fixed missing login and billing pages
This commit is contained in:
parent
28533be24d
commit
dbecad8606
755 changed files with 1205 additions and 106715 deletions
|
|
@ -10,11 +10,10 @@ Primary files:
|
|||
|
||||
- `Panel/ogp_api.php`
|
||||
- `Panel/status_api.php`
|
||||
- `Website/api/create_order.php`
|
||||
- `Website/api/capture_order.php`
|
||||
- `Website/api/log_error.php`
|
||||
- `Website/webhook.php`
|
||||
- `Website/paypal/webhook.php`
|
||||
- `Panel/sso.php`
|
||||
- `Panel/modules/website/login.php`
|
||||
- `Panel/modules/website/sso.php`
|
||||
- `Panel/modules/website/order.php`
|
||||
|
||||
## Panel Automation API
|
||||
|
||||
|
|
@ -121,39 +120,27 @@ The scheduler does not call agents directly at runtime. It stores cron lines on
|
|||
|
||||
This makes `ogp_api.php` part of the internal scheduler runtime contract.
|
||||
|
||||
## Website API Endpoints
|
||||
|
||||
### Payment Creation And Capture
|
||||
## Website Account, SSO, And Order Entry
|
||||
|
||||
| Endpoint | Auth | Purpose | Parameters | Returns |
|
||||
|---|---|---|---|---|
|
||||
| `Website/api/create_order.php` | storefront session / checkout context | create PayPal order | checkout/cart payload | JSON PayPal order response |
|
||||
| `Website/api/capture_order.php` | storefront session / checkout context | capture approved PayPal order | order/capture payload | JSON capture result |
|
||||
| `Panel/modules/website/login.php` | Panel user credentials | create a website session against the shared Panel user table | username/password form | website session and redirect |
|
||||
| `Panel/modules/website/logout.php` | website session | destroy website session | none | redirect to website home |
|
||||
| `Panel/modules/website/sso.php?destination=panel` | website session | create a one-time token for Panel login | optional trusted return path | redirect to `Panel/sso.php` |
|
||||
| `Panel/sso.php?token=...` | one-time SSO token | create normal Panel session | token | redirect to Panel page |
|
||||
| `Panel/sso.php?destination=website` | Panel session | create a one-time token for website login | optional trusted return path | redirect to website SSO endpoint |
|
||||
| `Panel/modules/website/sso.php?token=...` | one-time SSO token | create website session | token | redirect to website page |
|
||||
| `Panel/modules/website/order.php` | website session for checkout continuation | validate catalog service and start order intent | `service_id` | order page or login redirect |
|
||||
|
||||
These are thin compatibility wrappers that dispatch into the current billing runtime selected by:
|
||||
SSO tokens are stored in `OGP_DB_PREFIXsso_tokens` as SHA-256 hashes, expire in 30-60 seconds, and are marked used after successful validation. Tokens never contain passwords, password hashes, permanent API keys, or PHP session IDs.
|
||||
|
||||
- `Website/_compat_include.php`
|
||||
- `website_billing_runtime_file(...)`
|
||||
|
||||
### Client Error Logging
|
||||
|
||||
| Endpoint | Auth | Purpose | Parameters | Returns |
|
||||
|---|---|---|---|---|
|
||||
| `Website/api/log_error.php` | none | receive cart/client JS error payloads | JSON body | JSON `{status: logged}` or error |
|
||||
|
||||
Security note:
|
||||
|
||||
- this endpoint is intentionally open
|
||||
- it writes to `Website/logs/client_errors.log`
|
||||
- rate limiting is not obvious in the current implementation
|
||||
The old `Website/api/create_order.php`, `Website/api/capture_order.php`, `Website/api/log_error.php`, and `Website/webhook.php` compatibility files are not present in this repository checkout. Until an active payment runtime is connected, the website order page validates service intent and sends customers to support rather than claiming checkout is complete.
|
||||
|
||||
### Webhooks
|
||||
|
||||
| Endpoint | Source | Purpose | Auth Model |
|
||||
|---|---|---|---|
|
||||
| `Website/webhook.php` | PayPal | verify and process payment webhook | PayPal OAuth + webhook signature verification |
|
||||
| `Website/paypal/webhook.php` | PayPal | compatibility entrypoint forwarding to `Website/webhook.php` runtime | same |
|
||||
| `Panel/modules/billing/webhook.php` | payment runtime compatibility | billing-side webhook entrypoint | gateway-specific |
|
||||
| none active in this checkout | PayPal | payment processing must be reconnected before public checkout is enabled | document gateway-specific signature verification before use |
|
||||
|
||||
## Security Controls
|
||||
|
||||
|
|
@ -162,12 +149,12 @@ Security note:
|
|||
| token auth | `Panel/ogp_api.php` |
|
||||
| host allowlist | `api_authorized.hosts`, `api_authorized.fwd_hosts`, `settings/api_hosts.php` |
|
||||
| role / ownership checks | inside `api_*` handlers in `ogp_api.php` |
|
||||
| webhook signature verification | `Website/webhook.php` |
|
||||
| one-time SSO token hash storage | `OGP_DB_PREFIXsso_tokens` |
|
||||
|
||||
## Search Coverage Used For This Document
|
||||
|
||||
- `rg -n "^function api_" Panel/ogp_api.php`
|
||||
- `sed -n '1,240p' Panel/ogp_api.php`
|
||||
- `sed -n '1,240p' Panel/status_api.php`
|
||||
- `find Website/api -maxdepth 1 -type f`
|
||||
- `sed -n '1,220p' Website/webhook.php`
|
||||
- `sed -n '1,220p' Panel/sso.php`
|
||||
- `sed -n '1,220p' Panel/modules/website/sso.php`
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue