dev-chiefworks
165 lines
4.7 KiB
PHP
165 lines
4.7 KiB
PHP
<?php
|
|
/*
|
|
CARPOOL AND POINT
|
|
*/
|
|
include '../../core/backend.php';
|
|
include_once '../config.php';
|
|
include_once '../constants.php';
|
|
include '../formarter.php';
|
|
|
|
|
|
|
|
$endpoints = array(
|
|
'carpooltrack' => array('POST'),
|
|
'another' => array('POST')
|
|
);
|
|
|
|
|
|
//*
|
|
header("Access-Control-Allow-Origin: *");
|
|
header("Access-Control-Expose-Headers: Access-Control-Allow-Origin");
|
|
header("Access-Control-Allow-Headers: Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, client_id");
|
|
header("Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS");
|
|
header('Content-type: application/json');
|
|
//*/
|
|
if ("OPTIONS" === $_SERVER['REQUEST_METHOD']) {
|
|
exit();
|
|
}
|
|
|
|
$headers = getallheaders();
|
|
if ((!isset($headers["authorization"]) || substr($headers["authorization"], -strlen($httpAuthToken)) != $httpAuthToken) &&
|
|
(!isset($headers["Authorization"]) || substr($headers["Authorization"], -strlen($httpAuthToken)) != $httpAuthToken)) {
|
|
header('HTTP/1.1 401 Unauthorized');
|
|
header('Status: 401 Unauthorized');
|
|
echo "{\"status\":\"Missing authorization\"}";
|
|
exit();
|
|
}
|
|
|
|
$endpoint = strtolower(str_replace('/SAVVY/carpool/', '', strtok($_SERVER['REQUEST_URI'], '?')));
|
|
|
|
$id = 0; // update, get & delete actions require ID
|
|
if (substr($endpoint, 0, 19) == 'gettransportrequest' || substr($endpoint, 0, 13) == 'updateprofile') {
|
|
$endpoint = strtok($endpoint, '/');
|
|
$id = strtok('/');
|
|
}
|
|
|
|
if (!isset($endpoints[$endpoint])) {
|
|
header('HTTP/1.1 400 Bad Request');
|
|
header('Status: 400 Bad Request');
|
|
echo "{\"status\":\"Invalid endpoint url\"}";
|
|
exit();
|
|
}
|
|
|
|
$methods = $endpoints[$endpoint];
|
|
|
|
if (array_search($_SERVER['REQUEST_METHOD'], $methods) === false) {
|
|
header('HTTP/1.1 405 Method Not Allowed');
|
|
header('Status: 405 Method Not Allowed');
|
|
echo "{\"status\":\"Invalid request method\"}";
|
|
exit();
|
|
}
|
|
|
|
include '../rest_api.php';
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|
if ($endpoint == "uploadfile") {
|
|
upload_file_call();
|
|
exit();
|
|
} else {
|
|
$raw_json = file_get_contents("php://input");
|
|
$raw_array = json_decode($raw_json, true);
|
|
$in = flatten($raw_array);
|
|
}
|
|
}
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "PUT") {
|
|
parse_str(file_get_contents('php://input'), $in);
|
|
}
|
|
|
|
// Decrypt the input
|
|
if (isset($in['encrypted_payload'])) {
|
|
$payload = openssl_decrypt(hex2bin($in['encrypted_payload']), $encryptionAlg, $encryptionKey, OPENSSL_RAW_DATA, $encryptionIV);
|
|
unset($in['encrypted_payload']);
|
|
$in = array_merge($in, json_decode($payload, true));
|
|
}
|
|
|
|
// get who is connecting IP
|
|
$in["loc"] = getRemoteIpAddress(); // Do not use $_SERVER["REMOTE_ADDR"]; it is INVALID!!!
|
|
$in["pid"] = 100;
|
|
// override session parameter(s) with the header value
|
|
$in["session"] = $headers["x-session-id"];
|
|
$in["sessionid"] = $headers["x-session-id"];
|
|
|
|
$out = array();
|
|
|
|
$extension_call = true; // by defualt unless specified at the gate
|
|
switch ($endpoint) {
|
|
|
|
case 'carpooltrack': $in["action"] = SAVVY_CARPOOL_TRACK;
|
|
$out["status"] = "Got here anyway";
|
|
break;
|
|
}
|
|
|
|
|
|
|
|
|
|
$in["pid"] = 100;
|
|
|
|
//file_put_contents("in_debug.log", $in); // DEBUG
|
|
//external_internal_call($in, $out);
|
|
|
|
function Fextension_call($in, &$out) {
|
|
global $savvyext;
|
|
foreach ($in as $key=>$val) {
|
|
if ($val!="" && is_string($val)) {
|
|
$in[$key] = pg_escape_string($val);
|
|
}
|
|
}
|
|
$out = $savvyext->savvyext_api($in);
|
|
return $out["retval"];
|
|
}
|
|
|
|
if ($extension_call == true) {
|
|
Fextension_call($in, $out);
|
|
}
|
|
|
|
header("HTTP/1.1 200 OK");
|
|
header("Status: 200 OK");
|
|
//$out = array_merge($in, $out); // DEBUG
|
|
$payload = json_encode(processOutJson($in, $out));
|
|
echo $payload."\n";
|
|
//$encrypted_payload = bin2hex(openssl_encrypt($payload, $encryptionAlg, $encryptionKey, OPENSSL_RAW_DATA, $encryptionIV));
|
|
//echo "{\"payload\": \"${encrypted_payload}\"}";
|
|
exit();
|
|
|
|
function flatten($data, $parentkey = "") {
|
|
$result = array();
|
|
foreach ($data as $key => $val) {
|
|
if (is_array($val)) {
|
|
$result = array_merge($result, flatten($val, $parentkey . $key . "_"));
|
|
} else {
|
|
$result[$parentkey . $key] = $val;
|
|
}
|
|
}
|
|
return $result;
|
|
}
|
|
|
|
|
|
|
|
function getRemoteIpAddress() {
|
|
$ip = NULL;
|
|
if (!empty($_SERVER['HTTP_CLIENT_IP']) && filter_var($_SERVER['HTTP_CLIENT_IP'], FILTER_VALIDATE_IP)) {
|
|
$ip = trim($_SERVER['HTTP_CLIENT_IP']);
|
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP)) {
|
|
$ip = trim($_SERVER['HTTP_X_FORWARDED_FOR']);
|
|
} else {
|
|
// Will not make much sense since we are behind the WAF reverse proxy
|
|
$ip = trim($_SERVER['REMOTE_ADDR']);
|
|
}
|
|
putenv("REMOTE_ADDR=${ip}");
|
|
$_ENV["REMOTE_ADDR"] = $ip;
|
|
return $ip;
|
|
}
|
|
|
|
// vi:ts=2
|