MaketRandevu/application/libraries/Api.php

<?php use JetBrains\PhpStorm\NoReturn;

defined('BASEPATH') or exit('No direct script access allowed');

/* ----------------------------------------------------------------------------
 * MaketRandevu - MAKET Randevu Portalı
 *
 * @package     EasyAppointments
 * @author      A.Tselegidis <alextselegidis@gmail.com>
 * @copyright   Copyright (c) Alex Tselegidis
 * @license     https://opensource.org/licenses/GPL-3.0 - GPLv3
 * @link        https://easyappointments.org
 * @since       v1.5.0
 * ---------------------------------------------------------------------------- */

/**
 * Api library.
 *
 * Handles API related functionality.
 *
 * @package Libraries
 */
class Api
{
    /**
     * @var EA_Controller|CI_Controller
     */
    protected EA_Controller|CI_Controller $CI;

    /**
     * @var int
     */
    protected int $default_length = 20;

    /**
     * @var EA_Model
     */
    protected EA_Model $model;

    /**
     * Api constructor.
     */
    public function __construct()
    {
        $this->CI = &get_instance();

        $this->CI->load->library('accounts');
    }

    /**
     * Load and use the provided model class.
     *
     * @param string $model
     */
    public function model(string $model): void
    {
        $this->CI->load->model($model);

        $this->model = $this->CI->{$model};
    }

    /**
     * Authorize the API request (Basic Auth or Bearer Token supported).
     */
    public function auth(): void
    {
        try {
            // Bearer token.
            $api_token = setting('api_token');

            if (!empty($api_token) && $api_token === $this->get_bearer_token()) {
                return;
            }

            // Basic auth.
            $username = $_SERVER['PHP_AUTH_USER'] ?? null;

            $password = $_SERVER['PHP_AUTH_PW'] ?? null;

            $user_data = $this->CI->accounts->check_login($username, $password);

            if (empty($user_data['role_slug']) || $user_data['role_slug'] !== DB_SLUG_ADMIN) {
                throw new RuntimeException(
                    'The provided credentials do not match any admin user!',
                    401,
                    'Unauthorized',
                );
            }
        } catch (Throwable) {
            $this->request_authentication();
        }
    }

    /**
     * Returns the bearer token value.
     *
     * @return string|null
     */
    protected function get_bearer_token(): ?string
    {
        $headers = $this->get_authorization_header();

        // HEADER: Get the access token from the header

        if (!empty($headers)) {
            if (preg_match('/Bearer\s(\S+)/', $headers, $matches)) {
                return $matches[1];
            }
        }

        return null;
    }

    /**
     * Returns the authorization header.
     *
     * @return string|null
     */
    protected function get_authorization_header(): ?string
    {
        $headers = null;

        if (isset($_SERVER['Authorization'])) {
            $headers = trim($_SERVER['Authorization']);
        } else {
            if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
                // Nginx or fast CGI
                $headers = trim($_SERVER['HTTP_AUTHORIZATION']);
            } elseif (function_exists('apache_request_headers')) {
                $requestHeaders = apache_request_headers();

                // Server-side fix for bug in old Android versions (a nice side effect of this fix means we don't care
                // about capitalization for Authorization).
                $requestHeaders = array_combine(
                    array_map('ucwords', array_keys($requestHeaders)),
                    array_values($requestHeaders),
                );

                if (isset($requestHeaders['Authorization'])) {
                    $headers = trim($requestHeaders['Authorization']);
                }
            }
        }

        return $headers;
    }

    /**
     * Sets request authentication headers.
     */
    #[NoReturn]
    public function request_authentication(): void
    {
        header('WWW-Authenticate: Basic realm="MAKET Randevu"');
        header('HTTP/1.0 401 Unauthorized');
        exit('You are not authorized to use the API.');
    }

    /**
     * Get the search keyword value of the current request.
     *
     * @return string|null
     */
    public function request_keyword(): ?string
    {
        return request('q');
    }

    /**
     * Get the limit value of the current request.
     *
     * @return int|null
     */
    public function request_limit(): ?int
    {
        return request('length', $this->default_length);
    }

    /**
     * Get the limit value of the current request.
     *
     * @return int|null
     */
    public function request_offset(): ?int
    {
        $page = request('page', 1);

