rgutierrez/resq
1
0
Fork 0
Code Issues 126 Pull requests 49 Projects Releases 4 Packages Wiki Activity Actions

Remove guard on api routes, move all returns to base accessed methods #730

Browse source
This commit is contained in:
Ramon Gutierrez 2023-02-07 09:11:17 +08:00
parent 9876165af5
commit 98705f99d4
17 changed files with 305 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config/packages/security.yaml
View file

@ -49,6 +49,10 @@ security:
pattern: ^\/test_capi\/
security: false
cust_api_v2:
pattern: ^\/apiv2\/
security: false
warranty_api:
pattern: ^\/capi\/
provider: api_provider

26
src/Controller/CustomerAppAPI/ApiController.php
View file

@ -26,7 +26,7 @@ class ApiController extends BaseApiController
// load env file
$dotenv = new Dotenv();
$dotenv->loadEnv($kernel->getProjectDir() . '.env');
$dotenv->loadEnv($kernel->getProjectDir() . '/.env');
}
protected function debugRequest(Request $req)
@ -35,12 +35,9 @@ class ApiController extends BaseApiController
error_log(print_r($all, true));
}
protected function validateParams(Request $req, $params = [])
protected function hasMissingParams(Request $req, $params = [])
{
$missing = $this->checkRequiredParameters($req, $params);
if ($missing) {
return new ApiResponse(false, $missing, []);
}
return $this->checkRequiredParameters($req, $params);
}
protected function validateSession($api_key)
@ -48,16 +45,27 @@ class ApiController extends BaseApiController
// check if the session exists
$session = $this->em->getRepository(MobileSession::class)->find($api_key);
if ($session === null) {
return new ApiResponse(false, 'Invalid API Key.');
return false;
}
$this->session = $session;
return true;
}
protected function validateRequest(Request $req, $params = [])
{
$this->validateParams($req, $params);
$this->validateSession($req->query->get('api_key'));
$error = $this->hasMissingParams($req, $params);
if (!$error) {
if (!$this->validateSession($req->query->get('api_key'))) {
$error = 'Invalid API Key.';
}
}
return [
'is_valid' => !$error,
'message' => $error,
];
}
protected function findWarranty($plate_number)

6
src/Controller/CustomerAppAPI/AppController.php
View file

@ -10,10 +10,14 @@ class AppController extends ApiController
public function versionCheck(Request $req)
{
// validate params
$this->validateParams($req, [
$missing = $this->hasMissingParams($req, [
'version',
]);
if ($missing) {
return new ApiResponse(false, $missing);
}
$need_update = false;
$msg = 'Version is up to date.';

30
src/Controller/CustomerAppAPI/AuthController.php
View file

@ -17,14 +17,19 @@ class AuthController extends ApiController
public function register(Request $req)
{
// validate params
$this->validateParams($req, [
$missing = $this->hasMissingParams($req, [
'phone_model',
'os_type',
'os_version',
'phone_id',
]);
if ($missing) {
return new ApiResponse(false, $missing);
}
// retry until we get a unique id
/*
while (true) {
try {
// instantiate session
@ -54,20 +59,25 @@ class AuthController extends ApiController
break;
}
*/
// return data
return new ApiResponse(true, '', [
'session_id' => $sess->getID(),
'session_id' => 123, //$sess->getID(),
]);
}
public function confirmNumber(RisingTideGateway $rt, Request $req, TranslatorInterface $translator)
{
// validate request
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'phone_number'
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// phone number
$phone_number = $req->request->get('phone_number');
@ -116,10 +126,14 @@ class AuthController extends ApiController
public function validateCode(Request $req)
{
// validate request
$this->validateRequest($req, [
'code'
$validity = $this->validateRequest($req, [
'code',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// code is wrong
$code = $req->request->get('code');
if ($this->session->getConfirmCode() != $code) {
@ -156,7 +170,11 @@ class AuthController extends ApiController
public function resendCode(Request $req, RisingTideGateway $rt, TranslatorInterface $translator)
{
// validate request
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// already confirmed
if ($this->session->isConfirmed()) {

