diff --git a/config/domaindata.php b/config/domaindata.php
index fe8f705..ae112d5 100644
--- a/config/domaindata.php
+++ b/config/domaindata.php
@@ -1,4 +1,4 @@
getenv('DB_HOST') ?: getenv('DB_TPL_HOST') ?: 'localhost',
+ 'db_name' => getenv('DB_NAME') ?: getenv('DB_TPL_NAME') ?: 'd044ae9e',
+ 'db_user' => getenv('DB_USER') ?: getenv('DB_TPL_USER') ?: 'd044ae9e',
+ 'db_pass' => getenv('DB_PASS') ?: getenv('DB_TPL_PASS') ?: '9BVUn)Töcü@ÖVÜfgO8!J',
+ 'db_charset' => getenv('DB_CHARSET') ?: 'utf8mb4',
+ 'db_port' => (int)(getenv('DB_PORT') ?: 3306),
+ 'prefix' => defined('APP_PREFIX') ? APP_PREFIX . '_' : 'emailtemplate_',
+];
+
+$legacyOverrides = [];
+if (isset($overrides['project'])) {
+ $legacyOverrides = $overrides['project'];
+} elseif (isset($overrides['templates'])) {
+ $legacyOverrides = $overrides['templates'];
+}
+$projectDb = array_replace($projectDbDefaults, $legacyOverrides, $overrides['projectdb'] ?? $overrides['dbsettings'] ?? []);
+
+$cors = $overrides['cors'] ?? (getenv('CORS_ORIGIN') ?: '*');
+
+$authDefaults = [
+ 'session_name' => $sessionNameDefault,
+ 'cookie_domain' => $cookieDomainDefault,
+ 'cookie_secure' => $env === 'prod',
+ 'cookie_httponly' => true,
+ 'cookie_samesite' => 'Lax',
+ 'cookie' => [
+ 'domain' => $cookieDomainDefault,
+ 'secure' => $env === 'prod',
+ 'httponly' => true,
+ 'samesite' => 'Lax',
+ ],
+ 'db' => [
+ 'table' => 'customer_users',
+ 'col_user' => 'email',
+ 'col_pass' => 'password_hash',
+ 'col_name' => 'name',
+ 'col_id' => 'id',
+ 'col_status' => 'is_active',
+ 'active_values' => ['active','1',1],
+ 'legacy' => 'md5',
+ ],
+];
+$auth = array_replace_recursive($authDefaults, $overrides['auth'] ?? []);
+
+$smtpDefaults = [
+ 'host' => 'smtp.example.com',
+ 'port' => 587,
+ 'user' => 'smtp-user',
+ 'pass' => 'smtp-pass',
+ 'secure' => 'tls',
+ 'from_email' => 'no-reply@example.com',
+ 'from_name' => 'EmailTemplate',
+];
+$smtp = array_replace($smtpDefaults, $overrides['smtp'] ?? []);
+
+$exportDefaults = [
+ 'api_keys' => ['dev-key-123', 'noch-ein-key'],
+];
+$export = array_replace_recursive($exportDefaults, $overrides['export'] ?? []);
+
+$multiDefaults = [
+ 'tenant_col' => 'customer_id',
+ 'map_session_to'=> 'id',
+];
+$multi = array_replace($multiDefaults, $overrides['multi'] ?? []);
+
+$tablesDefaults = [
+ 'templates' => 'emailtemplate_templates',
+ 'sections' => 'emailtemplate_sections',
+ 'blocks' => 'emailtemplate_blocks',
+ 'snippets' => 'emailtemplate_snippets',
+];
+$tables = array_replace($tablesDefaults, $overrides['tables'] ?? []);
+
+$columnsDefaults = [
+ 'templates' => ['id'=>'id','name'=>'name','desc'=>null,'cat'=>null,'upd'=>'updated_at'],
+ 'sections' => ['id'=>'id','name'=>'name','cat'=>null,'upd'=>'updated_at'],
+ 'blocks' => ['id'=>'id','name'=>'name','cat'=>'category','upd'=>'updated_at'],
+ 'snippets' => ['id'=>'id','name'=>'name','cat'=>'category','upd'=>'updated_at'],
+];
+$columns = array_replace_recursive($columnsDefaults, $overrides['columns'] ?? []);
+
+return [
+ 'projectdb' => $projectDb,
+ 'cors' => $cors,
+ 'env' => $env,
+ 'base_url' => $baseUrl,
+ 'auth' => $auth,
+ 'smtp' => $smtp,
+ 'export' => $export,
+ 'multi' => $multi,
+ 'tables' => $tables,
+ 'columns' => $columns,
+];
diff --git a/config/fileload.php b/config/fileload.php
index ca28ca7..78807df 100644
--- a/config/fileload.php
+++ b/config/fileload.php
@@ -7,6 +7,11 @@
// -----------------------------------------------------------
require_once __DIR__ . "/config.php";
+$emailtemplateConfigPath = __DIR__ . '/emailtemplate.conf.php';
+if (is_file($emailtemplateConfigPath)) {
+ $GLOBALS['emailtemplate_config'] = require $emailtemplateConfigPath;
+}
+
// Diese Werte später ins Template schieben:
$GLOBALS['app_env'] = APP_ENV;
diff --git a/config/prod/config.php b/config/prod/config.php
index b11bace..30607e3 100644
--- a/config/prod/config.php
+++ b/config/prod/config.php
@@ -1,16 +1,20 @@
PDO::ERRMODE_EXCEPTION,
diff --git a/config/staging/config.php b/config/staging/config.php
index e2ea33f..4e4d4d0 100644
--- a/config/staging/config.php
+++ b/config/staging/config.php
@@ -1,21 +1,24 @@
PDO::ERRMODE_EXCEPTION,
diff --git a/inc/ApiKernel.php b/inc/ApiKernel.php
index 26cc516..dc5269e 100644
--- a/inc/ApiKernel.php
+++ b/inc/ApiKernel.php
@@ -1,657 +1,4 @@
conf = $this->loadConfig();
- $this->cors();
- $this->setInput();
- $this->pdo = $this->getPdoTemplates();
- $this->resolveAction();
- $this->resolveTableMap();
- $this->authService = new AuthService($this->conf, $this->pdo);
- } catch (Throwable $e) {
- // Im Fehlerfall ruft fail() die respond() Methode auf, die den Header setzt und den Buffer leert.
- $this->fail('Initialization error', get_class($e) . ': ' . $e->getMessage(), 500);
- }
- }
-
- // --- Core Responder-Methoden (KORRIGIERT) ---
-
- public function respond($data, int $code = 200): void
- {
- // 1. Output-Puffer leeren, um jeglichen unbeabsichtigten Output zu verwerfen (z.B. PHP Notices).
- if (ob_get_level() > 0) {
- ob_clean();
- }
-
- // 2. 💡 KRITISCHE KORREKTUR: Content-Type Header setzen.
- // Dies ist der entscheidende Schritt, der dem Browser sagt: "Dies ist JSON!"
