Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 18:27:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2dce04d71fd592f5f8bcbc544cbc2ba29a655f33
wavelog/application/controllers/Api.php
int2001 93a6e10662 URGENT: Securityfix for new API
2026-02-20 13:43:13 +00:00

1436 lines
47 KiB
PHP
Raw Blame History

<?php
use Wavelog\Dxcc\Dxcc;
require_once APPPATH . '../src/Dxcc/Dxcc.php';
if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class API extends CI_Controller {
function index() {
$this->load->model('user_model');
if(!$this->user_model->authorize(3)) { $this->session->set_flashdata('error', __("You're not allowed to do that!")); redirect('dashboard'); }
$this->load->model('api_model');
$this->load->library('form_validation');
$data['api_keys'] = $this->api_model->keys();
$data['clubmode'] = $this->session->userdata('clubstation') == 1 ? true : false;
$data['page_title'] = __("API");
$this->load->view('interface_assets/header', $data);
$this->load->view('api/index');
$this->load->view('interface_assets/footer');
}
// legacy
function help() {
redirect('api');
}
/**
* Check rate limit for current endpoint
* Only enforced if api_rate_limits config is set
*
* returns True if request is allowed, false if rate limited
*/
protected function check_rate_limit($endpoint, $identifier = null) {
if (!$this->load->is_loaded('rate_limit')) {
$this->load->library('rate_limit');
}
$result = $this->rate_limit->check($endpoint, $identifier);
if (!$result['allowed']) {
log_message("Debug","Rate limit for endpoint ".$endpoint." and ID: ".($identifier ?? '')." exceeded");
$this->rate_limit->send_limit_exceeded_response($result['retry_after']);
return false;
}
return true;
}
function edit($key) {
$this->load->model('user_model');
if(!$this->user_model->authorize(3)) { $this->session->set_flashdata('error', __("You're not allowed to do that!")); redirect('dashboard'); }
$this->load->model('api_model');
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$this->form_validation->set_rules('api_desc', __("API Description"), 'required');
$this->form_validation->set_rules('api_key', __("API Key is required. Do not change this field"), 'required');
$data['api_info'] = $this->api_model->key_description($key);
if ($this->form_validation->run() == FALSE) {
$data['page_title'] = __("Edit API Description");
$this->load->view('interface_assets/header', $data);
$this->load->view('api/description');
$this->load->view('interface_assets/footer');
} else {
// Success!
$this->api_model->update_key_description($this->input->post('api_key'), $this->input->post('api_desc'));
$this->session->set_flashdata('notice', sprintf(__("API Key %s description has been updated."), "<b>".$this->input->post('api_key')."</b>"));
redirect('api');
}
}
function generate($rights) {
$this->load->model('user_model');
if(!$this->user_model->authorize(3)) { $this->session->set_flashdata('error', __("You're not allowed to do that!")); redirect('dashboard'); }
if ($rights !== "r" && $rights !== "rw") {
$this->session->set_flashdata('error', __("Invalid API rights"));
redirect('api');
exit;
}
$this->load->model('api_model');
if ($this->session->userdata('clubstation') == 1 && $this->session->userdata('impersonate') == 1) {
$creator = $this->session->userdata('source_uid');
} else {
$creator = $this->session->userdata('user_id');
}
if ($this->api_model->generate_key($rights, $creator)) {
$this->session->set_flashdata('success', __("API Key generated"));
} else {
$this->session->set_flashdata('error', __("API Key could not be generated"));
}
redirect('api');
}
function delete($key) {
$this->load->model('user_model');
if(!$this->user_model->authorize(3)) { $this->session->set_flashdata('error', __("You're not allowed to do that!")); redirect('dashboard'); }
$this->load->model('api_model');
$this->api_model->delete_key($key);
$this->session->set_flashdata('notice', sprintf(__("API Key %s has been deleted"), "<b>".$key."</b>" ));
redirect('api');
}
// Example of authing
function auth($key = '') {
$this->load->model('api_model');
header("Content-type: text/xml");
if($this->api_model->access($key) == "No Key Found" || $this->api_model->access($key) == "Key Disabled") {
echo "<auth>";
echo "<message>Key Invalid - either not found or disabled</message>";
echo "</auth>";
} else {
echo "<auth>";
echo "<status>Valid</status>";
echo "<rights>".$this->api_model->access($key)."</rights>";
echo "</auth>";
$this->api_model->update_last_used($key);
}
}
function create_station($key = '') {
$this->load->model('api_model');
if ($this->api_model->access($key) == "No Key Found" || $this->api_model->access($key) == "Key Disabled") {
$this->output->set_status_header(401)->set_content_type('application/json')->set_output(json_encode(['status' => 'error', 'message' => 'Auth Error, invalid key']));
return;
}
$this->load->model('club_model');
$userid = $this->api_model->key_userid($key);
$created_by = $this->api_model->key_created_by($key);
$club_perm = $this->club_model->get_permission_noui($userid,$created_by);
if ($userid != $created_by) { // We're dealing with a Club Member/Member ADIF or Clubofficer
if ((($club_perm ?? 0) == 3) || (($club_perm ?? 0) == 6)) { // Member or ADIF-Member? DENY
$this->output->set_status_header(401)->set_content_type('application/json')->set_output(json_encode(['status' => 'error', 'message' => 'Auth Error, not enough grants for this operation']));
return;
}
}
try {
$raw = file_get_contents("php://input");
if ($raw === false) {
throw new Exception("Failed to read input data");
}
if (empty($raw)) {
$this->output->set_status_header(400)->set_content_type('application/json')->set_output(json_encode(['status' => 'error', 'message' => 'No file uploaded']));
return;
}
$raw = preg_replace('#<([eE][oO][rR])>[\r\n\t]+#', '<$1>', $raw);
if ($raw === null) {
throw new Exception("Regex processing failed");
}
$locations = json_decode($raw, true);
if ($locations === null) {
$this->output->set_status_header(400)->set_content_type('application/json')->set_output(json_encode(['status' => 'error', 'message' => 'Invalid JSON file']));
return;
}
// If a single station object is posted (not an array), wrap it in an array
if (isset($locations['station_callsign']) || isset($locations['station_profile_name'])) {
$locations = [$locations];
}
} catch (Exception $e) {
$this->output->set_status_header(500)->set_content_type('application/json')->set_output(json_encode(['status' => 'error', 'message' => 'Processing error: ' . $e->getMessage()]));
}
$this->load->model('stationsetup_model');
$imported = $this->stationsetup_model->import_locations_parse($locations,$userid);
