You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

199 lines
6.0 KiB
PHP

<?php
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
ob_start();
header('Content-Type: application/json');
require_once __DIR__ . "/../required.php";
require_once __DIR__ . "/../machine.php";
require_once __DIR__ . "/../roles.php";
$VARS;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$VARS = $_POST;
} else {
$VARS = $_GET;
}
function sendError($type, $msg = "An error occurred.") {
$code = 404;
switch ($type) {
case "invalidapikey":
$code = 403;
$msg = "Invalid API key. Access denied.";
break;
case "nopermission":
$code = 403;
$msg = "You don't have permission to do that.";
break;
case "nomachineid":
$code = 400;
$msg = "No machine ID sent.";
break;
case "dberror":
$code = 500;
$msg = "The database encountered an error: $msg";
}
http_response_code($code);
die(json_encode([
"status" => "ERROR",
"message" => $msg
]));
}
if (!$database->has('apikeys', ['key' => $VARS['key']])) {
sendError("invalidapikey");
}
function dieWithoutRole($roleid) {
global $VARS;
$roles = [];
if (is_array($roleid)) {
$roles = $roleid;
} else {
$roles = [$roleid];
}
$hasrole = false;
foreach ($roles as $r) {
if (Roles::has($VARS['key'], $r)) {
$hasrole = true;
}
}
if (!$hasrole) {
sendError("nopermission");
}
}
switch ($VARS['action']) {
/* Get info */
case "getmachineinfo":
dieWithoutRole(Roles::ROLE_VIEWBYID);
if (empty($VARS['id'])) {
sendError("nomachineid");
}
try {
$machine = new Machine($VARS['id']);
echo json_encode($machine->getMachineInfo());
} catch (Exception $e) {
sendError("", $e->getMessage());
}
break;
case "getmachinehistory":
dieWithoutRole(Roles::ROLE_VIEWBYID);
if (empty($VARS['id'])) {
sendError("nomachineid");
}
try {
$machine = new Machine($VARS['id']);
echo json_encode($machine->getHistory());
} catch (Exception $e) {
sendError("", $e->getMessage());
}
break;
case "getmachinecomponents":
dieWithoutRole(Roles::ROLE_VIEWBYID);
if (empty($VARS['id'])) {
sendError("nomachineid");
}
try {
$machine = new Machine($VARS['id']);
echo json_encode($machine->getComponents());
} catch (Exception $e) {
sendError("", $e->getMessage());
}
break;
case "geteventtypes":
echo json_encode($database->select('event_types', ['eventid (id)', 'eventname (name)']));
break;
case "getcomponenttypes":
echo json_encode($database->select('component_types', ['typeid (id)', 'typename (name)']));
break;
/* Save info */
case "addmachine":
dieWithoutRole(Roles::ROLE_ADDEDIT);
if (empty($VARS['id'])) {
$VARS['id'] = Machine::generateId();
}
if ($database->has('machines', ['machineid' => $VARS['id']])) {
sendError("", "A machine with that ID already exists.");
}
$data = [];
$data['machineid'] = $VARS['id'];
if (empty($VARS['notes'])) {
$data['notes'] = "";
} else {
$data['notes'] = $VARS['notes'];
}
if (!empty($VARS['model'])) {
$data['model'] = $VARS['model'];
}
if (!empty($VARS['condition'])) {
if (is_numeric($VARS['condition']) && $VARS['condition'] > 0 && $VARS['condition'] < 10) {
$data['condition'] = $VARS['condition'] * 1.0;
} else {
sendError("", "Machine condition must be a number and 0 < condition < 10.");
}
}
if (!empty($VARS['price'])) {
if (is_numeric($VARS['price']) && $VARS['price'] > 0 && $VARS['price'] < 10000.0) {
$data['price'] = $VARS['price'] * 1.0;
} else {
sendError("", "Machine price must be a number and 0 < price < 10000.");
}
}
if (!empty($VARS['os'])) {
$data['os'] = $VARS['os'];
}
$database->insert('machines', $data);
if ($database->error()[1] != 0) {
sendError("dberror", $database->error()[2]);
}
exit(json_encode(["status" => "OK", "id" => $data['machineid']]));
break;
case "addhistory":
dieWithoutRole([Roles::ROLE_ADDEDIT, Roles::ROLE_ADDHIST]);
if (empty($VARS['id'])) {
sendError("nomachineid");
}
try {
$machine = new Machine($VARS['id']);
$machine->addHistory($VARS['date'], $VARS['event'], $VARS['notes']);
exit(json_encode(["status" => "OK"]));
} catch (Exception $e) {
sendError("", $e->getMessage());
}
break;
case "addcomponent":
dieWithoutRole(Roles::ROLE_ADDEDIT);
if (empty($VARS['id'])) {
sendError("nomachineid");
}
try {
$machine = new Machine($VARS['id']);
$machine->addComponent($VARS['serial'], $VARS['type'], $VARS['tested'], $VARS['notes'], $VARS['capacity'], $VARS['model']);
exit(json_encode(["status" => "OK"]));
} catch (Exception $e) {
sendError("", $e->getMessage());
}
break;
case "ping":
exit(json_encode(['status' => 'OK']));
case "myroles":
$roles = $database->select('permissions', ['[>]roles' => 'roleid'], ['roles.roleid (id)', 'rolename (name)'], ['apikey' => $VARS['key']]);
exit(json_encode(["status" => "OK", "roles" => $roles]));
break;
default:
sendError("", "Invalid action or no action sent.");
}