src/PromemoriaBundle/Controller/ApiController.php line 119

Open in your IDE?
  1. <?php
  3. namespace App\PromemoriaBundle\Controller;
  5. use Pimcore\Db;
  6. use Pimcore\File;
  7. use Pimcore\Tool;
  8. use Pimcore\Model\User;
  9. use Pimcore\Security\User\User as UserAdmin;
  10. use Pimcore\Model\Asset;
  11. use Pimcore\Tool\Session;
  12. use Pimcore\Event\AdminEvents;
  13. use Pimcore\Tool\Authentication;
  14. use Pimcore\Controller\FrontendController;
  15. use Pimcore\Bundle\AdminBundle\Controller\Admin;
  16. use Pimcore\Controller\Configuration\ResponseHeader;
  17. use Pimcore\Event\Admin\Login\LoginCredentialsEvent;
  19. use Symfony\Component\HttpFoundation\Request;
  20. use Symfony\Component\HttpFoundation\Response;
  21. use Symfony\Component\Routing\Annotation\Route;
  22. use Symfony\Component\HttpFoundation\JsonResponse;
  23. use Symfony\Component\HttpFoundation\ResponseHeaderBag;
  24. use Symfony\Component\HttpFoundation\BinaryFileResponse;
  25. use Symfony\Component\HttpFoundation\StreamedResponse;
  26. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  27. use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBagInterface;
  28. use Pimcore\Model\Asset\Folder;
  31. class ApiController extends FrontendController
  32. {
  34.        /**
  35.      * @Route("/promemoria/api/login", methods={"POST"})
  36.      * @param Request $request
  37.      *
  38.      * @return JsonResponse
  39.      */
  40.     public function login(Request $request)
  41.     {
  43.         $response = new Response();
  44.         $response->setStatusCode(401);
  46.         $data json_decode($request->getContent());
  48.         if (!empty($data->username) &&  !empty($data->password)) {
  50.             $credentials = [
  51.                 'username' => $data->username,
  52.                 'password' => $data->password
  53.             ];
  55.             $event = new LoginCredentialsEvent($request$credentials);
  56.             try {
  57.                 $this->dispatcher->dispatch(AdminEvents::LOGIN_CREDENTIALS$event);
  58.             } catch (\Throwable $th) {
  60.             }
  61.             $pimcoreUser Authentication::authenticatePlaintext($data->username$data->password);
  62.             if ($pimcoreUser) {
  63.                 return Session::useSession(function (AttributeBagInterface $adminSession) use ($pimcoreUser) {
  64.                     $user = new UserAdmin($pimcoreUser);
  65.                     Session::regenerateId();
  66.                     $adminSession->set('user'$pimcoreUser);
  67.                     $adminSession->set('2fa_required'true);
  68.                     return $this->json(['ok' => true'user' => array(
  69.                         'id' => $pimcoreUser->getId(),
  70.                         'firstname' => $pimcoreUser->getFirstname(),
  71.                         'lastname' => $pimcoreUser->getLastname(),
  72.                         'email' => $pimcoreUser->getEmail(),
  73.                         'roles' => $user->getRoles()
  74.                     )]);
  75.                 });
  76.             }
  77.         }
  79.         return $response;
  81.     }
  83.     /**
  84.      * @Route("/promemoria/api/logout", methods={"POST", "GET"})
  85.      *
  86.      * @return JsonResponse
  87.      */
  88.     public function logout()
  89.     {
  91.         return $this->redirectToRoute('pimcore_admin_logout');
  93.     }
  95.     /**
  96.      * @Route("/promemoria/api/get-audio-thumbnail", methods={"GET"})
  97.      *
  98.      * @param Request $request
  99.      *
  100.      * @return BinaryFileResponse
  101.      */
  102.     public function getAudioThumbnail(Request $request)
  103.     {
  104.         $tmpfname tempnam("/tmp""audio.png");
  105.         file_put_contents($tmpfnamefile_get_contents("https://dummyimage.com/170x170/3e3e3e/ffffff.png&text=audio"));
  106.         $response = new BinaryFileResponse($tmpfname);
  107.         $this->addThumbnailCacheHeaders($response);
  108.         return $response;
  110.     }
  112.     /**
  113.      * @Route("/promemoria/api/get-image-thumbnail", methods={"GET"})
  114.      *
  115.      * @param Request $request
  116.      *
  117.      * @return BinaryFileResponse|StreamedResponse
  118.      */
  119.     public function getImageThumbnail(Request $request)
  120.     {
  121.         $id $request->get('id');
  122.         if(!$this->checkHash($id)){
  123.             $response = new Response();
  124.             $response->setStatusCode(401);
  125.             return $response;
  126.         }
  127.         $image Asset\Image::getById(intval($id));
  128.         $thumb $this->getThumb($image$request->get('version''thumbnail'));
  129.         return $this->responseThumbnail($thumb);
  131.     }
  133.     /**
  134.      * @Route("/promemoria/api/get-video-thumbnail", methods={"GET"})
  135.      *
  136.      * @param Request $request
  137.      *
  138.      * @return BinaryFileResponse|StreamedResponse
  139.      */
  140.     public function getVideoThumbnail(Request $request)
  141.     {
  142.         $id $request->get('id');
  143.         if(!$this->checkHash($id)){
  144.             $response = new Response();
  145.             $response->setStatusCode(401);
  146.             return $response;
  147.         }
  148.         $video Asset\Video::getById(intval($id));
  149.         $thumb $video->getImageThumbnail(Asset\Image\Thumbnail\Config::getPreviewConfig());
  150.         return $this->responseThumbnail($thumb);
  152.     }
  154.     /**
  155.      * @Route("/promemoria/api/get-document-thumbnail", methods={"GET"})
  156.      *
  157.      * @param Request $request
  158.      *
