'Unauthorized'], JSON_PRETTY_PRINT); exit; } // === Validate & normalize dates === function check_param($from_date = null, $itilcategories_id = null) { // Validate dates if ($from_date && !preg_match('/^\d{4}-\d{2}-\d{2}$/', $from_date)) { http_response_code(400); echo json_encode(['error' => 'Invalid start_date format (YYYY-MM-DD)'], JSON_PRETTY_PRINT); exit; } // Validate category if provided if ($itilcategories_id !== null) { // It must be numeric if (!ctype_digit((string)$itilcategories_id)) { http_response_code(400); echo json_encode(['error' => 'Invalid category id (must be numeric)'], JSON_PRETTY_PRINT); exit; } // It must be one of the allowed values if (!in_array((int)$itilcategories_id, ALLOWED_ITIL_CATEGORIES, true)) { http_response_code(400); echo json_encode([ 'error' => 'Invalid category id', ], JSON_PRETTY_PRINT); exit; } } return [$from_date, $itilcategories_id]; } // ====== ONLY ONE ROUTE: /tickets ====== if ($_SERVER['REQUEST_METHOD'] === 'GET') { $path = basename(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)); if ($path !== 'tickets') { http_response_code(404); echo json_encode(['error' => 'Route not found'], JSON_PRETTY_PRINT); exit; } // Read GET URL params $from_date = $_GET['from_date'] ?? null; $itilcategories_id = $_GET['itilcategories_id'] ?? null; [$from_date, $itilcategories_id] = check_param( $from_date, $itilcategories_id ); // Fetch GLPI data $tickets = get_hr_tickets($from_date, $itilcategories_id); echo json_encode($tickets, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT); exit; } // Default http_response_code(404); echo json_encode(['error' => 'Invalid request'], JSON_PRETTY_PRINT);