if (($imported[0] ?? '0') == 'limit') {
$this->output->set_status_header(201)->set_content_type('application/json')->set_output(json_encode(['status' => 'success', 'message' => ($imported[1] ?? '0')." locations imported. Maximum limit of 1000 locations reached."]));
} else {
if (($imported[1] ?? 0) == 0) {
$this->output->set_status_header(200)->set_content_type('application/json')->set_output(json_encode(['status' => 'dupe', 'message' => ($imported[1] ?? '0')." locations imported."]));
} else {
$this->output->set_status_header(201)->set_content_type('application/json')->set_output(json_encode(['status' => 'success', 'message' => ($imported[1] ?? '0')." locations imported."]));
}
}
}
function station_info($key = '') {
$this->load->model('api_model');
$this->load->model('stations');
header("Content-type: application/json");
if(substr($this->api_model->access($key),0,1) == 'r') { /* Check permission for reading */
$this->api_model->update_last_used($key);
$userid = $this->api_model->key_userid($key);
$station_ids = array();
$stations=$this->stations->all_of_user($userid);
foreach ($stations->result() as $row) {
$result['station_id']=$row->station_id;
$result['station_profile_name']=$row->station_profile_name;
$result['station_gridsquare']=$row->station_gridsquare;
$result['station_callsign']=$row->station_callsign;;
$result['station_active']=$row->station_active;
$result['station_uuid']=$row->station_uuid;
array_push($station_ids, $result);
}
echo json_encode($station_ids);
} else {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing or invalid api key"]);
}
}
function check_auth($key = '') {
$this->load->model('api_model');
if($this->api_model->access($key ?? '') == "No Key Found" || $this->api_model->access($key ?? '') == "Key Disabled") {
// set the content type as json
header("Content-type: application/json");
// set the http response code to 401
http_response_code(401);
// return the json with the status as failed
echo json_encode(['status' => 'failed', 'reason' => "missing or invalid api key"]);
} else {
// set the content type as json
header("Content-type: application/json");
// set the http response code to 200
http_response_code(200);
// return the json
echo json_encode(['status' => 'valid', 'rights' => $this->api_model->access($key ?? '')]);
}
}
/*
*
* Function: QSO
* Task: allows passing of ADIF data to Wavelog
*/
function qso($dryrun = false) {
header('Content-type: application/json');
set_time_limit(0);
ini_set('memory_limit', '-1');
session_write_close();
$this->load->model('api_model');
$this->load->model('stations');
$this->load->model('club_model');
if (!$this->load->is_loaded('Qra')) {
$this->load->library('Qra');
}
$return_msg = array();
$return_count = 0;
// Decode JSON and store
$raw = file_get_contents("php://input");
$raw = $raw = preg_replace('#<([eE][oO][rR])>[\r\n\t]+#', '<$1>', $raw);
$obj = json_decode($raw,true);
if ($obj === NULL) {
log_message("Debug",'API Call 200. Wrong JSON provided: '.$raw);
echo json_encode(['status' => 'failed', 'reason' => "wrong JSON"]);
die();
}
// Check rate limit
$identifier = isset($obj['key']) ? $obj['key'] : null;
$this->check_rate_limit('qso', $identifier);
$raw='';
if(!isset($obj['key']) || $this->api_model->authorize($obj['key']) == 0) {
http_response_code(401);
log_message("Debug",'API Call 401. Invalid API Key: '.($obj['key'] ?? 'N/A'));
echo json_encode(['status' => 'failed', 'reason' => "missing or wrong api key"]);
die();
}
$userid = $this->api_model->key_userid($obj['key']);
$created_by = $this->api_model->key_created_by($obj['key']);
$club_perm = $this->club_model->get_permission_noui($userid,$created_by);
/**
* As the API key user could use it also for clubstations we need to do an additional check here. Only if clubstations are enabled
*
* In Detail:
* If the user is not the creator of the API key, it's likely a clubstation. In this case the callsign of the clubstation
* can not be the same as the callsign of the user (operator call provided by the user). If this is the case, we need to use the callsign of the creator of the API key
*/
$real_operator = null; // real_operator is only filled if its a clubstation and the used key is created by an OP. otherwise its null
if ($this->config->item('special_callsign')) {
if ($userid != $created_by) {
$this->load->model('user_model');
$real_operator = $this->user_model->get_by_id($created_by)->row()->user_callsign;
} else {
$real_operator = null;
}
}
$this->api_model->update_last_used(($obj['key']));
if(!isset($obj['station_profile_id']) || $this->stations->check_station_against_user($obj['station_profile_id'], $userid) == false) {
http_response_code(401);
log_message("Debug",'API Call 401: Wrong station_id '.($obj['station_profile_id'] ?? 'N/A').' for User '.$userid);
echo json_encode(['status' => 'failed', 'reason' => "station id does not belong to the API key owner."]);
die();
}
$mystation=$this->stations->profile_clean($obj['station_profile_id']);
$mygrid=($mystation->station_gridsquare ?? '');
if($obj['type'] == "adif" && $obj['string'] != "") {
// Load the logbook model for adding QSO records
$this->load->model('logbook_model');
// Load ADIF Parser
if (!$this->load->is_loaded('adif_parser')) {
$this->load->library('adif_parser');
}
// Feed in the ADIF string
$this->adif_parser->feed($obj['string']);
$obj['string']='';
$return_msg=[];
$adif_count=0;
$adif_errors=0;
if( !($dryrun) && (isset($obj['station_profile_id']))) {
$custom_errors = "";
$alladif=[];
gc_collect_cycles();
while($record = $this->adif_parser->get_record()) {
if(!(isset($record['call'])) || (trim($record['call']) == '')) {
continue;
}
if(count($record) == 0) {
break;
}
// Handle slashed zeros
$record['call'] = str_replace('Ø', "0", $record['call']);
if (($record['operator'] ?? '') != '') {
$record['operator'] = str_replace('Ø', "0", $record['operator']);
}
if (($record['station_callsign'] ?? '') != '') {
$record['station_callsign'] = str_replace('Ø', "0", $record['station_callsign']);
}
if (($record['owner_callsign'] ?? '') != '') {
$record['owner_callsign'] = str_replace('Ø', "0", $record['owner_callsign']);
}
// in case the provided op call is the same as the clubstation callsign, we need to use the creator of the API key as the operator
$recorded_operator = $record['operator'] ?? '';
if (key_exists('operator',$record) && $real_operator != null && ($record['operator'] == $record['station_callsign']) || ($recorded_operator == '')) {
$record['operator'] = $real_operator;
}
// in case the caller is an OP for a clubstation (real_operator is filled - see above) and the OP only has level 3 or 6 - take the OP from real_operator!
