From 1b17a98e1fff1b3f9e3c914ea0f3cb0be58326d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”> Date: Thu, 12 Dec 2024 11:20:23 +0100 Subject: [PATCH] CMXX - Deactivate API when maintenancemode is ON --- api.php | 75 +++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 49 insertions(+), 26 deletions(-) diff --git a/api.php b/api.php index 0a10cec..61ffda2 100644 --- a/api.php +++ b/api.php @@ -65,45 +65,68 @@ if($is_jwt_valid && str_contains($version, 'v')) { { echo null; } - + // //------------------------------------------ - // Build up version and check if file is available + // Check for maintenance mode, exclude debug user //------------------------------------------ - $api_file = './api/'.$version.'/get/'.$collection.'.php'; - $api_file_post = './api/'.$version.'/post/'.$collection.'.php'; + if(maintenance_mode == false|| debug_id == $user_data['id']){ - //GET CLEAN LANGUAGE CODE - $language_code = ($user_data['language']) ? $user_data['language'] : 'US'; - $api_file_language = './settings/translations/translations_'.strtoupper($language_code).'.php'; + //------------------------------------------ + // Build up version and check if file is available + //------------------------------------------ + $api_file = './api/'.$version.'/get/'.$collection.'.php'; + $api_file_post = './api/'.$version.'/post/'.$collection.'.php'; - //INCLUDE LANGUAGE FILE - if (file_exists($api_file_language)){ - include_once $api_file_language; //Include the code - } - else { - include_once './settings/translations/translations_US.php'; - } - - //CHECK IF USER IS ALLOWED TO CALL SPECIFIC API - if (isAllowed($collection,$profile,$permission,'R') === 1 && empty($input) && file_exists($api_file)){ + //------------------------------------------ + //GET CLEAN LANGUAGE CODE + //------------------------------------------ + $language_code = ($user_data['language']) ? $user_data['language'] : 'US'; + $api_file_language = './settings/translations/translations_'.strtoupper($language_code).'.php'; - include_once $api_file; - } - elseif (isAllowed($collection,$profile,$permission,'U') === 1 && !empty($input) && file_exists($api_file_post)){ + //------------------------------------------ + //INCLUDE LANGUAGE FILE + //------------------------------------------ + if (file_exists($api_file_language)){ + include_once $api_file_language; //Include the code + } + else { + include_once './settings/translations/translations_US.php'; + } + + //------------------------------------------ + //CHECK IF USER IS ALLOWED TO CALL SPECIFIC API + //------------------------------------------ + if (isAllowed($collection,$profile,$permission,'R') === 1 && empty($input) && file_exists($api_file)){ + + include_once $api_file; + } + elseif (isAllowed($collection,$profile,$permission,'U') === 1 && !empty($input) && file_exists($api_file_post)){ - include_once $api_file_post; - } + include_once $api_file_post; + } + else + { + //------------------------------------------ + // User not allowed to perform operation + //------------------------------------------ + http_response_code(403); //Forbidden + } + } else { - http_response_code(403); //Forbidden + //------------------------------------------ + // Maintenance mode is activce -> service unavailable + //------------------------------------------ + http_response_code(503); //Service Unavailable } -//------------------------------------------ -// JWT not VALID -//------------------------------------------ + } else { + //------------------------------------------ + // JWT not VALID + //------------------------------------------ http_response_code(403); //Forbidden } }