Implement comprehensive improvement plan (Phases 1-6)

Security (Phase 1-2): - Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc. - Add RateLimitMiddleware for API rate limiting - Add security event logging to AuditLogModel - Add ResponseHelper for standardized API responses - Update config.php with security constants Database (Phase 3): - Add migration 014 for additional indexes - Add migration 015 for ticket dependencies - Add migration 016 for ticket attachments - Add migration 017 for recurring tickets - Add migration 018 for custom fields Features (Phase 4-5): - Add ticket dependencies with DependencyModel and API - Add duplicate detection with check_duplicates API - Add file attachments with AttachmentModel and upload/download APIs - Add @mentions with autocomplete and highlighting - Add quick actions on dashboard rows Collaboration (Phase 5): - Add mention extraction in CommentModel - Add mention autocomplete dropdown in ticket.js - Add mention highlighting CSS styles Admin & Export (Phase 6): - Add StatsModel for dashboard widgets - Add dashboard stats cards (open, critical, unassigned, etc.) - Add CSV/JSON export via export_tickets API - Add rich text editor toolbar in markdown.js - Add RecurringTicketModel with cron job - Add CustomFieldModel for per-category fields - Add admin views: RecurringTickets, CustomFields, Workflow, Templates, AuditLog, UserActivity - Add admin APIs: manage_workflows, manage_templates, manage_recurring, custom_fields, get_users - Add admin routes in index.php Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
parent 8c7211d311
commit be505b7312
53 changed files with 6640 additions and 169 deletions
--- a/helpers/ResponseHelper.php
+++ b/helpers/ResponseHelper.php
@@ -0,0 +1,116 @@
+<?php
+/**
+ * ResponseHelper - Standardized JSON response formatting
+ *
+ * Provides consistent API response structure across all endpoints.
+ */
+class ResponseHelper {
+    /**
+     * Send a success response
+     *
+     * @param array $data Additional data to include
+     * @param string $message Success message
+     * @param int $code HTTP status code
+     */
+    public static function success($data = [], $message = 'Success', $code = 200) {
+        http_response_code($code);
+        header('Content-Type: application/json');
+        echo json_encode(array_merge([
+            'success' => true,
+            'message' => $message
+        ], $data));
+        exit;
+    }
+
+    /**
+     * Send an error response
+     *
+     * @param string $message Error message
+     * @param int $code HTTP status code
+     * @param array $data Additional data to include
+     */
+    public static function error($message, $code = 400, $data = []) {
+        http_response_code($code);
+        header('Content-Type: application/json');
+        echo json_encode(array_merge([
+            'success' => false,
+            'error' => $message
+        ], $data));
+        exit;
+    }
+
+    /**
+     * Send an unauthorized response (401)
+     *
+     * @param string $message Error message
+     */
+    public static function unauthorized($message = 'Authentication required') {
+        self::error($message, 401);
+    }
+
+    /**
+     * Send a forbidden response (403)
+     *
+     * @param string $message Error message
+     */
+    public static function forbidden($message = 'Access denied') {
+        self::error($message, 403);
+    }
+
+    /**
+     * Send a not found response (404)
+     *
+     * @param string $message Error message
+     */
+    public static function notFound($message = 'Resource not found') {
+        self::error($message, 404);
+    }
+
+    /**
+     * Send a validation error response (422)
+     *
+     * @param array $errors Validation errors
+     * @param string $message Error message
+     */
+    public static function validationError($errors, $message = 'Validation failed') {
+        self::error($message, 422, ['validation_errors' => $errors]);
+    }
+
+    /**
+     * Send a server error response (500)
+     *
+     * @param string $message Error message
+     */
+    public static function serverError($message = 'Internal server error') {
+        self::error($message, 500);
+    }
+
+    /**
+     * Send a rate limit exceeded response (429)
+     *
+     * @param int $retryAfter Seconds until retry is allowed
+     * @param string $message Error message
+     */
+    public static function rateLimitExceeded($retryAfter = 60, $message = 'Rate limit exceeded') {
+        header('Retry-After: ' . $retryAfter);
+        self::error($message, 429, ['retry_after' => $retryAfter]);
+    }
+
+    /**
+     * Send a created response (201)
+     *
+     * @param array $data Resource data
+     * @param string $message Success message
+     */
+    public static function created($data = [], $message = 'Resource created') {
+        self::success($data, $message, 201);
+    }
+
+    /**
+     * Send a no content response (204)
+     */
+    public static function noContent() {
+        http_response_code(204);
+        exit;
+    }
+}