mirror of
https://github.com/grocy/grocy.git
synced 2025-10-14 09:11:11 +00:00
Validate all API request as the API is now open for third parties (references #5)
This commit is contained in:
Bernd Bestel
@@ -4,8 +4,25 @@ namespace Grocy\Controllers;
|
||||
|
||||
class BaseApiController extends BaseController
|
||||
{
|
||||
protected function ApiResponse($response)
|
||||
|
||||
public function __construct(\Slim\Container $container)
|
||||
{
|
||||
return json_encode($response);
|
||||
parent::__construct($container);
|
||||
$this->OpenApiSpec = json_decode(file_get_contents(__DIR__ . '/../grocy.openapi.json'));
|
||||
}
|
||||
|
||||
protected $OpenApiSpec;
|
||||
|
||||
protected function ApiResponse($data)
|
||||
{
|
||||
return json_encode($data);
|
||||
}
|
||||
|
||||
protected function VoidApiActionResponse($response, $success = true, $status = 200, $errorMessage = '')
|
||||
{
|
||||
return $response->withStatus($status)->withJson(array(
|
||||
'success' => $success,
|
||||
'error_message' => $errorMessage
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,11 +22,26 @@ class BatteriesApiController extends BaseApiController
|
||||
$trackedTime = $request->getQueryParams()['tracked_time'];
|
||||
}
|
||||
|
||||
return $this->ApiResponse(array('success' => $this->BatteriesService->TrackChargeCycle($args['batteryId'], $trackedTime)));
|
||||
try
|
||||
{
|
||||
$this->BatteriesService->TrackChargeCycle($args['batteryId'], $trackedTime);
|
||||
return $this->VoidApiActionResponse($response);
|
||||
}
|
||||
catch (\Exception $ex)
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, $ex->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public function BatteryDetails(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
{
|
||||
return $this->ApiResponse($this->BatteriesService->GetBatteryDetails($args['batteryId']));
|
||||
try
|
||||
{
|
||||
return $this->ApiResponse($this->BatteriesService->GetBatteryDetails($args['batteryId']));
|
||||
}
|
||||
catch (\Exception $ex)
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, $ex->getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,35 +6,75 @@ class GenericEntityApiController extends BaseApiController
|
||||
{
|
||||
public function GetObjects(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
{
|
||||
return $this->ApiResponse($this->Database->{$args['entity']}());
|
||||
if ($this->IsValidEntity($args['entity']))
|
||||
{
|
||||
return $this->ApiResponse($this->Database->{$args['entity']}());
|
||||
}
|
||||
else
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, 'Entity does not exist or is not exposed');
|
||||
}
|
||||
}
|
||||
|
||||
public function GetObject(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
{
|
||||
return $this->ApiResponse($this->Database->{$args['entity']}($args['objectId']));
|
||||
if ($this->IsValidEntity($args['entity']))
|
||||
{
|
||||
return $this->ApiResponse($this->Database->{$args['entity']}($args['objectId']));
|
||||
}
|
||||
else
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, 'Entity does not exist or is not exposed');
|
||||
}
|
||||
}
|
||||
|
||||
public function AddObject(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
{
|
||||
$newRow = $this->Database->{$args['entity']}()->createRow($request->getParsedBody());
|
||||
$newRow->save();
|
||||
$success = $newRow->isClean();
|
||||
return $this->ApiResponse(array('success' => $success));
|
||||
if ($this->IsValidEntity($args['entity']))
|
||||
{
|
||||
$newRow = $this->Database->{$args['entity']}()->createRow($request->getParsedBody());
|
||||
$newRow->save();
|
||||
$success = $newRow->isClean();
|
||||
return $this->ApiResponse(array('success' => $success));
|
||||
}
|
||||
else
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, 'Entity does not exist or is not exposed');
|
||||
}
|
||||
}
|
||||
|
||||
public function EditObject(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
{
|
||||
$row = $this->Database->{$args['entity']}($args['objectId']);
|
||||
$row->update($request->getParsedBody());
|
||||
$success = $row->isClean();
|
||||
return $this->ApiResponse(array('success' => $success));
|
||||
if ($this->IsValidEntity($args['entity']))
|
||||
{
|
||||
$row = $this->Database->{$args['entity']}($args['objectId']);
|
||||
$row->update($request->getParsedBody());
|
||||
$success = $row->isClean();
|
||||
return $this->ApiResponse(array('success' => $success));
|
||||
}
|
||||
else
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, 'Entity does not exist or is not exposed');
|
||||
}
|
||||
}
|
||||
|
||||
public function DeleteObject(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
{
|
||||
$row = $this->Database->{$args['entity']}($args['objectId']);
|
||||
$row->delete();
|
||||
$success = $row->isClean();
|
||||
return $this->ApiResponse(array('success' => $success));
|
||||
if ($this->IsValidEntity($args['entity']))
|
||||
{
|
||||
$row = $this->Database->{$args['entity']}($args['objectId']);
|
||||
$row->delete();
|
||||
$success = $row->isClean();
|
||||
return $this->ApiResponse(array('success' => $success));
|
||||
}
|
||||
else
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, 'Entity does not exist or is not exposed');
|
||||
}
|
||||
}
|
||||
|
||||
private function IsValidEntity($entity)
|
||||
{
|
||||
return in_array($entity, $this->OpenApiSpec->components->internalSchemas->ExposedEntity->enum);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,11 +22,26 @@ class HabitsApiController extends BaseApiController
|
||||
