134 lines
3.1 KiB
PHP
134 lines
3.1 KiB
PHP
<?php
|
|
/**
|
|
* app/api/upload.php
|
|
*
|
|
* Zentrale Upload-API
|
|
* - Gerätetyp-Bilder (SVG / JPG / PNG)
|
|
* - Floorpläne (SVG)
|
|
* - Rack-Ansichten
|
|
*
|
|
* KEINE Logik für automatische Zuordnung
|
|
* -> Upload + Rückgabe von Pfad / Metadaten
|
|
*/
|
|
|
|
require_once __DIR__ . '/../bootstrap.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
// TODO: Single-User-Auth prüfen
|
|
// if (!$_SESSION['user']) { http_response_code(403); exit; }
|
|
|
|
/* =========================
|
|
* Konfiguration
|
|
* ========================= */
|
|
|
|
// TODO: Upload-Basisverzeichnis aus config.php
|
|
$baseUploadDir = __DIR__ . '/../uploads';
|
|
|
|
// Erlaubte Typen
|
|
$allowedMimeTypes = [
|
|
'image/svg+xml',
|
|
'image/png',
|
|
'image/jpeg'
|
|
];
|
|
|
|
// TODO: Max. Dateigröße festlegen (z.B. 5MB)
|
|
$maxFileSize = 5 * 1024 * 1024;
|
|
|
|
/* =========================
|
|
* Validierung
|
|
* ========================= */
|
|
|
|
if (empty($_FILES['file'])) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Keine Datei hochgeladen']);
|
|
exit;
|
|
}
|
|
|
|
$file = $_FILES['file'];
|
|
|
|
if ($file['error'] !== UPLOAD_ERR_OK) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Upload-Fehler']);
|
|
exit;
|
|
}
|
|
|
|
if ($file['size'] > $maxFileSize) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Datei zu groß']);
|
|
exit;
|
|
}
|
|
|
|
// MIME-Type prüfen
|
|
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
|
$mimeType = finfo_file($finfo, $file['tmp_name']);
|
|
finfo_close($finfo);
|
|
|
|
if (!in_array($mimeType, $allowedMimeTypes)) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Dateityp nicht erlaubt']);
|
|
exit;
|
|
}
|
|
|
|
/* =========================
|
|
* Zielverzeichnis
|
|
* ========================= */
|
|
|
|
// TODO: Kategorie definieren (device_types, floors, racks, etc.)
|
|
$category = $_POST['category'] ?? 'misc';
|
|
|
|
// Zielpfad
|
|
$targetDir = $baseUploadDir . '/' . preg_replace('/[^a-z0-9_-]/i', '', $category);
|
|
|
|
// Verzeichnis anlegen falls nötig
|
|
if (!is_dir($targetDir)) {
|
|
mkdir($targetDir, 0755, true);
|
|
}
|
|
|
|
/* =========================
|
|
* Dateiname
|
|
* ========================= */
|
|
|
|
// Originalname bereinigen
|
|
$extension = pathinfo($file['name'], PATHINFO_EXTENSION);
|
|
|
|
// TODO: Eindeutigen Namen besser definieren (UUID?)
|
|
$filename = uniqid('upload_', true) . '.' . strtolower($extension);
|
|
|
|
$targetPath = $targetDir . '/' . $filename;
|
|
|
|
/* =========================
|
|
* Datei speichern
|
|
* ========================= */
|
|
|
|
if (!move_uploaded_file($file['tmp_name'], $targetPath)) {
|
|
http_response_code(500);
|
|
echo json_encode(['error' => 'Datei konnte nicht gespeichert werden']);
|
|
exit;
|
|
}
|
|
|
|
/* =========================
|
|
* Optional: DB-Eintrag
|
|
* ========================= */
|
|
|
|
// TODO: Optional in Tabelle `uploads` speichern
|
|
// $uploadId = $sql->set(
|
|
// "INSERT INTO uploads (filename, path, mime_type, category)
|
|
// VALUES (?, ?, ?, ?)",
|
|
// "ssss",
|
|
// [$filename, $targetPath, $mimeType, $category],
|
|
// true
|
|
// );
|
|
|
|
/* =========================
|
|
* Antwort
|
|
* ========================= */
|
|
|
|
echo json_encode([
|
|
'status' => 'ok',
|
|
'filename' => $filename,
|
|
'path' => str_replace(__DIR__ . '/..', '', $targetPath),
|
|
'mime_type' => $mimeType
|
|
// 'id' => $uploadId ?? null
|
|
]);
|