projects/usbcheck.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

api

Browse Source
This commit is contained in:
Lars Gebhardt-Kusche
2025-11-30 02:51:15 +01:00
parent 3ebfb8c7f6
commit 2fb5093c7f
9 changed files with 217 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
api/.htaccess Normal file
View File

@@ -0,0 +1,28 @@
RewriteEngine On
# --------------------------------------------------------------
# 1) Direkter Aufruf von PHP-Dateien verhindern und auf index.php routen
# Beispiel:
# /v1/browser.quick.test.php -> /index.php (mit REQUEST_URI erhalten)
# --------------------------------------------------------------
RewriteCond %{REQUEST_URI} !/index\.php$
RewriteRule ^(.+)\.php$ /index.php [QSA,L]
# --------------------------------------------------------------
# 2) Echte Dateien (JSON, JS, CSS, Bilder etc.) normal ausliefern
# --------------------------------------------------------------
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]
# --------------------------------------------------------------
# 3) Echte Verzeichnisse normal ausliefern
# --------------------------------------------------------------
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# --------------------------------------------------------------
# 4) Alles andere durch index.php routen
# Beispiel:
# /v1/quickcheck -> index.php
# --------------------------------------------------------------
RewriteRule ^ /index.php [QSA,L]

59
api/index.php
View File

@@ -1,49 +1,58 @@
<?php
// api/index.php
// /api/index.php
// Optional: zentrale Config laden (wenn du magst)
// require __DIR__ . '/../config/fileload.php';
declare(strict_types=1);
require __DIR__ . '/../config/fileload.php';
// Basis-Header (CORS, JSON)
header('Content-Type: application/json; charset=utf-8');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(204);
exit;
}
// Pfad aus der URL holen, z.B. /quickcheck?...
// Pfad aus der URL holen
$uri = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH);
$path = rtrim($uri, '/');
if ($path === '') {
$path = '/';
}
// Routing
switch ($path) {
case '/quickcheck':
require __DIR__ . '/target/quickcheck.php';
$result = quickcheck_handle_request();
echo json_encode($result, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
break;
case '/browser.quick.test':
require __DIR__ . '/target/browser.quick.test.php';
$result = browser_quick_test_handle_request();
echo json_encode($result, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
break;
default:
http_response_code(404);
// Root-Info (optional)
if ($path === '/') {
echo json_encode([
'success' => false,
'error' => 'Unknown endpoint',
'path' => $path,
'ok' => true,
'service' => 'usbcheck-api',
'version' => 1,
'endpoints' => [
'/v1/quickcheck',
'/v1/browser.quick.test',
'/internal/* (geschützt)',
],
], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
break;
exit;
}
// Routing nach Bereich
if (str_starts_with($path, '/v1/')) {
require __DIR__ . '/router.v1.php';
exit;
}
if (str_starts_with($path, '/internal/')) {
require __DIR__ . '/router.internal.php';
exit;
}
// Fallback: unbekannter Bereich
http_response_code(404);
echo json_encode([
'ok' => false,
'error' => 'Unknown API area',
'path' => $path,
], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);

100
api/router.internal.php Normal file
View File

@@ -0,0 +1,100 @@
<?php
// /api/router.internal.php
declare(strict_types=1);
// *** SICHERHEIT ***
// → Unbedingt User/Pass ändern oder später auf Token/IP-Restriktion umstellen
$validUser = 'usbcheck-internal';
$validPass = 'SwejaFynja050223!';
// Basic-Auth prüfen
if (
!isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) ||
$_SERVER['PHP_AUTH_USER'] !== $validUser ||
$_SERVER['PHP_AUTH_PW'] !== $validPass
) {
header('WWW-Authenticate: Basic realm="USBCheck Internal API"');
http_response_code(401);
echo json_encode([
'ok' => false,
'error' => 'Authentication required',
]);
exit;
}
// Pfad erneut bestimmen
$uri = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH);
$path = rtrim($uri, '/');
// DB einbinden (für interne Tools brauchen wir oft DB)
require $_SERVER['DOCUMENT_ROOT'] . '/../config/db.php';
// interne Routen
switch ($path) {
// Beispiel: Aggregierte Stats
case '/internal/stats.overview':
internal_stats_overview($pdo);
break;
// Beispiel: Wartung / Cleanup
case '/internal/maintenance.cleanup-tests':
internal_cleanup_tests($pdo);
break;
default:
http_response_code(404);
echo json_encode([
'ok' => false,
'error' => 'Unknown internal endpoint',
'path' => $path,
], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
break;
}
/**
* Beispiel: einfache Übersicht für Admin-Dashboard
*/
function internal_stats_overview(PDO $pdo): void
{
// alles nur Beispiel du kannst die Queries anpassen
$totalQuicktests = (int)$pdo->query("SELECT COUNT(*) FROM web_quicktests")->fetchColumn();
$lastTestsStmt = $pdo->query("
SELECT id, created_at, ip_address, measured_capacity_bytes
FROM web_quicktests
ORDER BY created_at DESC
LIMIT 10
");
$lastTests = $lastTestsStmt ? $lastTestsStmt->fetchAll(PDO::FETCH_ASSOC) : [];
echo json_encode([
'ok' => true,
'stats' => [
'total_quicktests' => $totalQuicktests,
'last_quicktests' => $lastTests,
],
], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
}
/**
* Beispiel: alte Tests aufräumen (z.B. älter als 90 Tage)
*/
function internal_cleanup_tests(PDO $pdo): void
{
// je nach Schema musst du Feldnamen anpassen hier: created_at
$stmt = $pdo->prepare("
DELETE FROM web_quicktests
WHERE created_at < (NOW() - INTERVAL 90 DAY)
");
$stmt->execute();
$deleted = $stmt->rowCount();
echo json_encode([
'ok' => true,
'deleted' => $deleted,
'note' => 'Tests älter als 90 Tage wurden entfernt (Beispiel-Implementierung).',
], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
}

43
api/router.v1.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
// /api/router.v1.php
declare(strict_types=1);
// Pfad erneut auslesen
$uri = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH);
$path = rtrim($uri, '/');
// Namespace v1
switch ($path) {
case '/v1/quickcheck':
require __DIR__ . '/v1/target/quickcheck.php'; // dein bestehendes File
if (!function_exists('quickcheck_handle_request')) {
http_response_code(500);
echo json_encode(['ok' => false, 'error' => 'Handler quickcheck_handle_request not found']);
exit;
}
$result = quickcheck_handle_request();
echo json_encode($result, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
break;
case '/v1/browser.quick.test':
require __DIR__ . '/v1/result/browser.quick.test.php';
if (!function_exists('browser_quick_test_handle_request')) {
http_response_code(500);
echo json_encode(['ok' => false, 'error' => 'Handler browser_quick_test_handle_request not found']);
exit;
}
browser_quick_test_handle_request();
break;
default:
http_response_code(404);
echo json_encode([
'ok' => false,
'error' => 'Unknown v1 endpoint',
'path' => $path,
], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
break;
}

11
api/target/.htaccess
View File

@@ -1,11 +0,0 @@
# api/target/.htaccess
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>

155
api/target/browser.quick.test.php
View File

@@ -1,155 +0,0 @@
<?php
// /api/target/browser.quick.test.php
declare(strict_types=1);
function browser_quick_test_handle_request(): array
{
// 1. JSON einlesen
$raw = file_get_contents('php://input');
$data = json_decode($raw, true);
if (!is_array($data)) {
http_response_code(400);
return [
'ok' => false,
'error' => 'Invalid JSON payload',
];
}
// 2. