false;
+            }
        }

        // Update session variables as needed