        $length = request('length', $this->default_length);

        return ($page - 1) * $length;
    }

    /**
     * Get the order by value of the current request.
     *
     * @return string|null
     */
    public function request_order_by(): ?string
    {
        $sort = request('sort');

        if (!$sort) {
            return null;
        }

        $sort_tokens = array_map('trim', explode(',', $sort));

        $order_by = [];

        foreach ($sort_tokens as $sort_token) {
            $api_field = substr($sort_token, 1);

            $direction_operator = substr($sort_token, 0, 1);

            if (!in_array($direction_operator, ['-', '+'])) {
                $direction_operator = '+';
                $api_field = $sort_token;
            }

            $db_field = $this->model->db_field($api_field);

            $direction = $direction_operator === '-' ? 'DESC' : 'ASC';

            $order_by[] = $db_field . ' ' . $direction;
        }

        return implode(', ', $order_by);
    }

    /**
     * Get the chosen "fields" array of the current request.
     *
     * @return array|null
     */
    public function request_fields(): ?array
    {
        $fields = request('fields');

        if (!$fields) {
            return null;
        }

        return array_map('trim', explode(',', $fields));
    }

    /**
     * Get the provided "with" array of the current request.
     *
     * @return array|null
     */
    public function request_with(): ?array
    {
        $with = request('with');

        if (!$with) {
            return null;
        }

        return array_map('trim', explode(',', $with));
    }
}
-												Resolve various PHP inspection issues

											
										
										
											2023-03-13 11:06:18 +03:00
+								<?php use JetBrains\PhpStorm\NoReturn;
 								defined('BASEPATH') or exit('No direct script access allowed');
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
 								/* ----------------------------------------------------------------------------
-												Initial Commit for MaketRandevu

											
										
										
											2024-01-01 01:14:38 +03:00
+								 * MaketRandevu - MAKET Randevu Portalı
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								 *
 								 * @package     EasyAppointments
 								 * @author      A.Tselegidis <alextselegidis@gmail.com>
-												Updated the file banner info

											
										
										
											2021-12-18 19:43:45 +03:00
+								 * @copyright   Copyright (c) Alex Tselegidis
 								 * @license     https://opensource.org/licenses/GPL-3.0 - GPLv3
 								 * @link        https://easyappointments.org
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								 * @since       v1.5.0
 								 * ---------------------------------------------------------------------------- */
 								/**
 								 * Api library.
 								 *
 								 * Handles API related functionality.
 								 *
 								 * @package Libraries
 								 */
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								class Api
 								{
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								    /**
-												Resolve various PHP inspection issues

											
										
										
											2023-03-13 11:06:18 +03:00
+								     * @var EA_Controller|CI_Controller
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								     */
-												Resolve various PHP inspection issues

											
										
										
											2023-03-13 11:06:18 +03:00
+								    protected EA_Controller|CI_Controller $CI;
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
 								    /**
 								     * @var int
 								     */
-												Resolve various PHP inspection issues

											
										
										
											2023-03-13 11:06:18 +03:00
+								    protected int $default_length = 20;
-												The API library can correctly sort and set the CORS headers

											
										
										
											2021-11-03 10:21:30 +03:00
 								    /**
 								     * @var EA_Model
 								     */
-												Resolve various PHP inspection issues

											
										
										
											2023-03-13 11:06:18 +03:00
+								    protected EA_Model $model;
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
 								    /**
 								     * Api constructor.
 								     */
 								    public function __construct()
 								    {
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        $this->CI = &get_instance();
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
 								        $this->CI->load->library('accounts');
 								    }
-												The API library can correctly sort and set the CORS headers

											
										
										
											2021-11-03 10:21:30 +03:00
+								    /**
 								     * Load and use the provided model class.
 								     *
 								     * @param string $model
 								     */
-												Resolve various PHP inspection issues

											
										
										
											2023-03-13 11:06:18 +03:00
+								    public function model(string $model): void
-												The API library can correctly sort and set the CORS headers

											
										