if ($real_operator != null && ((($club_perm ?? 0) == 3) || (($club_perm ?? 0) == 6))) {
$record['operator'] = $real_operator;
}
if ((key_exists('gridsquare',$record)) && (($mygrid ?? '') != '') && (($record['gridsquare'] ?? '') != '') && (!(key_exists('distance',$record)))) {
$record['distance'] = $this->qra->distance($mygrid, $record['gridsquare'], 'K');
}
array_push($alladif,$record);
$adif_count++;
};
$record=''; // free memory
gc_collect_cycles();
$result = $this->logbook_model->import_bulk($alladif, $obj['station_profile_id'], true, false, false, false, false, false, false, false, true, false, true, false);
$custom_errors = $result['errormessage'];
if ($custom_errors) {
$adif_errors++;
}
$alladif=[];
$return_msg[]='';
} else {
$return_msg[]='Dryrun works';
}
if ($adif_errors == 0) {
http_response_code(201);
log_message("Debug",'API Call 201: QSO created for Station-ID: '.($obj['station_profile_id'] ?? 'N/A').' and User: '.$userid);
echo json_encode(['status' => 'created', 'type' => $obj['type'], 'string' => $obj['string'], 'adif_count' => $adif_count, 'adif_errors' => $adif_errors, 'messages' => $return_msg ]);
} else {
$return_msg[]=$custom_errors;
log_message("Debug",'API Call 400: QSO NOT created for Station-ID: '.($obj['station_profile_id'] ?? 'N/A').' and User: '.$userid.' Reason: '.implode($return_msg));
http_response_code(400);
echo json_encode(['status' => 'abort', 'type' => $obj['type'], 'string' => $obj['string'], 'adif_count' => $adif_count, 'adif_errors' => $adif_errors, 'messages' => $return_msg ]);
}
}
}
/*
*
* Function: get_contacts_adif
* Task: allows third party software to pull ADIF QSO data from wavelog after a baseline of the last fetched QSO id
*/
function get_contacts_adif() {
//set header
header('Content-type: application/json');
//load API model
$this->load->model('api_model');
// Decode JSON and store
$obj = json_decode(file_get_contents("php://input"), true);
if ($obj === NULL) {
http_response_code(400);
echo json_encode(['status' => 'failed', 'reason' => "wrong JSON"]);
return;
}
//do authorization
if(!isset($obj['key']) || $this->api_model->authorize($obj['key']) == 0) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing api key"]);
return;
}
//check for relevant fields in JSON input
if(!isset($obj['station_id']) or !isset($obj['fetchfromid']))
{
http_response_code(400);
echo json_encode(['status' => 'failed', 'reason' => "Not all required fields were present in input JSON"]);
return;
}
//extract relevant data to variables
$key = $obj['key'];
$station_id = $obj['station_id'];
$fetchfromid = $obj['fetchfromid'];
$limit = 20000;
if ( (array_key_exists('limit',$obj)) && (is_numeric($obj['limit']*1)) ) {
$limit = $obj['limit'];
}
//check if goalpost is numeric as an additional layer of SQL injection prevention
if(!is_numeric($fetchfromid))
{
http_response_code(400);
echo json_encode(['status' => 'failed', 'reason' => "Invalid fetchfromid."]);
return;
}
//make sure the goalpost is an integer
$fetchfromid = (int)$fetchfromid;
//load stations API
$this->load->model('stations');
//get all stations of user to check if station_id should be readable
$userid = $this->api_model->key_userid($key);
$station_ids = array();
$stations=$this->stations->all_of_user($userid);
//extract to array
foreach ($stations->result() as $row) {
array_push($station_ids, $row->station_id);
}
//return error if station not accessible for the API key
if(!in_array($station_id, $station_ids)) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "Station ID not accessible for this API key"]);
return;
}
//load adif data module
$this->load->model('adif_data');
$this->load->library('AdifHelper');
// Initialize tracking variables
$total_fetched = 0;
$all_qso_ids = [];
$lastfetchedid = $fetchfromid;
// Process in chunks to avoid memory issues
$chunk_size = 5000;
$remaining_limit = $limit;
$offset = 0;
// Start building ADIF content
$adif_content = $this->adifhelper->getAdifHeader($this->config->item('app_name'),$this->optionslib->get_option('version'));
do {
// Calculate chunk size for this iteration
$current_chunk_size = min($chunk_size, $remaining_limit);
// Fetch chunk
$qsos = $this->adif_data->export_past_id_chunked($station_id, $fetchfromid, $current_chunk_size, null, $offset, $current_chunk_size);
if ($qsos && $qsos->num_rows() > 0) {
// Process chunk
foreach ($qsos->result() as $row) {
// Build ADIF content directly
$adif_content .= $this->adifhelper->getAdifLine($row);
// Track data for response
$all_qso_ids[] = $row->COL_PRIMARY_KEY;
$lastfetchedid = max($lastfetchedid, $row->COL_PRIMARY_KEY);
$total_fetched++;
}
// Free memory
$qsos->free_result();
// Update tracking
$remaining_limit -= $qsos->num_rows();
$offset += $qsos->num_rows();
// Stop if we've hit the requested limit
if ($total_fetched >= $limit) {
break;
}
}
// Continue if we got a full chunk and haven't hit the limit
} while ($qsos && $qsos->num_rows() > 0 && $total_fetched < $limit);
// Return response (same format as original)
if($total_fetched <= 0) {
http_response_code(200);
echo json_encode(['status' => 'successfull', 'message' => 'No new QSOs available.', 'lastfetchedid' => $fetchfromid, 'exported_qsos' => 0, 'adif' => null]);
} else {
http_response_code(200);
