ver. 0.296: REST API for ordersPRO — orders management, dictionaries, API key auth

- New API layer: ApiRouter, OrdersApiController, DictionariesApiController
- Orders API: list (with filters/pagination/updated_since), details, change status, set paid/unpaid
- Dictionaries API: order statuses, transport methods, payment methods
- X-Api-Key authentication via pp_settings.api_key
- OrderRepository: listForApi(), findForApi(), touchUpdatedAt()
- updated_at column on pp_shop_orders for polling support
- api.php: skip session for API requests, route to ApiRouter
- SettingsController: api_key field in system tab
- 30 new tests (666 total, 1930 assertions)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

api.php

@@ -25,20 +25,26 @@ require_once 'libraries/medoo/medoo.php';
 require_once 'libraries/phpmailer/class.phpmailer.php';
 require_once 'libraries/phpmailer/class.smtp.php';
 
-session_start();
+// Detect API request (stateless, no session)
+$isApiRequest = isset( $_GET['endpoint'] );
 
-if ( !isset( $_SESSION[ 'check' ] ) )
+if ( !$isApiRequest )
 {
-  session_regenerate_id();
-  $_SESSION[ 'check' ] = true;
-  $_SESSION[ 'ip' ] = $_SERVER[ 'REMOTE_ADDR' ];
-}
+  session_start();
 
-if ( $_SESSION[ 'ip' ] !== $_SERVER[ 'REMOTE_ADDR' ] )
-{
-  session_destroy();
-  header( 'Location: /' );
-  exit;
+  if ( !isset( $_SESSION[ 'check' ] ) )
+  {
+    session_regenerate_id();
+    $_SESSION[ 'check' ] = true;
+    $_SESSION[ 'ip' ] = $_SERVER[ 'REMOTE_ADDR' ];
+  }
+
+  if ( $_SESSION[ 'ip' ] !== $_SERVER[ 'REMOTE_ADDR' ] )
+  {
+    session_destroy();
+    header( 'Location: /' );
+    exit;
+  }
 }
 
 $mdb = new medoo( [
@@ -50,8 +56,18 @@ $mdb = new medoo( [
     'charset'       => 'utf8'
   ] );
 
-$settings = ( new \Domain\Settings\SettingsRepository( $mdb ) )->allSettings();
+$settingsRepo = new \Domain\Settings\SettingsRepository( $mdb );
+$settings = $settingsRepo->allSettings();
 
+// --- API routing (ordersPRO) ---
+if ( $isApiRequest )
+{
+  $router = new \api\ApiRouter( $mdb, $settingsRepo );
+  $router->handle();
+  exit;
+}
+
+// --- Ekomi CSV export ---
 if ( \Shared\Helpers\Helpers::get( 'ekomi_csv' ) )
 {
   $csv_array = [ [ 'ORDER_ID', 'MAIL', 'FIRST_NAME', 'LAST_NAME', 'PRODUCT_ID', 'PRODUCT_NAME' ] ];
@@ -84,4 +100,4 @@ if ( \Shared\Helpers\Helpers::get( 'ekomi_csv' ) )
 
     fclose( $fp );
   }
-}
+}