Skip to content

Commit

Permalink
API Tidy
Browse files Browse the repository at this point in the history
- Remove old client ID queries, these are now built into the API keys. If a key has access to all clients, a client ID can be provided in the query.
- Small fixes to assets URI lookup
- Add read endpoint for vendors
  • Loading branch information
wrongecho committed Sep 11, 2024
1 parent 2e202df commit f3e9c9c
Show file tree
Hide file tree
Showing 14 changed files with 47 additions and 83 deletions.
24 changes: 9 additions & 15 deletions api/v1/assets/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,42 +12,36 @@

} elseif (isset($_GET['asset_type'])) {
// Asset query via type

$type = mysqli_real_escape_string($mysqli, ucfirst($_GET['asset_type']));
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");

} elseif (isset($_GET['asset_name'])) {
// Asset query via name

$name = mysqli_real_escape_string($mysqli, $_GET['asset_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");

} elseif (isset($_GET['asset_serial'])) {
// Asset query via serial

$serial = mysqli_real_escape_string($mysqli, $_GET['asset_serial']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");

} elseif (isset($_GET['client_id'])) {
// Asset query via client ID

$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");

} elseif (isset($_GET['asset_mac'])) {
// Asset query via mac

$mac = mysqli_real_escape_string($mysqli, $_GET['asset_mac']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 WHERE interface_mac = '$mac' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");

} elseif (isset($_GET['asset_uri'])) {
// Asset query via mac

$mac = mysqli_real_escape_string($mysqli, $_GET['asset_uri']);
// Asset query via uri
$uri = mysqli_real_escape_string($mysqli, $_GET['asset_uri']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_uri = '$uri' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");

}
// All assets
else {
} elseif (isset($_GET['asset_uri_2'])) {
// Asset query via uri2
$uri2 = mysqli_real_escape_string($mysqli, $_GET['asset_uri']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_uri_2 = '$uri2' AND asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");

}else {
// All assets (by client ID or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM assets LEFT JOIN asset_interfaces ON interface_asset_id = asset_id AND interface_primary = 1 WHERE asset_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}

Expand Down
9 changes: 1 addition & 8 deletions api/v1/certificates/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,11 @@

} elseif (isset($_GET['certificate_name'])) {
// Certificate by name

$name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");

} elseif (isset($_GET['client_id'])) {
// Certificate via client ID

$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");

} else {
// All certificates

// All certificates (by client ID or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
}

Expand Down
14 changes: 3 additions & 11 deletions api/v1/clients/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,13 @@

require_once '../require_get_method.php';


// Specific client via ID (single)
if (isset($_GET['client_id'])) {
$id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id'");

} elseif (isset($_GET['client_name'])) {
// Specific client via name (single)

// Specific client via name (single)
if (isset($_GET['client_name'])) {
$name = mysqli_real_escape_string($mysqli, $_GET['client_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id'");

} else {
// All clients

// All clients (by client ID if given, or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
}

Expand Down
5 changes: 1 addition & 4 deletions api/v1/contacts/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,19 +12,16 @@

} elseif (isset($_GET['contact_email'])) {
// Specific contact via email (single)

$email = mysqli_real_escape_string($mysqli, $_GET['contact_email']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id'");

} elseif (isset($_GET['contact_phone_or_mobile'])) {
// Specific contact via phone number or mobile (single)

$phone_or_mob = mysqli_real_escape_string($mysqli, $_GET['contact_phone_or_mobile']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_mobile = '$phone_or_mob' OR contact_phone = '$phone_or_mob' AND contact_client_id LIKE '$client_id' LIMIT 1");

} else {
// All contacts

// All contacts (by client ID, or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
}

Expand Down
6 changes: 1 addition & 5 deletions api/v1/documents/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,8 @@
$id = intval($_GET['document_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id'");

} elseif (isset($_GET['client_id'])) {
// Documents via client ID (multiple)
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' AND document_archived_at IS NULL");

