cookie-0005-API-add-getApiKey.patch

2014-01-05 19:33:52 +01:00 · 2014-01-05 19:33:52 +01:00 · 9dc5dbe3b6
parent 316c18f912
commit 9dc5dbe3b6
3 changed files with 131 additions and 35 deletions
--- a/includes/controller/api.php
+++ b/includes/controller/api.php
@ -16,16 +16,27 @@ Testing API calls (using curl):
 $ curl -d '{"key":"<key>","cmd":"getVersion"}' '<Address>/?p=api'
-Methods:
+Methods without key:
--------
+--------------------
 getVersion
  Description:
    Returns API version. 
  Parameters:
    nothing
  Return Example:
-    {"version": "1"}
+    {"status":"success","version": "1"}
 getApiKey
  Description:
    Returns API Key version. 
  Parameters:
    user (string)
    pw (string)
  Return Example:
    {"status":"success","Key":"1234567890123456789012"}
 Methods with Key:
 -----------------
 getRoom
  Description:
    Returns a list of all Rooms (no id set) or details of a single Room (requested id) 
@ -66,7 +77,9 @@ getShift
      3 occupied and free
  Return Example:
    [{"SID":"1"},{"SID":"2"},{"SID":"3"}]
-    {"SID":"1","start":"1388185200","end":"1388199600","RID":"1","name":"Shift 1","URL":null,"PSID":null}
+    {"SID":"10","start":"1388264400","end":"1388271600","RID":"1","name":"Shift 1","URL":null,"PSID":null,\
      "ShiftEntry":[{"TID":"8","UID":"4","freeloaded":"0"}],
      "NeedAngels":[{"TID":"8","count":"1","restricted":"0","taken":1},{"TID":"9","count":"2","restricted":"0","taken":0}]}
 getMessage
  Description:
@ -87,37 +100,51 @@ getMessage
 function api_controller() {
  global $DataJson, $_REQUEST;
  header("Content-Type: application/json; charset=utf-8");
  // decode JSON request
  $input = file_get_contents("php://input");
  $input = json_decode($input, true);
  $_REQUEST = $input;
  // get API KEY
  if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key']))
    $key = $_REQUEST['key'];
  else
    die("Missing key.");
  // check API key
  $user = User_by_api_key($key);
  if ($user === false)
    die("Unable to find user.");
  if ($user == null)
    die("Key invalid.");
  // get command
  $cmd='';
  if (isset($_REQUEST['cmd']) )
    $cmd = strtolower( $_REQUEST['cmd']);
-  // decode command
+  // decode commands, without key
  switch( $cmd) {
    case 'echo':
      $DataJson = $input;
      break;
    case 'getversion':
      getVersion();
      die( json_encode($DataJson));
      break;
    case 'getapikey':
      getApiKey();
      die( json_encode($DataJson));
      break;
  }
  // get API KEY
  if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key']))
    $key = $_REQUEST['key'];
  else
  die( json_encode( array (
          'status' => 'failed',
          'error' => 'Missing parameter "key".' )));
  // check API key
  $user = User_by_api_key($key);
  if ($user === false)
  	die( json_encode( array (
          'status' => 'failed',
          'error' => 'Unable to find user' )));
  if ($user == null)
  	die( json_encode( array (
          'status' => 'failed',
          'error' => 'Key invalid.' )));
  // decode command
  switch( $cmd) {
    case 'getroom':
      getRoom();
      break;
@ -134,11 +161,18 @@ function api_controller() {
      getMessage();
      break;
    default:
-      die("Unknown Command (". $cmd. ")");
+      $DataJson = array (
          'status' => 'failed',
          'error' => 'Unknown Command "'. $cmd. '"' );
  }
  // check 
  if( $DataJson === false) {
    $DataJson = array (
      'status' => 'failed',
      'error' => 'DataJson === false' );
  }
  header("Content-Type: application/json; charset=utf-8");
  echo json_encode($DataJson);
  die();
 }
@ -148,9 +182,54 @@ function api_controller() {
 */
 function getVersion(){
  global $DataJson;
-  $DataJson['Version'] = 1;
+  
  $DataJson = array( 
    'status' => 'success',
    'Version' => 1);
 }
 /**
 * Get API Key
 */
 function getApiKey(){
  global $DataJson, $_REQUEST;
  if (!isset($_REQUEST['user']) ) { 
    $DataJson = array (
      'status' => 'failed',
      'error' => 'Missing parameter "user".' );
  }
  elseif (!isset($_REQUEST['pw']) ) {
    $DataJson = array (
      'status' => 'failed',
      'error' => 'Missing parameter "pw".' );
  } else {
    $Erg = sql_select( "SELECT `UID`, `Passwort`, `api_key` FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST['user']) . "'");
    if (count($Erg) == 1) {
      $Erg = $Erg[0];
      if (verify_password( $_REQUEST['pw'], $Erg["Passwort"], $Erg["UID"])) {
        $key = $Erg["api_key"];
        $DataJson = array( 
          'status' => 'success',
          'Key' => $key);
      } else {
        $DataJson = array (
          'status' => 'failed',
          'error' => 'PW wrong' );
      }
    } else {
      $DataJson = array (
        'status' => 'failed',
        'error' => 'User not found.' );
    }
  }
  sleep(1);
 }
 /**
 * Get Room 
 */
--- a/includes/model/NeededAngelTypes_model.php
+++ b/includes/model/NeededAngelTypes_model.php
@ -3,14 +3,14 @@
 /**
 * Returns all needed angeltypes and already taken needs.
