Add support for client-specific API keys

Refactoring API. Added a contact update endpoint. Small misc changes.
2026-03-02 20:04:53 +00:00 · 2022-04-15 17:43:06 +01:00
parent bdd00c843d
commit e55622827d
26 changed files with 286 additions and 194 deletions
--- a/api/v1/contacts/contact_model.php
+++ b/api/v1/contacts/contact_model.php
@@ -0,0 +1,11 @@
+<?php
+$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
+$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
+$department = intval($_POST['contact_department']);
+$phone = preg_replace("/[^0-9]/", '',$_POST['contact_phone']);
+$extension = preg_replace("/[^0-9]/", '',$_POST['contact_extension']);
+$mobile = preg_replace("/[^0-9]/", '',$_POST['contact_mobile']);
+$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email'])));
+$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes'])));
+$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method'])));
+$location_id = intval($_POST['contact_location_id']);
--- a/api/v1/contacts/create.php
+++ b/api/v1/contacts/create.php
@@ -1,41 +1,34 @@
 <?php
 require('../validate_api_key.php');

-if($_SERVER['REQUEST_METHOD'] !== "POST"){
-  header("HTTP/1.1 405 Method Not Allowed");
-  $return_arr['success'] = "False";
-  $return_arr['message'] = "Can only send POST requests to this endpoint.";
-  echo json_encode($return_arr);
-  exit();
-}
+require('../require_post_method.php');

 // Parse Info
-$client_id = intval($_POST['client_id']);
-$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
-$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
-$department = intval($_POST['contact_department']);
-$phone = preg_replace("/[^0-9]/", '',$_POST['contact_phone']);
-$extension = preg_replace("/[^0-9]/", '',$_POST['contact_extension']);
-$mobile = preg_replace("/[^0-9]/", '',$_POST['contact_mobile']);
-$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email'])));
-$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes'])));
-$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method'])));
-$location_id = intval($_POST['location']);
+include('contact_model.php');

-if(!empty($name)){
-  // Insert contact
-  $insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
-  if($insert_sql){
-    $insert_id = $mysqli->insert_id;
+// Default
+$insert_id = FALSE;
+
+if(!empty($name) && !empty($email) && !empty($client_id)){
+
+  // Check contact with $email doesn't already exist
+  $email_duplication_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id = '$client_id'");
+
+  if(mysqli_num_rows($email_duplication_sql) == 0){
+
+    // Insert contact
+    $insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
+
+    // Check insert & get insert ID
+    if($insert_sql){
+      $insert_id = mysqli_insert_id($mysqli);
+      //Logging
+      mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
+      mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
+    }

-    //Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
  }
 }
-else{
-  $insert_id = FALSE;
-}

 // Output
 include('../create_output.php');
--- a/api/v1/contacts/read.php
+++ b/api/v1/contacts/read.php
@@ -6,18 +6,18 @@ require('../require_get_method.php');
 // Specific contact via ID (single)
 if(isset($_GET['contact_id'])){
    $id = intval($_GET['contact_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }

 // Specific contact via email (single)
 elseif(isset($_GET['contact_email'])){
    $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['contact_email'])));
-    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND company_id = '$company_id'");
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }

 // All contacts
 else{
-    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
+    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
 }

 // Output
--- a/api/v1/contacts/update.php
+++ b/api/v1/contacts/update.php
@@ -0,0 +1,28 @@
+<?php
+require('../validate_api_key.php');
+
+require('../require_post_method.php');
+
+// Parse Info
+$contact_id = intval($_POST['contact_id']);
+include('contact_model.php');
+
+// Default
+$update_id = FALSE;
+
+if(!empty($name) && !empty($email)){
+
+  $update_sql = mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_updated_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
+
+  // Check insert & get insert ID
+  if($update_sql){
+    $update_id = mysqli_affected_rows($mysqli);
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
+  }
+}
+
+// Output
+include('../update_output.php');