  159.      * @return BinaryFileResponse|StreamedResponse
  160.      */
  161.     public function getDocumentThumbnail(Request $request)
  162.     {
  163.         $id $request->get('id');
  164.         if(!$this->checkHash($id)){
  165.             $response = new Response();
  166.             $response->setStatusCode(401);
  167.             return $response;
  168.         }
  169.         $document Asset\Document::getById(intval($id));
  170.         $thumb = new Asset\Document\ImageThumbnail($documentAsset\Image\Thumbnail\Config::getPreviewConfig(), 1);
  171.         return $this->responseThumbnail($thumb);
  172.     }
  174.     /**
  175.      * @Route("/promemoria/api/get-video-preview", methods={"GET"})
  176.      *
  177.      * @param Request $request
  178.      *
  179.      * @return BinaryFileResponse
  180.      */
  181.     public function getVideoPreview(Request $request)
  182.     {
  184.         $response = new Response();
  185.         $response->setStatusCode(400);
  187.         $id $request->get('id');
  188.         if(!$this->checkHash($id)){
  189.             $response->setStatusCode(401);
  190.             return $response;
  191.         }
  192.         $asset Asset::getById(intval($id));
  194.         if(!empty($asset) && $asset->getType()=='video'){
  195.             $thumbnail $asset->getThumbnail(Asset\Video\Thumbnail\Config::getPreviewConfig(), ['mp4']);
  196.             $storagePath $asset->getRealPath() . '/' preg_replace('@^' preg_quote($asset->getPath(), '@') . '@'''urldecode($thumbnail['formats']['mp4']));
  197.             $storage \Pimcore\Tool\Storage::get('thumbnail');
  198.             if ($storage->fileExists($storagePath)) {
  199.                 $fs $storage->fileSize($storagePath);
  200.                 $stream $storage->readStream($storagePath);
  202.                 return new StreamedResponse(function () use ($stream) {
  203.                     fpassthru($stream);
  204.                 }, 200, [
  205.                     'Content-Type' => 'video/mp4',
  206.                     'Content-Length' => $fs,
  207.                     'Accept-Ranges' => 'bytes',
  208.                 ]);
  209.             } else {
  210.                 $response->setStatusCode(204);
  211.             }
  212.         }
  213.         return $response;
  215.     }
  217.     /**
  218.      * @param Response $response
  219.      */
  220.     protected function responseThumbnail($thumb)
  221.     {
  222.         $stream $thumb->getStream();
  223.         if ($stream) {
  224.             $response = new StreamedResponse(function () use ($stream) {
  225.                 fpassthru($stream);
  226.             }, 200, [
  227.                 'Content-Type' => 'image/' $thumb->getFileExtension(),
  228.             ]);
  229.         } else {
  230.             $response = new BinaryFileResponse(PIMCORE_PATH '/bundles/AdminBundle/public/img/filetype-not-supported.svg');
  231.         }
  232.         $this->addThumbnailCacheHeaders($response);
  233.         return $response;
  235.     }
  237.     /**
  238.      * @Route("/promemoria/api/download-as-zip", methods={"GET"})
  239.      *
  240.      * @param Request $request
  241.      *
  242.      * @return BinaryFileResponse
  243.      */
  244.     public function downloadAsZip(Request $request)
  245.     {
  247.         $name $request->get('name''');
  248.         $version $request->get('version''original');
  249.         $watermarked $request->get('watermarked'0);
  251.         $zipName = ($name ?: 'collection-' time()) . '.zip';
  252.         $zipFile tempnam("/tmp"$zipName);
  254.         $zip = new \ZipArchive();
  255.         $zipState $zip->open($zipFile\ZipArchive::CREATE);
  257.         $selectedIds $request->get('selectedIds''');
  259.         if (strlen($selectedIds) > && $zipState === true) {
  261.             $conditionFilters = [];
  263.             $selectedIds explode(','$selectedIds);
  264.             $ids = [];
  265.             foreach ($selectedIds as $id) {
  266.                 if(!$this->checkHash($id)){
  267.                     $response = new Response();
  268.                     $response->setStatusCode(401);
  269.                     return $response;
  270.                 }
  271.                 $ids[] = intval($id);
  272.             }
  273.             $conditionFilters[] = 'id IN (' implode(','$ids) . ')';
  274.             $conditionFilters[] .= "type != 'folder'";
  275.             $condition implode(' AND '$conditionFilters);
  277.             $assetList = new Asset\Listing();
  278.             $assetList->setCondition($condition);
  279.             $assetList->setOrderKey('LENGTH(path) ASC, id ASC'false);
  280.             $assetList->setOffset((int)$request->get('offset'));
  281.             $assetList->setLimit((int)$request->get('limit'));
  283.             foreach ($assetList->load() as $a) {
  284.                 if (!$a instanceof Asset\Folder) {
  285.                     if($a instanceof Asset\Image){
  286.                         $a $this->getThumb($a$watermarked $version "no_watermark"$version === 'original');
  287.                     }
  288.                     if ($a instanceof Asset\Image\Thumbnail) {
  289.                         $dir_prefix '/var/www/html/public/var/tmp/thumbnails';
  290.                         $pathReference $a->getPathReference();
  291.                         //serve per generare la thumb nel caso non esista
  292.                         $fileContent Tool\Storage::get('thumbnail')->read($pathReference['storagePath']);
  293.                         $path urldecode($a->getPath());
  294.                     } else {
