Zabbix

<?php

/*

** Copyright (C) 2001-2025 Zabbix SIA

**

** This program is free software: you can redistribute it and/or modify it under the terms of

** the GNU Affero General Public License as published by the Free Software Foundation, version 3.

**

** This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;

** without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

** See the GNU Affero General Public License for more details.

**

** You should have received a copy of the GNU Affero General Public License along with this program.

** If not, see <https://www.gnu.org/licenses/>.

**/

​

​

/**

 * Class containing methods for operations with proxies.

 */

class CProxy extends CApiService {

​

    public const ACCESS_RULES = [

        'get' => ['min_user_type' => USER_TYPE_ZABBIX_USER],

        'create' => ['min_user_type' => USER_TYPE_SUPER_ADMIN],

        'update' => ['min_user_type' => USER_TYPE_SUPER_ADMIN],

        'delete' => ['min_user_type' => USER_TYPE_SUPER_ADMIN]

    ];

​

    protected $tableName = 'proxy';

    protected $tableAlias = 'p';

    protected $sortColumns = ['proxyid', 'name', 'operating_mode'];

​

    public const OUTPUT_FIELDS = ['proxyid', 'name', 'proxy_groupid', 'local_address', 'local_port', 'operating_mode',

        'allowed_addresses', 'address', 'port', 'description', 'tls_connect', 'tls_accept', 'tls_issuer', 'tls_subject',

        'custom_timeouts', 'timeout_zabbix_agent', 'timeout_simple_check', 'timeout_snmp_agent',

        'timeout_external_check', 'timeout_db_monitor', 'timeout_http_agent', 'timeout_ssh_agent',

        'timeout_telnet_agent', 'timeout_script', 'timeout_browser', 'lastaccess', 'version', 'compatibility', 'state'

    ];

​

    /**

     * @param array $options

     *

     * @throws APIException

     *

     * @return array|string

     */

    public function get(array $options = []) {

        $output_fields = self::OUTPUT_FIELDS;

​

        /*

         * For internal calls, it is possible to get the write-only fields if they were specified in output.

         * Specify write-only fields in output only if they will not appear in debug mode.

         */

        if (APP::getMode() !== APP::EXEC_MODE_API) {

            $output_fields[] = 'tls_psk_identity';

            $output_fields[] = 'tls_psk';

        }

​

        $api_input_rules = ['type' => API_OBJECT, 'fields' => [

            'proxyids' =>               ['type' => API_IDS, 'flags' => API_ALLOW_NULL | API_NORMALIZE, 'default' => null],

            'proxy_groupids' =>         ['type' => API_IDS, 'flags' => API_ALLOW_NULL | API_NORMALIZE, 'default' => null],

            'filter' =>                 ['type' => API_FILTER, 'flags' => API_ALLOW_NULL, 'default' => null, 'fields' => ['proxyid', 'name', 'proxy_groupid', 'local_address', 'local_port', 'operating_mode', 'allowed_addresses', 'address', 'port', 'tls_connect', 'tls_accept', 'tls_issuer', 'tls_subject', 'custom_timeouts', 'timeout_zabbix_agent', 'timeout_simple_check', 'timeout_snmp_agent', 'timeout_external_check', 'timeout_db_monitor', 'timeout_http_agent', 'timeout_ssh_agent', 'timeout_telnet_agent', 'timeout_script', 'timeout_browser', 'lastaccess', 'version', 'compatibility', 'state']],

            'search' =>                 ['type' => API_FILTER, 'flags' => API_ALLOW_NULL, 'default' => null, 'fields' => ['name', 'local_address', 'local_port', 'allowed_addresses', 'address', 'port', 'description', 'timeout_zabbix_agent', 'timeout_simple_check', 'timeout_snmp_agent', 'timeout_external_check', 'timeout_db_monitor', 'timeout_http_agent', 'timeout_ssh_agent', 'timeout_telnet_agent', 'timeout_script', 'timeout_browser']],

            'searchByAny' =>            ['type' => API_BOOLEAN, 'default' => false],

            'startSearch' =>            ['type' => API_FLAG, 'default' => false],

            'excludeSearch' =>          ['type' => API_FLAG, 'default' => false],

            'searchWildcardsEnabled' => ['type' => API_BOOLEAN, 'default' => false],

            // output

            'output' =>                 ['type' => API_OUTPUT, 'in' => implode(',', $output_fields), 'default' => API_OUTPUT_EXTEND],

            'countOutput' =>            ['type' => API_FLAG, 'default' => false],

            'selectAssignedHosts' =>    ['type' => API_OUTPUT, 'flags' => API_ALLOW_NULL | API_ALLOW_COUNT, 'in' => implode(',', array_diff(CHost::OUTPUT_FIELDS, ['proxyid', 'proxy_groupid', 'assigned_proxyid'])), 'default' => null],

            'selectHosts' =>            ['type' => API_OUTPUT, 'flags' => API_ALLOW_NULL | API_ALLOW_COUNT, 'in' => implode(',', array_diff(CHost::OUTPUT_FIELDS, ['proxyid', 'proxy_groupid', 'assigned_proxyid'])), 'default' => null],

            'selectProxyGroup' =>       ['type' => API_OUTPUT, 'flags' => API_ALLOW_NULL, 'in' => implode(',', array_diff(CProxyGroup::OUTPUT_FIELDS, ['proxy_groupid'])), 'default' => null],

            // sort and limit

            'sortfield' =>              ['type' => API_STRINGS_UTF8, 'flags' => API_NORMALIZE, 'in' => implode(',', $this->sortColumns), 'uniq' => true, 'default' => []],

            'sortorder' =>              ['type' => API_SORTORDER, 'default' => []],

            'limit' =>                  ['type' => API_INT32, 'flags' => API_ALLOW_NULL, 'in' => '1:'.ZBX_MAX_INT32, 'default' => null],

            // flags

            'editable' =>               ['type' => API_BOOLEAN, 'default' => false],

            'preservekeys' =>           ['type' => API_BOOLEAN, 'default' => false],

            'nopermissions' =>          ['type' => API_BOOLEAN, 'default' => false]

        ]];

​

        if (!CApiInputValidator::validate($api_input_rules, $options, '/', $error)) {

            self::exception(ZBX_API_ERROR_PARAMETERS, $error);

        }

​

        // editable + PERMISSION CHECK

        if (self::$userData['type'] != USER_TYPE_SUPER_ADMIN && !$options['nopermissions']) {

            $permission = $options['editable'] ? PERM_READ_WRITE : PERM_READ;

​