|
|
@@ -0,0 +1,155 @@
|
|
|
+<?php
|
|
|
+
|
|
|
+namespace Opentalent\OtAdmin\Http;
|
|
|
+
|
|
|
+
|
|
|
+use Opentalent\OtAdmin\Controller\SiteController;
|
|
|
+use Psr\Log\LoggerAwareInterface;
|
|
|
+use Psr\Log\LoggerAwareTrait;
|
|
|
+use TYPO3\CMS\Core\Http\HtmlResponse;
|
|
|
+use TYPO3\CMS\Core\Http\ServerRequest;
|
|
|
+
|
|
|
+class ApiController implements LoggerAwareInterface
|
|
|
+{
|
|
|
+ use LoggerAwareTrait;
|
|
|
+
|
|
|
+ const ALLOWED_IPS = [
|
|
|
+ '/^127\.0\.0\.[0-1]$/',
|
|
|
+ '/^localhost$/',
|
|
|
+ '/^10\.8\.0\.[0-255]$/'
|
|
|
+ ];
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Retrieve the organization's id from the given request parameters
|
|
|
+ *
|
|
|
+ * @param ServerRequest $request
|
|
|
+ * @return int
|
|
|
+ */
|
|
|
+ private function getOrganizationId(ServerRequest $request) {
|
|
|
+ $params = $request->getQueryParams();
|
|
|
+ $organizationId = $params['organization-id'];
|
|
|
+ if (!$organizationId) {
|
|
|
+ throw new \RuntimeException("Missing parameter: 'organization-id'");
|
|
|
+ }
|
|
|
+ return (int)$organizationId;
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Check that the client Ip is allowed, else throw a Runtime error
|
|
|
+ *
|
|
|
+ * @return bool
|
|
|
+ */
|
|
|
+ private function assertIpAllowed() {
|
|
|
+ $clientIp = $_SERVER['REMOTE_ADDR'];
|
|
|
+ foreach (self::ALLOWED_IPS as $ipRule) {
|
|
|
+ if (preg_match($ipRule, $clientIp)) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ $route = $_REQUEST['route'];
|
|
|
+ $this->logger->error(sprintf(
|
|
|
+ "OtAdmin API: an attempt was made to call the route " .
|
|
|
+ $route . " from an non-allowed IP (" . $clientIp . ")"));
|
|
|
+ throw new \RuntimeException("Not allowed");
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * -- Target of the route 'site_create' --
|
|
|
+ * >> Requires a query param named 'organization-id' (int)
|
|
|
+ *
|
|
|
+ * Create the organization's website
|
|
|
+ *
|
|
|
+ * @param ServerRequest $request
|
|
|
+ * @return HtmlResponse
|
|
|
+ * @throws \Exception
|
|
|
+ */
|
|
|
+ public function createSiteAction(ServerRequest $request) {
|
|
|
+ $this->assertIpAllowed();
|
|
|
+
|
|
|
+ $organizationId = $this->getOrganizationId($request);
|
|
|
+
|
|
|
+ $controller = new SiteController();
|
|
|
+ $rootUid = $controller->createSiteAction($organizationId);
|
|
|
+
|
|
|
+ $this->logger->info(sprintf(
|
|
|
+ "OtAdmin API: A new website has been created with root page uid=" . $rootUid .
|
|
|
+ " for the organization " . $organizationId));
|
|
|
+
|
|
|
+ return new HtmlResponse("A new website has been created with root page uid=" . $rootUid);
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * -- Target of the route 'site_update' --
|
|
|
+ * >> Requires a query param named 'organization-id' (int)
|
|
|
+ *
|
|
|
+ * Update the settings of the organization's website
|
|
|
+ *
|
|
|
+ * @param ServerRequest $request
|
|
|
+ * @return HtmlResponse
|
|
|
+ * @throws \Exception
|
|
|
+ */
|
|
|
+ public function updateSiteConstantsAction(ServerRequest $request) {
|
|
|
+ $this->assertIpAllowed();
|
|
|
+
|
|
|
+ $organizationId = $this->getOrganizationId($request);
|
|
|
+
|
|
|
+ $controller = new SiteController();
|
|
|
+ $rootUid = $controller->updateSiteConstantsAction($organizationId);
|
|
|
+
|
|
|
+ $this->logger->info(sprintf(
|
|
|
+ "OtAdmin API: The website with root uid " . $rootUid . " has been updated " .
|
|
|
+ " (organization: " . $organizationId . ")"));
|
|
|
+
|
|
|
+ return new HtmlResponse("The website with root uid " . $rootUid . " has been updated");
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * -- Target of the route 'site_delete' --
|
|
|
+ * >> Requires a query param named 'organization-id' (int)
|
|
|
+ *
|
|
|
+ * Proceeds to a soft-deletion of the organization's website
|
|
|
+ *
|
|
|
+ * @param ServerRequest $request
|
|
|
+ * @return HtmlResponse
|
|
|
+ * @throws \Exception
|
|
|
+ */
|
|
|
+ public function deleteSiteAction(ServerRequest $request) {
|
|
|
+ $this->assertIpAllowed();
|
|
|
+
|
|
|
+ $organizationId = $this->getOrganizationId($request);
|
|
|
+
|
|
|
+ $controller = new SiteController();
|
|
|
+ $rootUid = $controller->deleteSiteAction($organizationId, false);
|
|
|
+
|
|
|
+ $this->logger->info(sprintf(
|
|
|
+ "OtAdmin API: The website with root uid " . $rootUid . " has been soft-deleted " .
|
|
|
+ " (organization: " . $organizationId . ")"));
|
|
|
+
|
|
|
+ return new HtmlResponse("The website with root uid " . $rootUid . " has been soft-deleted. Use the /site/undelete route to restore it.");
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * -- Target of the route 'site_undelete' --
|
|
|
+ * >> Requires a query param named 'organization-id' (int)
|
|
|
+ *
|
|
|
+ * Restore a soft-deleted organization's website
|
|
|
+ *
|
|
|
+ * @param ServerRequest $request
|
|
|
+ * @return HtmlResponse
|
|
|
+ * @throws \Exception
|
|
|
+ */
|
|
|
+ public function undeleteSiteAction(ServerRequest $request) {
|
|
|
+ $this->assertIpAllowed();
|
|
|
+
|
|
|
+ $organizationId = $this->getOrganizationId($request);
|
|
|
+
|
|
|
+ $controller = new SiteController();
|
|
|
+ $rootUid = $controller->undeleteSiteAction($organizationId);
|
|
|
+
|
|
|
+ $this->logger->info(sprintf(
|
|
|
+ "OtAdmin API: The website with root uid " . $rootUid . " has been restored " .
|
|
|
+ " (organization: " . $organizationId . ")"));
|
|
|
+
|
|
|
+ return new HtmlResponse("The website with root uid " . $rootUid . " has been restored");
|
|
|
+ }
|
|
|
+}
|
Olivier Massot