  295.                         $dir_prefix '/var/www/html/public/var/assets';
  296.                         $path $a->getRealFullPath();
  297.                     }
  298.                     $zip->addFile($dir_prefix.$pathbasename($path));
  299.                 }
  300.             }
  302.             $zip->close();
  304.             $response = new BinaryFileResponse($zipFile);
  305.             $response->headers->set('Content-Type''application/zip');
  306.             $response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT$zipName);
  307.             $response->deleteFileAfterSend(true);
  309.             return $response;
  311.         }
  313.         return $this->json(['error' => true]);
  315.     }
  317.     /**
  318.      * @Route("/promemoria/api/getShortToken", methods={"GET"})
  319.      * @param Request $request
  320.      *
  321.      * @return JsonResponse
  322.      */
  323.     public function getShortToken(Request $request)
  324.     {
  326.         $response = new Response();
  327.         $response->setStatusCode(400);
  329.         $db \Pimcore\Db::get();
  330.         $jwtToken $request->get('jwtToken');
  332.         $this->clearExpiredShortUrls();
  334.         if (!empty($jwtToken)) {
  336.             $generatedToken substr(md5(uniqid(mt_rand(), true)), 08);
  338.             $db->insert('promemoria_shorturl', [
  339.                 'jwtToken' => $jwtToken,
  340.                 'shortToken' => $generatedToken
  341.             ]);
  343.             return $this->json(['shortToken' => $generatedToken]);
  344.         }
  346.         return $response;
  348.     }
  350.     /**
  351.      * @Route("/promemoria/api/getJwtToken", methods={"GET"})
  352.      * @param Request $request
  353.      *
  354.      * @return JsonResponse
  355.      */
  356.     public function getJwtToken(Request $request)
  357.     {
  359.         $response = new Response();
  360.         $response->setStatusCode(400);
  362.         $db \Pimcore\Db::get();
  363.         $shortToken $request->get('shortToken');
  365.         $this->clearExpiredShortUrls();
  367.         if (!empty($shortToken)) {
  369.             $res $db->fetchRow("SELECT jwtToken FROM promemoria_shorturl WHERE shortToken = " $db->quote($shortToken));
  371.             return $this->json(['jwtToken' => $res['jwtToken']]);
  372.         }
  374.         return $response;
  376.     }
  378.     /**
  379.      * @Route("/promemoria/api/changePassword", methods={"POST"})
  380.      * @param Request $request
  381.      *
  382.      * @return JsonResponse
  383.      */
  384.     public function changePassword(Request $request)
  385.     {
  387.         $response = new Response();
  388.         $response->setStatusCode(401);
  390.         $data json_decode($request->getContent());
  391.         $newPassword $data->password;
  393.         $pimcoreUser Authentication::authenticateSession();
  395.         if(empty($pimcoreUser)){
  396.             return $response;
  397.         }
  399.         if (!empty($pimcoreUser) && !empty($newPassword)) {
  401.             $pimcoreUser->setPassword(Authentication::getPasswordHash($pimcoreUser->getUsername(), $newPassword));
  402.             $pimcoreUser->save();
  404.             return $this->json(['message' => 'Password changed']);
  406.         }
  408.         return $response;
  410.     }
  412.     /**
  413.      * @Route("/promemoria/api/getUserList", methods={"POST"}))
  414.      * @param Request $request
  415.      *
  416.      * @return JsonResponse
  417.      */
  418.     public function getUserList(Request $request)
  419.     {
  420.         $pimcoreUser Authentication::authenticateSession();
  421.         if(empty($pimcoreUser)){
  422.             $response = new Response();
  423.             $response->setStatusCode(401);
  424.             return $response;
  425.         }
  427.         $db \Pimcore\Db::get();
  428.         $query = <<<QUERY
  429.         SELECT u.id as user_id, u.name as user_name, u.firstname as fname, u.lastname as lname, u.email, r.id as role_id, r.name as role
  430.         FROM users u
  431.         INNER JOIN users r ON u.type = 'user' and u.roles = r.id and u.roles != '' and u.active = 1
  432.         order by u.name asc
  433. QUERY;
  434.         return $this->json(['users' => $db->executeQuery($query)->fetchAll()]);
  435.     }
  437.     /**
  438.     * @Route("/promemoria/api/getRoleList", methods={"POST"}))
  439.     * @param Request $request
  440.     *
  441.     * @return JsonResponse
  442.     */
  443.     public function getRoleList(Request $request)
  444.     {
  445.         $pimcoreUser Authentication::authenticateSession();
  446.         if(empty($pimcoreUser)){
  447.             $response = new Response();
  448.             $response->setStatusCode(401);
  449.             return $response;
  450.         }
  452.         $db \Pimcore\Db::get();
  453.         $query = <<<QUERY
  454.         SELECT u.id as role_id, u.name as name
  455.         FROM users u
  456.         WHERE
  457.         u.type = 'role'
  458.         order by u.name asc
  459. QUERY;
  460.         return $this->json(['roles' => $db->executeQuery($query)->fetchAll()]);
  461.     }
  463.     /**
  464.      * @Route("/promemoria/api/upsertUser", methods={"POST"})
  465.      * @param Request $request
  466.      *
  467.      * @return JsonResponse
  468.      */
  469.     public function upsertUser(Request $request)
  470.     {
  472.         $pimcoreUser Authentication::authenticateSession();
  473.         if(empty($pimcoreUser)){
  474.             $response = new Response();
  475.             $response->setStatusCode(401);
  476.             return $response;
