Merge pull request #386 from wrongecho/api
Add create asset functionality to API
This commit is contained in:
Johnny
@@ -0,0 +1,55 @@
|
||||
<?php
|
||||
require('../validate_api_key.php');
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] !== "POST"){
|
||||
header("HTTP/1.1 405 Method Not Allowed");
|
||||
$return_arr['success'] = "False";
|
||||
$return_arr['message'] = "Can only send POST requests to this endpoint.";
|
||||
echo json_encode($return_arr);
|
||||
exit();
|
||||
}
|
||||
|
||||
// Parse info
|
||||
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
|
||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
|
||||
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
|
||||
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
|
||||
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
|
||||
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
|
||||
$ip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
|
||||
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
|
||||
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
|
||||
if(empty($purchase_date)){
|
||||
$purchase_date = "0000-00-00";
|
||||
}
|
||||
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
|
||||
if(empty($warranty_expire)){
|
||||
$warranty_expire = "0000-00-00";
|
||||
}
|
||||
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['install_date'])));
|
||||
if(empty($install_date)){
|
||||
$install_date = "0000-00-00";
|
||||
}
|
||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
|
||||
$meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
|
||||
$location = intval($_POST['location']);
|
||||
$vendor = intval($_POST['vendor']);
|
||||
$contact = intval($_POST['contact']);
|
||||
$network = intval($_POST['network']);
|
||||
$client_id = intval(json_decode($_POST['client_id']));
|
||||
|
||||
if(!empty($name)){
|
||||
// Insert into Database
|
||||
$insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
|
||||
if($insert_sql){
|
||||
//Logging
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API', log_created_at = NOW(), company_id = $company_id");
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API', log_created_at = NOW(), company_id = $company_id");
|
||||
}
|
||||
}
|
||||
else{
|
||||
$insert_sql = FALSE;
|
||||
}
|
||||
|
||||
// Output
|
||||
include('../create_output.php');
|
||||
@@ -0,0 +1,34 @@
|
||||
<?php
|
||||
/*
|
||||
* API - create_output.php
|
||||
* Included on calls to create.php endpoints
|
||||
* Checks the status of the insert SQL query ($insert_sql)
|
||||
* Returns success data / fail messages
|
||||
*/
|
||||
|
||||
// Check if the insert query was successful
|
||||
if($insert_sql){
|
||||
$insert_id = $mysqli->insert_id;
|
||||
if(isset($insert_id) && is_numeric($insert_id)){
|
||||
// Insert successful
|
||||
$return_arr['success'] = "True";
|
||||
$return_arr['count'] = '1';
|
||||
$return_arr['data'][] = [
|
||||
'insert_id' => $insert_id
|
||||
];
|
||||
}
|
||||
// We shouldn't get here
|
||||
else{
|
||||
$return_arr['success'] = "False";
|
||||
$return_arr['message'] = "Auth success but insert failed, possibly database connection. Seek support if this error continues.";
|
||||
}
|
||||
}
|
||||
|
||||
// Query returned false, something went wrong or it was declined due to required variables missing
|
||||
else{
|
||||
$return_arr['success'] = "False";
|
||||
$return_arr['message'] = "Auth success but insert query failed, ensure required variables are provided and database schema is up-to-date.";
|
||||
}
|
||||
|
||||
echo json_encode($return_arr);
|
||||
exit();
|
||||
@@ -1,6 +1,11 @@
|
||||
<?php
|
||||
|
||||
// Output (to be included)
|
||||
/*
|
||||
* API - read_output.php
|
||||
* Included on calls to read.php endpoints
|
||||
* Returns success & data messages
|
||||
*/
|
||||
|
||||
if($sql && mysqli_num_rows($sql) > 0){
|
||||
$return_arr['success'] = "True";
|
||||
$return_arr['count'] = mysqli_num_rows($sql);
|
||||
@@ -15,7 +20,7 @@ if($sql && mysqli_num_rows($sql) > 0){
|
||||
}
|
||||
else{
|
||||
$return_arr['success'] = "False";
|
||||
$return_arr['message'] = "No resource for this company with the specified parameter(s).";
|
||||
$return_arr['message'] = "No resource (for this company) with the specified parameter(s).";
|
||||
echo json_encode($return_arr);
|
||||
exit();
|
||||
}
|
||||
@@ -1,4 +1,11 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* API - validate_api_key.php
|
||||
* Called by API endpoint to validate API key is valid
|
||||
* Allows execution to continue or exits returning errors to the user
|
||||
*/
|
||||
|
||||
// Includes
|
||||
include( __DIR__ . '../../../functions.php');
|
||||
include(__DIR__ . "../../../config.php");
|
||||
@@ -6,6 +13,9 @@ include(__DIR__ . "../../../config.php");
|
||||
// JSON header
|
||||
header('Content-Type: application/json');
|
||||
|
||||
// POST data
|
||||
$_POST = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
// Get user IP
|
||||
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
|
||||
// Get user agent
|
||||
@@ -54,10 +64,10 @@ if(isset($_POST['api_key'])){
|
||||
if(isset($api_key)){
|
||||
$api_key = mysqli_real_escape_string($mysqli,$api_key);
|
||||
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM api_keys, companies WHERE api_keys.company_id = companies.company_id AND api_key_secret = '$api_key' AND api_key_expire > NOW()");
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
|
||||
|
||||
// Failed
|
||||
if(mysqli_num_rows($sql) != 1){
|
||||
if(mysqli_num_rows($sql) !== 1){
|
||||
// Invalid Key
|
||||
header("HTTP/1.1 401 Unauthorized");
|
||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
|
||||
|
||||
Reference in New Issue
Block a user