telvero-sales-backoffice/api.php

<?php
/**
 * API Router - Main entry point for all API requests
 * 
 * This file acts as a router that dispatches requests to the appropriate handlers.
 */

// Load bootstrap (session, WordPress, autoload, env)
require_once __DIR__ . '/api/bootstrap.php';

// Load configuration (database, WooCommerce)
require_once __DIR__ . '/api/config.php';

// Load authentication middleware
require_once __DIR__ . '/api/middleware/auth.php';

// Set JSON content type for all responses
header('Content-Type: application/json');

// Get the requested action
$action = $_GET['action'] ?? '';

// Route: Login (no auth required)
if ($action === 'login') {
    $db = getDatabase();
    handleLogin($db);
    exit;
}

// Route: Check Session (no auth required)
if ($action === 'check_session') {
    handleCheckSession();
    exit;
}

// Security Gate - All routes below require authentication
requireAuth();

// Route: Logout
if ($action === 'logout') {
    handleLogout();
    exit;
}

// Route: Postcode Check
if ($action === 'postcode_check') {
    require_once __DIR__ . '/api/actions/postcode.php';
    handlePostcodeCheck();
    exit;
}

// Route: Get Products
if ($action === 'get_products') {
    require_once __DIR__ . '/api/actions/products.php';
    handleGetProducts();
    exit;
}

// Route: Create Order
if ($action === 'create_order') {
    require_once __DIR__ . '/api/actions/orders.php';
    handleCreateOrder();
    exit;
}

// Unknown action
http_response_code(400);
echo json_encode(['error' => 'Unknown action']);