  477.         }
  478.         $userAdmin = new UserAdmin($pimcoreUser);
  479.         if(!in_array("ROLE_PIMCORE_ADMIN"$userAdmin->getRoles())
  480.             && !in_array("ROLE_MANAGER"$userAdmin->getRoles())){
  481.             $response = new Response();
  482.             $response->setStatusCode(401);
  483.             return $response;
  484.         }
  486.         $data json_decode($request->getContent());
  487.         $user = new User();
  488.         if(!empty($data->user_id)){
  489.             $user User::getById($data->user_id);
  490.         }
  491.         $user->setParentid(0);
  492.         $user->setUsername($data->user_name);
  493.         $user->setFirstname($data->fname);
  494.         $user->setLastname($data->lname);
  495.         $user->setEmail($data->email);
  496.         $user->setActive($data->active);
  497.         $user->setLanguage("it");
  498.         if(!empty($data->password)){
  499.             $user->setPassword(Authentication::getPasswordHash($data->user_name$data->password));
  500.         }
  501.         $user->setRoles($data->role_id);
  502.         $user->save();
  504.         return $this->json(['message' => 'User updated']);
  505.     }
  507.     /**
  508.      * @Route("/promemoria/api/deleteUser", methods={"POST"})
  509.      * @param Request $request
  510.      *
  511.      * @return JsonResponse
  512.      */
  513.     public function deleteUser(Request $request)
  514.     {
  516.         $pimcoreUser Authentication::authenticateSession();
  517.         if(empty($pimcoreUser)){
  518.             $response = new Response();
  519.             $response->setStatusCode(401);
  520.             return $response;
  521.         }
  522.         $data json_decode($request->getContent());
  523.         $user User::getById($data->user_id);
  524.         $userAdmin = new UserAdmin($user);
  525.         if(in_array("ROLE_PIMCORE_ADMIN"$userAdmin->getRoles())){
  526.             $response = new Response();
  527.             $response->setStatusCode(401);
  528.             return $response;
  529.         }
  530.         $user->delete();
  531.         return $this->json(['message' => 'User deleted']);
  532.     }
  533.     
  534.     /**
  535.      * @Route("/promemoria/api/diario", methods={"POST"})
  536.      * @param Request $request
  537.      *
  538.      * @return JsonResponse
  539.      */
  540.     public function diario(Request $request) {
  541.         $token $request->get("token");
  542.         $config \App\PromemoriaBundle\PromemoriaBundle::getConfig();
  543.         if (!empty($config["googleRecaptchaSecretKey"]) && !empty($token)) {
  544.             $verifyResponse file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' $config["googleRecaptchaSecretKey"] . '&response=' $token);
  545.             $responseData json_decode($verifyResponse);
  546.             if (!$responseData->success || $responseData->score 0.5) {
  547.                 $response = new Response();
  548.                 $response->setStatusCode(401);
  549.                 return $response;
  550.             }
  551.             $pimcoreUsername "website";
  552.             $pimcoreId 0;
  553.         } else {
  554.             $pimcoreUser Authentication::authenticateSession();
  555.             if (empty($pimcoreUser)) {
  556.                 $email $request->get("email");
  557.                 if (empty($email)) {
  558.                     $response = new Response();
  559.                     $response->setStatusCode(401);
  560.                     return $response;
  561.                 } else {
  562.                     $pimcoreUsername $email;
  563.                     $pimcoreId 0;
  564.                 }
  565.             } else {
  566.                 $pimcoreUsername $pimcoreUser->getUsername();
  567.                 $pimcoreId $pimcoreUser->getId();
  568.             }
  569.         }
  571.         $assetFolderName "diarioCollezionista";
  572.         $parentBuca "/" $assetFolderName "/";
  573.         $rootFolder Folder::getByPath("/" $assetFolderName);
  575. // Create root folder if it doesn’t exist
  576.         if (!$rootFolder) {
  577.             $rootFolder = new Folder();
  578.             $rootFolder->setParentId(1); // Root folder in Pimcore
  579.             $rootFolder->setKey($assetFolderName);
  580.             $rootFolder->save();
  581.         }
  583.         $diarioNoteId $request->get("diarioNoteId");
  584.         $inventrio $request->get("inventrio");
  585.         $title $request->get("title");
  587.         $parentPath1 $parentBuca $inventrio;
  588.         $parentPath2 $parentPath1 "/" $title;
  590.         $parentAsset1 \Pimcore\Model\Asset::getByPath($parentPath1);
  591.         $parentAsset2 \Pimcore\Model\Asset::getByPath($parentPath2);
  593. // Create or get first-level folder (/diarioCollezionista/inventrio)
  594.         if (!$parentAsset1) {
  595.             $parent1 \Pimcore\Model\Asset::getByPath($parentBuca);
  596.             $parentAsset1 $this->createFolder($inventrio$parent1->getId(), 'asset');
  597.         }
  599. //  Handle second-level folder (title)
  600.         $folderId null// initialize
  602.         if (!$parentAsset2) {
  603.             $parent2 \Pimcore\Model\Asset::getByPath($parentPath1);
  605.             if (empty($diarioNoteId) || $diarioNoteId === 'UNDEFINED' || $diarioNoteId === 'undefined') {
  607.                 // Case 1: No diarioNoteId ? Create a new folder
  608.                 $parentAsset2 $this->createFolder($title$parent2->getId(), 'asset');
  609.                 $folderId $parentAsset2->getId();
  610.             } else {