- if (!headers_sent() && !isset($this->conf['no_content_type'])) {
- header('Content-Type: application/json; charset=utf-8');
- }
-
- http_response_code($code);
- echo is_string($data) ? $data : json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
- exit;
- }
-
- public function fail(string $msg, $detail = null, int $code = 400): void
- {
- $this->respond(['ok' => false, 'error' => $msg, 'detail' => $detail], $code);
- }
-
- // --- Private Initialisierungs- & Utility-Methoden (Unverändert) ---
-
- private function loadConfig(): array { /* ... Logik bleibt unverändert ... */
- $paths = [
- __DIR__ . '/config.php',
- __DIR__ . '/../config.php',
- __DIR__ . '/../../config.php',
- ];
-
- foreach ($paths as $p) {
- if (is_file($p)) {
- $conf = @include $p;
- if (is_array($conf)) return $conf;
- }
- }
- $this->fail('Invalid config.php', 'config.php not found or not returning array', 500);
- }
- private function cors(): void { /* ... Logik bleibt unverändert ... */
- $cors = $this->conf['cors'] ?? '*';
- if ($cors) {
- header('Access-Control-Allow-Origin: ' . $cors);
- header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
- header('Access-Control-Allow-Headers: Content-Type, Authorization');
- header('Access-Control-Allow-Credentials: true');
- }
- if (($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'OPTIONS') $this->respond(['ok' => true]);
-
- if (!empty($this->conf['auth']['cookie'])) {
- $c = $this->conf['auth']['cookie'];
- $params = session_get_cookie_params();
- $params['lifetime'] = $c['lifetime'] ?? $params['lifetime'];
- $params['path'] = $c['path'] ?? $params['path'];
- $params['domain'] = $c['domain'] ?? $params['domain'];
- $params['secure'] = $c['secure'] ?? $params['secure'];
- $params['httponly'] = $c['httponly'] ?? $params['httponly'];
- if (isset($c['samesite'])) $params['samesite'] = $c['samesite'];
- session_set_cookie_params($params);
- }
- }
- private function setInput(): void { /* ... Logik bleibt unverändert ... */
- $data = [];
- $ct = $_SERVER['CONTENT_TYPE'] ?? '';
- if (stripos($ct, 'application/json') !== false) {
- $raw = file_get_contents('php://input');
- if ($raw !== false && $raw !== '') {
- $js = json_decode($raw, true);
- if (is_array($js)) $data = $js;
- }
- }
- foreach ($_POST as $k => $v) $data[$k] = $v;
- foreach ($_GET as $k => $v) if (!array_key_exists($k, $data)) $data[$k] = $v;
- $this->in = $data;
- }
- private function getPdoTemplates(): PDO { /* ... Logik bleibt unverändert ... */
- if (!isset($this->conf['templates']) || !is_array($this->conf['templates'])) {
- $this->fail('Missing templates DB config', null, 500);
- }
- $c = $this->conf['templates'];
- $host = $c['db_host'] ?? 'localhost';
- $db = $c['db_name'] ?? ($c['database'] ?? '');
- $user = $c['db_user'] ?? ($c['username'] ?? '');
- $pass = $c['db_pass'] ?? ($c['password'] ?? '');
- $charset = $c['db_charset'] ?? 'utf8mb4';
- $port = $c['db_port'] ?? 3306;
- $dsn = "mysql:host=$host;port=$port;dbname=$db;charset=$charset";
- $opt = [
- PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
- PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
- ];
- return new PDO($dsn, $user, $pass, $opt);
- }
- private function resolveAction(): void { /* ... Logik bleibt unverändert ... */
- $action = $this->val($this->in, 'action', '');
- $resource = $this->val($this->in, 'resource', null);
- $allowedResources = ['templates', 'sections', 'blocks', 'snippets'];
- if ($resource && in_array($resource, $allowedResources, true) && strpos((string)$action, '.') === false) {
- $verb = strtolower((string)$action);
- if (in_array($verb, ['list', 'get', 'create', 'update', 'delete'], true)) $action = $resource . '.' . $verb;
- }
- $this->action = $action;
- }
- private function resolveTableMap(): void { /* ... Logik bleibt unverändert ... */
- $tables = $this->conf['tables'] ?? [];
- $this->tableMap = [
- 'templates' => $tables['templates'] ?? 'emailtemplate_templates',
- 'sections' => $tables['sections'] ?? 'emailtemplate_sections',
- 'blocks' => $tables['blocks'] ?? 'emailtemplate_blocks',
- 'snippets' => $tables['snippets'] ?? 'emailtemplate_snippets',
- ];
- }
-
- private function val(array $in, $keys, $default = null) { /* ... Logik bleibt unverändert ... */
- if (!is_array($keys)) $keys = [$keys];
- foreach ($keys as $k) if (array_key_exists($k, $in)) return $in[$k];
- return $default;
- }
- private function firstExisting(array $columns, array $candidates): ?string { /* ... Logik bleibt unverändert ... */
- foreach ($candidates as $c) if (in_array($c, $columns, true)) return $c;
- return null;
- }
- private function tableColumns(string $table): array { /* ... Logik bleibt unverändert ... */
- $cols = [];
- $stmt = $this->pdo->query("SHOW COLUMNS FROM `$table`");
- foreach ($stmt->fetchAll() as $r) $cols[] = $r['Field'];
- return $cols;
- }
- private function primaryKey(string $table): ?string { /* ... Logik bleibt unverändert ... */
- $stmt = $this->pdo->prepare("SHOW KEYS FROM `$table` WHERE Key_name = 'PRIMARY'");
- $stmt->execute();
- $row = $stmt->fetch();
- return $row['Column_name'] ?? null;
- }
- private function requireAuth(): array { /* ... Logik bleibt unverändert ... */
- return $this->authService->requireAuth();
- }
- private function pullId(array $src) { /* ... Logik bleibt unverändert ... */
- $aliases = ['id', 'item_id', 'template_id', 'tpl_id', 'section_id', 'sec_id', 'block_id', 'blk_id', 'snippet_id', 'snip_id'];
- foreach ($aliases as $a) if (isset($src[$a]) && $src[$a] !== '') return $src[$a];
- return null;
- }
- private function tenantWhere(array $session): array { /* ... Logik bleibt unverändert ... */
- $multi = $this->conf['multi'] ?? [];
- $tenantCol = $multi['tenant_col'] ?? null;
- $mapSess = $multi['map_session_to'] ?? 'id';
-
- if (!$tenantCol) return ['', []];
- if (!$session) return [' AND 1=0 ', []];
- $val = $session[$mapSess] ?? null;
- if ($val === null || $val === '') return [' AND 1=0 ', []];
- return [" AND `$tenantCol` = :__tenant", [':__tenant' => $val]];
- }
- private function tenantAssign(array $session, array $columns): array { /* ... Logik bleibt unverändert ... */
- $multi = $this->conf['multi'] ?? [];
- $tenantCol = $multi['tenant_col'] ?? null;
- $mapSess = $multi['map_session_to'] ?? 'id';
-
- if (!$tenantCol || !in_array($tenantCol, $columns, true)) return [];
- $val = $session[$mapSess] ?? null;
- return ($val === null || $val === '') ? [] : [$tenantCol => $val];
- }
- private function resolveIdCol(string $kind): array { /* ... Logik bleibt unverändert ... */
- $t = $this->tableMap[$kind];
- $cfg = $this->conf['columns'][$kind] ?? [];
- $cols = $this->tableColumns($t);
- $idCol = $cfg['id'] ?? ($this->firstExisting($cols, ['id']) ?: $this->primaryKey($t));
- if (!$idCol) $idCol = 'id';
- return [$idCol, $cols];
- }
- private function parseHtmlToGjsComponents(string $html): array { /* ... Logik bleibt unverändert ... */
- if (trim($html) === '') return [];
-
- return [
- [
- 'type' => 'html',
- 'content' => $html,
- 'removable' => true,
- 'draggable' => true,
- 'droppable' => true,
- 'copyable' => true,
- 'selectable' => true,
- 'editable' => false,
- 'traits' => [],
- ]
- ];
- }
-
- // 💡 Bereinigungsmethode
- private function cleanReferenceComponents(array $components): array {
- foreach ($components as &$component) {
- if (is_array($component) && isset($component['type'])) {
-
- if ($component['type'] === 'library-reference') {
- if (isset($component['content'])) {
- $component['content'] = '';
- }
- if (isset($component['components'])) {
- $component['components'] = [];
- }
- }
- if (isset($component['components']) && is_array($component['components'])) {
- $component['components'] = $this->cleanReferenceComponents($component['components']);
- }
- }
- }
- return $components;
- }
-
-
- // =================================================================
- // 🚀 CRUD HANDLER METHODEN
- // =================================================================
-
- /**
- * Allgemeine Methode zur Handhabung von LIST-Anfragen.
- */
- private function handleList(string $kind): void
- {
- $auth = $this->requireAuth();
- $t = $this->tableMap[$kind];
- [$idCol, $allCols] = $this->resolveIdCol($kind);
- $cfg = $this->conf['columns'][$kind] ?? [];
- $nameCol = $cfg['name'] ?? ($this->firstExisting($allCols, ['name']) ?: $idCol);
- $descCol = $cfg['desc'] ?? $this->firstExisting($allCols, ['description', 'desc', 'descr']);
- $catCol = $cfg['cat'] ?? $this->firstExisting($allCols, ['category', 'cat']);
- $updCol = $cfg['upd'] ?? $this->firstExisting($allCols, ['updated_at', 'updated', 'updatedAt']);
- $q = trim((string)$this->val($this->in, 'q', ''));
- $limit = max(1, (int)$this->val($this->in, 'limit', 500));
- $offset = max(0, (int)$this->val($this->in, 'offset', 0));
-
- $where = ' WHERE 1=1 ';
- $params = [];
- // Suchlogik (q)
- if ($q !== '') {
- $parts = ["`$nameCol` LIKE :q"];
- if ($descCol) $parts[] = "`$descCol` LIKE :q";
- if ($catCol) $parts[] = "`$catCol` LIKE :q";
- $where .= " AND (" . implode(' OR ', $parts) . ") ";
- $params[':q'] = '%' . $q . '%';
- }
-
- // Filterlogik (parentFilters)
- $parentFilters = [
- 'template_id' => $this->val($this->in, ['template_id', 'tpl_id'], null),
- 'section_id' => $this->val($this->in, ['section_id', 'sec_id'], null),
- 'block_id' => $this->val($this->in, ['block_id', 'blk_id'], null),
- ];
- foreach ($parentFilters as $col => $v) {
- if ($v === null || $v === '') continue;
- if (in_array($col, $allCols, true)) { $where .= " AND `$col` = :$col "; $params[":$col"] = $v; }
- }
-
- // Tenant-Filter
- [$tw, $tp] = $this->tenantWhere($auth);
- $where .= $tw;
- foreach ($tp as $k => $v) $params[$k] = $v;
-
- $order = $updCol ? " ORDER BY `$updCol` DESC " : " ORDER BY `$nameCol` ASC ";
- $sql = "SELECT * FROM `$t` $where $order LIMIT :off,:lim";
- $stmt = $this->pdo->prepare($sql);
-
- // Bind parameters
- foreach ($params as $k => $v) $stmt->bindValue($k, $v, is_int($v) ? PDO::PARAM_INT : PDO::PARAM_STR);
- $stmt->bindValue(':off', $offset, PDO::PARAM_INT);
- $stmt->bindValue(':lim', $limit, PDO::PARAM_INT);
- $stmt->execute();
- $rows = $stmt->fetchAll();
-
- $out = [];
- foreach ($rows as $r) {
- $item = [
- 'id' => $r[$idCol] ?? null,
- 'name' => $r[$nameCol] ?? null,
- ];
- if ($descCol && isset($r[$descCol])) $item['desc'] = $r[$descCol];
- if ($catCol && isset($r[$catCol])) $item['category'] = $r[$catCol];
- if ($updCol && isset($r[$updCol])) $item['updated_at'] = $r[$updCol];
-
- // Lade HTML und JSON aus den korrekten Spalten
- $htmlCol = $this->firstExisting($allCols, ['html', 'body', 'markup', 'content']);
- if ($htmlCol && isset($r[$htmlCol])) $item['html'] = (string)$r[$htmlCol];
- $jsonCol = $this->firstExisting($allCols, ['json_content']);
- if ($jsonCol && isset($r[$jsonCol])) $item['content'] = $r[$jsonCol];
-
- $out[] = $item;
- }
- $this->respond(['ok' => true, 'kind' => $kind, 'items' => $out, 'data' => $out, 'count' => count($out), 'offset' => $offset, 'limit' => $limit]);
- }
-
- /**
- * Allgemeine Methode zur Handhabung von GET-Anfragen.
