mirror of
https://git.sr.ht/~iwakuralain/text0Nly
synced 2025-07-27 15:36:11 +00:00
79 lines
2.7 KiB
PHP
79 lines
2.7 KiB
PHP
<?php
|
|
header('Content-Type: application/json');
|
|
header('X-Content-Type-Options: nosniff');
|
|
header('X-Frame-Options: DENY');
|
|
header('X-XSS-Protection: 1; mode=block');
|
|
header('Content-Security-Policy: default-src \'self\'');
|
|
|
|
$config = require 'config.php';
|
|
$db = new PDO(
|
|
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
|
|
$config['db']['user'],
|
|
$config['db']['pass']
|
|
);
|
|
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
|
$limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 50;
|
|
$limit = min(max(1, $limit), 100);
|
|
|
|
try {
|
|
$stmt = $db->query("SELECT username, message, created_at, signature, is_encrypted FROM messages ORDER BY created_at DESC LIMIT $limit");
|
|
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
$filtered_messages = array_map(function($msg) {
|
|
return [
|
|
'username' => htmlspecialchars($msg['username']),
|
|
'message' => $msg['is_encrypted'] ? '[Encrypted]' : htmlspecialchars($msg['message']),
|
|
'created_at' => $msg['created_at'],
|
|
'signature' => $msg['signature'] ? '[Signed]' : '',
|
|
'is_encrypted' => (bool)$msg['is_encrypted']
|
|
];
|
|
}, $messages);
|
|
|
|
echo json_encode(['messages' => $filtered_messages]);
|
|
} catch (Exception $e) {
|
|
error_log("API Error: " . $e->getMessage());
|
|
http_response_code(500);
|
|
echo json_encode(['error' => 'Server error']);
|
|
}
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
http_response_code(405);
|
|
die(json_encode(['error' => 'Method not allowed']));
|
|
}
|
|
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
if (!$input) {
|
|
http_response_code(400);
|
|
die(json_encode(['error' => 'Invalid JSON']));
|
|
}
|
|
|
|
$username = filter_var($input['username'] ?? '', FILTER_SANITIZE_STRING);
|
|
$message = $input['message'] ?? '';
|
|
$signature = $input['signature'] ?? '';
|
|
$is_encrypted = !empty($input['encrypted']) ? 1 : 0;
|
|
|
|
if (!$username || !$message) {
|
|
http_response_code(400);
|
|
die(json_encode(['error' => 'Missing required fields']));
|
|
}
|
|
|
|
try {
|
|
$stmt = $db->prepare('SELECT id FROM users WHERE username = ?');
|
|
$stmt->execute([$username]);
|
|
if ($stmt->fetch()) {
|
|
http_response_code(400);
|
|
die(json_encode(['error' => 'Username already registered']));
|
|
}
|
|
|
|
$stmt = $db->prepare('INSERT INTO messages (username, message, signature, is_encrypted) VALUES (?, ?, ?, ?)');
|
|
$stmt->execute([$username, $message, $signature, $is_encrypted]);
|
|
echo json_encode(['success' => true]);
|
|
} catch (Exception $e) {
|
|
error_log("API Error: " . $e->getMessage());
|
|
http_response_code(500);
|
|
echo json_encode(['error' => 'Server error']);
|
|
}
|