24
src/Controller/CustomerAppAPI/CustomerController.php
View file

@ -15,7 +15,11 @@ class CustomerController extends ApiController
public function getInfo(Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// if no customer found
$cust = $this->session->getCustomer();
@ -40,11 +44,15 @@ class CustomerController extends ApiController
public function updateInfo(Request $req)
{
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'first_name',
'last_name',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
$cust = $this->updateCustomerInfo($req);
$policy_mobile_id = $_ENV['POLICY_MOBILE'];
@ -64,7 +72,11 @@ class CustomerController extends ApiController
public function getStatus(Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// set data
$data = [];
@ -105,7 +117,11 @@ class CustomerController extends ApiController
public function getCustomerHash(Request $req, HashGenerator $hash)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();

6
src/Controller/CustomerAppAPI/DeviceController.php
View file

@ -10,10 +10,14 @@ class DeviceController extends ApiController
public function updateDeviceID(Request $req)
{
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'device_id',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
$device_id = $req->request->get('device_id');
$this->session->setDevicePushID($device_id);

6
src/Controller/CustomerAppAPI/EstimateController.php
View file

@ -16,13 +16,17 @@ class EstimateController extends ApiController
// $this->debugRequest($req);
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'service_type',
'cv_id',
// 'batt_id',
'trade_in',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// customer
$cust = $this->session->getCustomer();
if ($cust == null) {

66
src/Controller/CustomerAppAPI/JobOrderController.php
View file

@ -41,7 +41,11 @@ class JobOrderController extends ApiController
public function getOngoing(Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();
@ -79,10 +83,14 @@ class JobOrderController extends ApiController
public function getJOInvoice(Request $req)
{
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'jo_id',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get job order
$jo_id = $req->query->get('jo_id');
$jo = $this->em->getRepository(JobOrder::class)->find($jo_id);
@ -170,11 +178,15 @@ class JobOrderController extends ApiController
public function cancelJobOrder(Request $req, MQTTClient $mclient)
{
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'jo_id',
'reason',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get job order
$jo_id = $req->request->get('jo_id');
$jo = $this->em->getRepository(JobOrder::class)->find($jo_id);
@ -225,7 +237,11 @@ class JobOrderController extends ApiController
public function getJobOrderInfo($id, Request $req, RiderTracker $rt)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();
@ -256,7 +272,11 @@ class JobOrderController extends ApiController
public function getJOHistory(Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();
@ -364,7 +384,11 @@ class JobOrderController extends ApiController
public function getLatestJobOrder(Request $req, RiderTracker $rt)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();
@ -390,7 +414,11 @@ class JobOrderController extends ApiController
public function getAllOngoingJobOrders(Request $req, RiderTracker $rt)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();
@ -415,7 +443,11 @@ class JobOrderController extends ApiController
public function getOngoingJobOrderCount(Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();
@ -446,7 +478,7 @@ class JobOrderController extends ApiController
HubFilteringGeoChecker $hub_geofence
) {
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'service_type',
'cv_id',
'trade_in',
@ -456,6 +488,10 @@ class JobOrderController extends ApiController
'mode_of_payment',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// trade in type
$trade_in = $req->request->get('trade_in');
@ -898,7 +934,7 @@ class JobOrderController extends ApiController
HubFilteringGeoChecker $hub_geofence
) {
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'service_type',
'cv_id',
// 'batt_id',
@ -909,6 +945,10 @@ class JobOrderController extends ApiController
'mode_of_payment',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// trade in type
$trade_in = $req->request->get('trade_in');
@ -1210,7 +1250,11 @@ class JobOrderController extends ApiController
public function getCompletedJobOrders(Request $req, EntityManagerInterface $em, RiderTracker $rt)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();

24
src/Controller/CustomerAppAPI/LocationController.php
View file

@ -22,11 +22,15 @@ class LocationController extends ApiController
public function locationSupport(Request $req, GeofenceTracker $geo)
{
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'longitude',
'latitude',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
$long = $req->query->get('longitude');
$lat = $req->query->get('latitude');
@ -71,11 +75,15 @@ class LocationController extends ApiController
MapTools $map_tools
) {
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'longitude',
'latitude',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
$coordinates = new Point($req->query->get('longitude'), $req->query->get('latitude'));
// add checking if customer has a pre-registered hub
@ -119,7 +127,7 @@ class LocationController extends ApiController
public function addLocation(Request $req)
{
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'name',
'address',
'longitude',
@ -127,6 +135,10 @@ class LocationController extends ApiController
'landmark',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();
if ($cust == null) {
@ -176,7 +188,11 @@ class LocationController extends ApiController
public function getLocations(Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();

