You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Mods-for-HESK-Netsyms/api/index.php

268 lines
12 KiB
PHP

<?php
// Properly handle error logging, as well as a fatal error workaround
require_once(__DIR__ . '/autoload.php');
error_reporting(0);
set_error_handler('errorHandler');
set_exception_handler('exceptionHandler');
register_shutdown_function('fatalErrorShutdownHandler');
$userContext = null;
function handle404() {
print output(array(
'message' => "The endpoint '{$_SERVER['REQUEST_URI']}' was not found. Double-check your request and submit again.",
'uri' => $_SERVER['REQUEST_URI']
), 404);
}
function globalBefore() {
if (defined('HESK_DEMO') && $_SERVER['REQUEST_METHOD'] !== 'GET') {
print_error('Demo Mode', 'Only read-only commands are available in demo mode!', null, 401);
die();
}
}
function internalHandler() {
buildUserContextFromSession();
}
function authTokenHandler() {
assertApiIsEnabled();
$token = \BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN');
buildUserContext($token);
}
function internalOrAuthHandler() {
$internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');
if ($internalUse === 'true') {
internalHandler();
} else {
authTokenHandler();
}
}
function publicHandler() {
global $userContext;
// Check if we passed in a X-Auth-Token or X-Internal-Call header. Those take priority
if (\BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL') === 'true') {
internalHandler();
} elseif (\BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN') !== null) {
authTokenHandler();
} else {
//-- Create an "anonymous" UserContext
$userContext = \BusinessLogic\Security\UserContext::buildAnonymousUser();
}
}
function assertApiIsEnabled() {
global $applicationContext, $hesk_settings;
/* @var $apiChecker \BusinessLogic\Settings\ApiChecker */
$apiChecker = $applicationContext->get(\BusinessLogic\Settings\ApiChecker::clazz());
if (!$apiChecker->isApiEnabled($hesk_settings)) {
print output(array('message' => 'API Disabled'), 404);
die();
}
return;
}
function buildUserContextFromSession() {
global $userContext;
hesk_session_start();
if (empty($_SESSION['id'])) {
throw new \BusinessLogic\Exceptions\SessionNotActiveException();
}
/* @var $userContext \BusinessLogic\Security\UserContext */
$userContext = \BusinessLogic\Security\UserContext::fromDataRow($_SESSION);
}
function buildUserContext($xAuthToken) {
global $applicationContext, $userContext, $hesk_settings;
/* @var $userContextBuilder \BusinessLogic\Security\UserContextBuilder */
$userContextBuilder = $applicationContext->get(\BusinessLogic\Security\UserContextBuilder::clazz());
$userContext = $userContextBuilder->buildUserContext($xAuthToken, $hesk_settings);
}
function errorHandler($errorNumber, $errorMessage, $errorFile, $errorLine) {
exceptionHandler(new Exception(sprintf("%s:%d\n\n%s", $errorFile, $errorLine, $errorMessage)));
}
/**
* @param $exception Exception
*/
function exceptionHandler($exception) {
global $userContext, $hesk_settings;
if (strpos($exception->getTraceAsString(), 'LoggingGateway') !== false) {
//-- Suppress these for now, as it would cause issues to output two JSONs at one time.