echo json_encode(['status' => 'successfull', 'message' => 'Export successfull', 'lastfetchedid' => $lastfetchedid, 'exported_qsos' => $total_fetched, 'adif' => $adif_content]);
}
}
// API function to check if a callsign is in the logbook already
function logbook_check_callsign() {
header('Content-type: application/json');
$this->load->model('api_model');
// Decode JSON and store
$obj = json_decode(file_get_contents("php://input"), true);
if ($obj === NULL) {
echo json_encode(['status' => 'failed', 'reason' => "wrong JSON"]);
return;
}
if(!isset($obj['key']) || $this->api_model->authorize($obj['key']) == 0) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing api key"]);
return;
}
if(!isset($obj['logbook_public_slug']) || !isset($obj['callsign'])) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing fields"]);
return;
}
if($obj['logbook_public_slug'] != "" && $obj['callsign'] != "") {
$logbook_slug = $obj['logbook_public_slug'];
$callsign = $obj['callsign'];
// If $obj['band'] exists
if(isset($obj['band'])) {
$band = $obj['band'];
} else {
$band = null;
}
$this->load->model('logbooks_model');
if($this->logbooks_model->public_slug_exists($logbook_slug)) {
$logbook_id = $this->logbooks_model->public_slug_exists_logbook_id($logbook_slug);
if($logbook_id != false)
{
// Get associated station locations for mysql queries
$logbooks_locations_array = $this->logbooks_model->list_logbook_relationships($logbook_id);
if (!$logbooks_locations_array) {
// Logbook not found
http_response_code(404);
echo json_encode(['status' => 'failed', 'reason' => "Empty Logbook"]);
die();
}
} else {
// Logbook not found
http_response_code(404);
echo json_encode(['status' => 'failed', 'reason' => $logbook_slug." has no associated station locations"]);
die();
}
// Search Logbook for callsign
$this->load->model('logbook_model');
$result = $this->logbook_model->check_if_callsign_worked_in_logbook($callsign, $logbooks_locations_array, $band);
http_response_code(201);
if($result > 0)
{
echo json_encode(['callsign' => $callsign, 'result' => 'Found']);
} else {
echo json_encode(['callsign' => $callsign, 'result' => 'Not Found']);
}
} else {
// Logbook not found
http_response_code(404);
echo json_encode(['status' => 'failed', 'reason' => "logbook not found"]);
die();
}
}
}
// API function to check if a grid is in the logbook already
function logbook_check_grid() {
header('Content-type: application/json');
$this->load->model('api_model');
// Decode JSON and store
$obj = json_decode(file_get_contents("php://input"), true);
if ($obj === NULL) {
echo json_encode(['status' => 'failed', 'reason' => "wrong JSON"]);
}
if(!isset($obj['key']) || $this->api_model->authorize($obj['key']) == 0) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing api key"]);
}
if(!isset($obj['logbook_public_slug']) || !isset($obj['grid'])) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing fields"]);
return;
}
if($obj['logbook_public_slug'] != "" && $obj['grid'] != "") {
$logbook_slug = $obj['logbook_public_slug'];
$grid = $obj['grid'];
// If $obj['band'] exists
if(isset($obj['band'])) {
$band = $obj['band'];
} else {
$band = null;
}
// If $obj['cnfm'] exists
if(isset($obj['cnfm'])) {
$cnfm = $obj['cnfm'];
} else {
$cnfm = null;
}
$this->load->model('logbooks_model');
if($this->logbooks_model->public_slug_exists($logbook_slug)) {
$logbook_id = $this->logbooks_model->public_slug_exists_logbook_id($logbook_slug);
if($logbook_id != false)
{
// Get associated station locations for mysql queries
$logbooks_locations_array = $this->logbooks_model->list_logbook_relationships($logbook_id);
if (!$logbooks_locations_array) {
// Logbook not found
http_response_code(404);
echo json_encode(['status' => 'failed', 'reason' => "Empty Logbook"]);
die();
}
} else {
// Logbook not found
http_response_code(404);
echo json_encode(['status' => 'failed', 'reason' => $logbook_slug." has no associated station locations"]);
die();
}
// Search Logbook for callsign
$this->load->model('logbook_model');
$query = $this->logbook_model->check_if_grid_worked_in_logbook($grid, $logbooks_locations_array, $band, $cnfm);
http_response_code(201);
if ($query->num_rows() == 0) {
echo json_encode(['gridsquare' => strtoupper($grid), 'result' => 'Not Found']);
} else if ($cnfm == null) {
echo json_encode(['gridsquare' => strtoupper($grid), 'result' => 'Found']);
} else {
$arr = [];
foreach($query->result() as $line) {
$arr[] = $line->gridorcnfm;
}
if (in_array('Y', $arr)) {
echo json_encode(['gridsquare' => strtoupper($grid), 'result' => 'Confirmed']);
} else {
echo json_encode(['gridsquare' => strtoupper($grid), 'result' => 'Worked']);
}
}
} else {
// Logbook not found
http_response_code(404);
echo json_encode(['status' => 'failed', 'reason' => "logbook not found"]);
die();
}
}
}
// API function to check if a grid is in the logbook already
function logbook_get_worked_grids() {
$arr = array();
header('Content-type: application/json');
$this->load->model('api_model');
$obj = json_decode(file_get_contents("php://input"), true);
if ($obj === NULL) {
echo json_encode(['status' => 'failed', 'reason' => "wrong JSON"]);
die();
}
// Check rate limit
$identifier = isset($obj['key']) ? $obj['key'] : null;
$this->check_rate_limit('logbook_get_worked_grids', $identifier);
if(!isset($obj['key']) || $this->api_model->authorize($obj['key']) == 0) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing api key"]);