18
src/Controller/CustomerAppAPI/PartnerController.php
View file

@ -13,7 +13,11 @@ class PartnerController extends ApiController
public function getPartnerInformation(Request $req, $pid)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get partner
$partner = $this->em->getRepository(Partner::class)->findOneBy(['id' => $pid]);
@ -56,13 +60,17 @@ class PartnerController extends ApiController
public function getClosestPartners(Request $req)
{
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'longitude',
'latitude',
'service_id',
'limit',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
$long = $req->query->get('longitude');
$lat = $req->query->get('latitude');
$service_id = $req->query->get('service_id');
@ -120,11 +128,15 @@ class PartnerController extends ApiController
public function reviewPartner($pid, Request $req)
{
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'rating',
'message',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
$rating = $req->request->get('rating');
$msg = $req->request->get('message');

6
src/Controller/CustomerAppAPI/PrivacyController.php
View file

@ -12,11 +12,15 @@ class PrivacyController extends ApiController
public function privacySettings(Request $req)
{
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'priv_third_party',
// 'priv_promo',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();
if ($cust == null) {

6
src/Controller/CustomerAppAPI/PromoController.php
View file

@ -10,7 +10,11 @@ class PromoController extends ApiController
public function listPromos(Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// response
return new ApiResponse();

12
src/Controller/CustomerAppAPI/RiderController.php
View file

@ -17,7 +17,11 @@ class RiderController extends ApiController
public function getRiderStatus(Request $req, RiderTracker $rt)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();
@ -159,11 +163,15 @@ class RiderController extends ApiController
public function addRiderRating(Request $req)
{
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'jo_id',
'rating',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();
if ($cust == null) {

6
src/Controller/CustomerAppAPI/ScheduleController.php
View file

@ -12,7 +12,11 @@ class ScheduleController extends ApiController
public function scheduleOptionStatus(Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
$schedule_choice = true;

6
src/Controller/CustomerAppAPI/ServiceController.php
View file

@ -10,7 +10,11 @@ class ServiceController extends ApiController
public function listServices(Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// services
$results = $this->em->getRepository(Service::class)->findAll();

84
src/Controller/CustomerAppAPI/VehicleController.php
View file

@ -16,7 +16,11 @@ class VehicleController extends ApiController
public function listVehicleManufacturers(Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get manufacturer list
$mfgs = $this->em->getRepository(VehicleManufacturer::class)->findBy(['flag_mobile' => true], ['name' => 'asc']);
@ -37,7 +41,11 @@ class VehicleController extends ApiController
public function listVehicleMakes(Request $req, $mfg_id)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get manufacturer
$mfg = $this->em->getRepository(VehicleManufacturer::class)->find($mfg_id);
@ -77,19 +85,36 @@ class VehicleController extends ApiController
public function addVehicle(Request $req)
{
// check requirements
$this->checkVehicleRequirements($req);
$validity = $this->checkVehicleRequirements($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// customer vehicle
$cv = new CustomerVehicle();
// set object and return
$this->setCustomerVehicleObject($req, $cv);
// set object
$res = $this->setCustomerVehicleObject($req, $cv);
if (!$res['success']) {
return new ApiResponse(false, $res['error']);
}
// response
return new ApiResponse(true, '', [
'cv_id' => $res['cv_id'],
]);
}
public function updateVehicle(Request $req, $id)
{
// check requirements
$this->checkVehicleRequirements($req);
$validity = $this->checkVehicleRequirements($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer vehicle
$cv = $this->em->getRepository(CustomerVehicle::class)->find($id);
@ -104,14 +129,26 @@ class VehicleController extends ApiController
return new ApiResponse(false, 'Invalid vehicle.');
}
// set object and return
$this->setCustomerVehicleObject($req, $cv);
// set object
$res = $this->setCustomerVehicleObject($req, $cv);
if (!$res['success']) {
return new ApiResponse(false, $res['error']);
}
// response
return new ApiResponse(true, '', [
'cv_id' => $res['cv_id'],
]);
}
public function listVehicles(Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// customer
$cust = $this->session->getCustomer();
@ -167,7 +204,11 @@ class VehicleController extends ApiController
public function getCompatibleBatteries(Request $req, $vid)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get vehicle
$vehicle = $this->em->getRepository(Vehicle::class)->find($vid);
@ -212,7 +253,11 @@ class VehicleController extends ApiController
public function removeVehicle($id, Request $req)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// get customer
$cust = $this->session->getCustomer();
@ -243,7 +288,7 @@ class VehicleController extends ApiController
protected function checkVehicleRequirements(Request $req)
{
// validate params
$this->validateRequest($req, [
return $this->validateRequest($req, [
'make_id',
'name',
'plate_num',
@ -267,13 +312,19 @@ class VehicleController extends ApiController
// check customer
$cust = $this->session->getCustomer();
if ($cust == null) {
return new ApiResponse(false, 'No customer information found.');
return [
'success' => false,
'error' => 'No customer information found.',
];
}
// get vehicle
$vehicle = $this->em->getRepository(Vehicle::class)->find($req->request->get('make_id'));
if ($vehicle == null) {
return new ApiResponse(false, 'Invalid vehicle make id.');
return [
'success' => false,
'error' => 'Invalid vehicle make id.',
];
}
$cv->setCustomer($cust)
@ -311,9 +362,10 @@ class VehicleController extends ApiController
$this->em->flush();
// response
return new ApiResponse(true, '', [
return [
'success' => true,
'cv_id' => $cv->getID(),
]);
];
}
protected function normalizeString($string)

