Correções de segurança
This commit is contained in:
@@ -36,22 +36,31 @@ class SettingsController
|
||||
{
|
||||
header('Content-Type: application/json');
|
||||
|
||||
$telegramService = new TelegramService();
|
||||
try {
|
||||
$telegramService = new TelegramService();
|
||||
|
||||
// Use sendOrderNotification to test with the configured template
|
||||
$response = $telegramService->sendOrderNotification([
|
||||
'id' => '12345',
|
||||
'title' => 'Teste de Integração',
|
||||
'type' => 'Teste'
|
||||
], 999);
|
||||
// Use sendOrderNotification to test with the configured template
|
||||
$response = $telegramService->sendOrderNotification([
|
||||
'id' => '12345',
|
||||
'title' => 'Teste de Integração',
|
||||
'type' => 'Teste'
|
||||
], 999);
|
||||
|
||||
$result = json_decode($response, true);
|
||||
if ($response === false) {
|
||||
throw new \Exception("Falha ao conectar com a API do Telegram (curl retornou false). Verifique o Token e o Chat ID.");
|
||||
}
|
||||
|
||||
if ($result && isset($result['ok']) && $result['ok']) {
|
||||
echo json_encode(['success' => true, 'message' => 'Mensagem enviada com sucesso!']);
|
||||
} else {
|
||||
$error = $result['description'] ?? 'Erro desconhecido ao contatar API do Telegram.';
|
||||
echo json_encode(['success' => false, 'message' => 'Falha ao enviar: ' . $error]);
|
||||
$result = json_decode($response, true);
|
||||
|
||||
if ($result && isset($result['ok']) && $result['ok']) {
|
||||
echo json_encode(['success' => true, 'message' => 'Mensagem enviada com sucesso!']);
|
||||
} else {
|
||||
$error = $result['description'] ?? 'Erro desconhecido ao contatar API do Telegram. Resposta bruta: ' . $response;
|
||||
echo json_encode(['success' => false, 'message' => 'Falha ao enviar: ' . $error]);
|
||||
}
|
||||
} catch (\Throwable $e) {
|
||||
error_log("Erro no teste do Telegram: " . $e->getMessage());
|
||||
echo json_encode(['success' => false, 'message' => 'Erro interno: ' . $e->getMessage()]);
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ class AdminMiddleware
|
||||
public function handle()
|
||||
{
|
||||
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] !== 'admin') {
|
||||
error_log("AdminMiddleware Redirecting: Session Role: " . ($_SESSION['user_role'] ?? 'NOT SET') . " | Session ID: " . session_id());
|
||||
View::redirect('/login');
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -9,47 +9,92 @@ $router->get('/login', [AuthController::class, 'login']);
|
||||
$router->post('/login', [AuthController::class, 'authenticate']);
|
||||
$router->get('/logout', [AuthController::class, 'logout']);
|
||||
|
||||
// Admin Routes
|
||||
// Admin Routes
|
||||
$router->get('/admin/dashboard', [\App\Controllers\AdminDashboardController::class, 'index']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->get('/admin/search', [\App\Controllers\SearchController::class, 'search']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->get('/admin/logs', [\App\Controllers\LogController::class, 'index']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
// Admin Profile
|
||||
$router->get('/admin/profile', [\App\Controllers\AdminProfileController::class, 'index']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->post('/admin/profile/update', [\App\Controllers\AdminProfileController::class, 'update']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->post('/admin/profile/password', [\App\Controllers\AdminProfileController::class, 'updatePassword']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
// Clients CRUD
|
||||
$router->get('/admin/clients', [\App\Controllers\ClientController::class, 'index']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->get('/admin/clients/create', [\App\Controllers\ClientController::class, 'create']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->post('/admin/clients/store', [\App\Controllers\ClientController::class, 'store']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->get('/admin/clients/edit/{id}', [\App\Controllers\ClientController::class, 'edit']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->post('/admin/clients/update/{id}', [\App\Controllers\ClientController::class, 'update']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->get('/admin/clients/delete/{id}', [\App\Controllers\ClientController::class, 'delete']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
// Servers CRUD
|
||||
$router->get('/admin/servers', [\App\Controllers\ServerController::class, 'index']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->get('/admin/servers/create', [\App\Controllers\ServerController::class, 'create']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->post('/admin/servers/store', [\App\Controllers\ServerController::class, 'store']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->get('/admin/servers/edit/{id}', [\App\Controllers\ServerController::class, 'edit']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->post('/admin/servers/update/{id}', [\App\Controllers\ServerController::class, 'update']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->get('/admin/servers/delete/{id}', [\App\Controllers\ServerController::class, 'delete']);
|
||||
$router->get('/admin/servers/delete/{id}', [\App\Controllers\ServerController::class, 'delete']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->get('/admin/servers/reset-machine/{id}', [\App\Controllers\ServerController::class, 'resetMachineId']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
// Orders CRUD
|
||||
$router->get('/admin/orders', [\App\Controllers\OrderController::class, 'index']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->get('/admin/orders/create', [\App\Controllers\OrderController::class, 'create']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->post('/admin/orders/store', [\App\Controllers\OrderController::class, 'store']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->get('/admin/orders/view/{id}', [\App\Controllers\OrderController::class, 'view']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
// Settings
|
||||
$router->get('/admin/settings', [\App\Controllers\SettingsController::class, 'index']);
|
||||
$router->post('/admin/settings/update', [\App\Controllers\SettingsController::class, 'update']);
|
||||
$router->post('/admin/settings/test-telegram', [\App\Controllers\SettingsController::class, 'testTelegram']);
|
||||
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->post('/admin/settings/update', [\App\Controllers\SettingsController::class, 'update']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
$router->post('/admin/settings/test-telegram', [\App\Controllers\SettingsController::class, 'testTelegram']);
|
||||
$router->addMiddleware(\App\Middleware\AdminMiddleware::class);
|
||||
|
||||
|
||||
// API Routes
|
||||
$router->post('/api/auth/login', [\App\Controllers\ApiAuthController::class, 'login']);
|
||||
|
||||
@@ -58,10 +103,19 @@ $router->addMiddleware(\App\Middleware\ApiMiddleware::class);
|
||||
|
||||
// Client Routes
|
||||
$router->get('/client/dashboard', [\App\Controllers\ClientDashboardController::class, 'index']);
|
||||
$router->get('/client/servers', [\App\Controllers\ClientDashboardController::class, 'servers']);
|
||||
$router->get('/client/orders', [\App\Controllers\ClientDashboardController::class, 'orders']);
|
||||
$router->get('/client/orders/view/{id}', [\App\Controllers\ClientDashboardController::class, 'viewOrder']);
|
||||
$router->get('/client/profile', [\App\Controllers\ClientDashboardController::class, 'profile']);
|
||||
$router->post('/client/profile/password', [\App\Controllers\ClientDashboardController::class, 'updatePassword']);
|
||||
|
||||
$router->addMiddleware(\App\Middleware\ClientMiddleware::class);
|
||||
|
||||
$router->get('/client/servers', [\App\Controllers\ClientDashboardController::class, 'servers']);
|
||||
$router->addMiddleware(\App\Middleware\ClientMiddleware::class);
|
||||
|
||||
$router->get('/client/orders', [\App\Controllers\ClientDashboardController::class, 'orders']);
|
||||
$router->addMiddleware(\App\Middleware\ClientMiddleware::class);
|
||||
|
||||
$router->get('/client/orders/view/{id}', [\App\Controllers\ClientDashboardController::class, 'viewOrder']);
|
||||
$router->addMiddleware(\App\Middleware\ClientMiddleware::class);
|
||||
|
||||
$router->get('/client/profile', [\App\Controllers\ClientDashboardController::class, 'profile']);
|
||||
$router->addMiddleware(\App\Middleware\ClientMiddleware::class);
|
||||
|
||||
$router->post('/client/profile/password', [\App\Controllers\ClientDashboardController::class, 'updatePassword']);
|
||||
$router->addMiddleware(\App\Middleware\ClientMiddleware::class);
|
||||
|
||||
Reference in New Issue
Block a user