false, 'message' => 'Not Found']); exit; } // ═══════════════════════════════════════════════════════════════════════════ // API ROUTING // ═══════════════════════════════════════════════════════════════════════════ $parts = explode('/', $path); array_shift($parts); // Rimuovi "api" $controllerName = $parts[0] ?? 'index'; $actionName = $parts[1] ?? 'index'; $resourceId = isset($parts[2]) ? $parts[2] : null; $subAction = $parts[3] ?? null; $subResourceId = isset($parts[4]) ? $parts[4] : null; // Mappa controller $controllerMap = [ 'auth' => 'AuthController', 'organizations' => 'OrganizationController', 'assessments' => 'AssessmentController', 'dashboard' => 'DashboardController', 'risks' => 'RiskController', 'incidents' => 'IncidentController', 'policies' => 'PolicyController', 'supply-chain' => 'SupplyChainController', 'training' => 'TrainingController', 'assets' => 'AssetController', 'audit' => 'AuditController', 'admin' => 'AdminController', 'onboarding' => 'OnboardingController', ]; if (!isset($controllerMap[$controllerName])) { http_response_code(404); header('Content-Type: application/json'); echo json_encode([ 'success' => false, 'message' => 'Endpoint non trovato', 'error_code' => 'NOT_FOUND', ]); exit; } $controllerClass = $controllerMap[$controllerName]; $controllerFile = APP_PATH . "/controllers/{$controllerClass}.php"; if (!file_exists($controllerFile)) { http_response_code(500); header('Content-Type: application/json'); echo json_encode([ 'success' => false, 'message' => 'Controller non disponibile', ]); exit; } require_once $controllerFile; // ═══════════════════════════════════════════════════════════════════════════ // MAPPA AZIONI PER METODO HTTP // ═══════════════════════════════════════════════════════════════════════════ $method = $_SERVER['REQUEST_METHOD']; // Converti action name con trattini in camelCase $actionName = str_replace('-', '', lcfirst(ucwords($actionName, '-'))); $actionMap = [ // ── AuthController ────────────────────────────── 'auth' => [ 'POST:register' => 'register', 'POST:login' => 'login', 'POST:logout' => 'logout', 'POST:refresh' => 'refresh', 'GET:me' => 'me', 'PUT:profile' => 'updateProfile', 'POST:changePassword' => 'changePassword', ], // ── OrganizationController ────────────────────── 'organizations' => [ 'POST:create' => 'create', 'GET:current' => 'getCurrent', 'GET:list' => 'list', 'PUT:{id}' => 'update', 'GET:{id}/members' => 'listMembers', 'POST:{id}/invite' => 'inviteMember', 'DELETE:{id}/members/{subId}' => 'removeMember', 'POST:classify' => 'classifyEntity', ], // ── AssessmentController ──────────────────────── 'assessments' => [ 'GET:list' => 'list', 'POST:create' => 'create', 'GET:{id}' => 'get', 'PUT:{id}' => 'update', 'GET:{id}/questions' => 'getQuestions', 'POST:{id}/respond' => 'saveResponse', 'POST:{id}/complete' => 'complete', 'GET:{id}/report' => 'getReport', 'POST:{id}/aiAnalyze' => 'aiAnalyze', ], // ── DashboardController ───────────────────────── 'dashboard' => [ 'GET:overview' => 'overview', 'GET:complianceScore' => 'complianceScore', 'GET:upcomingDeadlines' => 'deadlines', 'GET:recentActivity' => 'recentActivity', 'GET:riskHeatmap' => 'riskHeatmap', ], // ── RiskController ────────────────────────────── 'risks' => [ 'GET:list' => 'list', 'POST:create' => 'create', 'GET:{id}' => 'get', 'PUT:{id}' => 'update', 'DELETE:{id}' => 'delete', 'POST:{id}/treatments' => 'addTreatment', 'PUT:treatments/{subId}' => 'updateTreatment', 'GET:matrix' => 'getRiskMatrix', 'POST:aiSuggest' => 'aiSuggestRisks', ], // ── IncidentController ────────────────────────── 'incidents' => [ 'GET:list' => 'list', 'POST:create' => 'create', 'GET:{id}' => 'get', 'PUT:{id}' => 'update', 'POST:{id}/timeline' => 'addTimelineEvent', 'POST:{id}/earlyWarning' => 'sendEarlyWarning', 'POST:{id}/notification' => 'sendNotification', 'POST:{id}/finalReport' => 'sendFinalReport', 'POST:{id}/aiClassify' => 'aiClassify', ], // ── PolicyController ──────────────────────────── 'policies' => [ 'GET:list' => 'list', 'POST:create' => 'create', 'GET:{id}' => 'get', 'PUT:{id}' => 'update', 'DELETE:{id}' => 'delete', 'POST:{id}/approve' => 'approve', 'POST:aiGenerate' => 'aiGeneratePolicy', 'GET:templates' => 'getTemplates', ], // ── SupplyChainController ─────────────────────── 'supply-chain' => [ 'GET:list' => 'list', 'POST:create' => 'create', 'GET:{id}' => 'get', 'PUT:{id}' => 'update', 'DELETE:{id}' => 'delete', 'POST:{id}/assess' => 'assessSupplier', 'GET:riskOverview' => 'riskOverview', ], // ── TrainingController ────────────────────────── 'training' => [ 'GET:courses' => 'listCourses', 'POST:courses' => 'createCourse', 'GET:assignments' => 'myAssignments', 'POST:assign' => 