- */
- private function handleGet(string $kind): void
- {
- $auth = $this->requireAuth();
- $t = $this->tableMap[$kind];
- [$idCol, $allCols] = $this->resolveIdCol($kind);
- $id = $this->pullId($this->in);
- if ($id === null || $id === '') $this->fail('id required', null, 422);
-
- [$tw, $tp] = $this->tenantWhere($auth);
- $sql = "SELECT * FROM `$t` WHERE `$idCol` = :id" . $tw . " LIMIT 1";
- $stmt = $this->pdo->prepare($sql);
- $stmt->bindValue(':id', $id);
- foreach ($tp as $k => $v) $stmt->bindValue($k, $v);
- $stmt->execute();
- $row = $stmt->fetch();
- if (!$row) $this->fail('Not found', ['kind' => $kind, 'id' => $id], 404);
- $rowOut = ['id' => $row[$idCol] ?? $id] + $row;
-
- // Lade HTML und JSON aus den korrekten Spalten
- $htmlCol = $this->firstExisting($allCols, ['html', 'body', 'markup', 'content']);
- $topHtml = ($htmlCol && isset($row[$htmlCol])) ? (string)$row[$htmlCol] : null;
- $jsonCol = $this->firstExisting($allCols, ['json_content']);
- $topContent = ($jsonCol && isset($row[$jsonCol])) ? $row[$jsonCol] : null;
-
- $gjsComponents = [];
-
- if ($topContent !== null) {
- $decodedContent = json_decode($topContent, true);
- if (is_array($decodedContent)) {
- $gjsComponents = $decodedContent;
- }
- }
-
- if (empty($gjsComponents) && $topHtml !== null) {
- $gjsComponents = $this->parseHtmlToGjsComponents($topHtml);
- }
-
- $this->respond([
- 'ok' => true,
- 'kind' => $kind,
- 'id' => $rowOut['id'],
- 'item' => $rowOut,
- 'data' => $rowOut,
- 'html' => $topHtml,
- 'content' => $topContent,
- 'gjs_components' => $gjsComponents
- ]);
- }
-
- /**
- * Allgemeine Methode zur Handhabung von CREATE-Anfragen (inkl. JSON-Bereinigung).
- */
- private function handleCreate(string $kind): void
- {
- $auth = $this->requireAuth();
- $t = $this->tableMap[$kind];
- [$idCol, $allCols] = $this->resolveIdCol($kind);
- $cfg = $this->conf['columns'][$kind] ?? [];
- $nameCol = $cfg['name'] ?? ($this->firstExisting($allCols, ['name']) ?: $idCol);
- $descCol = $cfg['desc'] ?? $this->firstExisting($allCols, ['description', 'desc', 'descr']);
- $catCol = $cfg['cat'] ?? $this->firstExisting($allCols, ['category', 'cat']);
- $updCol = $cfg['upd'] ?? $this->firstExisting($allCols, ['updated_at', 'updated', 'updatedAt']);
-
- $name = trim((string)$this->val($this->in, ['name', 'title'], ''));
- if ($name === '') $this->fail('name required', null, 422);
-
- $desc = (string)$this->val($this->in, ['description', 'desc'], null);
- $cat = (string)$this->val($this->in, ['category', 'cat'], null);
- $html = (string)$this->val($this->in, ['html', 'body', 'markup'], null);
- $json = $this->val($this->in, ['content_json', 'json', 'content', 'structure_json'], null);
- $settings = $this->val($this->in, ['settings_json', 'settings'], null);
- $templateId = $this->val($this->in, ['template_id', 'tpl_id'], null);
- $sectionId = $this->val($this->in, ['section_id', 'sec_id'], null);
- $blockId = $this->val($this->in, ['block_id', 'blk_id'], null);
-
- $data = [$nameCol => $name];
- if ($desc !== null && $descCol) $data[$descCol] = $desc;
- if ($cat !== null && $catCol) $data[$catCol] = $cat;
-
- $htmlDbCol = $this->firstExisting($allCols, ($kind === 'snippets' ? ['content'] : ['html', 'body', 'markup']));
- $jsonDbCol = $this->firstExisting($allCols, ['json_content']);
-
- // --- LOGIK mit ERWEITERTER PRÜFUNG START ---
-
- // 1. JSON-Content behandeln
- if ($json !== null) {
- if ($jsonDbCol) {
- $components = is_string($json) ? json_decode($json, true) : $json;
- if (is_array($components)) {
- $components = $this->cleanReferenceComponents($components); // BEREINIGUNG
- $data[$jsonDbCol] = json_encode($components, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
- } else {
- $data[$jsonDbCol] = is_string($json) ? $json : '';
- }
- } else {
- // FALLBACK: Wenn JSON gesendet wurde, aber keine json_content Spalte existiert, FEHLER ausgeben
- $this->fail(
- 'JSON content provided but no `json_content` column found',
- ['table' => $t, 'available_cols' => $allCols],
- 422
- );
- }
- }
-
- // 2. HTML-Content speichern
- if ($htmlDbCol && $html !== null) {
- $data[$htmlDbCol] = $html;
- }
- // --- LOGIK mit ERWEITERTER PRÜFUNG ENDE ---
-
- $c = $this->firstExisting($allCols, ['settings_json', 'settings']);
- if ($c && $settings !== null) $data[$c] = is_string($settings) ? $settings : json_encode($settings, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
-
- if ($templateId !== null && in_array('template_id', $allCols, true)) $data['template_id'] = $templateId;
- if ($sectionId !== null && in_array('section_id', $allCols, true)) $data['section_id'] = $sectionId;
- if ($blockId !== null && in_array('block_id', $allCols, true)) $data['block_id'] = $blockId;
-
- $data = $data + $this->tenantAssign($_SESSION['auth'] ?? [], $allCols);
-
- $now = date('Y-m-d H:i:s');
- $createdCol = $this->firstExisting($allCols, ['created_at', 'created', 'createdAt']);
- if ($createdCol) $data[$createdCol] = $now;
- if ($updCol) $data[$updCol] = $now;
-
- $fields = array_keys($data);
- $place = array_map(fn($c) => ":$c", $fields);
- $sql = "INSERT INTO `$t` (" . implode(',', array_map(fn($c) => "`$c`", $fields)) . ") VALUES (" . implode(',', $place) . ")";
- $stmt = $this->pdo->prepare($sql);
- foreach ($data as $k => $v) $stmt->bindValue(":$k", $v);
- $stmt->execute();
- $newId = $this->pdo->lastInsertId();
-
- $out = ['id' => $newId, 'name' => $name];
- if ($desc !== null) $out['desc'] = $desc;
- if ($cat !== null) $out['category'] = $cat;
- $this->respond(['ok' => true, 'kind' => $kind, 'id' => $newId, 'item' => $out, 'data' => $out]);
- }
-
- /**
- * Allgemeine Methode zur Handhabung von UPDATE-Anfragen (inkl. JSON-Bereinigung).
- */
- private function handleUpdate(string $kind): void
- {
- $auth = $this->requireAuth();
- $t = $this->tableMap[$kind];
- [$idCol, $allCols] = $this->resolveIdCol($kind);
- $cfg = $this->conf['columns'][$kind] ?? [];
- $nameCol = $cfg['name'] ?? ($this->firstExisting($allCols, ['name']) ?: $idCol);
- $descCol = $cfg['desc'] ?? $this->firstExisting($allCols, ['description', 'desc', 'descr']);
- $catCol = $cfg['cat'] ?? $this->firstExisting($allCols, ['category', 'cat']);
- $updCol = $cfg['upd'] ?? $this->firstExisting($allCols, ['updated_at', 'updated', 'updatedAt']);
- $id = $this->pullId($this->in);
- if ($id === null || $id === '') $this->fail('id required', null, 422);
-
- $data = [];
- $name = $this->val($this->in, ['name', 'title'], null);
- $desc = $this->val($this->in, ['description', 'desc'], null);
- $cat = $this->val($this->in, ['category', 'cat'], null);
- $html = $this->val($this->in, ['html', 'body', 'markup'], null);
- $json = $this->val($this->in, ['content_json', 'json', 'content', 'structure_json'], null);
- $settings = $this->val($this->in, ['settings_json', 'settings'], null);
-
- if ($name !== null) $data[$nameCol] = (string)$name;
- if ($desc !== null && $descCol) $data[$descCol] = (string)$desc;
- if ($cat !== null && $catCol) $data[$catCol] = (string)$cat;
-
- $htmlDbCol = $this->firstExisting($allCols, ($kind === 'snippets' ? ['content'] : ['html', 'body', 'markup']));
- $jsonDbCol = $this->firstExisting($allCols, ['json_content']);
-
- // --- LOGIK mit ERWEITERTER PRÜFUNG START ---
-
- // 1. JSON-Content behandeln
- if ($json !== null) {
- if ($jsonDbCol) {
- // Wenn JSON-Spalte existiert, JSON verarbeiten und speichern
- $components = is_string($json) ? json_decode($json, true) : $json;
- if (is_array($components)) {
- $components = $this->cleanReferenceComponents($components); // BEREINIGUNG
- $data[$jsonDbCol] = json_encode($components, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
- } else {
- $data[$jsonDbCol] = is_string($json) ? $json : '';
- }
- } else {
- // FALLBACK: Wenn JSON gesendet wurde, aber keine json_content Spalte existiert, FEHLER ausgeben
- $this->fail(
- 'JSON content provided but no `json_content` column found',
- ['table' => $t, 'available_cols' => $allCols],
- 422
- );
- }
-
- // 2. Den zugehörigen HTML-Output speichern (wird vom Editor immer mitgesendet, wenn JSON da ist)
- if ($html !== null && $htmlDbCol) {
- $data[$htmlDbCol] = (string)$html;
- }
- } elseif ($html !== null && $htmlDbCol) {
- // Wenn NUR HTML gesendet wird (für minimale Änderungen), speichern wir nur HTML.
