Joywork/api/complex/index.php

219 lines
6.9 KiB
PHP
Raw Permalink Normal View History

2026-05-22 20:21:54 +02:00
<?php
// error_reporting(E_ALL | E_STRICT);
// ini_set('display_errors', 1);
require_once($_SERVER['DOCUMENT_ROOT']."/ajax/vue_php_function.php");
require_once($_SERVER['DOCUMENT_ROOT']."/api/complex/Controllers/MediaController.php");
function handleCors() {
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization");
header('Content-Type: application/json');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit();
}
}
handleCors();
$authUser = null;
$method = $_SERVER['REQUEST_METHOD'];
$uri = $_SERVER['REQUEST_URI'];
$uri = str_replace('/api/complex', '', $uri);
$uri = strtok($uri, '?');
$segments = explode('/', trim($uri, '/'));
$controller = new MediaController();
$routes = [
'home/{homeId}/media/completion' => [
'GET' => ['action' => 'getHouseMediaCompletionPercentage', 'middleware' => ['auth', 'can:view|modify']],
],
'home/{homeId}/media/thumbnails' => [
'GET' => ['action' => 'getMediaThumbnails', 'middleware' => ['auth', 'can:view|modify']],
],
'home/{homeId}/media/{media_id}' => [
'DELETE' => ['action' => 'delete', 'middleware' => ['auth', 'can:modify']],
],
'home/{homeId}/media' => [
'GET' => ['action' => 'index', 'middleware' => ['auth', 'can:view|modify']],
'POST' => ['action' => 'store', 'middleware' => ['auth', 'can:modify']],
],
'home/{homeId}/media-sets/{set_id}/rooms' => [
'POST' => ['action' => 'connectSetToRooms', 'middleware' => ['auth', 'can:modify']],
],
'home/{homeId}/media-sets/{set_id}' => [
'DELETE' => ['action' => 'deleteMediaSet', 'middleware' => ['auth', 'can:modify']],
'PUT' => ['action' => 'updateMediaSet', 'middleware' => ['auth', 'can:modify']],
],
'home/{homeId}/media-sets' => [
'POST' => ['action' => 'createMediaSet', 'middleware' => ['auth', 'can:modify']],
'GET' => ['action' => 'getMediaSets', 'middleware' => ['auth', 'can:view|modify']],
],
'home/{homeId}/room/{roomId}/media' => [
'GET' => ['action' => 'getMediaSetForRoom', 'middleware' => ['auth', 'can:view|modify']],
],
];
$segmentCount = count($segments);
$queryParams = [];
if (!empty($_SERVER['QUERY_STRING'])) {
parse_str($_SERVER['QUERY_STRING'], $queryParams);
}
foreach ($routes as $pattern => $methods) {
$patternSegments = explode('/', $pattern);
// Quick segment count check
if ($segmentCount !== count($patternSegments)) continue;
$params = [];
$match = true;
foreach ($patternSegments as $i => $patSegment) {
if (substr($patSegment, 0, 1) === '{' && substr($patSegment, -1) === '}') {
$paramName = trim($patSegment, '{}');
$params[$paramName] = $segments[$i];
} elseif ($patSegment !== $segments[$i]) {
$match = false;
break;
}
}
if ($match && isset($methods[$method])) {
$routeConfig = $methods[$method];
$action = null;
if (is_string($routeConfig)) {
$action = $routeConfig;
$middlewares = [];
} else {
$action = $routeConfig['action'];
$middlewares = isset($routeConfig['middleware']) ? $routeConfig['middleware'] : [];
}
foreach ($middlewares as $mw) {
switch ($mw) {
case 'auth':
authenticate($params);
break;
case 'can:view|modify':
if (!canModifyResource($authUser) && !canViewResource($authUser)) {
unauthorized('Неправильные доступы.');
}
break;
case 'can:modify':
if ($_SESSION['pay']) {
unauthorized('Вы не сможете отредактировать медиаматериалы, так как у вас не оплачен тариф.');
}
if (!canModifyResource($authUser)) {
unauthorized('Неправильные доступы отредактирования.');
}
break;
}
}
$body = null;
if ($method === 'POST' || $method === 'PUT') {
// For form-urlencoded or multipart/form-data
$body = [
'fields' => $_POST
];
// If you expect JSON payload
$input = file_get_contents('php://input');
if ($input) {
$decoded = json_decode($input, true);
if ($decoded) {
$body = [
'fields' => $decoded
];
}
}
if (count($_FILES)) {
$body['files'] = $_FILES;
}
}
// Call the controller dynamically
if (strpos($action, 'delete') !== false) {
$entityId = isset($segments[3]) ? (int)$segments[3] : null;
$controller->$action((int)$params['homeId'], $entityId);
} elseif ($method === 'POST' || $method === 'PUT') {
$controller->$action($params, $body);
} else {
$controller->$action($params, $queryParams);
}
}
}
function authenticate($params)
{
global $controller, $authUser;
$sessionId = null;
$session = $_SESSION;
if (!isset($session['id']) || !$session['id']) {
unauthorized('Требуется авторизация.');
}
$sessionId = $session['id'];
$authUser = $controller->findUser($sessionId);
if (!validateSession($sessionId, $authUser, $params)) {
unauthorized('Invalid session');
}
}
function unauthorized($message = 'Unauthorized')
{
http_response_code(401);
echo json_encode(['error' => $message]);
exit;
}
function validateSession($sessionId, $authUser, $params)
{
global $controller;
if (!isset($authUser['id']))
return false;
$houseComplexAgencyId = $controller->findHouseComplexAgency($params['homeId']);
return $authUser && ($authUser['id'] == $sessionId) && $houseComplexAgencyId === $_SESSION['agency_id'];
}
function canModifyResource($authUser)
{
if (!isset($_SESSION['ahatnc']))
return false;
$agenciesHaveAccessToNewComplexes = unserialize(base64_decode($_SESSION['ahatnc']));
$userModel = new User;
$hasMenuPermission = $userModel->checkMenuPermissions("menu_complexes");
$authUserHasPermission = ($authUser['agency'] || $authUser['users_admin'] || $hasMenuPermission);
$agencyHasPermission = in_array($_SESSION['agency_id'] , $agenciesHaveAccessToNewComplexes);
if ($hasMenuPermission || ($authUserHasPermission && $agencyHasPermission)) {
return true;
}
return false;
}
function canViewResource($authUser)
{
return $authUser['role_developer'];
}