Re-implement api.php?list actions for add, sub and get.

Signed-off-by: DL6ER <dl6er@dl6er.de>

api.php

@@ -7,10 +7,10 @@
 *    Please see LICENSE file for your rights under this license */
 
 $api = true;
-header('Content-type: application/json');
-require("scripts/pi-hole/php/FTL.php");
-require("scripts/pi-hole/php/password.php");
-require("scripts/pi-hole/php/auth.php");
+require_once("scripts/pi-hole/php/FTL.php");
+require_once("scripts/pi-hole/php/password.php");
+require_once("scripts/pi-hole/php/database.php");
+require_once("scripts/pi-hole/php/auth.php");
 check_cors();
 
 $FTL_IP = "127.0.0.1";
@@ -107,29 +107,50 @@
 }
 elseif (isset($_GET['list']))
 {
+	if (!$auth)
+		die("Not authorized!");
+
+	if(!isset($_GET["list"]))
+		die("List has not been specified.");
+
+	switch ($_GET["list"]) {
+		case 'black':
+			$_POST['type'] = ListType::blacklist;
+			break;
+		case 'regex_black':
+			$_POST['type'] = ListType::regex_blacklist;
+			break;
+		case 'white':
+			$_POST['type'] = ListType::whitelist;
+			break;
+		case 'regex_white':
+			$_POST['type'] = ListType::regex_whitelist;
+			break;
+
+		default:
+			die("Invalid list [supported: black, regex_black, white, regex_white]");
+			break;
+	}
+
 	if (isset($_GET['add']))
 	{
-		if (!$auth)
-			die("Not authorized!");
-
 		// Set POST parameters and invoke script to add domain to list
 		$_POST['domain'] = $_GET['add'];
-		$_POST['list'] = $_GET['list'];
-		require("scripts/pi-hole/php/add.php");
+		$_POST['action'] = 'add_domain';
+		require("scripts/pi-hole/php/groups.php");
 	}
 	elseif (isset($_GET['sub']))
 	{
-		if (!$auth)
-			die("Not authorized!");
-
 		// Set POST parameters and invoke script to remove domain from list
 		$_POST['domain'] = $_GET['sub'];
-		$_POST['list'] = $_GET['list'];
-		require("scripts/pi-hole/php/sub.php");
+		$_POST['action'] = 'delete_domain_string';
+		require("scripts/pi-hole/php/groups.php");
 	}
 	else
 	{
-		require("scripts/pi-hole/php/get.php");
+		// Set POST parameters and invoke script to get all domains
+		$_POST['action'] = 'get_domains';
+		require("scripts/pi-hole/php/groups.php");
 	}
 
 	return;
@@ -138,6 +159,7 @@
 // Other API functions
 require("api_FTL.php");
 
+header('Content-type: application/json');
 if(isset($_GET["jsonForceObject"]))
 {
 	echo json_encode($data, JSON_FORCE_OBJECT);

scripts/pi-hole/php/database.php

@@ -311,9 +311,11 @@ function remove_from_table($db, $table, $domains, $returnnum=false, $type=-1)
 	}
 }
 
-class ListType{
-	const whitelist = 0;
-	const blacklist = 1;
-	const regex_whitelist = 2;
-	const regex_blacklist = 3;
-}
+if (!class_exists("ListType")) {
+	class ListType{
+		const whitelist = 0;
+		const blacklist = 1;
+		const regex_whitelist = 2;
+		const regex_blacklist = 3;
+	}
+}

scripts/pi-hole/php/gravity.php

@@ -6,7 +6,7 @@
 *  This file is copyright under the latest version of the EUPL.
 *  Please see LICENSE file for your rights under this license. */
 
-require "scripts/pi-hole/php/database.php";
+require_once("scripts/pi-hole/php/database.php");
 
 function gravity_last_update($raw = false)
 {

scripts/pi-hole/php/groups.php

@@ -9,11 +9,13 @@
 require_once('auth.php');
 
 // Authentication checks
-if (isset($_POST['token'])) {
-    check_cors();
-    check_csrf($_POST['token']);
-} else {
-    log_and_die('Not allowed (login session invalid or expired, please relogin on the Pi-hole dashboard)!');
+if (!isset($api)) {
+    if (isset($_POST['token'])) {
+        check_cors();
+        check_csrf($_POST['token']);
+    } else {
+        log_and_die('Not allowed (login session invalid or expired, please relogin on the Pi-hole dashboard)!');
+    }
 }
 
 $reload = false;
@@ -47,6 +49,8 @@ function JSON_error($message = null)
         while (($res = $query->fetchArray(SQLITE3_ASSOC)) !== false) {
             array_push($data, $res);
         }
+
+        header('Content-type: application/json');
         echo json_encode(array('data' => $data));
     } catch (\Exception $ex) {
         JSON_error($ex->getMessage());
@@ -198,6 +202,7 @@ function JSON_error($message = null)
             array_push($data, $res);
         }
 
+        header('Content-type: application/json');
         echo json_encode(array('data' => $data));
     } catch (\Exception $ex) {
         JSON_error($ex->getMessage());
@@ -232,6 +237,7 @@ function JSON_error($message = null)
             }
         }
 
+        header('Content-type: application/json');
         echo json_encode($ips);
     } catch (\Exception $ex) {
         JSON_error($ex->getMessage());
@@ -380,6 +386,8 @@ function JSON_error($message = null)
             $limit = " WHERE type = 0 OR type = 2";
         } elseif (isset($_POST["showtype"]) && $_POST["showtype"] === "black"){
             $limit = " WHERE type = 1 OR type = 3";
+        } elseif (isset($_POST["type"]) && is_numeric($_POST["type"])){
+            $limit = " WHERE type = " . $_POST["type"];
         }
         $query = $db->query('SELECT * FROM domainlist'.$limit);
         if (!$query) {
@@ -432,7 +440,7 @@ function JSON_error($message = null)
             array_push($data, $res);
         }
 
-
+        header('Content-type: application/json');
         echo json_encode(array('data' => $data));
     } catch (\Exception $ex) {
         JSON_error($ex->getMessage());
@@ -624,6 +632,48 @@ function JSON_error($message = null)
             throw new Exception('While executing domainlist statement: ' . $db->lastErrorMsg());
         }
 
+        $reload = true;
+        JSON_success();
+    } catch (\Exception $ex) {
+        JSON_error($ex->getMessage());
+    }
+}  elseif ($_POST['action'] == 'delete_domain_string') {
+    // Delete domain identified by the domain string itself
+    try {
+        $stmt = $db->prepare('DELETE FROM domainlist_by_group WHERE domainlist_id=(SELECT id FROM domainlist WHERE domain=:domain AND type=:type);');
+        if (!$stmt) {
+            throw new Exception('While preparing domainlist_by_group statement: ' . $db->lastErrorMsg());
+        }
+
+        if (!$stmt->bindValue(':domain', $_POST['domain'], SQLITE3_TEXT)) {
+            throw new Exception('While binding domain to domainlist_by_group statement: ' . $db->lastErrorMsg());
+        }
+
+        if (!$stmt->bindValue(':type', intval($_POST['type']), SQLITE3_INTEGER)) {
+            throw new Exception('While binding type to domainlist_by_group statement: ' . $db->lastErrorMsg());
+        }
+
+        if (!$stmt->execute()) {
+            throw new Exception('While executing domainlist_by_group statement: ' . $db->lastErrorMsg());
+        }
+
+        $stmt = $db->prepare('DELETE FROM domainlist WHERE domain=:domain AND type=:type');
+        if (!$stmt) {
+            throw new Exception('While preparing domainlist statement: ' . $db->lastErrorMsg());
+        }
+
+        if (!$stmt->bindValue(':domain', $_POST['domain'], SQLITE3_TEXT)) {
+            throw new Exception('While binding domain to domainlist statement: ' . $db->lastErrorMsg());
+        }
+
+        if (!$stmt->bindValue(':type', intval($_POST['type']), SQLITE3_INTEGER)) {
+            throw new Exception('While binding type to domainlist statement: ' . $db->lastErrorMsg());
+        }
+
+        if (!$stmt->execute()) {
+            throw new Exception('While executing domainlist statement: ' . $db->lastErrorMsg());
+        }
+
         $reload = true;
         JSON_success();
     } catch (\Exception $ex) {
@@ -652,7 +702,7 @@ function JSON_error($message = null)
             array_push($data, $res);
         }
 
-
+        header('Content-type: application/json');
         echo json_encode(array('data' => $data));
     } catch (\Exception $ex) {
         JSON_error($ex->getMessage());