45
src/Controller/CustomerAppAPI/WarrantyController.php
View file

@ -20,10 +20,14 @@ class WarrantyController extends ApiController
public function activateWarranty(Request $req)
{
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'plate_number',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
$plate_number = $req->request->get('plate_number');
// find warranty using plate number
@ -51,7 +55,11 @@ class WarrantyController extends ApiController
public function warrantyCheck($serial, Request $req, WarrantyRaffleLogger $raffle_logger)
{
// validate params
$this->validateRequest($req);
$validity = $this->validateRequest($req);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// check if warranty serial is there
$serial = $this->cleanSerial($serial);
@ -264,13 +272,17 @@ class WarrantyController extends ApiController
WarrantyAPILogger $logger
) {
// validate params
$this->validateRequest($req, [
$validity = $this->validateRequest($req, [
'first_name',
'last_name',
'plate_number',
'date_purchase',
]);
if (!$validity['is_valid']) {
return new ApiResponse(false, $validity['error']);
}
// handle file uploads
$invoice = $req->files->get('invoice');
$warr_card = $req->files->get('warr_card');
@ -312,6 +324,9 @@ class WarrantyController extends ApiController
$source,
$raffle_logger
);
if (!$res['success']) {
return new ApiResponse(false, $res['error']);
}
$this->em->flush();
@ -403,7 +418,10 @@ class WarrantyController extends ApiController
// get serial
$warr_serial = $this->em->getRepository(WarrantySerial::class)->find($serial);
if ($warr_serial == null) {
return new ApiResponse(false, 'Invalid warranty serial code.');
return [
'success' => false,
'error' => 'Invalid warranty serial code.',
];
}
// check if warranty exists already
@ -431,7 +449,10 @@ class WarrantyController extends ApiController
$logger->logWarrantyInfo($log_data, $error_msg, $user_id, $action, $source);
// response
return new ApiResponse(false, $error_msg);
return [
'success' => false,
'error' => $error_msg,
];
}
$sms_msg = $trans->trans('warranty_update_confirm');
@ -459,7 +480,10 @@ class WarrantyController extends ApiController
$logger->logWarrantyInfo($log_data, $error_msg, $user_id, $action, $source);
// response
return new ApiResponse(false, $error_msg);
return [
'success' => false,
'error' => $error_msg,
];
}
}
@ -474,7 +498,10 @@ class WarrantyController extends ApiController
$logger->logWarrantyInfo($log_data, $error_msg, $user_id, $action, $source);
// response
return new ApiResponse(false, $error_msg);
return [
'success' => false,
'error' => $error_msg,
];
}
$customer = $this->session->getCustomer();
@ -562,7 +589,9 @@ class WarrantyController extends ApiController
$raffle_logger->logRaffleInfo($data_sent, $raffle_data);
// response
return new ApiResponse();
return [
'success' => true,
];
}
protected function findCustomerVehicle($customer, $plate_number)