die();
}
$api_user_id = $this->api_model->key_userid($obj['key']);
if(!isset($obj['logbook_public_slug'])) {
http_response_code(400);
echo json_encode(['status' => 'failed', 'reason' => "missing fields"]);
return;
}
if($obj['logbook_public_slug'] != "") {
$logbook_slug = $obj['logbook_public_slug'];
if(isset($obj['band'])) {
$band = $obj['band'];
} else {
$band = null;
}
if(isset($obj['cnfm'])) {
$cnfm = $obj['cnfm'];
} else {
$cnfm = null;
}
$this->load->model('logbooks_model');
if(!$this->logbooks_model->public_slug_belongs_to_user($logbook_slug, $api_user_id)) {
http_response_code(403);
echo json_encode(['status' => 'failed', 'reason' => "logbook does not belong to this api key"]);
die();
}
if($this->logbooks_model->public_slug_exists($logbook_slug)) {
$logbook_id = $this->logbooks_model->public_slug_exists_logbook_id($logbook_slug);
if($logbook_id != false)
{
$logbooks_locations_array = $this->logbooks_model->list_logbook_relationships($logbook_id);
if (!$logbooks_locations_array) {
http_response_code(404);
echo json_encode(['status' => 'failed', 'reason' => "Empty Logbook"]);
die();
}
} else {
http_response_code(404);
echo json_encode(['status' => 'failed', 'reason' => $logbook_slug." has no associated station locations"]);
die();
}
$this->load->model('logbook_model');
$arr = $this->api_model->get_grids_worked_in_logbook($logbooks_locations_array, $band, $cnfm);
http_response_code(201);
echo json_encode($arr);
} else {
http_response_code(404);
echo json_encode(['status' => 'failed', 'reason' => "logbook not found"]);
die();
}
}
}
/* ENDPOINT for Rig Control */
function radio() {
session_write_close();
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { // Preflight CORS-Check: Allow posting from web-application as well (key is still needed!)
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');
header('Access-Control-Max-Age: 86400');
http_response_code(200);
exit(0);
}
header('Access-Control-Allow-Origin: *'); // Allow posting from web-application as well (key is still needed!)
header('Content-type: application/json');
$this->load->model('api_model');
//$json = '{"radio":"FT-950","frequency":14075,"mode":"SSB","timestamp":"2012/04/07 16:47"}';
$this->load->model('cat');
//var_dump(file_get_contents("php://input"), true);
// Decode JSON and store
$obj = json_decode(file_get_contents("php://input"), true);
// Check rate limit
$identifier = isset($obj['key']) ? $obj['key'] : null;
$this->check_rate_limit('radio', $identifier);
if(!isset($obj['key']) || $this->api_model->authorize($obj['key']) == 0) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing api key"]);
die();
}
if(!isset($obj['radio'])) {
http_response_code(404);
echo json_encode(['status' => 'failed', 'reason' => "missing radio element in payload"]);
die();
}
$this->api_model->update_last_used($obj['key']);
$user_id = $this->api_model->key_userid($obj['key']);
$created_by = $this->api_model->key_created_by($obj['key']);
// Clubmode needs an additional check for the operator
if ($user_id != $created_by) {
$operator = $created_by;
} else {
$operator = $user_id;
}
// Special Case: Yaesu Radio's use CW-U and CW-L which aren't official ADIF Modes. Flex 3000 uses CWU and CWL. Icom uses CW-R. We override this here to CW
switch (strtoupper($obj['mode'] ?? '')) {
case 'CW-U':
case 'CW-L':
case 'CW-R':
case 'CWU':
case 'CWL':
$obj['mode'] = 'CW';
break;
case 'RTTY-L':
case 'RTTY-U':
case 'RTTY-R':
$obj['mode'] = 'RTTY';
break;
case 'USB-D':
case 'USB-D1':
$obj['mode'] = 'USB';
break;
case 'LSB-D':
case 'LSB-D1':
$obj['mode'] = 'LSB';
break;
}
// Handle optional cat_url
if (isset($obj['cat_url']) && !empty($obj['cat_url'])) {
$cat_url = $this->sanitize_cat_url($obj['cat_url']);
if ($cat_url !== false) {
$obj['cat_url'] = $cat_url;
}
}
// Store Result to Database
$this->cat->update($obj, $user_id, $operator);
// Return Message
$arr = array('status' => 'success');
echo json_encode($arr);
}
/*
*
* Stats API function calls
*
*/
function statistics($key = null) {
$this->load->model('api_model');
if ((($key ?? '') != '') && ($this->api_model->authorize($key) != 0)) {
$this->load->model('logbook_model');
$qso_counts = $this->logbook_model->get_qso_counts(null, $key);
$data['todays_qsos'] = $qso_counts['today'];
$data['total_qsos'] = $qso_counts['total'];
$data['month_qsos'] = $qso_counts['month'];
$data['year_qsos'] = $qso_counts['year'];
} else { # for Downcompat
$data['todays_qsos'] = 0;
$data['total_qsos'] = 0;
$data['month_qsos'] = 0;
$data['year_qsos'] = 0;
}
header('Content-type: application/json');
http_response_code(201);
echo json_encode(['Today' => $data['todays_qsos'], 'total_qsos' => $data['total_qsos'], 'month_qsos' => $data['month_qsos'], 'year_qsos' => $data['year_qsos']]);
}
function private_lookup() {
// Lookup Callsign and dxcc for further informations. UseCase: e.g. external Application which checks calls like FlexRadio-Overlay
$raw_input = json_decode(file_get_contents("php://input"), true);
// Check rate limit
$identifier = isset($raw_input['key']) ? $raw_input['key'] : null;
$this->check_rate_limit('private_lookup', $identifier);
$user_id='';
$this->load->model('user_model');
if (!( $this->user_model->authorize($this->config->item('auth_mode') ))) { // User not authorized?
