API JSON support (hestiacp#1465)

Daniel Aléxis · web-flow · commit 6dbdc13e9cbc · 2020-12-21T10:04:54.000+01:00
* API JSON support

* Fix small errors
diff --git a/src/hst_autocompile.sh b/src/hst_autocompile.sh
@@ -5,7 +5,8 @@
 # For building from local source folder use "~localsrc" keyword as hesia branch name,
 #   and the script will not try to download the arhive from github, since '~' char is 
 #   not accepted in branch name.
-# -> ./hst_autocompile.sh --hestia '~localsrc' 'n'
+# Compile but dont install -> ./hst_autocompile.sh --hestia '~localsrc' 'n'
+# Compile but install -> ./hst_autocompile.sh --hestia '~localsrc' 'y'
 
 # Clear previous screen output
 clear
diff --git a/web/api/index.php b/web/api/index.php
@@ -1,16 +1,16 @@
 <?php
 define('HESTIA_CMD', '/usr/bin/sudo /usr/local/hestia/bin/');
 
-if (isset($_POST['user']) || isset($_POST['hash'])) {
-
+function api($hst_hash, $hst_user, $hst_password, $hst_returncode, $hst_cmd, $hst_arg1, $hst_arg2, $hst_arg3, $hst_arg4, $hst_arg5, $hst_arg6, $hst_arg7, $hst_arg8, $hst_arg9){
+    //This exists, so native JSON can be used without the repeating the code twice, so future code changes are easier and dont need to be replicated twice
     // Authentication
-    if (empty($_POST['hash'])) {
-        if ($_POST['user'] != 'admin') {
+    if (empty($hst_hash)) {
+        if ($hst_user != 'admin') {
             echo 'Error: authentication failed';
             exit;
         }
 
-        $password = $_POST['password'];
+        $password = $hst_password;
         if (!isset($password)){
             echo 'Error: missing authentication';
             exit;
@@ -52,7 +52,7 @@
             exit;
         }
     } else {
-        $key = '/usr/local/hestia/data/keys/' . basename($_POST['hash']);
+        $key = '/usr/local/hestia/data/keys/' . basename($hst_hash);
         if (file_exists($key) && is_file($key)) {
             exec(HESTIA_CMD ."v-check-api-key ".escapeshellarg($key)." ".$v_ip,  $output, $return_var);
             unset($output);
@@ -69,17 +69,16 @@
     }
 
     // Prepare arguments
-    if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']);
-    if (isset($_POST['arg1'])) $arg1 = escapeshellarg($_POST['arg1']);
-    if (isset($_POST['arg2'])) $arg2 = escapeshellarg($_POST['arg2']);
-    if (isset($_POST['arg3'])) $arg3 = escapeshellarg($_POST['arg3']);
-    if (isset($_POST['arg4'])) $arg4 = escapeshellarg($_POST['arg4']);
-    if (isset($_POST['arg5'])) $arg5 = escapeshellarg($_POST['arg5']);
-    if (isset($_POST['arg6'])) $arg6 = escapeshellarg($_POST['arg6']);
-    if (isset($_POST['arg7'])) $arg7 = escapeshellarg($_POST['arg7']);
-    if (isset($_POST['arg8'])) $arg8 = escapeshellarg($_POST['arg8']);
-    if (isset($_POST['arg9'])) $arg9 = escapeshellarg($_POST['arg9']);
-
+    if (isset($hst_cmd)) $cmd = escapeshellarg($hst_cmd);
+    if (isset($hst_arg1)) $arg1 = escapeshellarg($hst_arg1);
+    if (isset($hst_arg2)) $arg2 = escapeshellarg($hst_arg2);
+    if (isset($hst_arg3)) $arg3 = escapeshellarg($hst_arg3);
+    if (isset($hst_arg4)) $arg4 = escapeshellarg($hst_arg4);
+    if (isset($hst_arg5)) $arg5 = escapeshellarg($hst_arg5);
+    if (isset($hst_arg6)) $arg6 = escapeshellarg($hst_arg6);
+    if (isset($hst_arg7)) $arg7 = escapeshellarg($hst_arg7);
+    if (isset($hst_arg8)) $arg8 = escapeshellarg($hst_arg8);
+    if (isset($hst_arg9)) $arg9 = escapeshellarg($hst_arg9);
     // Build query
     $cmdquery = HESTIA_CMD.$cmd." ";
     if(!empty($arg1)){
@@ -104,16 +103,16 @@
     // Check command
     if ($cmd == "'v-make-tmp-file'") {
         // Used in DNS Cluster
-        $fp = fopen($_POST['arg2'], 'w');
-        fwrite($fp, $_POST['arg1']."\n");
+        $fp = fopen($hst_arg2, 'w');
+        fwrite($fp, $hst_arg1."\n");
         fclose($fp);
         $return_var = 0;
     } else {
         // Run normal cmd query
         exec ($cmdquery, $output, $return_var);
     }
 
-    if ((!empty($_POST['returncode'])) && ($_POST['returncode'] == 'yes')) {
+    if ((!empty($hst_returncode)) && ($hst_returncode == 'yes')) {
         echo $return_var;
     } else {
         if (($return_var == 0) && (empty($output))) {
@@ -122,7 +121,19 @@
             echo implode("\n",$output)."\n";
         }
     }
+}
+
+if (isset($_POST['user']) || isset($_POST['hash'])) {
+
+    api($_POST['hash'], $_POST['user'], $_POST['password'], $_POST['returncode'], $_POST['cmd'], $_POST['arg1'], $_POST['arg2'], $_POST['arg3'], $_POST['arg4'], $_POST['arg5'], $_POST['arg6'], $_POST['arg7'], $_POST['arg8'], $_POST['arg9']);
+
+} else if (json_decode(file_get_contents("php://input"), true) != NULL){ //JSON POST support
+    $json_data = json_decode(file_get_contents("php://input"), true);
+    api($json_data['hash'], $json_data['user'], $json_data['password'], $json_data['returncode'], $json_data['cmd'], $json_data['arg1'], $json_data['arg2'], $json_data['arg3'], $json_data['arg4'], $json_data['arg5'], $json_data['arg6'], $json_data['arg7'], $json_data['arg8'], $json_data['arg9']);
+
 } else {
     echo "Error: data received is null or invalid, check https://docs.hestiacp.com/admin_docs/rest_api.html";
     exit;
 }
+
+?>