										
											2021-11-03 10:21:30 +03:00
+								    {
 								        $this->CI->load->model($model);
 								        $this->model = $this->CI->{$model};
 								    }
 								    /**
 								     * Authorize the API request (Basic Auth or Bearer Token supported).
 								     */
-												Resolve various PHP inspection issues

											
										
										
											2023-03-13 11:06:18 +03:00
+								    public function auth(): void
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								    {
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        try {
 								            // Bearer token.
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								            $api_token = setting('api_token');
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								            if (!empty($api_token) && $api_token === $this->get_bearer_token()) {
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								                return;
 								            }
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								            // Basic auth.
 								            $username = $_SERVER['PHP_AUTH_USER'] ?? null;
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								            $password = $_SERVER['PHP_AUTH_PW'] ?? null;
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
-												Rename variable

											
										
										
											2023-10-09 10:56:40 +03:00
+								            $user_data = $this->CI->accounts->check_login($username, $password);
-												Check the role slug in Api.php

											
										
										
											2022-05-10 00:26:28 +03:00
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								            if (empty($user_data['role_slug']) || $user_data['role_slug'] !== DB_SLUG_ADMIN) {
 								                throw new RuntimeException(
 								                    'The provided credentials do not match any admin user!',
 ,
-												Reformat entire codebase for trailing comma that will make line duplication easier

											
										
										
											2023-12-22 13:35:41 +03:00
+								                    'Unauthorized',
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								                );
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								            }
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        } catch (Throwable) {
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								            $this->request_authentication();
 								        }
 								    }
 								    /**
 								     * Returns the bearer token value.
 								     *
-												Resolve various PHP inspection issues

											
										
										
											2023-03-13 11:06:18 +03:00
+								     * @return string|null
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								     */
 								    protected function get_bearer_token(): ?string
 								    {
 								        $headers = $this->get_authorization_header();
 								        // HEADER: Get the access token from the header
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        if (!empty($headers)) {
 								            if (preg_match('/Bearer\s(\S+)/', $headers, $matches)) {
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								                return $matches[1];
 								            }
 								        }
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        return null;
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								    }
 								    /**
 								     * Returns the authorization header.
 								     *
 								     * @return string|null
 								     */
 								    protected function get_authorization_header(): ?string
 								    {
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        $headers = null;
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        if (isset($_SERVER['Authorization'])) {
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								            $headers = trim($_SERVER['Authorization']);
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        } else {
 								            if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								                // Nginx or fast CGI
 								                $headers = trim($_SERVER['HTTP_AUTHORIZATION']);
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								            } elseif (function_exists('apache_request_headers')) {
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								                $requestHeaders = apache_request_headers();
 								                // Server-side fix for bug in old Android versions (a nice side effect of this fix means we don't care
 								                // about capitalization for Authorization).
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								                $requestHeaders = array_combine(
 								                    array_map('ucwords', array_keys($requestHeaders)),
-												Reformat entire codebase for trailing comma that will make line duplication easier

											
										
										
											2023-12-22 13:35:41 +03:00
+								                    array_values($requestHeaders),
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								                );
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								                if (isset($requestHeaders['Authorization'])) {
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								                    $headers = trim($requestHeaders['Authorization']);
 								                }
 								            }
 								        }
 								        return $headers;
 								    }
 								    /**
 								     * Sets request authentication headers.
 								     */
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								    #[NoReturn]
 								    public function request_authentication(): void
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								    {
-												update languages and branding

											
										
										
											2024-01-01 19:53:24 +03:00
+								        header('WWW-Authenticate: Basic realm="MAKET Randevu"');
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								        header('HTTP/1.0 401 Unauthorized');
 								        exit('You are not authorized to use the API.');
 								    }
 								    /**
 								     * Get the search keyword value of the current request.
 								     *
 								     * @return string|null
 								     */
 								    public function request_keyword(): ?string
 								    {
 								        return request('q');
 								    }
 								    /**
 								     * Get the limit value of the current request.
 								     *
 								     * @return int|null
 								     */
 								    public function request_limit(): ?int
 								    {
 								        return request('length', $this->default_length);
 								    }
 								    /**
 								     * Get the limit value of the current request.
 								     *
 								     * @return int|null
 								     */
 								    public function request_offset(): ?int
 								    {
 								        $page = request('page', 1);
 								        $length = request('length', $this->default_length);
 								        return ($page - 1) * $length;
 								    }
 								    /**
 								     * Get the order by value of the current request.
 								     *
 								     * @return string|null
 								     */
 								    public function request_order_by(): ?string
 								    {
 								        $sort = request('sort');
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        if (!$sort) {
 								            return null;
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								        }
-												The API library can correctly sort and set the CORS headers

											
										
										
											2021-11-03 10:21:30 +03:00
+								        $sort_tokens = array_map('trim', explode(',', $sort));
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
 								        $order_by = [];
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        foreach ($sort_tokens as $sort_token) {
-												The API library can correctly sort and set the CORS headers

											
										
										
											2021-11-03 10:21:30 +03:00
+								            $api_field = substr($sort_token, 1);
-												Added validation to the sort direction value

											
										
										
											2021-11-06 15:30:12 +03:00
+								            $direction_operator = substr($sort_token, 0, 1);
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								            if (!in_array($direction_operator, ['-', '+'])) {
-												Correct the + symbol processing when sorting results in the API controllers (#1322)

											
										
										
											2023-01-23 09:54:06 +03:00
+								                $direction_operator = '+';
 								                $api_field = $sort_token;
-												Added validation to the sort direction value

											
										
										
											2021-11-06 15:30:12 +03:00
+								            }
-												Correct the + symbol processing when sorting results in the API controllers (#1322)

											
										
										
											2023-01-23 09:54:06 +03:00
+								            $db_field = $this->model->db_field($api_field);
-												Added validation to the sort direction value

											
										
										
											2021-11-06 15:30:12 +03:00
+								            $direction = $direction_operator === '-' ? 'DESC' : 'ASC';
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
-												The API library can correctly sort and set the CORS headers

											
										
										
											2021-11-03 10:21:30 +03:00
+								            $order_by[] = $db_field . ' ' . $direction;
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								        }
 								        return implode(', ', $order_by);
 								    }
 								    /**
-												Added support for the "attach" query parameter to all API controllers

											
										
										
											2021-11-06 17:34:54 +03:00
+								     * Get the chosen "fields" array of the current request.
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								     *
 								     * @return array|null
 								     */
 								    public function request_fields(): ?array
 								    {
 								        $fields = request('fields');
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        if (!$fields) {
 								            return null;
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								        }
-												The API library can correctly sort and set the CORS headers

											
										
										
											2021-11-03 10:21:30 +03:00
+								        return array_map('trim', explode(',', $fields));
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								    }
-												Added support for the "attach" query parameter to all API controllers

											
										
										
											2021-11-06 17:34:54 +03:00
 								    /**
-												Renamed the attach query paramter of API controllers to with

											
										
										
											2021-11-06 17:41:11 +03:00
+								     * Get the provided "with" array of the current request.
-												Added support for the "attach" query parameter to all API controllers

											
										
										
											2021-11-06 17:34:54 +03:00
+								     *
 								     * @return array|null
 								     */
-												Renamed the attach query paramter of API controllers to with

											
										
										
											2021-11-06 17:41:11 +03:00
+								    public function request_with(): ?array
-												Added support for the "attach" query parameter to all API controllers

											
										
										
											2021-11-06 17:34:54 +03:00
+								    {
-												Renamed the attach query paramter of API controllers to with

											
										
										
											2021-11-06 17:41:11 +03:00
+								        $with = request('with');
-												Added support for the "attach" query parameter to all API controllers

											
										
										
											2021-11-06 17:34:54 +03:00
-												Enable prettier for php and reformat the entire application directory

											
										
										
											2023-11-29 12:24:09 +03:00
+								        if (!$with) {
 								            return null;
-												Added support for the "attach" query parameter to all API controllers

											
										
										
											2021-11-06 17:34:54 +03:00
+								        }
-												Renamed the attach query paramter of API controllers to with

											
										
										
											2021-11-06 17:41:11 +03:00
+								        return array_map('trim', explode(',', $with));
-												Added support for the "attach" query parameter to all API controllers

											
										
										
											2021-11-06 17:34:54 +03:00
+								    }
-												Created new library that handles common API functionality.

											
										
										
											2021-11-02 12:44:37 +03:00
+								}