return;
}
// We don't cast API Friendly Exceptions as they're user-generated errors
if (exceptionIsOfType($exception, \BusinessLogic\Exceptions\ApiFriendlyException::clazz())) {
/* @var $castedException \BusinessLogic\Exceptions\ApiFriendlyException */
$castedException = $exception;
print_error($castedException->title, $castedException->getMessage(), null, $castedException->httpResponseCode);
} elseif (exceptionIsOfType($exception, \Core\Exceptions\SQLException::clazz())) {
/* @var $castedException \Core\Exceptions\SQLException */
$castedException = $exception;
$logId = tryToLog(getLoggingLocation($exception),
"Fought an uncaught SQL exception: " . $castedException->failingQuery, $castedException->getTraceAsString(),
$userContext, $hesk_settings);
$logIdText = $logId === null ? "Additionally, the error could not be logged! :'(" : "Log ID: {$logId}";
print_error("SQL Exception", "Fought an uncaught SQL exception. Check the logs for more information. {$logIdText}", $logId);
} else {
$logId = tryToLog(getLoggingLocation($exception),
$exception->getMessage(), $exception->getTraceAsString(),
$userContext, $hesk_settings);
$logIdText = $logId === null ? "Additionally, the error could not be logged! :'(" : "Log ID: {$logId}";
print_error("Exception Occurred", "Fought an uncaught exception. Check the logs for more information. {$logIdText}", $logId);
}
die();
}
/**
* @param $location string
* @param $message string
* @param $stackTrace string
* @param $userContext \BusinessLogic\Security\UserContext
* @param $heskSettings array
* @return int|null The inserted ID, or null if failed to log
* @internal param Exception $exception
*/
function tryToLog($location, $message, $stackTrace, $userContext, $heskSettings) {
global $applicationContext;
/* @var $loggingGateway \DataAccess\Logging\LoggingGateway */
$loggingGateway = $applicationContext->get(\DataAccess\Logging\LoggingGateway::clazz());
try {
return $loggingGateway->logError($location, $message, $stackTrace, $userContext, $heskSettings);
} catch (Exception $squished) {
return null;
}
}
/**
* @param $exception Exception
* @return string The location of the exception
*/
function getLoggingLocation($exception) {
// http://stackoverflow.com/a/9133897/1509431
$trace = $exception->getTrace();
$lastCall = $trace[0];
$location = basename($lastCall['file'], '.php');
if ($location === null || trim($location) === '') {
$location = 'N/A';
}
return "REST API: {$location}";
}
/**
* @param $exception Exception thrown exception
* @param $class string The name of the expected exception type
* @return bool
*/
function exceptionIsOfType($exception, $class) {
return is_a($exception, $class);
}
function fatalErrorShutdownHandler() {
$last_error = error_get_last();
if ($last_error['type'] === E_ERROR) {
// fatal error
errorHandler(E_ERROR, $last_error['message'], $last_error['file'], $last_error['line']);
}
}
Link::before('globalBefore');
Link::all(array(
// Categories
'/v1/categories/all' => action(\Controllers\Categories\CategoryController::clazz() . '::printAllCategories', array(RequestMethod::GET), SecurityHandler::INTERNAL_OR_AUTH_TOKEN),
'/v1/categories' => action(\Controllers\Categories\CategoryController::clazz(), array(RequestMethod::POST), SecurityHandler::INTERNAL_OR_AUTH_TOKEN),
'/v1/categories/{i}' => action(\Controllers\Categories\CategoryController::clazz(), array(RequestMethod::GET, RequestMethod::PUT, RequestMethod::DELETE), SecurityHandler::INTERNAL_OR_AUTH_TOKEN),
'/v1-internal/categories/{i}/sort/{s}' => action(\Controllers\Categories\CategoryController::clazz() . '::sort', array(RequestMethod::POST), SecurityHandler::INTERNAL),
// Tickets
'/v1/tickets' => action(\Controllers\Tickets\CustomerTicketController::clazz(), RequestMethod::all(), SecurityHandler::OPEN),
'/v1/tickets/{i}/replies' => action(\Controllers\Tickets\CustomerReplyController::clazz(), array(RequestMethod::POST), SecurityHandler::OPEN),
// Tickets - Staff
'/v1/staff/tickets/{i}' => action(\Controllers\Tickets\StaffTicketController::clazz(), RequestMethod::all()),
