thurdata
/
whmcsBuilder


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190
							<?php

$debug = true;

/*
RewriteEngine On

# Erlaubt den direkten Zugriff auf bestehende Dateien und Verzeichnisse
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

# Leitet alle anderen Anfragen an index.php weiter
RewriteRule ^(.*)$ index.php [QSA,L]
*/

require_once __DIR__ . '/controllers/BackupController.php';
require_once __DIR__ . '/controllers/DeployDevController.php';
require_once __DIR__ . '/controllers/GetSSLDaysController.php';
require_once __DIR__ . '/controllers/ProdController.php';
require_once __DIR__ . '/controllers/QuotaController.php';

use application\controllers\BackupController;
use application\controllers\DeployDevController;
use application\controllers\GetSSLDaysController;
use application\controllers\ProdController;
use application\controllers\QuotaController;

const API_PASSWORD = 'your-secure-password';

function authenticateRequest() {
    $headers = getallheaders();
    $providedPassword = $headers['X-Api-Key'] ?? '';

    if ($providedPassword !== API_PASSWORD) {
        http_response_code(403);
        echo json_encode(['error' => 'Unauthorized']);
        exit;
    }
}

header('Content-Type: application/json');

$requestMethod = $_SERVER['REQUEST_METHOD'];
$requestUri = explode('/', trim($_SERVER['REQUEST_URI'], '/'));
$endpoint = $requestUri[0] ?? '';
$username = $requestUri[1] ?? '';
$domain = $requestUri[2] ?? '';
if(isset($_SERVER['CONTENT_TYPE'])) {
    $content_type = $_SERVER['CONTENT_TYPE'];
}
if ( $GLOBALS['debug'] == true) {
    error_log("ContentType: " . $content_type);
}
$phpData = file_get_contents("php://input");
if ($GLOBALS['debug'] == true) {
    error_log("phpData: " . $phpData);
}
$inputData = json_decode($phpData) ?? [];
$parameters = array();
if($inputData) {
    foreach($inputData as $param_name => $param_value) {
        $parameters[$param_name] = $param_value;
    }
}


authenticateRequest();

error_log("endpoint: " . $endpoint);
error_log("domain: " . $domain);
error_log("username: " . $username);

switch ($endpoint) {

    case 'deploydev':
        error_log("Request deploydev from " . get_client_ip());
        if ($GLOBALS['debug'] == true) {
            error_log("POST");
            error_log("Parameters: " . print_r($parameters, true));
            error_log("Admin-Name: \"" . $parameters["admin_name"] . "\"");
        }
        if ($requestMethod === 'POST' && !empty($username) && !empty($domain)) {
            DeployDevController::deploy(array_merge($parameters, ['username' => $username, 'domain' => $domain]));
        }
        break;
    case 'revertdev':
        error_log("Request revertdev from " . get_client_ip());
        if ($requestMethod === 'POST' && !empty($username) && !empty($domain)) {
            DeployDevController::revert(array_merge($parameters, ['username' => $username, 'domain' => $domain]));
        }
        break;
    case 'migrateprod':
        error_log("Request migrateprod from " . get_client_ip());
        if ($requestMethod === 'POST' && !empty($username) && !empty($domain)) {
            ProdController::migrateFromDev(array_merge($parameters, ['username' => $username, 'domain' => $domain]));
        }
        break;
    case 'disableprod':
        error_log("Request disableprod from " . get_client_ip());
        if ($requestMethod === 'GET' && !empty($username) && !empty($domain)) {
            ProdController::disable(array_merge($_POST, ['username' => $username, 'domain' => $domain]));
        }
        break;

    case 'enableprod':
        error_log("Request enableprod from " . get_client_ip());
        if ($requestMethod === 'GET' && !empty($username) && !empty($domain)) {
            ProdController::enable(array_merge($parameters, ['username' => $username, 'domain' => $domain]));
        }
        break;

    case 'isprodenabled':
        error_log("Request isprodenabled from " . get_client_ip());
        if ($requestMethod === 'GET' && !empty($username) && !empty($domain)) {
            ProdController::isenabled(array_merge($parameters, ['username' => $username, 'domain' => $domain]));
        }
        break;
    case 'getssldays':
        error_log("Request getssldays from " . get_client_ip());
        if ($requestMethod === 'GET' && !empty($username) && !empty($domain)) {
            GetSSLDaysController::getSSLDays(['username' => $username, 'domain' => $domain]);
        }
        break;
    case 'listbackups':
        error_log("Request listbackups from " . get_client_ip());
        if ($requestMethod === 'GET' && !empty($username)) {
            BackupController::listBackups(['username' => $username, 'domain' => $domain]);
        }
        break;
    case 'restorebackup':
        error_log("Request restorebackup from " . get_client_ip());
        if ($requestMethod === 'POST' && !empty($username) && !empty($domain)) {
            BackupController::restoreBackup(array_merge($parameters, ['username' => $username, 'domain' => $domain]));
        }
        break;
    case 'terminate':
        error_log("Request terminate from " . get_client_ip());
        if ($requestMethod === 'GET' && !empty($username)) {
            DeployDevController::terminate(array_merge($parameters, ['username' => $username, 'domain' => $domain]));
        }
        break;
    case 'ping':
        error_log("Request ping from " . get_client_ip());
        echo json_encode(['answer' => 'pong']);
        break;
    case 'getQuota':
        error_log("Request getquota from " . get_client_ip());
        if ($requestMethod === 'GET' && !empty($username)) {
            QuotaController::getQuota(['username' => $username]);
        }
        break;
    case 'getStats':
        error_log("Request getstats from " . get_client_ip());
        if ($requestMethod === 'GET') {
            QuotaController::getStats();
        }
        break;
    case 'setQuota':
        error_log("Request setquota from " . get_client_ip());
        if ($requestMethod === 'POST' && !empty($username)) {
            QuotaController::setQuota(array_merge($parameters, ['username' => $username]));
        }
        break;
    default:
        error_log("Error Request: " . $endpoint . " / " . $username ." / " . $domain);
        http_response_code(404);
        echo json_encode(['error' => 'Endpoint not found']);
        break;
}


function get_client_ip():string {
    $ipaddress = '';
    if (getenv('HTTP_CLIENT_IP'))
        $ipaddress = getenv('HTTP_CLIENT_IP');
    else if(getenv('HTTP_X_FORWARDED_FOR'))
        $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
    else if(getenv('HTTP_X_FORWARDED'))
        $ipaddress = getenv('HTTP_X_FORWARDED');
    else if(getenv('HTTP_FORWARDED_FOR'))
        $ipaddress = getenv('HTTP_FORWARDED_FOR');
    else if(getenv('HTTP_FORWARDED'))
        $ipaddress = getenv('HTTP_FORWARDED');
    else if(getenv('REMOTE_ADDR'))
        $ipaddress = getenv('REMOTE_ADDR');
    else
        $ipaddress = 'UNKNOWN';
    return $ipaddress;
}