'assignCourse', 'PUT:assignments/{subId}' => 'updateAssignment', 'GET:complianceStatus' => 'complianceStatus', ], // ── AssetController ───────────────────────────── 'assets' => [ 'GET:list' => 'list', 'POST:create' => 'create', 'GET:{id}' => 'get', 'PUT:{id}' => 'update', 'DELETE:{id}' => 'delete', 'GET:dependencyMap' => 'dependencyMap', ], // ── AuditController ───────────────────────────── 'audit' => [ 'GET:controls' => 'listControls', 'PUT:controls/{subId}' => 'updateControl', 'POST:evidence/upload' => 'uploadEvidence', 'GET:evidence/list' => 'listEvidence', 'GET:report' => 'generateReport', 'GET:logs' => 'getAuditLogs', 'GET:iso27001Mapping' => 'getIsoMapping', 'GET:executiveReport' => 'executiveReport', 'GET:export' => 'export', ], // ── AdminController ───────────────────────────── 'admin' => [ 'GET:organizations' => 'listOrganizations', 'GET:users' => 'listUsers', 'GET:stats' => 'platformStats', ], // ── OnboardingController ────────────────────── 'onboarding' => [ 'POST:uploadVisura' => 'uploadVisura', 'POST:fetchCompany' => 'fetchCompany', 'POST:complete' => 'complete', ], ]; // ═══════════════════════════════════════════════════════════════════════════ // RISOLUZIONE AZIONE // ═══════════════════════════════════════════════════════════════════════════ $actions = $actionMap[$controllerName] ?? []; $resolvedAction = null; // Costruisci combinazioni di pattern da verificare (ordine di specificità) $patterns = []; if ($subResourceId !== null && $subAction !== null) { // METHOD:action/{id}/subAction/{subId} $patterns[] = "{$method}:{$actionName}/{$subAction}/{subId}"; // METHOD:{id}/subAction/{subId} $patterns[] = "{$method}:{id}/{$subAction}/{subId}"; } if ($subAction !== null && $resourceId !== null) { // METHOD:{id}/subAction $patterns[] = "{$method}:{id}/{$subAction}"; // METHOD:action/{subId} $patterns[] = "{$method}:{$actionName}/{subId}"; } if ($resourceId !== null && $subAction === null) { // METHOD:action/{id} (actionName è in realtà l'ID numerico) if (is_numeric($actionName)) { $patterns[] = "{$method}:{id}"; $resourceId = (int) $actionName; } else { // METHOD:{id} $patterns[] = "{$method}:{id}"; } } // METHOD:action/subAction if ($resourceId !== null && !is_numeric($actionName)) { $patterns[] = "{$method}:{$actionName}/{$resourceId}"; } // METHOD:action $patterns[] = "{$method}:{$actionName}"; // Cerca match foreach ($patterns as $pattern) { if (isset($actions[$pattern])) { $resolvedAction = $actions[$pattern]; break; } } // Se il primo segmento è numerico, l'azione è basata sull'ID if (!$resolvedAction && is_numeric($actionName)) { $resourceId = (int) $actionName; $pattern = "{$method}:{id}"; if (isset($actions[$pattern])) { $resolvedAction = $actions[$pattern]; } } if (!$resolvedAction) { http_response_code(404); header('Content-Type: application/json'); echo json_encode([ 'success' => false, 'message' => "Azione non trovata: {$method} /{$controllerName}/{$actionName}", 'error_code' => 'ACTION_NOT_FOUND', ]); exit; } // ═══════════════════════════════════════════════════════════════════════════ // ESECUZIONE // ═══════════════════════════════════════════════════════════════════════════ try { $controller = new $controllerClass(); if (!method_exists($controller, $resolvedAction)) { http_response_code(501); header('Content-Type: application/json'); echo json_encode([ 'success' => false, 'message' => "Metodo '{$resolvedAction}' non implementato", ]); exit; } // Chiama con gli argomenti appropriati if ($subResourceId !== null) { $controller->$resolvedAction((int) $resourceId, (int) $subResourceId); } elseif ($resourceId !== null && !is_numeric($actionName)) { $controller->$resolvedAction((int) $resourceId); } elseif (is_numeric($actionName)) { $controller->$resolvedAction((int) $resourceId); } else { $controller->$resolvedAction(); } } catch (RuntimeException $e) { // Rate limit exceeded (429) if ($e->getCode() === 429) { http_response_code(429); header('Content-Type: application/json'); echo json_encode([ 'success' => false, 'message' => $e->getMessage(), 'error_code' => 'RATE_LIMITED', ]); exit; } throw $e; } catch (PDOException $e) { error_log('[DB_ERROR] ' . $e->getMessage()); http_response_code(500); header('Content-Type: application/json'); echo json_encode([ 'success' => false, 'message' => APP_DEBUG ? 'Errore database: ' . $e->getMessage() : 'Errore interno del server', ]); } catch (Throwable $e) { error_log('[ERROR] ' . $e->getMessage() . ' in ' . $e->getFile() . ':' . $e->getLine()); http_response_code(500); header('Content-Type: application/json'); echo json_encode([ 'success' => false, 'message' => APP_DEBUG ? $e->getMessage() : 'Errore interno del server', ]); }