Add performance, security, and reliability improvements

- Consolidate all 20 API files to use centralized Database helper - Add optimistic locking to ticket updates to prevent concurrent conflicts - Add caching to StatsModel (60s TTL) for dashboard performance - Add health check endpoint (api/health.php) for monitoring - Improve rate limit cleanup with cron script and efficient DirectoryIterator - Enable rate limit response headers (X-RateLimit-*) - Add audit logging for workflow transitions - Log Discord webhook failures instead of silencing - Fix visibility check on export_tickets.php - Add database migration system with performance indexes - Fix cron recurring tickets to use assignTicket method Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 14:39:13 -05:00
parent c3f7593f3c
commit 7575d6a277
31 changed files with 825 additions and 398 deletions
--- a/controllers/TicketController.php
+++ b/controllers/TicketController.php
@@ -176,25 +176,32 @@ class TicketController {
            }

            // Update ticket with user tracking
-            $result = $this->ticketModel->updateTicket($data, $userId);
+            // Pass expected_updated_at for optimistic locking if provided
+            $expectedUpdatedAt = $data['expected_updated_at'] ?? null;
+            $result = $this->ticketModel->updateTicket($data, $userId, $expectedUpdatedAt);

            // Log ticket update to audit log
-            if ($result && isset($GLOBALS['auditLog']) && $userId) {
+            if ($result['success'] && isset($GLOBALS['auditLog']) && $userId) {
                $GLOBALS['auditLog']->logTicketUpdate($userId, $id, $data);
            }

            // Return JSON response
            header('Content-Type: application/json');
-            if ($result) {
+            if ($result['success']) {
                echo json_encode([
                    'success' => true,
                    'status' => $data['status']
                ]);
            } else {
-                echo json_encode([
+                $response = [
                    'success' => false,
-                    'error' => 'Failed to update ticket'
-                ]);
+                    'error' => $result['error'] ?? 'Failed to update ticket'
+                ];
+                if (!empty($result['conflict'])) {
+                    $response['conflict'] = true;
+                    $response['current_updated_at'] = $result['current_updated_at'] ?? null;
+                }
+                echo json_encode($response);
            }
        } else {
            // For direct access, redirect to view