  611.                 // Case 2: diarioNoteId exists ? rename existing folder to new title
  612.                 $existingAsset \Pimcore\Model\Asset::getById($diarioNoteId);
  614.                 if ($existingAsset instanceof \Pimcore\Model\Asset) {
  615.                     // Rename only if name is different
  616.                     if ($existingAsset->getKey() !== $title) {
  617.                         $existingAsset->setKey($title); 
  618.                         $existingAsset->save();
  619.                     }
  620.                     $parentAsset2 $existingAsset;
  621.                     $folderId $existingAsset->getId();
  622.                 } else {
  623.                     // fallback: diarioNoteId invalid ? create new folder
  624.                     $parentAsset2 $this->createFolder($title$parent2->getId(), 'asset');
  625.                     $folderId $parentAsset2->getId();
  626.                 }
  627.             }
  628.         } else {
  629.             // folder already exists by path
  630.             $folderId $parentAsset2->getId();
  631.         }
  633. //  Handle file uploads
  634.         $fields json_decode($request->get("fields"), true);
  635.         $values = [];
  636.         $assetIds = [];
  638.         if (is_array($fields)) {
  639.             foreach ($fields as $key => $typeField) {
  640.                 if (in_array($typeField, ["file""image"])) {
  641.                     $files $request->files->get($key);
  643.                     if (!empty($files)) {
  644.                         $files is_array($files) ? $files : [$files];
  646.                         foreach ($files as $file) {
  647.                             $newAsset $this->createAsset($parentAsset2$file);
  648.                             $values[] = $newAsset;
  650.                             if ($newAsset instanceof \Pimcore\Model\Asset) {
  651.                                 $assetIds[] = $newAsset->getId() . "-" .
  652.                                         substr(md5($newAsset->getId() . md5(getenv("dotenv_suffix"))), 08);
  653.                             }
  654.                         }
  655.                     }
  656.                 }
  657.             }
  658.         }
  660. //  Return JSON Response
  661.         return $this->json([
  662.                     "status" => true,
  663.                     "assetIds" => $assetIds,
  664.                     "folderId" => $folderId
  665.         ]);
  666.     }
  668.     /**
  669.      * @Route("/promemoria/api/diarioDeleteMedia", methods={"POST"})
  670.      * @param Request $request
  671.      *
  672.      * @return JsonResponse
  673.      */
  674.     public function diarioDeleteMedia(Request $request) {
  675.         $token $request->get("token");
  676.         $config \App\PromemoriaBundle\PromemoriaBundle::getConfig();
  677.         if (!empty($config["googleRecaptchaSecretKey"]) && !empty($token)) {
  678.             $verifyResponse file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' $config["googleRecaptchaSecretKey"] . '&response=' $token);
  679.             $responseData json_decode($verifyResponse);
  680.             if (!$responseData->success || $responseData->score 0.5) {
  681.                 $response = new Response();
  682.                 $response->setStatusCode(401);
  683.                 return $response;
  684.             }
  685.             $pimcoreUsername "website";
  686.             $pimcoreId 0;
  687.         } else {
  688.             $pimcoreUser Authentication::authenticateSession();
  689.             if (empty($pimcoreUser)) {
  690.                 $email $request->get("email");
  691.                 if (empty($email)) {
  692.                     $response = new Response();
  693.                     $response->setStatusCode(401);
  694.                     return $response;
  695.                 } else {
  696.                     $pimcoreUsername $email;
  697.                     $pimcoreId 0;
  698.                 }
  699.             } else {
  700.                 $pimcoreUsername $pimcoreUser->getUsername();
  701.                 $pimcoreId $pimcoreUser->getId();
  702.             }
  703.         }
  704.         $parentBuca "/diarioCollezionista/";
  706.         $inventrio trim($request->get("inventrio"));
  707.         $title trim($request->get("title"));
  708.         $imageName trim($request->get("imageName"));
  710.         // ? Basic input validation
  711.         if (empty($inventrio) || empty($title)) {
  712.             return $this->json([
  713.                         "status" => false,
  714.                         "message" => "Missing required parameters: inventrio or title."
  715.             ]);
  716.         }
  718.         //  Build asset path
  719.         if ($imageName === 'deleteAll') {
  720.             $assetPath $parentBuca $inventrio "/" $title;
  721.         } else {
  722.             if (empty($imageName)) {
  723.                 return $this->json([
  724.                             "status" => false,
  725.                             "message" => "Image name cannot be empty unless deleteAll is specified."
  726.                 ]);
  727.             }
  728.             $assetPath $parentBuca $inventrio "/" $title "/" $imageName;
  729.         }
  731.         // Normalize path (ensure leading slash)
  732.         $assetPath "/" ltrim($assetPath"/");
  734.         // Security check: only allow under parentBuca
  735.         if (strpos($assetPath$parentBuca) !== 0) {
  736.             return $this->json([
  737.                         "status" => false,
  738.                         "message" => "Invalid path. Deletion outside parent folder is not allowed."
