tools
/
death-notifier
1
0
Fork 0
Code Issues 4 Pull Requests Releases 8 Activity
death-notifier/src/main/api.php

369 lines
13 KiB
PHP
Raw Blame History

<?php
namespace main;
use PHPMailer\PHPMailer\Exception;
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use SQLite3;
/** @noinspection PhpIncludeInspection Exists after `npm run deploy` */
require_once __DIR__ . "/vendor/autoload.php";
require_once __DIR__ . "/Database.php";
require_once __DIR__ . "/MyMediawiki.php";
header("Content-type:application/json;charset=utf-8");
// Load config
$config = parse_ini_file("config.default.ini.php", process_sections: true, scanner_mode: INI_SCANNER_TYPED);
if (file_exists("config.ini.php")) {
$config_custom = parse_ini_file("config.ini.php", process_sections: true, scanner_mode: INI_SCANNER_TYPED);
$config = array_merge($config, $config_custom);
}
// Create db if it does not exist
if (!file_exists($config["database"]["filename"])) {
(new SQLite3($config["database"]["filename"]))->close();
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$db->install();
$db->close();
}
// Start session
session_start();
if (!isset($_SESSION["token"])) {
$_SESSION["token"] = bin2hex(random_bytes(32));
}
// Read JSON from POST, if it's there
if (empty($_POST)) {
$_POST = json_decode(file_get_contents("php://input"), associative: true);
}
$response = array();
$response["satisfied"] = false;
$response["token"] = $_SESSION["token"];
if (isset($_POST["action"])) {
// Process POST
switch ($_POST["action"]) {
case "register":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
$response["message"] = "no token, or invalid token";
break;
}
if (isset($_SESSION["uuid"])) {
$response["message"] = "already logged in";
break;
}
if (!isset($_POST["email"], $_POST["password"], $_POST["password_confirm"])) {
$response["message"] = "missing inputs";
break;
}
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$response["message"] = "invalid email";
break;
}
if ($_POST["password"] !== $_POST["password_confirm"]) {
$response["message"] = "differing passwords";
break;
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
$email_is_in_use = $db->get_user_by_email($_POST["email"]) !== null;
$db->close();
if ($email_is_in_use) {
$response["message"] = "email already in use";
break;
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
try {
$uuid = bin2hex(random_bytes(16));
} catch (\Exception $exception) {
$response["message"] = "unknown database error";
break;
}
$db->add_user($uuid, $_POST["email"], $_POST["password"]);
$db->close();
$response["satisfied"] = true;
break;
case "login":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
$response["message"] = "no token, or invalid token";
break;
}
if (!isset($_POST["email"], $_POST["password"])) {
$response["message"] = "missing inputs";
break;
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$user = $db->get_user_by_email($_POST["email"]);
$db->close();
if ($user === null || !password_verify($_POST["password"], $user["password"])) {
$response["message"] = "wrong password";
break;
}
$_SESSION["uuid"] = $user["uuid"];
$response["satisfied"] = true;
break;
case "logout":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
$response["message"] = "no token, or invalid token";
break;
}
session_destroy();
session_start();
$_SESSION["token"] = bin2hex(random_bytes(32));
$response["satisfied"] = true;
$response["token"] = $_SESSION["token"];
break;
case "user-update-email":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
$response["message"] = "no token, or invalid token";
break;
}
if (!isset($_SESSION["uuid"])) {
$response["message"] = "not logged in";
break;
}
if (!isset($_POST["email"])) {
$response["message"] = "missing inputs";
break;
}
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$response["message"] = "invalid email";
break;
}
// TODO: Check if user exists
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
if ($db->get_user_by_email($_POST["email"]) !== null) {
$response["message"] = "email already in use";
break;
}
$db->close();
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$db->set_user_email($_SESSION["uuid"], $_POST["email"]);
$db->close();
$response["satisfied"] = "true";
break;
case "user-update-password":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
$response["message"] = "no token, or invalid token";
break;
}
if (!isset($_SESSION["uuid"])) {
$response["message"] = "not logged in";
break;
}
if (!isset($_POST["password_old"], $_POST["password_new"], $_POST["password_confirm"])) {
