lain/text0Nly
1
0
Fork 0
mirror of https://git.sr.ht/~iwakuralain/text0Nly synced 2025-07-27 15:36:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
text0Nly/main/api.php
Lain Iwakura d5b33ff00d
whoopsie x2
2025-06-16 01:41:09 +03:00

60 lines
2.0 KiB
PHP
Raw Blame History

<?php
header('Content-Type: application/json');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
header('Content-Security-Policy: default-src \'self\'');
$config = require 'config.php';
$db = new PDO(
"mysql:host={$config['db']['host']};dbname={$config['db']['name']}",
$config['db']['user'],
$config['db']['pass']
);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 50;
$limit = min(max(1, $limit), 100);
try {
$stmt = $db->query("SELECT username, message, created_at, signature, is_encrypted FROM messages ORDER BY created_at DESC LIMIT $limit");
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo json_encode(['messages' => $messages]);
} catch (Exception $e) {
error_log("API Error: " . $e->getMessage());
http_response_code(500);
echo json_encode(['error' => 'Server error', 'details' => $e->getMessage()]);
}
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
die(json_encode(['error' => 'Method not allowed']));
}
$input = json_decode(file_get_contents('php://input'), true);
if (!$input) {
http_response_code(400);
die(json_encode(['error' => 'Invalid JSON']));
}
$username = filter_var($input['username'] ?? '', FILTER_SANITIZE_STRING);
$message = $input['message'] ?? '';
$signature = $input['signature'] ?? '';
$is_encrypted = !empty($input['encrypted']) ? 1 : 0;
if (!$username || !$message) {
http_response_code(400);
die(json_encode(['error' => 'Missing required fields']));
}
try {
$stmt = $db->prepare('INSERT INTO messages (username, message, signature, is_encrypted) VALUES (?, ?, ?, ?)');
$stmt->execute([$username, $message, $signature, $is_encrypted]);
echo json_encode(['success' => true]);
} catch (Exception $e) {
http_response_code(500);
echo json_encode(['error' => 'Server error']);
}
Reference in New Issue View Git Blame Copy Permalink