'/v1/staff/tickets/{i}/due-date' => action(\Controllers\Tickets\StaffTicketController::clazz() . '::updateDueDate', array(RequestMethod::PATCH), SecurityHandler::INTERNAL_OR_AUTH_TOKEN),
// Attachments
'/v1/tickets/{a}/attachments/{i}' => action(\Controllers\Attachments\PublicAttachmentController::clazz() . '::getRaw', RequestMethod::all()),
'/v1/staff/tickets/{i}/attachments' => action(\Controllers\Attachments\StaffTicketAttachmentsController::clazz(), RequestMethod::all()),
'/v1/staff/tickets/{i}/attachments/{i}' => action(\Controllers\Attachments\StaffTicketAttachmentsController::clazz(), RequestMethod::all()),
// Statuses
'/v1/statuses' => action(\Controllers\Statuses\StatusController::clazz(), RequestMethod::all()),
// Settings
'/v1/settings' => action(\Controllers\Settings\SettingsController::clazz(), RequestMethod::all()),
// Calendar
'/v1/calendar/business-hours' => action(\Controllers\Calendar\CalendarController::clazz() . '::getBusinessHours', array(RequestMethod::GET), SecurityHandler::OPEN),
'/v1/calendar/events' => action(\Controllers\Calendar\CalendarController::clazz(), array(RequestMethod::GET), SecurityHandler::OPEN),
'/v1/calendar/events/staff' => action(\Controllers\Calendar\CalendarController::clazz(), array(RequestMethod::GET, RequestMethod::POST), SecurityHandler::INTERNAL_OR_AUTH_TOKEN),
'/v1/calendar/events/staff/{i}' => action(\Controllers\Calendar\CalendarController::clazz(), array(RequestMethod::PUT, RequestMethod::DELETE), SecurityHandler::INTERNAL_OR_AUTH_TOKEN),
// Service Messages
'/v1/service-messages' => action(\Controllers\ServiceMessages\ServiceMessagesController::clazz(),
array(RequestMethod::GET, RequestMethod::POST),
SecurityHandler::OPEN),
'/v1/service-messages/{i}' => action(\Controllers\ServiceMessages\ServiceMessagesController::clazz(),
array(RequestMethod::PUT, RequestMethod::DELETE),
SecurityHandler::INTERNAL_OR_AUTH_TOKEN),
'/v1-internal/service-messages/{i}/sort/{s}' => action(\Controllers\ServiceMessages\ServiceMessagesController::clazz() . '::sort',
array(RequestMethod::POST),
SecurityHandler::INTERNAL),
/* Internal use only routes */
// Resend email response
'/v1-internal/staff/tickets/{i}/resend-email' =>
action(\Controllers\Tickets\ResendTicketEmailToCustomerController::clazz(), RequestMethod::all(), SecurityHandler::INTERNAL),
// Custom Navigation
'/v1-internal/custom-navigation/all' =>
action(\Controllers\Navigation\CustomNavElementController::clazz() . '::getAll', RequestMethod::all(), SecurityHandler::INTERNAL),
'/v1-internal/custom-navigation' =>
action(\Controllers\Navigation\CustomNavElementController::clazz(), RequestMethod::all(), SecurityHandler::INTERNAL),
'/v1-internal/custom-navigation/{i}' =>
action(\Controllers\Navigation\CustomNavElementController::clazz(), RequestMethod::all(), SecurityHandler::INTERNAL),
'/v1-internal/custom-navigation/{i}/sort/{s}' =>
action(\Controllers\Navigation\CustomNavElementController::clazz() . '::sort', RequestMethod::all(), SecurityHandler::INTERNAL),
'/v1-public/hesk-version' =>
action(\Controllers\System\HeskVersionController::clazz() . '::getHeskVersion', RequestMethod::all(), SecurityHandler::OPEN),
'/v1-public/mods-for-hesk-version' =>
action(\Controllers\System\HeskVersionController::clazz() . '::getModsForHeskVersion', RequestMethod::all(), SecurityHandler::OPEN),
// Any URL that doesn't match goes to the 404 handler
'404' => 'handle404'
));
/**
* @param $class object|string The class name (and optional static method)
* @param $requestMethods array The accepted request methods for this endpoint
* @param $securityHandler string The proper security handler
* @return array The configured path
*/
function action($class, $requestMethods, $securityHandler = SecurityHandler::AUTH_TOKEN) {
return array($class, $class, $securityHandler, $requestMethods);
}
class SecurityHandler {
const OPEN = 'publicHandler';
const INTERNAL = 'internalHandler';
const AUTH_TOKEN = 'authTokenHandler';
const INTERNAL_OR_AUTH_TOKEN = 'internalOrAuthHandler';
}