  739.             ]);
  740.         }
  742.         // ? Check if asset exists
  743.         $asset2 \Pimcore\Model\Asset::getByPath($assetPath);
  744.         if (!$asset2 instanceof \Pimcore\Model\Asset) {
  745.             return $this->json([
  746.                         "status" => false,
  747.                         "message" => "Asset not found at path: " $assetPath
  748.             ]);
  749.         }
  751.         try {
  752.             if ($imageName === 'deleteAll') {
  753.                 if ($asset2 instanceof \Pimcore\Model\Asset\Folder) {
  754.                     // just delete the folder recursively
  755.                     $mediaId $asset2->getId();
  756.                     $asset2->delete();
  757.                     return $this->json([
  758.                                 "status" => true,
  759.                                 "message" => "Asset Folder Successfully.",
  760.                                 "mediaId" => $mediaId "-" substr(md5($mediaId md5(getenv("dotenv_suffix"))), 08)
  761.                     ]);
  762.                 } else {
  763.                     return $this->json([
  764.                                 "status" => false,
  765.                                 "message" => "Target is not a folder."
  766.                     ]);
  767.                 }
  768.             } else {
  769.                 // delete a single asset
  770.                 $mediaId $asset2->getId();
  771.                 $asset2->delete();
  773.                 // check if parent folder is now empty ? delete it too
  774.                 $parentFolder $asset2->getParent();
  775.                 if ($parentFolder instanceof \Pimcore\Model\Asset\Folder && count($parentFolder->getChildren()) === 0) {
  776.                     $parentFolder->delete();
  777.                 }
  778.                 return $this->json([
  779.                             "status" => true,
  780.                             "message" => "Asset Deleted Successfully.",
  781.                             "mediaId" => $mediaId "-" substr(md5($mediaId md5(getenv("dotenv_suffix"))), 08)
  782.                 ]);
  783.             }
  784.         } catch (\Exception $e) {
  785.             \Pimcore\Log\Simple::log("asset_delete_error"$e->getMessage());
  786.             return $this->json([
  787.                         "status" => false,
  788.                         "message" => "Error deleting asset: " $e->getMessage()
  789.             ]);
  790.         }
  791.     }
  793.     /**
  794.      * @Route("/promemoria/api/buca", methods={"POST"})
  795.      * @param Request $request
  796.      *
  797.      * @return JsonResponse
  798.      */
  799.     public function buca(Request $request)
  800.     {
  801.         $token $request->get("token");
  802.         $config \App\PromemoriaBundle\PromemoriaBundle::getConfig();
  803.         if(!empty($config["googleRecaptchaSecretKey"]) && !empty($token)){
  804.             $verifyResponse file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' $config["googleRecaptchaSecretKey"] . '&response=' $token);
  805.             $responseData json_decode($verifyResponse);
  806.             if (!$responseData->success || $responseData->score 0.5) {
  807.                 $response = new Response();
  808.                 $response->setStatusCode(401);
  809.                 return $response;
  810.             }
  811.             $pimcoreUsername "website";
  812.             $pimcoreId 0;
  813.         }else{
  814.             $pimcoreUser Authentication::authenticateSession();
  815.             if(empty($pimcoreUser)){
  816.                 $email $request->get("email");
  817.                 if(empty($email)){
  818.                     $response = new Response();
  819.                     $response->setStatusCode(401);
  820.                     return $response;
  821.                 }else{
  822.                     $pimcoreUsername $email;
  823.                     $pimcoreId 0;
  824.                 }
  825.             }else{
  826.                 $pimcoreUsername $pimcoreUser->getUsername();
  827.                 $pimcoreId $pimcoreUser->getId();
  828.             }
  829.         }
  830.         // crezione folder utente se non esiste
  831.         $parentBuca "/Buca/";
  832.         $parentPath $parentBuca $pimcoreUsername;
  833.         $parentAsset \Pimcore\Model\Asset::getByPath($parentPath);
  834.         if(!$parentAsset){
  835.             $parent \Pimcore\Model\Asset::getByPath($parentBuca);
  836.             $parentAsset $this->createFolder($pimcoreUsername$parent->getId(), 'asset');
  837.         }
  838.         $parentObject \Pimcore\Model\DataObject::getByPath($parentPath);
  839.         if(!$parentObject){
  840.             $parent \Pimcore\Model\DataObject::getByPath($parentBuca);
  841.             $parentObject $this->createFolder($pimcoreUsername$parent->getId());
  842.         }
  844.         // creazione oggetto e media
  845.         $separatore "$";
  846.         $classe "\Pimcore\Model\DataObject\\" $request->get("class");
  847.         $fields json_decode($request->get("fields"), TRUE);
  848.         $obj = new $classe();
  849.         $obj->setParentId($parentObject->getId());
  850.         foreach ($fields as $key => $typeField) {
  851.             $fieldDefiniton $obj->getClass()->getFieldDefinition($key);
  852.             $type $fieldDefiniton $fieldDefiniton->getFieldtype() : "localizedfield";
  853.             $type strpos($key$separatore) !== FALSE "block" $type;
  855.             if(in_array($typeField,["file","image"])){
  856.                 $files $request->files->get($key);
  857.                 $didascalie $request->get($key "Didascalia");