$response["message"] = "missing inputs";
break;
}
// TODO: Check if user exists
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$user = $db->get_user_by_uuid($_SESSION["uuid"]);
$db->close();
if ($user === null || !password_verify($_POST["password_old"], $user["password"])) {
$response["message"] = "wrong password";
break;
}
if ($_POST["password_new"] !== $_POST["password_confirm"]) {
$response["message"] = "differing passwords";
break;
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$db->set_user_password($_SESSION["uuid"], $_POST["password"]);
$db->close();
$response["satisfied"] = true;
break;
case "user-delete":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
$response["message"] = "no token, or invalid token";
break;
}
if (!isset($_SESSION["uuid"])) {
$response["message"] = "not logged in";
break;
}
// TODO: Check if user exists
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$db->delete_user($_SESSION["uuid"]);
$db->close();
session_destroy();
$response["satisfied"] = true;
break;
case "add-tracking":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
$response["message"] = "no token, or invalid token";
break;
}
if (!isset($_SESSION["uuid"])) {
$response["message"] = "not logged in";
break;
}
if (!isset($_POST["person_name"])) {
$response["message"] = "missing inputs";
break;
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
$tracking_already_exists = $db->has_tracking($_SESSION["uuid"], $_POST["person_name"]);
$db->close();
if ($tracking_already_exists) {
$response["message"] = "tracking already exists";
break;
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$db->add_tracking($_SESSION["uuid"], $_POST["person_name"]);
$db->close();
$response["satisfied"] = true;
break;
case "delete-tracking":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
$response["message"] = "no token, or invalid token";
break;
}
if (!isset($_SESSION["uuid"])) {
$response["message"] = "not logged in";
break;
}
if (!isset($_POST["person_name"])) {
$response["message"] = "missing inputs";
break;
}
// TODO: Check if tracking exists
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READWRITE);
$db->remove_tracking($_SESSION["uuid"], $_POST["person_name"]);
$db->close();
$response["satisfied"] = true;
break;
case "send-test-email":
if (!isset($_POST["token"]) || !isset($_SESSION["token"]) || $_POST["token"] !== $_SESSION["token"]) {
$response["message"] = "no token, or invalid token";
break;
}
// TODO: Send this to logged-in user
$mail = new PHPMailer();
$mail->IsSMTP();
$mail->CharSet = "UTF-8";
$mail->SMTPDebug = SMTP::DEBUG_OFF;
$mail->Host = $config["mail"]["host"];
$mail->SMTPAuth = true;
$mail->Port = $config["mail"]["port"];
$mail->Username = $config["mail"]["username"];
$mail->Password = $config["mail"]["password"];
$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
try {
$mail->setFrom($config["mail"]["username"], $config["mail"]["from_name"]);
$mail->addAddress($config["mail"]["to_address_test"]);
} catch (Exception) {
$response["message"] = "unknown mail error occurred";
break;
}
$mail->Subject = "Test mail";
$mail->Body = "This is a test mail from death-notifier!";
try {
$mail->send();
} catch (Exception) {
$response["message"] = "unknown mail error occurred";
break;
}
$response["satisfied"] = true;
break;
default:
$response["message"] = "unknown POST action '" . $_POST["action"] . "'";
break;
}
} else if (isset($_GET["action"])) {
// Process GET
switch ($_GET["action"]) {
case "get-user-data":
if (!isset($_SESSION["uuid"])) {
$response["message"] = "not logged in";
break;
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
$user_data = $db->get_user_by_uuid($_SESSION["uuid"]);
$db->close();
$response["message"] = $user_data;
$response["satisfied"] = true;
break;
case "list-trackings":
if (!isset($_SESSION["uuid"])) {
$response["message"] = "not logged in";
break;
}
$db = new Database($config["database"]["filename"], SQLITE3_OPEN_READONLY);
$trackings = $db->list_trackings($_SESSION["uuid"]);
$db->close();
$response["message"] = $trackings;
$response["satisfied"] = true;
break;
case "is-alive":
$response["message"] = ((new MyMediawiki())->people_are_alive(array("Janelle Monáe", "John Malkovich", "Adolf Hitler")));
$response["satisfied"] = true;
break;
default:
$response["message"] = "unknown GET action '" . $_GET["action"] . "'";
break;
}
} else {
$response["message"] = "unknown method";
}
exit(json_encode($response));
Reference in New Issue View Git Blame Copy Permalink