Added Other AP
This commit is contained in:
@@ -0,0 +1,164 @@
|
||||
<?php
|
||||
/*
|
||||
CARPOOL AND POINT
|
||||
*/
|
||||
include '../../core/backend.php';
|
||||
include_once '../config.php';
|
||||
include_once '../constants.php';
|
||||
include '../formarter.php';
|
||||
|
||||
|
||||
|
||||
$endpoints = array(
|
||||
'carpooltrack' => array('POST'),
|
||||
'another' => array('POST')
|
||||
);
|
||||
|
||||
|
||||
//*
|
||||
header("Access-Control-Allow-Origin: *");
|
||||
header("Access-Control-Expose-Headers: Access-Control-Allow-Origin");
|
||||
header("Access-Control-Allow-Headers: Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, client_id");
|
||||
header("Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS");
|
||||
header('Content-type: application/json');
|
||||
//*/
|
||||
if ("OPTIONS" === $_SERVER['REQUEST_METHOD']) {
|
||||
exit();
|
||||
}
|
||||
|
||||
$headers = getallheaders();
|
||||
if ((!isset($headers["authorization"]) || substr($headers["authorization"], -strlen($httpAuthToken)) != $httpAuthToken) &&
|
||||
(!isset($headers["Authorization"]) || substr($headers["Authorization"], -strlen($httpAuthToken)) != $httpAuthToken)) {
|
||||
header('HTTP/1.1 401 Unauthorized');
|
||||
header('Status: 401 Unauthorized');
|
||||
echo "{\"status\":\"Missing authorization\"}";
|
||||
exit();
|
||||
}
|
||||
|
||||
$endpoint = strtolower(str_replace('/SAVVY/carpool/', '', strtok($_SERVER['REQUEST_URI'], '?')));
|
||||
|
||||
$id = 0; // update, get & delete actions require ID
|
||||
if (substr($endpoint, 0, 19) == 'gettransportrequest' || substr($endpoint, 0, 13) == 'updateprofile') {
|
||||
$endpoint = strtok($endpoint, '/');
|
||||
$id = strtok('/');
|
||||
}
|
||||
|
||||
if (!isset($endpoints[$endpoint])) {
|
||||
header('HTTP/1.1 400 Bad Request');
|
||||
header('Status: 400 Bad Request');
|
||||
echo "{\"status\":\"Invalid endpoint url\"}";
|
||||
exit();
|
||||
}
|
||||
|
||||
$methods = $endpoints[$endpoint];
|
||||
|
||||
if (array_search($_SERVER['REQUEST_METHOD'], $methods) === false) {
|
||||
header('HTTP/1.1 405 Method Not Allowed');
|
||||
header('Status: 405 Method Not Allowed');
|
||||
echo "{\"status\":\"Invalid request method\"}";
|
||||
exit();
|
||||
}
|
||||
|
||||
include '../rest_api.php';
|
||||
|
||||
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
if ($endpoint == "uploadfile") {
|
||||
upload_file_call();
|
||||
exit();
|
||||
} else {
|
||||
$raw_json = file_get_contents("php://input");
|
||||
$raw_array = json_decode($raw_json, true);
|
||||
$in = flatten($raw_array);
|
||||
}
|
||||
}
|
||||
|
||||
if ($_SERVER["REQUEST_METHOD"] == "PUT") {
|
||||
parse_str(file_get_contents('php://input'), $in);
|
||||
}
|
||||
|
||||
// Decrypt the input
|
||||
if (isset($in['encrypted_payload'])) {
|
||||
$payload = openssl_decrypt(hex2bin($in['encrypted_payload']), $encryptionAlg, $encryptionKey, OPENSSL_RAW_DATA, $encryptionIV);
|
||||
unset($in['encrypted_payload']);
|
||||
$in = array_merge($in, json_decode($payload, true));
|
||||
}
|
||||
|
||||
// get who is connecting IP
|
||||
$in["loc"] = getRemoteIpAddress(); // Do not use $_SERVER["REMOTE_ADDR"]; it is INVALID!!!
|
||||
$in["pid"] = 100;
|
||||
// override session parameter(s) with the header value
|
||||
$in["session"] = $headers["x-session-id"];
|
||||
$in["sessionid"] = $headers["x-session-id"];
|
||||
|
||||
$out = array();
|
||||
|
||||
$extension_call = true; // by defualt unless specified at the gate
|
||||
switch ($endpoint) {
|
||||
|
||||
case 'carpooltrack': $in["action"] = SAVVY_CARPOOL_TRACK;
|
||||
$out["status"] = "Got here anyway";
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
$in["pid"] = 100;
|
||||
|
||||
//file_put_contents("in_debug.log", $in); // DEBUG
|
||||
//external_internal_call($in, $out);
|
||||
|
||||
function Fextension_call($in, &$out) {
|
||||
global $savvyext;
|
||||
foreach ($in as $key=>$val) {
|
||||
if ($val!="" && is_string($val)) {
|
||||
$in[$key] = pg_escape_string($val);
|
||||
}
|
||||
}
|
||||
$out = $savvyext->savvyext_api($in);
|
||||
return $out["retval"];
|
||||
}
|
||||
|
||||
if ($extension_call == true) {
|
||||
Fextension_call($in, $out);
|
||||
}
|
||||
|
||||
header("HTTP/1.1 200 OK");
|
||||
header("Status: 200 OK");
|
||||
//$out = array_merge($in, $out); // DEBUG
|
||||
$payload = json_encode(processOutJson($in, $out));
|
||||
echo $payload."\n";
|
||||
//$encrypted_payload = bin2hex(openssl_encrypt($payload, $encryptionAlg, $encryptionKey, OPENSSL_RAW_DATA, $encryptionIV));
|
||||
//echo "{\"payload\": \"${encrypted_payload}\"}";
|
||||
exit();
|
||||
|
||||
function flatten($data, $parentkey = "") {
|
||||
$result = array();
|
||||
foreach ($data as $key => $val) {
|
||||
if (is_array($val)) {
|
||||
$result = array_merge($result, flatten($val, $parentkey . $key . "_"));
|
||||
} else {
|
||||
$result[$parentkey . $key] = $val;
|
||||
}
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
||||
|
||||
function getRemoteIpAddress() {
|
||||
$ip = NULL;
|
||||
if (!empty($_SERVER['HTTP_CLIENT_IP']) && filter_var($_SERVER['HTTP_CLIENT_IP'], FILTER_VALIDATE_IP)) {
|
||||
$ip = trim($_SERVER['HTTP_CLIENT_IP']);
|
||||
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP)) {
|
||||
$ip = trim($_SERVER['HTTP_X_FORWARDED_FOR']);
|
||||
} else {
|
||||
// Will not make much sense since we are behind the WAF reverse proxy
|
||||
$ip = trim($_SERVER['REMOTE_ADDR']);
|
||||
}
|
||||
putenv("REMOTE_ADDR=${ip}");
|
||||
$_ENV["REMOTE_ADDR"] = $ip;
|
||||
return $ip;
|
||||
}
|
||||
|
||||
// vi:ts=2
|
||||
Reference in New Issue
Block a user