$no_auth=true;
$this->load->model('api_model');
if (!( ((isset($raw_input['key'])) && ($this->api_model->authorize($raw_input['key']) > 0) ))) { // Key invalid?
$no_auth=true;
} else {
$no_auth=false;
$user_id=$this->api_model->key_userid($raw_input['key']);
}
if ($no_auth) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing api key or session"]);
die();
}
} else {
$user_id=$this->session->userdata('user_id');
}
if (($raw_input['callbook'] ?? '' == 'true') && (($raw_input['callsign'] ?? '') != '')) {
$this->load->library('callbook');
$this->load->model('logbook_model');
$lookupcall = $this->callbook->get_plaincall($raw_input['callsign']);
$callbook = $this->logbook_model->loadCallBook($raw_input['callsign'], $this->config->item('use_fullname'));
} else {
$callbook=null;
}
$this->load->model('stations');
$all_station_ids=$this->stations->all_station_ids_of_user($user_id);
if ((array_key_exists('station_ids',$raw_input)) && (is_array($raw_input['station_ids']))) { // Special station_ids needed and it is an array?
$a_station_ids=[];
foreach ($raw_input['station_ids'] as $stationid) { // Check for grants to given station_id
if ($this->stations->check_station_against_user($stationid, $user_id)) {
$a_station_ids[]=$stationid;
}
}
$station_ids=implode(', ', $a_station_ids);
} else {
$station_ids=$all_station_ids; // Take all of user if no station_ids were given
}
if ($station_ids == '') { // No station_ids found for user or no station_id of given ones were granted? exit!
http_response_code(200);
echo json_encode(['status' => 'failed', 'reason' => "no station_profiles are matching the User with this API-Key"]);
die();
}
if (array_key_exists('band',$raw_input)) {
$band=$raw_input['band'];
} else {
$band='NO_BAND';
}
if (array_key_exists('mode',$raw_input)) {
$mode=$raw_input['mode'];
} else {
$mode='NO_MODE';
}
$lookup_callsign = strtoupper($raw_input['callsign'] ?? '');
if ($lookup_callsign ?? '' != '') {
$this->load->model("logbook_model");
$date = date("Y-m-d");
// Return Array
$return = [
"callsign" => "",
"dxcc" => false,
"dxcc_id" => -1,
"dxcc_lat" => "",
"dxcc_long" => "",
"dxcc_cqz" => "",
"dxcc_flag" => "",
"cont" => "",
"name" => "",
"gridsquare" => "",
"location" => "",
"iota_ref" => "",
"state" => "",
"us_county" => "",
"qsl_manager" => "",
"bearing" => "",
"call_worked" => false,
"call_worked_band" => false,
"call_worked_band_mode" => false,
"lotw_member" => false,
"dxcc_confirmed_on_band" => false,
"dxcc_confirmed_on_band_mode" => false,
"dxcc_confirmed" => false,
"call_confirmed" => false,
"call_confirmed_band" => false,
"call_confirmed_band_mode" => false,
"suffix_slash" => "", // Suffix Slash aka Portable
];
$return['callsign'] = $lookup_callsign;
$dxccobj = new Dxcc();
$callsign_dxcc_lookup = $dxccobj->dxcc_lookup($lookup_callsign, $date);
$last_slash_pos = strrpos($lookup_callsign, '/');
if(isset($last_slash_pos) && $last_slash_pos > 4) {
$suffix_slash = $last_slash_pos === false ? $lookup_callsign : substr($lookup_callsign, $last_slash_pos + 1);
switch ($suffix_slash) {
case "P":
$suffix_slash_item = "Portable";
break;
case "M":
$suffix_slash_item = "Mobile";
case "MM":
$suffix_slash_item = "Maritime Mobile";
break;
default:
// If its not one of the above suffix slashes its likely dxcc
$ans2 = $dxccobj->dxcc_lookup($suffix_slash, $date);
$suffix_slash_item = null;
}
$return['suffix_slash'] = $suffix_slash_item;
}
// If the final slash is a DXCC then find it!