- $data[$htmlDbCol] = (string)$html;
- }
- // --- LOGIK mit ERWEITERTER PRÜFUNG ENDE ---
-
- $c = $this->firstExisting($allCols, ['settings_json', 'settings']);
- if ($settings !== null && $c) $data[$c] = is_string($settings) ? $settings : json_encode($settings, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
-
- $tpl = $this->val($this->in, ['template_id', 'tpl_id'], null);
- if ($tpl !== null && in_array('template_id', $allCols, true)) $data['template_id'] = $tpl;
- $sec = $this->val($this->in, ['section_id', 'sec_id'], null);
- if ($sec !== null && in_array('section_id', $allCols, true)) $data['section_id'] = $sec;
- $blk = $this->val($this->in, ['block_id', 'blk_id'], null);
- if ($blk !== null && in_array('block_id', $allCols, true)) $data['block_id'] = $blk;
-
- if ($updCol) $data[$updCol] = date('Y-m-d H:i:s');
- if (!$data) $this->fail('nothing to update', null, 422);
-
- [$tw, $tp] = $this->tenantWhere($auth);
- $set = [];
- foreach (array_keys($data) as $c) $set[] = "`$c` = :$c";
- $sql = "UPDATE `$t` SET " . implode(',', $set) . " WHERE `$idCol` = :__id" . $tw . " LIMIT 1";
- $stmt = $this->pdo->prepare($sql);
-
- foreach ($data as $k => $v) $stmt->bindValue(":$k", $v);
- $stmt->bindValue(':__id', $id);
- foreach ($tp as $k => $v) $stmt->bindValue($k, $v);
- $stmt->execute();
- $this->respond(['ok' => true, 'kind' => $kind, 'id' => $id, 'updated' => array_keys($data)]);
- }
-
- /**
- * Allgemeine Methode zur Handhabung von DELETE-Anfragen.
- */
- private function handleDelete(string $kind): void
- {
- $auth = $this->requireAuth();
- $t = $this->tableMap[$kind];
- [$idCol, $allCols] = $this->resolveIdCol($kind);
- $id = $this->pullId($this->in);
- if ($id === null || $id === '') $this->fail('id required', null, 422);
-
- [$tw, $tp] = $this->tenantWhere($auth);
- $sql = "DELETE FROM `$t` WHERE `$idCol` = :__id" . $tw . " LIMIT 1";
- $stmt = $this->pdo->prepare($sql);
- $stmt->bindValue(':__id', $id);
- foreach ($tp as $k => $v) $stmt->bindValue($k, $v);
- $stmt->execute();
- $this->respond(['ok' => true, 'kind' => $kind, 'id' => $id, 'deleted' => true]);
- }
-
- // =================================================================
- // 💡 Öffentliche run()-Methode (KORRIGIERT)
- // =================================================================
-
- public function run(): void
- {
- // 💡 KORREKTUR: Der Content-Type Header wird hier entfernt, da er jetzt in respond()
- // zentralisiert wurde, um sicherzustellen, dass er auch bei Fehlern im Konstruktor oder
- // im try-Block korrekt gesetzt wird.
- // header('Content-Type: application/json; charset=utf-8'); // DIESE ZEILE ENTFERNT
-
- try {
- // Extrahiere den Ressourcen-Typ und die Operation (z.B. 'templates' und 'list')
- [$kind, $operation] = explode('.', $this->action, 2) + [1 => ''];
-
- switch ($this->action) {
- case 'health':
- $this->respond(['ok' => true, 'time' => date('c')]);
-
- /* ---------- AUTH ---------- */
- case 'auth.login':
- $result = $this->authService->login($this->in);
- $this->respond(['ok' => true] + $result);
- break;
- case 'auth.me':
- if (empty($_SESSION['auth'])) $this->fail('Not authenticated', null, 401);
- $this->respond(['ok' => true, 'user' => $_SESSION['auth']]);
- break;
- case 'auth.logout':
- $this->authService->logout();
- $this->respond(['ok' => true]);
- break;
-
- /* ---------- CRUD HANDLER ---------- */
- default:
- if (in_array($kind, ['templates', 'sections', 'blocks', 'snippets'])) {
- switch ($operation) {
- case 'list':
- $this->handleList($kind);
- break;
- case 'get':
- $this->handleGet($kind);
- break;
- case 'create':
- $this->handleCreate($kind);
- break;
- case 'update':
- $this->handleUpdate($kind);
- break;
- case 'delete':
- $this->handleDelete($kind);
- break;
- default:
- $this->fail('Unknown operation for resource: ' . $this->action, null, 404);
- break;
- }
- } else {
- $this->fail('Unknown action', $this->action ?: 'missing', 404);
- }
- break;
- }
- } catch (Throwable $e) {
- $this->fail('Server error', get_class($e) . ': ' . $e->getMessage(), 500);
- }
- }
-}
+require_once __DIR__ . '/../src/ApiKernel.php';
diff --git a/inc/AuthService.php b/inc/AuthService.php
index f0112d4..1d70eeb 100644
--- a/inc/AuthService.php
+++ b/inc/AuthService.php
@@ -1,105 +1,4 @@
conf = $conf;
- $this->pdo = $pdo;
- }
-
- // --- Private Utility Methoden ---
-
- private function fail(string $msg, $detail = null, int $code = 400): void
- {
- // Wir müssen hier direkt antworten, da wir das Fail-Verhalten des Kernels benötigen.
- // Im ApiKernel werden wir die respond/fail-Methoden als public lassen,
- // um sie hier injizieren zu können, oder wir lassen sie hier im Global Scope
- // (WENN Sie die ursprünglichen globalen Funktionen respond/fail wieder zulassen).
- // Für eine saubere Kapselung injizieren wir die Respond-Logik.
- // HIER verwenden wir eine einfache JSON-Antwort, da die fail-Methode
- // normalerweise den gesamten Kernel stoppt. Wir nutzen exit.
-
- http_response_code($code);
- echo json_encode(['ok'=>false,'error'=>$msg,'detail'=>$detail], JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES);
- exit;
- }
-
- private function verifyPassword(string $input, string $stored, array $authDbConf): bool
- {
- if (preg_match('~^\$2[aby]\$~', $stored) || strpos($stored, '$argon2') === 0) return password_verify($input, $stored);
- $legacy = strtolower($authDbConf['legacy'] ?? '');
- if ($legacy === 'md5') return hash_equals($stored, md5($input));
- if ($legacy === 'sha1') return hash_equals($stored, sha1($input));
- if (password_get_info($stored)['algo'] !== 0) return password_verify($input, $stored);
- return hash_equals($stored, $input);
- }
-
- // --- Public Service Methoden ---
-
- public function requireAuth(): array
- {
- if (empty($_SESSION['auth'])) $this->fail('Not authenticated', null, 401);
- return $_SESSION['auth'];
- }
-
- public function logout(): bool
- {
- $_SESSION = [];
- if (session_id() !== '') session_destroy();
- return true;
- }
-
- public function login(array $in): array
- {
- $authDb = $this->conf['auth']['db'] ?? [];
- $colUser = $authDb['col_user'] ?? 'email';
- $colPass = $authDb['col_pass'] ?? 'password';
- $colName = $authDb['col_name'] ?? 'name';
- $colId = $authDb['col_id'] ?? 'id';
- $colStatus = $authDb['col_status']?? null;
- $activeValues = $authDb['active_values'] ?? ['active','1',1];
- $table = $authDb['table'] ?? 'emailtemplate_users';
-
- $identifier = trim((string)($in['username'] ?? $in['user'] ?? $in['email'] ?? $in['login'] ?? ''));
- $password = (string)($in['password'] ?? $in['pass'] ?? $in['pwd'] ?? '');
-
- if ($identifier === '' || $password === '') $this->fail('username/password required', null, 422);
-
- $stmt = $this->pdo->prepare("SELECT * FROM `$table` WHERE `$colUser` = :u LIMIT 1");
- $stmt->execute([':u'=>$identifier]);
- $row = $stmt->fetch();
-
- if (!$row) $this->fail('Invalid credentials', null, 401);
-
- if ($colStatus && isset($row[$colStatus])) {
- if (!in_array($row[$colStatus], $activeValues, true)) {
- $this->fail('Account inactive', null, 403);
- }
- }
-
- $stored = (string)($row[$colPass] ?? '');
- if ($stored === '' || !$this->verifyPassword($password, $stored, $authDb)) {
- $this->fail('Invalid credentials', null, 401);
- }
-
- $_SESSION['auth'] = [
- 'id' => $row[$colId] ?? null,
- 'name' => $row[$colName] ?? ($row[$colUser] ?? $identifier),
- 'email' => $row[$colUser] ?? $identifier,
- 'at' => time(),
- ];
-
- $token = base64_encode(hash('sha256', ($_SESSION['auth']['id'] ?? $identifier).'|'.session_id(), true));
- return ['user'=>$_SESSION['auth'], 'token'=>$token];
- }
-}
+require_once __DIR__ . '/../src/AuthService.php';
diff --git a/inc/config.php b/inc/config.php
index 3f2ed05..35aa48c 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1,76 +1,5 @@
[
- 'db_host' => getenv('DB_TPL_HOST') ?: 'localhost',
- 'db_name' => getenv('DB_TPL_NAME') ?: 'd044ae9e',
- 'db_user' => getenv('DB_TPL_USER') ?: 'd044ae9e',
- 'db_pass' => getenv('DB_TPL_PASS') ?: '9BVUn)Töcü@ÖVÜfgO8!J',
- 'db_charset' => 'utf8',
- 'prefix' => getenv('DB_TPL_PREFIX') ?: 'emailtemplate_',
-
- ],
- 'project' => [
- 'db_host' => getenv('DB_TPL_HOST') ?: 'w0207fd0.kasserver.com',
- 'db_name' => getenv('DB_TPL_NAME') ?: 'd0444c25',
- 'db_user' => getenv('DB_TPL_USER') ?: 'd0444c25',
- 'db_pass' => getenv('DB_TPL_PASS') ?: '/7ü9+§ÄfkiQvGPr§2Op7',
- 'db_charset' => 'utf8',
- ],
- 'cors' => getenv('CORS_ORIGIN') ?: '*',
- 'env' => 'staging',
- 'base_url' => 'https://staging.emailtemplate.it',
- 'auth' => [
- 'session_name' => 'et_session',
- 'cookie_domain' => 'staging.emailtemplate.it',
- 'cookie_secure' => true,
- 'cookie_httponly'=> true,
- 'cookie_samesite'=> 'Lax',
- 'db' => [
- 'table' => 'customer_users',
- 'col_user' => 'email', // alternativ: 'username'
- 'col_pass' => 'password_hash',
- 'col_name' => 'name', // optional
- 'col_id' => 'id', // optional
- 'col_status' => 'is_active', // optional
- 'active_values'=> ['active','1',1], // optional
- 'legacy' => 'md5' // optional: 'md5' | 'sha1' | 'plain' (sonst bcrypt/argon2)
- ],
-
- ],
-'smtp' => [
- 'host' => 'smtp.example.com',
- 'port' => 587,
- 'user' => 'smtp-user',
- 'pass' => 'smtp-pass',
- 'secure' => 'tls', // oder 'ssl'
- 'from_email' => 'no-reply@example.com',
- 'from_name' => 'EmailTemplate',
-],
-'export' => [
- 'api_keys' => ['dev-key-123', 'noch-ein-key'], // füge hier deine Keys ein
-],
- 'multi' => [
- // Spalte in ALLEN Content-Tabellen, die dem Besitzer/Mandanten entspricht:
- 'tenant_col' => 'customer_id', // <— falls es bei dir z. B. 'owner_id' heißt: entsprechend anpassen.