 *
- * @param Shift $shift          
+ * @param shiftID id of shift
 */
-function NeededAngelTypes_by_shift($shift) {
+function NeededAngelTypes_by_shift($shiftId) {
  $needed_angeltypes_source = sql_select("
        SELECT `NeededAngelTypes`.*, `AngelTypes`.`name`, `AngelTypes`.`restricted`
        FROM `NeededAngelTypes`
        JOIN `AngelTypes` ON `AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id`
-        WHERE `shift_id`=" . sql_escape($shift['SID']) . "
+        WHERE `shift_id`=" . sql_escape($shiftId) . "
        AND `count` > 0
        ORDER BY `room_id` DESC
        ");
@ -23,7 +23,7 @@ function NeededAngelTypes_by_shift($shift) {
        SELECT `NeededAngelTypes`.*, `AngelTypes`.`name`, `AngelTypes`.`restricted`
        FROM `NeededAngelTypes`
        JOIN `AngelTypes` ON `AngelTypes`.`id` = `NeededAngelTypes`.`angel_type_id`
-        WHERE `room_id`=" . sql_escape($shift['RID']) . "
+        WHERE `room_id`=" . sql_escape($shiftId) . "
        AND `count` > 0
        ORDER BY `room_id` DESC
        ");
@ -33,7 +33,7 @@ function NeededAngelTypes_by_shift($shift) {
  $needed_angeltypes = array();
  foreach ($needed_angeltypes_source as $angeltype) {
-    $shift_entries = ShiftEntries_by_shift_and_angeltype($shift['SID'], $angeltype['angel_type_id']);
+    $shift_entries = ShiftEntries_by_shift_and_angeltype($shiftId, $angeltype['angel_type_id']);
    if ($shift_entries === false)
      return false;
--- a/includes/model/Shifts_model.php
+++ b/includes/model/Shifts_model.php
@ -41,7 +41,7 @@ function mShiftList() {
 	if (count($shifts_source) > 0) {
 		return $shifts_source;
 	}
-return null;
+	return null;
 }
 /**
@ -51,10 +51,27 @@ return null;
 */
 function mShift($id) {
 	$shifts_source = sql_select("SELECT * FROM `Shifts` WHERE `SID`=" . sql_escape($id) . " LIMIT 1");
 	$shiftsEntry_source = sql_select("SELECT `TID` , `UID` , `freeloaded` FROM `ShiftEntry` WHERE `SID`=" . sql_escape($id) );
 	if ($shifts_source === false)
 		return false;
-	if (count($shifts_source) > 0)
+	if (count($shifts_source) > 0) {
-		return $shifts_source[0];
+		$result = $shifts_source[0];
 		$result['ShiftEntry'] = $shiftsEntry_source;
 		$temp = NeededAngelTypes_by_shift($id);
 		foreach( $temp as $e)
 		{
 			$result['NeedAngels'][] = array (
 					'TID' => $e['angel_type_id'],
 					'count' => $e['count'],
 					'restricted' => $e['restricted'],
 					'taken' => $e['taken'] );
 		}
 		return $result;
 	}
 	return null;
 }
@ -71,7 +88,7 @@ function Shifts() {
    return false;
  foreach ($shifts_source as &$shift) {
-    $needed_angeltypes = NeededAngelTypes_by_shift($shift);
+    $needed_angeltypes = NeededAngelTypes_by_shift($shift['SID']);
    if ($needed_angeltypes === false)
      return false;