Joywork/api/complex/index.php
2026-05-22 21:21:54 +03:00

219 lines
6.9 KiB
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
// error_reporting(E_ALL | E_STRICT);
// ini_set('display_errors', 1);
require_once($_SERVER['DOCUMENT_ROOT']."/ajax/vue_php_function.php");
require_once($_SERVER['DOCUMENT_ROOT']."/api/complex/Controllers/MediaController.php");
function handleCors() {
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization");
header('Content-Type: application/json');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit();
}
}
handleCors();
$authUser = null;
$method = $_SERVER['REQUEST_METHOD'];
$uri = $_SERVER['REQUEST_URI'];
$uri = str_replace('/api/complex', '', $uri);
$uri = strtok($uri, '?');
$segments = explode('/', trim($uri, '/'));
$controller = new MediaController();
$routes = [
'home/{homeId}/media/completion' => [
'GET' => ['action' => 'getHouseMediaCompletionPercentage', 'middleware' => ['auth', 'can:view|modify']],
],
'home/{homeId}/media/thumbnails' => [
'GET' => ['action' => 'getMediaThumbnails', 'middleware' => ['auth', 'can:view|modify']],
],
'home/{homeId}/media/{media_id}' => [
'DELETE' => ['action' => 'delete', 'middleware' => ['auth', 'can:modify']],
],
'home/{homeId}/media' => [
'GET' => ['action' => 'index', 'middleware' => ['auth', 'can:view|modify']],
'POST' => ['action' => 'store', 'middleware' => ['auth', 'can:modify']],
],
'home/{homeId}/media-sets/{set_id}/rooms' => [
'POST' => ['action' => 'connectSetToRooms', 'middleware' => ['auth', 'can:modify']],
],
'home/{homeId}/media-sets/{set_id}' => [
'DELETE' => ['action' => 'deleteMediaSet', 'middleware' => ['auth', 'can:modify']],
'PUT' => ['action' => 'updateMediaSet', 'middleware' => ['auth', 'can:modify']],
],
'home/{homeId}/media-sets' => [
'POST' => ['action' => 'createMediaSet', 'middleware' => ['auth', 'can:modify']],
'GET' => ['action' => 'getMediaSets', 'middleware' => ['auth', 'can:view|modify']],
],
'home/{homeId}/room/{roomId}/media' => [
'GET' => ['action' => 'getMediaSetForRoom', 'middleware' => ['auth', 'can:view|modify']],
],
];
$segmentCount = count($segments);
$queryParams = [];
if (!empty($_SERVER['QUERY_STRING'])) {
parse_str($_SERVER['QUERY_STRING'], $queryParams);
}
foreach ($routes as $pattern => $methods) {
$patternSegments = explode('/', $pattern);
// Quick segment count check
if ($segmentCount !== count($patternSegments)) continue;
$params = [];
$match = true;
foreach ($patternSegments as $i => $patSegment) {
if (substr($patSegment, 0, 1) === '{' && substr($patSegment, -1) === '}') {
$paramName = trim($patSegment, '{}');
$params[$paramName] = $segments[$i];
} elseif ($patSegment !== $segments[$i]) {
$match = false;
break;
}
}
if ($match && isset($methods[$method])) {
$routeConfig = $methods[$method];
$action = null;
if (is_string($routeConfig)) {
$action = $routeConfig;
$middlewares = [];
} else {
$action = $routeConfig['action'];
$middlewares = isset($routeConfig['middleware']) ? $routeConfig['middleware'] : [];
}
foreach ($middlewares as $mw) {
switch ($mw) {
case 'auth':
authenticate($params);
break;
case 'can:view|modify':
if (!canModifyResource($authUser) && !canViewResource($authUser)) {
unauthorized('Неправильные доступы.');
}
break;
case 'can:modify':
if ($_SESSION['pay']) {
unauthorized('Вы не сможете отредактировать медиаматериалы, так как у вас не оплачен тариф.');
}
if (!canModifyResource($authUser)) {
unauthorized('Неправильные доступы отредактирования.');
}
break;
}
}
$body = null;
if ($method === 'POST' || $method === 'PUT') {
// For form-urlencoded or multipart/form-data
$body = [
'fields' => $_POST
];
// If you expect JSON payload
$input = file_get_contents('php://input');
if ($input) {
$decoded = json_decode($input, true);
if ($decoded) {
$body = [
'fields' => $decoded
];
}
}
if (count($_FILES)) {
$body['files'] = $_FILES;
}
}
// Call the controller dynamically
if (strpos($action, 'delete') !== false) {
$entityId = isset($segments[3]) ? (int)$segments[3] : null;
$controller->$action((int)$params['homeId'], $entityId);
} elseif ($method === 'POST' || $method === 'PUT') {
$controller->$action($params, $body);
} else {
$controller->$action($params, $queryParams);
}
}
}
function authenticate($params)
{
global $controller, $authUser;
$sessionId = null;
$session = $_SESSION;
if (!isset($session['id']) || !$session['id']) {
unauthorized('Требуется авторизация.');
}
$sessionId = $session['id'];
$authUser = $controller->findUser($sessionId);
if (!validateSession($sessionId, $authUser, $params)) {
unauthorized('Invalid session');
}
}
function unauthorized($message = 'Unauthorized')
{
http_response_code(401);
echo json_encode(['error' => $message]);
exit;
}
function validateSession($sessionId, $authUser, $params)
{
global $controller;
if (!isset($authUser['id']))
return false;
$houseComplexAgencyId = $controller->findHouseComplexAgency($params['homeId']);
return $authUser && ($authUser['id'] == $sessionId) && $houseComplexAgencyId === $_SESSION['agency_id'];
}
function canModifyResource($authUser)
{
if (!isset($_SESSION['ahatnc']))
return false;
$agenciesHaveAccessToNewComplexes = unserialize(base64_decode($_SESSION['ahatnc']));
$userModel = new User;
$hasMenuPermission = $userModel->checkMenuPermissions("menu_complexes");
$authUserHasPermission = ($authUser['agency'] || $authUser['users_admin'] || $hasMenuPermission);
$agencyHasPermission = in_array($_SESSION['agency_id'] , $agenciesHaveAccessToNewComplexes);
if ($hasMenuPermission || ($authUserHasPermission && $agencyHasPermission)) {
return true;
}
return false;
}
function canViewResource($authUser)
{
return $authUser['role_developer'];
}