- // Welche Session-Info darauf gemappt wird:
- 'map_session_to' => 'id', // 'id' (Default) | 'email' | 'name'
- ],
-
- // optional: abweichende Tabellennamen/Spalten:
- 'tables' => [
- 'templates' => 'emailtemplate_templates',
- 'sections' => 'emailtemplate_sections',
- 'blocks' => 'emailtemplate_blocks',
- 'snippets' => 'emailtemplate_snippets',
- ],
- 'columns' => [
- // Nur anpassen, wenn deine Spaltennamen abweichen
- 'templates' => ['id'=>'id','name'=>'name','desc'=>null,'cat'=>null,'upd'=>'updated_at'],
- 'sections' => ['id'=>'id','name'=>'name','cat'=>null,'upd'=>'updated_at'],
- 'blocks' => ['id'=>'id','name'=>'name','cat'=>'category','upd'=>'updated_at'],
- 'snippets' => ['id'=>'id','name'=>'name','cat'=>'category','upd'=>'updated_at'],
- ],
-];
-
+// Legacy stub that keeps existing include paths working.
+return require __DIR__ . '/../config/emailtemplate.conf.php';
diff --git a/public/api.php b/public/api.php
index 3541a75..7def9f8 100644
--- a/public/api.php
+++ b/public/api.php
@@ -8,7 +8,7 @@ if (is_file($composerAutoload)) {
}
// 2. Lade die Service-Klasse (API-Kernel)
-require_once __DIR__ . '/../inc/ApiKernel.php';
+require_once __DIR__ . '/../src/ApiKernel.php';
// 3. Erstelle eine Instanz und führe sie aus
$api = new ApiKernel();
diff --git a/public/tools/db-doctor.php b/public/tools/db-doctor.php
index 8b011c3..5e644cc 100644
--- a/public/tools/db-doctor.php
+++ b/public/tools/db-doctor.php
@@ -3,13 +3,12 @@ header('Content-Type: text/html; charset=utf-8');
$conf = @include __DIR__ . '/../../inc/config.php';
function h($s){ return htmlspecialchars((string)$s, ENT_QUOTES|ENT_SUBSTITUTE,'UTF-8'); }
-if (!is_array($conf) || !isset($conf['templates'])) {
- echo 'Invalid config.php (expected return array with keys templates/project)'; exit;
+if (!is_array($conf) || !isset($conf['projectdb'])) {
+ echo 'Invalid config.php (expected return array with key projectdb)'; exit;
}
-$profile = $_GET['profile'] ?? 'templates';
-$cfg = ($profile==='project') ? ($conf['project'] ?? null) : $conf['templates'];
-$prefix = (string)(($profile==='project') ? ($conf['project']['prefix'] ?? '') : ($conf['templates']['prefix'] ?? ''));
+$cfg = $conf['projectdb'];
+$prefix = (string)($cfg['prefix'] ?? '');
$attempts=[]; $pdo=null;
$mkPdo=function(array $cfg) use(&$attempts){
@@ -57,7 +56,7 @@ if ($pdo){
-DB-Doctor (<?=h($profile)?>)
+DB-Doctor
-DB-Doctor (Profil: )
-
-
+DB-Doctor
Verbindungsversuche
@@ -115,4 +109,3 @@ if ($pdo){
], JSON_PRETTY_PRINT|JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES))?>
-
diff --git a/src/ApiKernel.php b/src/ApiKernel.php
new file mode 100644
index 0000000..4209f1c
--- /dev/null
+++ b/src/ApiKernel.php
@@ -0,0 +1,659 @@
+conf = $this->loadConfig();
+ $this->cors();
+ $this->setInput();
+ $this->pdo = $this->getPdoTemplates();
+ $this->resolveAction();
+ $this->resolveTableMap();
+ $this->authService = new AuthService($this->conf, $this->pdo);
+ } catch (Throwable $e) {
+ // Im Fehlerfall ruft fail() die respond() Methode auf, die den Header setzt und den Buffer leert.
+ $this->fail('Initialization error', get_class($e) . ': ' . $e->getMessage(), 500);
+ }
+ }
+
+ // --- Core Responder-Methoden (KORRIGIERT) ---
+
+ public function respond($data, int $code = 200): void
+ {
+ // 1. Output-Puffer leeren, um jeglichen unbeabsichtigten Output zu verwerfen (z.B. PHP Notices).
+ if (ob_get_level() > 0) {
+ ob_clean();
+ }
+
+ // 2. 💡 KRITISCHE KORREKTUR: Content-Type Header setzen.
+ // Dies ist der entscheidende Schritt, der dem Browser sagt: "Dies ist JSON!"
+ if (!headers_sent() && !isset($this->conf['no_content_type'])) {
+ header('Content-Type: application/json; charset=utf-8');
+ }
+
+ http_response_code($code);
+ echo is_string($data) ? $data : json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+ exit;
+ }
+
+ public function fail(string $msg, $detail = null, int $code = 400): void
+ {
+ $this->respond(['ok' => false, 'error' => $msg, 'detail' => $detail], $code);
+ }
+
+ // --- Private Initialisierungs- & Utility-Methoden (Unverändert) ---
+
+ private function loadConfig(): array { /* ... Logik bleibt unverändert ... */
+ $paths = [
+ __DIR__ . '/../config/emailtemplate.conf.php',
+ __DIR__ . '/../inc/config.php',
+ __DIR__ . '/config.php',
+ __DIR__ . '/../config.php',
+ __DIR__ . '/../../config.php',
+ ];
+
+ foreach ($paths as $p) {
+ if (is_file($p)) {
+ $conf = @include $p;
+ if (is_array($conf)) return $conf;
+ }
+ }
+ $this->fail('Invalid config', 'config file not found or not returning array', 500);
+ }
+ private function cors(): void { /* ... Logik bleibt unverändert ... */
+ $cors = $this->conf['cors'] ?? '*';
+ if ($cors) {
+ header('Access-Control-Allow-Origin: ' . $cors);
+ header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
+ header('Access-Control-Allow-Headers: Content-Type, Authorization');
+ header('Access-Control-Allow-Credentials: true');
+ }
+ if (($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'OPTIONS') $this->respond(['ok' => true]);
+
+ if (!empty($this->conf['auth']['cookie'])) {
+ $c = $this->conf['auth']['cookie'];
+ $params = session_get_cookie_params();
+ $params['lifetime'] = $c['lifetime'] ?? $params['lifetime'];
+ $params['path'] = $c['path'] ?? $params['path'];
+ $params['domain'] = $c['domain'] ?? $params['domain'];
+ $params['secure'] = $c['secure'] ?? $params['secure'];
+ $params['httponly'] = $c['httponly'] ?? $params['httponly'];
+ if (isset($c['samesite'])) $params['samesite'] = $c['samesite'];
+ session_set_cookie_params($params);
+ }
+ }
+ private function setInput(): void { /* ... Logik bleibt unverändert ... */
+ $data = [];
+ $ct = $_SERVER['CONTENT_TYPE'] ?? '';
+ if (stripos($ct, 'application/json') !== false) {
+ $raw = file_get_contents('php://input');
+ if ($raw !== false && $raw !== '') {
+ $js = json_decode($raw, true);
+ if (is_array($js)) $data = $js;
+ }
+ }
+ foreach ($_POST as $k => $v) $data[$k] = $v;
+ foreach ($_GET as $k => $v) if (!array_key_exists($k, $data)) $data[$k] = $v;
+ $this->in = $data;
+ }
+ private function getPdoTemplates(): PDO { /* ... Logik bleibt unverändert ... */
+ if (!isset($this->conf['projectdb']) || !is_array($this->conf['projectdb'])) {
+ $this->fail('Missing project DB config', null, 500);
+ }
+ $c = $this->conf['projectdb'];
+ $host = $c['db_host'] ?? 'localhost';
+ $db = $c['db_name'] ?? ($c['database'] ?? '');
+ $user = $c['db_user'] ?? ($c['username'] ?? '');
+ $pass = $c['db_pass'] ?? ($c['password'] ?? '');
+ $charset = $c['db_charset'] ?? 'utf8mb4';
+ $port = $c['db_port'] ?? 3306;
+ $dsn = "mysql:host=$host;port=$port;dbname=$db;charset=$charset";
+ $opt = [
+ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+ PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+ ];
+ return new PDO($dsn, $user, $pass, $opt);
+ }
+ private function resolveAction(): void { /* ... Logik bleibt unverändert ... */
+ $action = $this->val($this->in, 'action', '');
+ $resource = $this->val($this->in, 'resource', null);
+ $allowedResources = ['templates', 'sections', 'blocks', 'snippets'];
+ if ($resource && in_array($resource, $allowedResources, true) && strpos((string)$action, '.') === false) {
+ $verb = strtolower((string)$action);
+ if (in_array($verb, ['list', 'get', 'create', 'update', 'delete'], true)) $action = $resource . '.' . $verb;
+ }
+ $this->action = $action;