  858.                 if(!empty($files)){
  859.                     $isMultiple is_array($files);
  860.                     $files $isMultiple $files : [$files];
  861.                     $values = [];
  862.                     if($typeField === "image"){
  863.                         foreach ($files as $index => $file) {
  864.                             $advancedImage = new \Pimcore\Model\DataObject\Data\Hotspotimage();
  865.                             $advancedImage->setImage($this->createAsset($parentAsset$file"image"));
  866.                             $values[] = $advancedImage;
  867.                         }
  868.                         $values = new \Pimcore\Model\DataObject\Data\ImageGallery($values);
  869.                     }else{
  870.                         foreach ($files as $index => $file) {
  871.                             $values[] = $this->createAsset($parentAsset$file);
  872.                         }
  873.                     }
  874.                     $obj->{"set" ucfirst($key)}($isMultiple $values $values[0]);
  875.                 }
  876.             }else {
  877.                 $val $request->get($key);
  878.                 if(!empty($val)){
  879.                     switch($typeField){
  880.                         case "link":
  881.                             $link = new \Pimcore\Model\DataObject\Data\Link();
  882.                             $link->setText("Link");
  883.                             $link->setPath($val);
  884.                             $val $link;
  885.                             break;
  886.                         case 'date':
  887.                             $val \Carbon\Carbon::createFromFormat('Y-m-d'$val);
  888.                             break;
  889.                     }
  890.                     switch($type){
  891.                         case "video":
  892.                             $video = new \Pimcore\Model\DataObject\Data\Video();
  893.                             $video->setType("youtube");
  894.                             $video->setData($val);
  895.                             $result preg_match("/(?<=v=)[a-zA-Z0-9-]+(?=&)|(?<=v\/)[^&]+(?=\?)|(?<=v=)[^&]+|(?<=youtu.be\/)[^&]+/"$val$matches);
  896.                             if($result){
  897.                                 $video->setType("youtube");
  898.                                 $video->setData($matches[0]);
  899.                             }
  900.                             $result preg_match("/(?<=vimeo.com\/)[^&]+/"$val$matches);
  901.                             if($result){
  902.                                 $video->setType("vimeo");
  903.                                 $video->setData($matches[0]);
  904.                             }
  905.                             $obj->{"set" ucfirst($key)}($video);
  906.                             break;
  907.                         case "block":
  908.                             list ($keyContainer$keyMeta) = explode($separatore$key);
  909.                             $metadata = [];
  910.                             $metadata[$keyMeta] = new \Pimcore\Model\DataObject\Data\BlockElement($keyMeta$typeField$val);
  911.                             $obj->{"set" ucfirst($keyContainer)}([$metadata]);
  912.                             break;
  913.                         case "localizedfield":
  914.                             $obj->{"set" ucfirst($key)}($val'it');
  915.                             break;
  916.                         case "multiselect":
  917.                             $obj->{"set" ucfirst($key)}([$val]);
  918.                             break;
  919.                         default:
  920.                             $obj->{"set" ucfirst($key)}($val);
  921.                             break;
  922.                     }
  923.                     if($key === 'dcTitle'){
  924.                         $obj->setKey(\Pimcore\Model\Element\Service::getValidKey($val'object'));
  925.                     }
  926.                 }
  927.             }
  928.         }
  929.         $obj->setUserOwner($pimcoreId);
  930.         $obj->setUserModification($pimcoreId);
  931.         $obj->save();
  932.         $tags $request->get("tags");
  933.         if(!empty($tags)){
  934.             \Pimcore\Model\Element\Tag::setTagsForElement('object'$obj->getId(), array_map(function($id){
  935.                 return \Pimcore\Model\Element\Tag::getById($id);
  936.             }, $tags));
  937.         }
  938.         return $this->json(["status" =>  true ]);
  939.     }
  941.     /**
  942.      * @Route("/promemoria/api/bucaSelect", methods={"POST"})
  943.      * @param Request $request
  944.      *
  945.      * @return JsonResponse
  946.      */
  947.     public function bucaSelect(Request $request)
  948.     {
  949.         $pimcoreUser Authentication::authenticateSession();
  950.         if(empty($pimcoreUser)){
  951.             $response = new Response();
  952.             $response->setStatusCode(401);
  953.             return $response;
  954.         }
  955.         $data json_decode($request->getContent());
  957.         $classe "\Pimcore\Model\DataObject\\" $data->class;
  958.         $obj = new $classe();
  959.         $fieldDefiniton $obj->getClass()->getFieldDefinition($data->field);
  961.         return $this->json($fieldDefiniton->getOptions());
  962.     }
  964.      /**
  965.      * @Route("/promemoria/api/bucaTags", methods={"POST"})
  966.      * @param Request $request
  967.      *
  968.      * @return JsonResponse
  969.      */
  970.     public function bucaTags(Request $request)
  971.     {
  972.         $pimcoreUser Authentication::authenticateSession();
  973.         if(empty($pimcoreUser)){
