package Mod::APIshareeio; # # SPDX-License-Identifier: AGPL-3.0-or-later # Copyright (c) Rainer Gümpelein, TeilRad GmbH # use warnings; use strict; use Exporter; our @ISA = qw (Exporter); use POSIX; use CGI; use Apache2::Const -compile => qw(OK ); use JSON; use Scalar::Util qw(looks_like_number); use Config::General; use Lib::Config; use Mod::DBtank; use Mod::Basework; use Mod::Shareework; use Mod::APIfunc; use Data::Dumper; sub handler { my ($r) = @_; my $q = new CGI; my $netloc = $q->url(-base=>1); $q->import_names('R'); my $json = JSON->new->allow_nonref; my $cf = new Config; my $dbt = new DBtank; my $bw = new Basework; my $tk = new Shareework; my $apif = new APIfunc; my $dbh = ""; my %varenv = $cf->envonline(); my $oprefix = $dbt->{operator}->{$varenv{dbname}}->{oprefix}; my $now_dt = strftime "%Y-%m-%d %H:%M:%S", localtime; my @keywords = $q->param; my $user_agent = $q->user_agent(); my $aowner = 168; my $dbh = ""; my $api_file = "/var/www/copri4/shareeconf/apikeys.cfg"; my $aconf = Config::General->new($api_file); my %apikeyconf = $aconf->getall; my %headers = map { $_ => $q->http($_) } $q->http(); $bw->log("APIshareeio request:\n--> user-agent '$user_agent' ",$q,""); $bw->log("headers:",\%headers,""); #for my $header ( keys %headers ) { # print "$header: $headers{$header}\n"; #} print $q->header(-type => "application/json", -charset => "utf-8", -'Access-Control-Allow-Origin' => "*"); my $response = { response_state => "OK, nothing todo", }; my $http_sharee_api_key = $headers{HTTP_SHAREE_API_KEY} || $R::HTTP_SHAREE_API_KEY || ""; if(!$apikeyconf{shareeio}->{sharee_api_key} || !$http_sharee_api_key || $apikeyconf{shareeio}->{sharee_api_key} ne $http_sharee_api_key){ $response->{response_state} = "Failure: access denied, api-key doesn't match"; $bw->log("Failure: access denied, api-key doesn't match",$q,""); my $jrout = $json->pretty->encode({shareeio => $response}); print $jrout; return Apache2::Const::OK; exit 0; } foreach(@keywords){ if(length($_) > 20 || length($q->param($_)) > 40){ $response->{response_state} = "Failure 9000: amount of characters in $_ exceeds"; $bw->log("Failure 9000: amount of characters in $_ exceeds",$q,""); my $jrout = $json->pretty->encode({shareeio => $response}); print $jrout; return Apache2::Const::OK; exit 0; } } #sig booking_update if($R::request && $R::request eq "booking_update"){ my $rentalId = $q->escapeHTML($R::rentalId) || ""; my $rows = 0; my $booking_values = {}; if($rentalId){ if($R::state && $R::lock_state && $R::state eq "available" && $R::lock_state eq "locked"){ my $ctpos = {}; my $booking_pos = { table => "contenttranspos", fetch => "one", txt11 => "$rentalId", int10 => "IN::('2','3')", #ca_id => "$authraw->{c_id}",#sig doesn't know uid }; $ctpos = $dbt->fetch_tablerecord($dbh,$booking_pos); if(ref($ctpos) eq "HASH" && $ctpos->{txt22} && $ctpos->{txt11}){ my $sig_book = { bikeId => $ctpos->{txt22}, rentalId => $ctpos->{txt11}, reservationId => "" }; my $authraw = { c_id => "" }; $authraw->{c_id} = $ctpos->{ca_id} if($ctpos->{ca_id}); $q->param(-name=>'bike',-value=>"$ctpos->{ct_name}") if($ctpos->{ct_name}); ($rows, $booking_values) = $apif->booking_update($q,\%varenv,$authraw,$aowner,$sig_book) if($authraw->{c_id}); $response = {%$response, %$booking_values}; }else{ $response->{response_state} = "Failure: there is no rental with rentalID=$rentalId"; } }else{ $response->{response_state} = "Failure: syntax failure"; } }else{ $response->{response_state} = "Failure: no rentalId defined"; } }#end sig booking_update #end RESTful ------------------------------------------------------------ #FINAL JSON response OUTPUT ---------------------------------------------------------- my $jrout = $json->pretty->encode({shareeio => $response}); print $jrout; $bw->log("APIjsonserver response by $user_agent mapped aowner:$aowner",$jrout,""); #end JSON ---------------------------------------------------------------------------- return Apache2::Const::OK; }#end handler 1;