+ }
+ private function resolveTableMap(): void { /* ... Logik bleibt unverändert ... */
+ $tables = $this->conf['tables'] ?? [];
+ $this->tableMap = [
+ 'templates' => $tables['templates'] ?? 'emailtemplate_templates',
+ 'sections' => $tables['sections'] ?? 'emailtemplate_sections',
+ 'blocks' => $tables['blocks'] ?? 'emailtemplate_blocks',
+ 'snippets' => $tables['snippets'] ?? 'emailtemplate_snippets',
+ ];
+ }
+
+ private function val(array $in, $keys, $default = null) { /* ... Logik bleibt unverändert ... */
+ if (!is_array($keys)) $keys = [$keys];
+ foreach ($keys as $k) if (array_key_exists($k, $in)) return $in[$k];
+ return $default;
+ }
+ private function firstExisting(array $columns, array $candidates): ?string { /* ... Logik bleibt unverändert ... */
+ foreach ($candidates as $c) if (in_array($c, $columns, true)) return $c;
+ return null;
+ }
+ private function tableColumns(string $table): array { /* ... Logik bleibt unverändert ... */
+ $cols = [];
+ $stmt = $this->pdo->query("SHOW COLUMNS FROM `$table`");
+ foreach ($stmt->fetchAll() as $r) $cols[] = $r['Field'];
+ return $cols;
+ }
+ private function primaryKey(string $table): ?string { /* ... Logik bleibt unverändert ... */
+ $stmt = $this->pdo->prepare("SHOW KEYS FROM `$table` WHERE Key_name = 'PRIMARY'");
+ $stmt->execute();
+ $row = $stmt->fetch();
+ return $row['Column_name'] ?? null;
+ }
+ private function requireAuth(): array { /* ... Logik bleibt unverändert ... */
+ return $this->authService->requireAuth();
+ }
+ private function pullId(array $src) { /* ... Logik bleibt unverändert ... */
+ $aliases = ['id', 'item_id', 'template_id', 'tpl_id', 'section_id', 'sec_id', 'block_id', 'blk_id', 'snippet_id', 'snip_id'];
+ foreach ($aliases as $a) if (isset($src[$a]) && $src[$a] !== '') return $src[$a];
+ return null;
+ }
+ private function tenantWhere(array $session): array { /* ... Logik bleibt unverändert ... */
+ $multi = $this->conf['multi'] ?? [];
+ $tenantCol = $multi['tenant_col'] ?? null;
+ $mapSess = $multi['map_session_to'] ?? 'id';
+
+ if (!$tenantCol) return ['', []];
+ if (!$session) return [' AND 1=0 ', []];
+ $val = $session[$mapSess] ?? null;
+ if ($val === null || $val === '') return [' AND 1=0 ', []];
+ return [" AND `$tenantCol` = :__tenant", [':__tenant' => $val]];
+ }
+ private function tenantAssign(array $session, array $columns): array { /* ... Logik bleibt unverändert ... */
+ $multi = $this->conf['multi'] ?? [];
+ $tenantCol = $multi['tenant_col'] ?? null;
+ $mapSess = $multi['map_session_to'] ?? 'id';
+
+ if (!$tenantCol || !in_array($tenantCol, $columns, true)) return [];
+ $val = $session[$mapSess] ?? null;
+ return ($val === null || $val === '') ? [] : [$tenantCol => $val];
+ }
+ private function resolveIdCol(string $kind): array { /* ... Logik bleibt unverändert ... */
+ $t = $this->tableMap[$kind];
+ $cfg = $this->conf['columns'][$kind] ?? [];
+ $cols = $this->tableColumns($t);
+ $idCol = $cfg['id'] ?? ($this->firstExisting($cols, ['id']) ?: $this->primaryKey($t));
+ if (!$idCol) $idCol = 'id';
+ return [$idCol, $cols];
+ }
+ private function parseHtmlToGjsComponents(string $html): array { /* ... Logik bleibt unverändert ... */
+ if (trim($html) === '') return [];
+
+ return [
+ [
+ 'type' => 'html',
+ 'content' => $html,
+ 'removable' => true,
+ 'draggable' => true,
+ 'droppable' => true,
+ 'copyable' => true,
+ 'selectable' => true,
+ 'editable' => false,
+ 'traits' => [],
+ ]
+ ];
+ }
+
+ // 💡 Bereinigungsmethode
+ private function cleanReferenceComponents(array $components): array {
+ foreach ($components as &$component) {
+ if (is_array($component) && isset($component['type'])) {
+
+ if ($component['type'] === 'library-reference') {
+ if (isset($component['content'])) {
+ $component['content'] = '';
+ }
+ if (isset($component['components'])) {
+ $component['components'] = [];
+ }
+ }
+ if (isset($component['components']) && is_array($component['components'])) {
+ $component['components'] = $this->cleanReferenceComponents($component['components']);
+ }
+ }
+ }
+ return $components;
+ }
+
+
+ // =================================================================
+ // 🚀 CRUD HANDLER METHODEN
+ // =================================================================
+
+ /**
+ * Allgemeine Methode zur Handhabung von LIST-Anfragen.
+ */
+ private function handleList(string $kind): void
+ {
+ $auth = $this->requireAuth();
+ $t = $this->tableMap[$kind];
+ [$idCol, $allCols] = $this->resolveIdCol($kind);
+ $cfg = $this->conf['columns'][$kind] ?? [];
+ $nameCol = $cfg['name'] ?? ($this->firstExisting($allCols, ['name']) ?: $idCol);
+ $descCol = $cfg['desc'] ?? $this->firstExisting($allCols, ['description', 'desc', 'descr']);
+ $catCol = $cfg['cat'] ?? $this->firstExisting($allCols, ['category', 'cat']);
+ $updCol = $cfg['upd'] ?? $this->firstExisting($allCols, ['updated_at', 'updated', 'updatedAt']);
+ $q = trim((string)$this->val($this->in, 'q', ''));
+ $limit = max(1, (int)$this->val($this->in, 'limit', 500));
+ $offset = max(0, (int)$this->val($this->in, 'offset', 0));
+
+ $where = ' WHERE 1=1 ';
+ $params = [];
+ // Suchlogik (q)
+ if ($q !== '') {
+ $parts = ["`$nameCol` LIKE :q"];
+ if ($descCol) $parts[] = "`$descCol` LIKE :q";
+ if ($catCol) $parts[] = "`$catCol` LIKE :q";
+ $where .= " AND (" . implode(' OR ', $parts) . ") ";
+ $params[':q'] = '%' . $q . '%';
+ }
+
+ // Filterlogik (parentFilters)
+ $parentFilters = [
+ 'template_id' => $this->val($this->in, ['template_id', 'tpl_id'], null),
+ 'section_id' => $this->val($this->in, ['section_id', 'sec_id'], null),
+ 'block_id' => $this->val($this->in, ['block_id', 'blk_id'], null),
+ ];
+ foreach ($parentFilters as $col => $v) {
+ if ($v === null || $v === '') continue;
+ if (in_array($col, $allCols, true)) { $where .= " AND `$col` = :$col "; $params[":$col"] = $v; }
+ }
+
+ // Tenant-Filter
+ [$tw, $tp] = $this->tenantWhere($auth);
+ $where .= $tw;
+ foreach ($tp as $k => $v) $params[$k] = $v;
+
+ $order = $updCol ? " ORDER BY `$updCol` DESC " : " ORDER BY `$nameCol` ASC ";
+ $sql = "SELECT * FROM `$t` $where $order LIMIT :off,:lim";
+ $stmt = $this->pdo->prepare($sql);
+
+ // Bind parameters
+ foreach ($params as $k => $v) $stmt->bindValue($k, $v, is_int($v) ? PDO::PARAM_INT : PDO::PARAM_STR);
+ $stmt->bindValue(':off', $offset, PDO::PARAM_INT);
+ $stmt->bindValue(':lim', $limit, PDO::PARAM_INT);
+ $stmt->execute();
+ $rows = $stmt->fetchAll();
+
+ $out = [];
+ foreach ($rows as $r) {
+ $item = [
+ 'id' => $r[$idCol] ?? null,
+ 'name' => $r[$nameCol] ?? null,
+ ];
+ if ($descCol && isset($r[$descCol])) $item['desc'] = $r[$descCol];
+ if ($catCol && isset($r[$catCol])) $item['category'] = $r[$catCol];
+ if ($updCol && isset($r[$updCol])) $item['updated_at'] = $r[$updCol];
+
+ // Lade HTML und JSON aus den korrekten Spalten
+ $htmlCol = $this->firstExisting($allCols, ['html', 'body', 'markup', 'content']);
+ if ($htmlCol && isset($r[$htmlCol])) $item['html'] = (string)$r[$htmlCol];
+ $jsonCol = $this->firstExisting($allCols, ['json_content']);
+ if ($jsonCol && isset($r[$jsonCol])) $item['content'] = $r[$jsonCol];
+
+ $out[] = $item;
+ }
+ $this->respond(['ok' => true, 'kind' => $kind, 'items' => $out, 'data' => $out, 'count' => count($out), 'offset' => $offset, 'limit' => $limit]);
+ }
+
+ /**
+ * Allgemeine Methode zur Handhabung von GET-Anfragen.
+ */
+ private function handleGet(string $kind): void
+ {
+ $auth = $this->requireAuth();
+ $t = $this->tableMap[$kind];
+ [$idCol, $allCols] = $this->resolveIdCol($kind);
+ $id = $this->pullId($this->in);
+ if ($id === null || $id === '') $this->fail('id required', null, 422);
+
+ [$tw, $tp] = $this->tenantWhere($auth);
+ $sql = "SELECT * FROM `$t` WHERE `$idCol` = :id" . $tw . " LIMIT 1";
+ $stmt = $this->pdo->prepare($sql);
+ $stmt->bindValue(':id', $id);
+ foreach ($tp as $k => $v) $stmt->bindValue($k, $v);
+ $stmt->execute();
+ $row = $stmt->fetch();
+ if (!$row) $this->fail('Not found', ['kind' => $kind, 'id' => $id], 404);
+ $rowOut = ['id' => $row[$idCol] ?? $id] + $row;
+
+ // Lade HTML und JSON aus den korrekten Spalten
+ $htmlCol = $this->firstExisting($allCols, ['html', 'body', 'markup', 'content']);
+ $topHtml = ($htmlCol && isset($row[$htmlCol])) ? (string)$row[$htmlCol] : null;
+ $jsonCol = $this->firstExisting($allCols, ['json_content']);
+ $topContent = ($jsonCol && isset($row[$jsonCol])) ? $row[$jsonCol] : null;
+
+ $gjsComponents = [];
+
+ if ($topContent !== null) {
+ $decodedContent = json_decode($topContent, true);
+ if (is_array($decodedContent)) {
+ $gjsComponents = $decodedContent;
+ }
+ }
+
+ if (empty($gjsComponents) && $topHtml !== null) {
+ $gjsComponents = $this->parseHtmlToGjsComponents($topHtml);
+ }
+
+ $this->respond([
+ 'ok' => true,
+ 'kind' => $kind,
+ 'id' => $rowOut['id'],
+ 'item' => $rowOut,
+ 'data' => $rowOut,
+ 'html' => $topHtml,
+ 'content' => $topContent,
+ 'gjs_components' => $gjsComponents
+ ]);
+ }
+
+ /**
+ * Allgemeine Methode zur Handhabung von CREATE-Anfragen (inkl. JSON-Bereinigung).
+ */
+ private function handleCreate(string $kind): void
+ {
+ $auth = $this->requireAuth();
+ $t = $this->tableMap[$kind];
+ [$idCol, $allCols] = $this->resolveIdCol($kind);
+ $cfg = $this->conf['columns'][$kind] ?? [];
+ $nameCol = $cfg['name'] ?? ($this->firstExisting($allCols, ['name']) ?: $idCol);
+ $descCol = $cfg['desc'] ?? $this->firstExisting($allCols, ['description', 'desc', 'descr']);
+ $catCol = $cfg['cat'] ?? $this->firstExisting($allCols, ['category', 'cat']);
+ $updCol = $cfg['upd'] ?? $this->firstExisting($allCols, ['updated_at', 'updated', 'updatedAt']);
+
+ $name = trim((string)$this->val($this->in, ['name', 'title'], ''));
+ if ($name === '') $this->fail('name required', null, 422);
+
+ $desc = (string)$this->val($this->in, ['description', 'desc'], null);
+ $cat = (string)$this->val($this->in, ['category', 'cat'], null);
+ $html = (string)$this->val($this->in, ['html', 'body', 'markup'], null);
+ $json = $this->val($this->in, ['content_json', 'json', 'content', 'structure_json'], null);
+ $settings = $this->val($this->in, ['settings_json', 'settings'], null);
+ $templateId = $this->val($this->in, ['template_id', 'tpl_id'], null);
+ $sectionId = $this->val($this->in, ['section_id', 'sec_id'], null);
+ $blockId = $this->val($this->in, ['block_id', 'blk_id'], null);
+
+ $data = [$nameCol => $name];
+ if ($desc !== null && $descCol) $data[$descCol] = $desc;
+ if ($cat !== null && $catCol) $data[$catCol] = $cat;
+
+ $htmlDbCol = $this->firstExisting($allCols, ($kind === 'snippets' ? ['content'] : ['html', 'body', 'markup']));
+ $jsonDbCol = $this->firstExisting($allCols, ['json_content']);
+
+ // --- LOGIK mit ERWEITERTER PRÜFUNG START ---
+
+ // 1. JSON-Content behandeln
+ if ($json !== null) {
+ if ($jsonDbCol) {
+ $components = is_string($json) ? json_decode($json, true) : $json;
+ if (is_array($components)) {
+ $components = $this->cleanReferenceComponents($components); // BEREINIGUNG
+ $data[$jsonDbCol] = json_encode($components, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+ } else {
+ $data[$jsonDbCol] = is_string($json) ? $json : '';
+ }
+ } else {
+ // FALLBACK: Wenn JSON gesendet wurde, aber keine json_content Spalte existiert, FEHLER ausgeben
+ $this->fail(
+ 'JSON content provided but no `json_content` column found',
+ ['table' => $t, 'available_cols' => $allCols],
+ 422
+ );
+ }
+ }
+
+ // 2. HTML-Content speichern
+ if ($htmlDbCol && $html !== null) {
+ $data[$htmlDbCol] = $html;
+ }
+ // --- LOGIK mit ERWEITERTER PRÜFUNG ENDE ---
+
+ $c = $this->firstExisting($allCols, ['settings_json', 'settings']);
+ if ($c && $settings !== null) $data[$c] = is_string($settings) ? $settings : json_encode($settings, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+
+ if ($templateId !== null && in_array('template_id', $allCols, true)) $data['template_id'] = $templateId;
+ if ($sectionId !== null && in_array('section_id', $allCols, true)) $data['section_id'] = $sectionId;
+ if ($blockId !== null && in_array('block_id', $allCols, true)) $data['block_id'] = $blockId;
+
+ $data = $data + $this->tenantAssign($_SESSION['auth'] ?? [], $allCols);
+
+ $now = date('Y-m-d H:i:s');
+ $createdCol = $this->firstExisting($allCols, ['created_at', 'created', 'createdAt']);
+ if ($createdCol) $data[$createdCol] = $now;
+ if ($updCol) $data[$updCol] = $now;
+
+ $fields = array_keys($data);
+ $place = array_map(fn($c) => ":$c", $fields);
+ $sql = "INSERT INTO `$t` (" . implode(',', array_map(fn($c) => "`$c`", $fields)) . ") VALUES (" . implode(',', $place) . ")";
+ $stmt = $this->pdo->prepare($sql);
+ foreach ($data as $k => $v) $stmt->bindValue(":$k", $v);
+ $stmt->execute();
+ $newId = $this->pdo->lastInsertId();
+
+ $out = ['id' => $newId, 'name' => $name];
+ if ($desc !== null) $out['desc'] = $desc;
+ if ($cat !== null) $out['category'] = $cat;
+ $this->respond(['ok' => true, 'kind' => $kind, 'id' => $newId, 'item' => $out, 'data' => $out]);
+ }
+
+ /**
+ * Allgemeine Methode zur Handhabung von UPDATE-Anfragen (inkl. JSON-Bereinigung).
+ */
+ private function handleUpdate(string $kind): void
+ {
+ $auth = $this->requireAuth();
+ $t = $this->tableMap[$kind];
+ [$idCol, $allCols] = $this->resolveIdCol($kind);
+ $cfg = $this->conf['columns'][$kind] ?? [];
+ $nameCol = $cfg['name'] ?? ($this->firstExisting($allCols, ['name']) ?: $idCol);
+ $descCol = $cfg['desc'] ?? $this->firstExisting($allCols, ['description', 'desc', 'descr']);
+ $catCol = $cfg['cat'] ?? $this->firstExisting($allCols, ['category', 'cat']);
+ $updCol = $cfg['upd'] ?? $this->firstExisting($allCols, ['updated_at', 'updated', 'updatedAt']);
+ $id = $this->pullId($this->in);
+ if ($id === null || $id === '') $this->fail('id required', null, 422);
+
+ $data = [];
+ $name = $this->val($this->in, ['name', 'title'], null);
+ $desc = $this->val($this->in, ['description', 'desc'], null);
+ $cat = $this->val($this->in, ['category', 'cat'], null);
+ $html = $this->val($this->in, ['html', 'body', 'markup'], null);
+ $json = $this->val($this->in, ['content_json', 'json', 'content', 'structure_json'], null);
+ $settings = $this->val($this->in, ['settings_json', 'settings'], null);
+
+ if ($name !== null) $data[$nameCol] = (string)$name;
+ if ($desc !== null && $descCol) $data[$descCol] = (string)$desc;
+ if ($cat !== null && $catCol) $data[$catCol] = (string)$cat;
+
+ $htmlDbCol = $this->firstExisting($allCols, ($kind === 'snippets' ? ['content'] : ['html', 'body', 'markup']));
+ $jsonDbCol = $this->firstExisting($allCols, ['json_content']);
+
+ // --- LOGIK mit ERWEITERTER PRÜFUNG START ---
+
+ // 1. JSON-Content behandeln
+ if ($json !== null) {
+ if ($jsonDbCol) {
+ // Wenn JSON-Spalte existiert, JSON verarbeiten und speichern
+ $components = is_string($json) ? json_decode($json, true) : $json;
+ if (is_array($components)) {
+ $components = $this->cleanReferenceComponents($components); // BEREINIGUNG
+ $data[$jsonDbCol] = json_encode($components, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+ } else {
+ $data[$jsonDbCol] = is_string($json) ? $json : '';
+ }
+ } else {
+ // FALLBACK: Wenn JSON gesendet wurde, aber keine json_content Spalte existiert, FEHLER ausgeben
+ $this->fail(
+ 'JSON content provided but no `json_content` column found',
+ ['table' => $t, 'available_cols' => $allCols],
+ 422
+ );
+ }
+
+ // 2. Den zugehörigen HTML-Output speichern (wird vom Editor immer mitgesendet, wenn JSON da ist)
+ if ($html !== null && $htmlDbCol) {
+ $data[$htmlDbCol] = (string)$html;
+ }
+ } elseif ($html !== null && $htmlDbCol) {
+ // Wenn NUR HTML gesendet wird (für minimale Änderungen), speichern wir nur HTML.