if (isset($ans2['call'])) {
$return['dxcc_id'] = $ans2['adif'];
$return['dxcc'] = $ans2['entity'];
$return['dxcc_lat'] = $ans2['lat'];
$return['dxcc_long'] = $ans2['long'];
$return['dxcc_cqz'] = $ans2['cqz'];
$return['cont'] = $ans2['cont'];
} else {
$return['dxcc_id'] = $callsign_dxcc_lookup['adif'] ?? '';
$return['dxcc'] = $callsign_dxcc_lookup['entity'] ?? '';
$return['dxcc_lat'] = $callsign_dxcc_lookup['lat'] ?? '';
$return['dxcc_long'] = $callsign_dxcc_lookup['long'] ?? '';
$return['dxcc_cqz'] = $callsign_dxcc_lookup['cqz'] ?? '';
$return['cont'] = $callsign_dxcc_lookup['cont'] ?? '';
}
// Query stations of KeyOwner for an already worked call
$userdata=$this->user_model->get_by_id($user_id);
$call_lookup_results = $this->logbook_model->call_lookup_result($lookup_callsign, $station_ids,$userdata->row()->user_default_confirmation,$band,$mode);
if($call_lookup_results != null) {
$return['name'] = $call_lookup_results->COL_NAME;
$return['gridsquare'] = $call_lookup_results->COL_GRIDSQUARE;
$return['location'] = $call_lookup_results->COL_QTH;
$return['iota_ref'] = $call_lookup_results->COL_IOTA;
$return['qsl_manager'] = $call_lookup_results->COL_QSL_VIA;
$return['state'] = $call_lookup_results->COL_STATE;
$return['us_county'] = $call_lookup_results->COL_CNTY;
$return['dxcc_id'] = $call_lookup_results->COL_DXCC;
$return['cont'] = $call_lookup_results->COL_CONT;
$return['call_worked'] = true;
$return['call_worked_band'] = ($call_lookup_results->CALL_WORKED_BAND==1) ? true : false;
$return['call_worked_band_mode'] = ($call_lookup_results->CALL_WORKED_BAND_MODE==1) ? true : false;
$return['call_confirmed'] = ($call_lookup_results->CALL_CNF==1) ? true : false;
$return['call_confirmed_band'] = ($call_lookup_results->CALL_CNF_BAND==1) ? true : false;
$return['call_confirmed_band_mode'] = ($call_lookup_results->CALL_CNF_BAND_MODE==1) ? true : false;
if ($return['gridsquare'] != "") {
$return['latlng'] = $this->qralatlng($return['gridsquare']);
}
}
if ($return['dxcc'] ?? '' != '') {
$this->load->library('DxccFlag');
$return['dxcc_flag']=$this->dxccflag->get($return['dxcc_id']);
}
$lotw_days=$this->logbook_model->check_last_lotw($lookup_callsign);
if ($lotw_days != null) {
$return['lotw_member']=$lotw_days;
} else {
$lotw_member="";
}
if ($return['dxcc_id'] ?? '' != '') { // DXCC derivated before? if yes: check cnf-states
$return['dxcc_confirmed']=($this->logbook_model->check_if_dxcc_cnfmd_in_logbook_api($userdata->row()->user_default_confirmation,$return['dxcc_id'], $station_ids, null, null)>0) ? true : false;
$return['dxcc_confirmed_on_band']=($this->logbook_model->check_if_dxcc_cnfmd_in_logbook_api($userdata->row()->user_default_confirmation,$return['dxcc_id'], $station_ids, $band, null)>0) ? true : false;
$return['dxcc_confirmed_on_band_mode']=($this->logbook_model->check_if_dxcc_cnfmd_in_logbook_api($userdata->row()->user_default_confirmation,$return['dxcc_id'], $station_ids, $band, $mode)>0) ? true : false;
}
if ($callbook) {
$return['callbook']=$callbook;
}
echo json_encode($return, JSON_PRETTY_PRINT);
} else {
echo '{"error":"callsign to lookup not given"}';
}
return;
}
function lookup() {
// This API provides NO information about previous QSOs. It just derivates DXCC, Lat, Long. It is used by the DXClusterAPI
$raw_input = json_decode(file_get_contents("php://input"), true);
// Check rate limit
$identifier = isset($raw_input['key']) ? $raw_input['key'] : null;
$this->check_rate_limit('lookup', $identifier);
$user_id = '';
$this->load->model('user_model');
if (!( $this->user_model->authorize($this->config->item('auth_mode') ))) { // User not authorized?
$no_auth = true;
$this->load->model('api_model');
if (!( ((isset($raw_input['key'])) && ($this->api_model->authorize($raw_input['key']) > 0) ))) { // Key invalid?
$no_auth = true;
} else {
$no_auth = false;
$user_id = $this->api_model->key_userid($raw_input['key']);
}
if ($no_auth) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing api key or session"]);
die();
}
} else {
$user_id = $this->session->userdata('user_id');
}
$this->load->model('stations');
$station_ids = $this->stations->all_station_ids_of_user($user_id);
$lookup_callsign = strtoupper($raw_input['callsign'] ?? '');
if ($lookup_callsign ?? '' != '') {
$this->load->model("logbook_model");
$date = date("Y-m-d");
// Return Array
$return = [
"callsign" => "",
"dxcc" => false,
"dxcc_id" => -1,
"dxcc_lat" => "",
"dxcc_long" => "",
"dxcc_cqz" => "",
"dxcc_flag" => "",
"cont" => "",
"name" => "",
"gridsquare" => "",
"location" => "",
"iota_ref" => "",
"state" => "",
"us_county" => "",
"qsl_manager" => "",
"bearing" => "",
"workedBefore" => false,
"lotw_member" => false,
"suffix_slash" => "", // Suffix Slash aka Portable
];
$return['callsign'] = $lookup_callsign;
// Use Wavelog\Dxcc\Dxcc for faster in-memory lookup
$dxccobj = new Dxcc();
$callsign_dxcc_lookup = $dxccobj->dxcc_lookup($lookup_callsign, $date);
$return['dxcc_id'] = $callsign_dxcc_lookup['adif'] ?? '';
$return['dxcc'] = $callsign_dxcc_lookup['entity'] ?? '';
$return['dxcc_lat'] = $callsign_dxcc_lookup['lat'] ?? '';
$return['dxcc_long'] = $callsign_dxcc_lookup['long'] ?? '';
$return['dxcc_cqz'] = $callsign_dxcc_lookup['cqz'] ?? '';
$return['cont'] = $callsign_dxcc_lookup['cont'] ?? '';
/*
* Query Data of API-Key-Owner for further informations
*/
$call_lookup_results = $this->logbook_model->call_lookup_result($lookup_callsign, $station_ids,'','NO BAND','NO MODE');
if($call_lookup_results != null)
{
$return['name'] = $call_lookup_results->COL_NAME;
$return['gridsquare'] = $call_lookup_results->COL_GRIDSQUARE;
$return['location'] = $call_lookup_results->COL_QTH;
$return['iota_ref'] = $call_lookup_results->COL_IOTA;
$return['qsl_manager'] = $call_lookup_results->COL_QSL_VIA;
$return['state'] = $call_lookup_results->COL_STATE;
$return['us_county'] = $call_lookup_results->COL_CNTY;