} else {
// All documents
// All documents (by client ID if given, or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
}

Expand Down
9 changes: 1 addition & 8 deletions api/v1/domains/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,11 @@

} elseif (isset($_GET['domain_name'])) {
// Domain by name

$name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");

} elseif (isset($_GET['client_id'])) {
// Domain via client ID

$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");

} else {
// All domains

// All domains (by client ID or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
}

Expand Down
4 changes: 1 addition & 3 deletions api/v1/invoices/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,11 @@

if (isset($_GET['invoice_id'])) {
// Invoice via ID (single)

$id = intval($_GET['invoice_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id'");

} else {
// All invoices

// All invoices (by client ID if given, or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset");
}

Expand Down
4 changes: 1 addition & 3 deletions api/v1/locations/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,11 @@

if (isset($_GET['location_id'])) {
// Location via ID (single)

$id = intval($_GET['location_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_id = '$id' AND location_client_id LIKE '$client_id'");

} else {
// All locations

// All locations (by client ID if given, or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM locations WHERE location_client_id LIKE '$client_id' ORDER BY location_id LIMIT $limit OFFSET $offset");
}

Expand Down
9 changes: 1 addition & 8 deletions api/v1/networks/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,11 @@

} elseif (isset($_GET['network_name'])) {
// Network by name

$name = mysqli_real_escape_string($mysqli, $_GET['network_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");

} elseif (isset($_GET['client_id'])) {
// Network via client ID

$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");

} else {
// All networks

// All networks (by client ID or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
}

Expand Down
2 changes: 0 additions & 2 deletions api/v1/products/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,11 @@

if (isset($_GET['product_id']) && $client_id == "%") {
// product via ID (single)

$id = intval($_GET['product_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id'");

} elseif ($client_id == "%") {
// All products

$sql = mysqli_query($mysqli, "SELECT * FROM products ORDER BY product_id LIMIT $limit OFFSET $offset");
}

Expand Down
4 changes: 1 addition & 3 deletions api/v1/quotes/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,11 @@

if (isset($_GET['quote_id'])) {
// quote via ID (single)

$id = intval($_GET['quote_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id'");

} else {
// All quotes

// All quotes (by client ID if given, or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' ORDER BY quote_id LIMIT $limit OFFSET $offset");
}

Expand Down
11 changes: 1 addition & 10 deletions api/v1/software/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,30 +12,21 @@

} elseif (isset($_GET['software_key'])) {
// Specific software via key

$key = mysqli_real_escape_string($mysqli, $_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");

} elseif (isset($_GET['software_name'])) {
// Software by name

$name = mysqli_real_escape_string($mysqli, $_GET['software_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");

} elseif (isset($_GET['software_type'])) {
// Software via type

$type = intval($_GET['software_type']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");

} elseif (isset($_GET['client_id'])) {
// Software via client ID

$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");

} else {
// All software(s)

// All software(s) (by client ID if given, or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}

Expand Down
10 changes: 7 additions & 3 deletions api/v1/tickets/read.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,15 @@
// Specific ticket via ID (single)
if (isset($_GET['ticket_id'])) {
$id = intval($_GET['ticket_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id'");
$sql = mysqli_query(
$mysqli,
"SELECT * FROM tickets
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id'"
);

} else {
// All tickets

// All tickets (by client ID if given, or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
}

Expand Down
19 changes: 19 additions & 0 deletions api/v1/vendors/read.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
<?php

require_once '../validate_api_key.php';

require_once '../require_get_method.php';

// Specific vendor via their ID (single)
if (isset($_GET['vendor_id'])) {
$id = intval($_GET['vendor_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_id = '$id' AND vendor_client_id LIKE '$client_id'");

} else {
// All Vendors (by client ID or all in general if key permits)
$sql = mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_client_id LIKE '$client_id' ORDER BY vendor_id LIMIT $limit OFFSET $offset");
}

// Output
require_once "../read_output.php";

0 comments on commit f3e9c9c

Please sign in to comment.