  974.             $response = new Response();
  975.             $response->setStatusCode(401);
  976.             return $response;
  977.         }
  978.         $data json_decode($request->getContent());
  980.         $tagList = new \Pimcore\Model\Element\Tag\Listing();
  981.         $tagList->setCondition("parentId = ?"$data->parentId);
  982.         $tagList->setOrderKey("id");
  983.         $tags = [];
  984.         foreach ($tagList->load() as $tag) {
  985.             $tags[] = [
  986.                 "id" => $tag->getId(),
  987.                 "label" => $tag->getName()
  988.             ];
  989.         }
  990.         return $this->json($tags);
  991.     }
  993.     /**
  994.      * @Route("/promemoria/api/check-email", methods={"POST"}))
  995.      * @param Request $request
  996.      *
  997.      * @return JsonResponse
  998.      */
  999.     public function checkEmail(Request $request)
  1000.     {
  1001.         $response = new Response();
  1002.         $response->setStatusCode(400);
  1003.         $data json_decode($request->getContent());
  1004.         if(empty($data->email)){
  1005.             return $response;
  1006.         }
  1007.         $user false;
  1008.         $entries = new \Pimcore\Model\User\Listing();
  1009.         $entries->setLimit(1);
  1010.         $entries->setCondition("email LIKE ?", [$data->email]);
  1011.         foreach ($entries as $entry) {
  1012.             $user $entry;
  1013.             return $this->json([
  1014.                 'status' => true
  1015.             ]);
  1016.         }
  1017.         return $response;
  1018.     }
  1020.     /**
  1021.      * @Route("/promemoria/api/change-reset-password", methods={"POST"}))
  1022.      * @param Request $request
  1023.      *
  1024.      * @return JsonResponse
  1025.      */
  1026.     public function changeResetPassword(Request $request)
  1027.     {
  1028.         $response = new Response();
  1029.         $response->setStatusCode(400);
  1030.         $data json_decode($request->getContent());
  1032.         if(empty($data->email) || empty($data->password)){
  1033.             return $response;
  1034.         }
  1036.         $entries = new \Pimcore\Model\User\Listing();
  1037.         $entries->setLimit(1);
  1038.         $entries->setCondition("email LIKE ?", [$data->email]);
  1039.         foreach ($entries as $entry) {
  1040.             $user $entry;
  1041.             $user->setPassword(Authentication::getPasswordHash($user->getUsername(), $data->password));
  1042.             $user->save();
  1043.             return $this->json([
  1044.                 'status' => true
  1045.             ]);
  1046.         }
  1047.         return $response;
  1048.     }
  1050.     /* PRIVATE */
  1051.     private function clearExpiredShortUrls()
  1052.     {
  1053.         $db \Pimcore\Db::get();
  1054.         $db->deleteWhere('promemoria_shorturl''insertDate < NOW() - INTERVAL 1 WEEK');
  1055.     }
  1056.     private function createFolder($name$parent$type 'object'){
  1057.         $folder $type === 'object' ? new \Pimcore\Model\DataObject\Folder() : new \Pimcore\Model\Asset\Folder();
  1058.         $folder->setParentId($parent);
  1059.         $type === 'object'  $folder->setKey($name) : $folder->setFilename($name);
  1060.         $folder->save();
  1061.         return $folder;
  1062.     }
  1064.     private function createAsset($parentAsset$file$type=""){
  1065.         $newAsset $type ? new \Pimcore\Model\Asset\Image() : new \Pimcore\Model\Asset();
  1066.         $newAsset->setFilename($this->checkFileAndRename($parentAsset->getFullPath(), $file->getClientOriginalName()));
  1067.         $newAsset->setData(file_get_contents($file->getPathname()));
  1068.         $newAsset->setParent($parentAsset);
  1069.         $newAsset->save();
  1070.         return $newAsset;
  1071.     }
  1072.     private function checkFileAndRename($parentPath$filename){
  1073.         $path_parts pathinfo($filename);
  1074.         $i 1;
  1075.         while(\Pimcore\Model\Asset::getByPath($parentPath "/" $filename)){
  1076.             $filename $path_parts['filename'] . "_$i." $path_parts['extension'];
  1077.             $i++;
  1078.         }
  1079.         return $filename;
  1080.     }
  1081.     private function getThumb($image$type$original=false){
  1082.         $thumb $this->getThumbnail($image"watermarked_" $type);
  1083.         if(!$thumb || empty($thumb->getConfig())) {
  1084.             $thumb $this->getThumbnail($image$type);
  1085.         }
  1086.         if(!$thumb || empty($thumb->getConfig())){
  1087.             if($original) return $image;
  1088.             $thumb $this->getThumbnail($imageAsset\Image\Thumbnail\Config::getPreviewConfig());
  1089.         }
  1090.         return $thumb;
  1091.     }
  1093.     private function getThumbnail($image$type){
  1094.         try{
  1095.             return $image->getThumbnail($type);
  1096.         }catch(\Exception $err){
  1097.             return null;
  1098.         }
  1099.     }
  1101.     private function addThumbnailCacheHeaders(Response $response)
  1102.     {
  1103.        $lifetime 300;
  1104.         $date = new \DateTime('now');
  1105.         $date->add(new \DateInterval('PT' $lifetime 'S'));
  1107.         $response->setMaxAge($lifetime);
  1108.         $response->setPublic();
  1109.         $response->setExpires($date);
  1110.         $response->headers->set('Access-Control-Allow-Origin''*');
  1111.     }
  1113.     private function checkHash($id){
  1114.         list($id$hash) = explode("-"$id);
  1115.         return $hash === substr(md5($id md5(getenv("dotenv_suffix"))), 08);
  1116.     }
  1117. }