$return['workedBefore'] = true;
if ($return['gridsquare'] != "") {
$return['latlng'] = $this->qralatlng($return['gridsquare']);
}
}
if ($return['dxcc'] ?? '' != '') {
$this->load->library('DxccFlag');
$return['dxcc_flag']=$this->dxccflag->get($return['dxcc_id']);
}
$lotw_days=$this->logbook_model->check_last_lotw($lookup_callsign);
if ($lotw_days != null) {
$return['lotw_member']=$lotw_days;
} else {
$lotw_member="";
}
echo json_encode($return, JSON_PRETTY_PRINT);
} else {
echo '{"error":"callsign to lookup not given"}';
}
return;
}
function qralatlng($qra) {
if(!$this->load->is_loaded('Qra')) {
$this->load->library('Qra');
}
$latlng = $this->qra->qra2latlong($qra);
return $latlng;
}
function version() {
// This API endpoint provides the version of Wavelog if the provide key has at least read permissions
$data = json_decode(file_get_contents('php://input'), true);
$valid = false;
if (!empty($data['key'])) {
$this->load->model('api_model');
if (substr($this->api_model->access($data['key']), 0, 1) == 'r') {
$valid = true;
}
}
header("Content-type: application/json");
if ($valid) {
echo json_encode(['status' => 'ok', 'version' => $this->optionslib->get_option('version')]);
} else {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing or invalid api key"]);
}
}
/*
API call used in this WordPress plugin: https://github.com/HochdruckHummer/wavelog-wp-qso-display
*/
function get_wp_stats() {
// Set header
header('Content-type: application/json');
// Load API model
$this->load->model('api_model');
// Decode JSON and store
$obj = json_decode(file_get_contents("php://input"), true);
if ($obj === NULL) {
http_response_code(400);
echo json_encode(['status' => 'failed', 'reason' => "wrong JSON"]);
return;
}
// Authorization
if (!isset($obj['key']) || $this->api_model->authorize($obj['key']) == 0) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "missing or wrong api key"]);
return;
}
// Validate station_id
if (!isset($obj['station_id']) || !is_numeric($obj['station_id'])) {
http_response_code(400);
echo json_encode(['status' => 'failed', 'reason' => "Invalid station_id."]);
return;
}
$station_id = (int)$obj['station_id'];
$key = $obj['key'];
// Load stations model
$this->load->model('stations');
// Get user stations
$userid = $this->api_model->key_userid($key);
$stations = $this->stations->all_of_user($userid);
$station_ids = array_map(function($row) {
return $row->station_id;
}, $stations->result());
// Check station access
if (!in_array($station_id, $station_ids)) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "Station ID not accessible for this API key"]);
return;
}
// Load cache driver
$this->load->driver('cache', [
'adapter' => $this->config->item('cache_adapter') ?? 'file',
'backup' => $this->config->item('cache_backup') ?? 'file',
'key_prefix' => $this->config->item('cache_key_prefix') ?? ''
]);
// Create cache key
$cache_key = "wp_stats_{$station_id}";
// Check if cached data exists
if ($cached_data = $this->cache->get($cache_key)) {
http_response_code(200);
echo json_encode(['status' => 'successful', 'message' => 'Data from cache', 'statistics' => $cached_data]);
return;
}
// Get QSO data (from database)
$data['totalalltime'] = $this->api_model->get_qsos_total($station_id)->result();
$data['totalthisyear'] = $this->api_model->get_qsos_this_year($station_id)->result();
$data['totalgroupedmodes'] = $this->api_model->get_qsos_grouped_by_mode($station_id)->result();
// Store in cache for 5 minutes
$this->cache->save($cache_key, $data, 600); // 10 minutes
// Return result
http_response_code(200);
echo json_encode(['status' => 'successful', 'message' => 'Export successful', 'statistics' => $data]);
}
/**
* Sanitize and validate callback URL
* @param string $url The URL to sanitize
* @return string|false Returns sanitized URL or false if invalid
*/
private function sanitize_cat_url($url) {
// Basic sanitization
$url = trim($url);
// Check if URL is valid and uses http or https
if (!filter_var($url, FILTER_VALIDATE_URL) ||
(!preg_match('/^https?:\/\//', $url))) {
return false;
}
// Remove trailing slashes
$url = rtrim($url, '/');
// Additional XSS cleaning
$url = $this->security->xss_clean($url);
return $url;
}
/* **
* List members of a clubstation
* API key needs to be of a club officer (permission level 9)
* returns array of club member details
*/
function list_clubmembers() {
header('Content-type: application/json');
$this->load->model('api_model');
// Decode JSON and store
$obj = json_decode(file_get_contents("php://input"), true);
if ($obj === NULL) {
http_response_code(400);
echo json_encode(['status' => 'failed', 'reason' => "wrong JSON"]);
return;
}
if ($this->api_model->access($obj['key']) == "No Key Found" || $this->api_model->access($obj['key']) == "Key Disabled") {
http_response_code(401);
echo json_encode(['status' => 'error', 'message' => 'Auth Error, invalid key']);
return;
}
$this->load->model('club_model');
$userid = $this->api_model->key_userid($obj['key']);
$created_by = $this->api_model->key_created_by($obj['key']);
$club_perm = $this->club_model->get_permission_noui($userid,$created_by);
if (($userid == $created_by) || (($club_perm ?? 0) != 9)) { // not club officer
http_response_code(401);
echo json_encode(['status' => 'error', 'message' => 'Auth Error, not enough permissions for this operation']);
return;
}
$memberlist = $this->club_model->get_club_members($userid);
if (!empty($memberlist)) {
foreach($memberlist as $member) {
$members[] = [
'callsign' => $member->user_callsign,
'user_name' => $member->user_name,
'p_level' => $member->p_level
];
}
http_response_code(200);
echo json_encode(['status' => 'successful', 'members' => $members]);
} else {
http_response_code(204);
echo json_encode(['status' => 'failed', 'reason' => "No club members found", 'members' => '']);
return;
}
}
}
Reference in New Issue View Git Blame Copy Permalink