$trackedTime = $request->getQueryParams()['tracked_time'];
|
||||
}
|
||||
|
||||
return $this->ApiResponse(array('success' => $this->HabitsService->TrackHabit($args['habitId'], $trackedTime)));
|
||||
try
|
||||
{
|
||||
$this->HabitsService->TrackHabit($args['habitId'], $trackedTime);
|
||||
return $this->VoidApiActionResponse($response);
|
||||
}
|
||||
catch (\Exception $ex)
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, $ex->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public function HabitDetails(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
{
|
||||
return $this->ApiResponse($this->HabitsService->GetHabitDetails($args['habitId']));
|
||||
try
|
||||
{
|
||||
return $this->ApiResponse($this->HabitsService->GetHabitDetails($args['habitId']));
|
||||
}
|
||||
catch (\Exception $ex)
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, $ex->getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,12 +24,11 @@ class OpenApiController extends BaseApiController
|
||||
{
|
||||
$applicationService = new ApplicationService();
|
||||
|
||||
$specJson = json_decode(file_get_contents(__DIR__ . '/../grocy.openapi.json'));
|
||||
$specJson->info->version = $applicationService->GetInstalledVersion();
|
||||
$specJson->info->description = str_replace('PlaceHolderManageApiKeysUrl', $this->AppContainer->UrlManager->ConstructUrl('/manageapikeys'), $specJson->info->description);
|
||||
$specJson->servers[0]->url = $this->AppContainer->UrlManager->ConstructUrl('/api');
|
||||
$this->OpenApiSpec->info->version = $applicationService->GetInstalledVersion();
|
||||
$this->OpenApiSpec->info->description = str_replace('PlaceHolderManageApiKeysUrl', $this->AppContainer->UrlManager->ConstructUrl('/manageapikeys'), $this->OpenApiSpec->info->description);
|
||||
$this->OpenApiSpec->servers[0]->url = $this->AppContainer->UrlManager->ConstructUrl('/api');
|
||||
|
||||
return $this->ApiResponse($specJson);
|
||||
return $this->ApiResponse($this->OpenApiSpec);
|
||||
}
|
||||
|
||||
public function ApiKeysList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
|
||||
@@ -16,7 +16,14 @@ class StockApiController extends BaseApiController
|
||||
|
||||
public function ProductDetails(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
{
|
||||
return $this->ApiResponse($this->StockService->GetProductDetails($args['productId']));
|
||||
try
|
||||
{
|
||||
return $this->ApiResponse($this->StockService->GetProductDetails($args['productId']));
|
||||
}
|
||||
catch (\Exception $ex)
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, $ex->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public function AddProduct(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
@@ -33,7 +40,15 @@ class StockApiController extends BaseApiController
|
||||
$transactionType = $request->getQueryParams()['transactiontype'];
|
||||
}
|
||||
|
||||
return $this->ApiResponse(array('success' => $this->StockService->AddProduct($args['productId'], $args['amount'], $bestBeforeDate, $transactionType)));
|
||||
try
|
||||
{
|
||||
$this->StockService->AddProduct($args['productId'], $args['amount'], $bestBeforeDate, $transactionType);
|
||||
return $this->VoidApiActionResponse($response);
|
||||
}
|
||||
catch (\Exception $ex)
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, $ex->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public function ConsumeProduct(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
@@ -50,7 +65,15 @@ class StockApiController extends BaseApiController
|
||||
$transactionType = $request->getQueryParams()['transactiontype'];
|
||||
}
|
||||
|
||||
return $this->ApiResponse(array('success' => $this->StockService->ConsumeProduct($args['productId'], $args['amount'], $spoiled, $transactionType)));
|
||||
try
|
||||
{
|
||||
$this->StockService->ConsumeProduct($args['productId'], $args['amount'], $spoiled, $transactionType);
|
||||
return $this->VoidApiActionResponse($response);
|
||||
}
|
||||
catch (\Exception $ex)
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, $ex->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public function InventoryProduct(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
@@ -61,7 +84,15 @@ class StockApiController extends BaseApiController
|
||||
$bestBeforeDate = $request->getQueryParams()['bestbeforedate'];
|
||||
}
|
||||
|
||||
return $this->ApiResponse(array('success' => $this->StockService->InventoryProduct($args['productId'], $args['newAmount'], $bestBeforeDate)));
|
||||
try
|
||||
{
|
||||
$this->StockService->InventoryProduct($args['productId'], $args['newAmount'], $bestBeforeDate);
|
||||
return $this->VoidApiActionResponse($response);
|
||||
}
|
||||
catch (\Exception $ex)
|
||||
{
|
||||
return $this->VoidApiActionResponse($response, false, 400, $ex->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public function CurrentStock(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
@@ -69,9 +100,9 @@ class StockApiController extends BaseApiController
|
||||
return $this->ApiResponse($this->StockService->GetCurrentStock());
|
||||
}
|
||||
|
||||
public function AddmissingProductsToShoppingList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
public function AddMissingProductsToShoppingList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
|
||||
{
|
||||
$this->StockService->AddMissingProductsToShoppingList();
|
||||
return $this->ApiResponse(array('success' => true));
|
||||
return $this->VoidApiActionResponse($response);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user