+ $data[$htmlDbCol] = (string)$html;
+ }
+ // --- LOGIK mit ERWEITERTER PRÜFUNG ENDE ---
+
+ $c = $this->firstExisting($allCols, ['settings_json', 'settings']);
+ if ($settings !== null && $c) $data[$c] = is_string($settings) ? $settings : json_encode($settings, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+
+ $tpl = $this->val($this->in, ['template_id', 'tpl_id'], null);
+ if ($tpl !== null && in_array('template_id', $allCols, true)) $data['template_id'] = $tpl;
+ $sec = $this->val($this->in, ['section_id', 'sec_id'], null);
+ if ($sec !== null && in_array('section_id', $allCols, true)) $data['section_id'] = $sec;
+ $blk = $this->val($this->in, ['block_id', 'blk_id'], null);
+ if ($blk !== null && in_array('block_id', $allCols, true)) $data['block_id'] = $blk;
+
+ if ($updCol) $data[$updCol] = date('Y-m-d H:i:s');
+ if (!$data) $this->fail('nothing to update', null, 422);
+
+ [$tw, $tp] = $this->tenantWhere($auth);
+ $set = [];
+ foreach (array_keys($data) as $c) $set[] = "`$c` = :$c";
+ $sql = "UPDATE `$t` SET " . implode(',', $set) . " WHERE `$idCol` = :__id" . $tw . " LIMIT 1";
+ $stmt = $this->pdo->prepare($sql);
+
+ foreach ($data as $k => $v) $stmt->bindValue(":$k", $v);
+ $stmt->bindValue(':__id', $id);
+ foreach ($tp as $k => $v) $stmt->bindValue($k, $v);
+ $stmt->execute();
+ $this->respond(['ok' => true, 'kind' => $kind, 'id' => $id, 'updated' => array_keys($data)]);
+ }
+
+ /**
+ * Allgemeine Methode zur Handhabung von DELETE-Anfragen.
+ */
+ private function handleDelete(string $kind): void
+ {
+ $auth = $this->requireAuth();
+ $t = $this->tableMap[$kind];
+ [$idCol, $allCols] = $this->resolveIdCol($kind);
+ $id = $this->pullId($this->in);
+ if ($id === null || $id === '') $this->fail('id required', null, 422);
+
+ [$tw, $tp] = $this->tenantWhere($auth);
+ $sql = "DELETE FROM `$t` WHERE `$idCol` = :__id" . $tw . " LIMIT 1";
+ $stmt = $this->pdo->prepare($sql);
+ $stmt->bindValue(':__id', $id);
+ foreach ($tp as $k => $v) $stmt->bindValue($k, $v);
+ $stmt->execute();
+ $this->respond(['ok' => true, 'kind' => $kind, 'id' => $id, 'deleted' => true]);
+ }
+
+ // =================================================================
+ // 💡 Öffentliche run()-Methode (KORRIGIERT)
+ // =================================================================
+
+ public function run(): void
+ {
+ // 💡 KORREKTUR: Der Content-Type Header wird hier entfernt, da er jetzt in respond()
+ // zentralisiert wurde, um sicherzustellen, dass er auch bei Fehlern im Konstruktor oder
+ // im try-Block korrekt gesetzt wird.
+ // header('Content-Type: application/json; charset=utf-8'); // DIESE ZEILE ENTFERNT
+
+ try {
+ // Extrahiere den Ressourcen-Typ und die Operation (z.B. 'templates' und 'list')
+ [$kind, $operation] = explode('.', $this->action, 2) + [1 => ''];
+
+ switch ($this->action) {
+ case 'health':
+ $this->respond(['ok' => true, 'time' => date('c')]);
+
+ /* ---------- AUTH ---------- */
+ case 'auth.login':
+ $result = $this->authService->login($this->in);
+ $this->respond(['ok' => true] + $result);
+ break;
+ case 'auth.me':
+ if (empty($_SESSION['auth'])) $this->fail('Not authenticated', null, 401);
+ $this->respond(['ok' => true, 'user' => $_SESSION['auth']]);
+ break;
+ case 'auth.logout':
+ $this->authService->logout();
+ $this->respond(['ok' => true]);
+ break;
+
+ /* ---------- CRUD HANDLER ---------- */
+ default:
+ if (in_array($kind, ['templates', 'sections', 'blocks', 'snippets'])) {
+ switch ($operation) {
+ case 'list':
+ $this->handleList($kind);
+ break;
+ case 'get':
+ $this->handleGet($kind);
+ break;
+ case 'create':
+ $this->handleCreate($kind);
+ break;
+ case 'update':
+ $this->handleUpdate($kind);
+ break;
+ case 'delete':
+ $this->handleDelete($kind);
+ break;
+ default:
+ $this->fail('Unknown operation for resource: ' . $this->action, null, 404);
+ break;
+ }
+ } else {
+ $this->fail('Unknown action', $this->action ?: 'missing', 404);
+ }
+ break;
+ }
+ } catch (Throwable $e) {
+ $this->fail('Server error', get_class($e) . ': ' . $e->getMessage(), 500);
+ }
+ }
+}
diff --git a/src/AuthService.php b/src/AuthService.php
new file mode 100644
index 0000000..f0112d4
--- /dev/null
+++ b/src/AuthService.php
@@ -0,0 +1,105 @@
+conf = $conf;
+ $this->pdo = $pdo;
+ }
+
+ // --- Private Utility Methoden ---
+
+ private function fail(string $msg, $detail = null, int $code = 400): void
+ {
+ // Wir müssen hier direkt antworten, da wir das Fail-Verhalten des Kernels benötigen.
+ // Im ApiKernel werden wir die respond/fail-Methoden als public lassen,
+ // um sie hier injizieren zu können, oder wir lassen sie hier im Global Scope
+ // (WENN Sie die ursprünglichen globalen Funktionen respond/fail wieder zulassen).
+ // Für eine saubere Kapselung injizieren wir die Respond-Logik.
+ // HIER verwenden wir eine einfache JSON-Antwort, da die fail-Methode
+ // normalerweise den gesamten Kernel stoppt. Wir nutzen exit.
+
+ http_response_code($code);
+ echo json_encode(['ok'=>false,'error'=>$msg,'detail'=>$detail], JSON_UNESCAPED_UNICODE|JSON_UNESCAPED_SLASHES);
+ exit;
+ }
+
+ private function verifyPassword(string $input, string $stored, array $authDbConf): bool
+ {
+ if (preg_match('~^\$2[aby]\$~', $stored) || strpos($stored, '$argon2') === 0) return password_verify($input, $stored);
+ $legacy = strtolower($authDbConf['legacy'] ?? '');
+ if ($legacy === 'md5') return hash_equals($stored, md5($input));
+ if ($legacy === 'sha1') return hash_equals($stored, sha1($input));
+ if (password_get_info($stored)['algo'] !== 0) return password_verify($input, $stored);
+ return hash_equals($stored, $input);
+ }
+
+ // --- Public Service Methoden ---
+
+ public function requireAuth(): array
+ {
+ if (empty($_SESSION['auth'])) $this->fail('Not authenticated', null, 401);
+ return $_SESSION['auth'];
+ }
+
+ public function logout(): bool
+ {
+ $_SESSION = [];
+ if (session_id() !== '') session_destroy();
+ return true;
+ }
+
+ public function login(array $in): array
+ {
+ $authDb = $this->conf['auth']['db'] ?? [];
+ $colUser = $authDb['col_user'] ?? 'email';
+ $colPass = $authDb['col_pass'] ?? 'password';
+ $colName = $authDb['col_name'] ?? 'name';
+ $colId = $authDb['col_id'] ?? 'id';
+ $colStatus = $authDb['col_status']?? null;
+ $activeValues = $authDb['active_values'] ?? ['active','1',1];
+ $table = $authDb['table'] ?? 'emailtemplate_users';
+
+ $identifier = trim((string)($in['username'] ?? $in['user'] ?? $in['email'] ?? $in['login'] ?? ''));
+ $password = (string)($in['password'] ?? $in['pass'] ?? $in['pwd'] ?? '');
+
+ if ($identifier === '' || $password === '') $this->fail('username/password required', null, 422);
+
+ $stmt = $this->pdo->prepare("SELECT * FROM `$table` WHERE `$colUser` = :u LIMIT 1");
+ $stmt->execute([':u'=>$identifier]);
+ $row = $stmt->fetch();
+
+ if (!$row) $this->fail('Invalid credentials', null, 401);
+
+ if ($colStatus && isset($row[$colStatus])) {
+ if (!in_array($row[$colStatus], $activeValues, true)) {
+ $this->fail('Account inactive', null, 403);
+ }
+ }
+
+ $stored = (string)($row[$colPass] ?? '');
+ if ($stored === '' || !$this->verifyPassword($password, $stored, $authDb)) {
+ $this->fail('Invalid credentials', null, 401);
+ }
+
+ $_SESSION['auth'] = [
+ 'id' => $row[$colId] ?? null,
+ 'name' => $row[$colName] ?? ($row[$colUser] ?? $identifier),
+ 'email' => $row[$colUser] ?? $identifier,
+ 'at' => time(),
+ ];
+
+ $token = base64_encode(hash('sha256', ($_SESSION['auth']['id'] ?? $identifier).'|'.session_id(), true));
+ return ['user'=>$_SESSION['auth'], 'token'=>$token];
+ }
+}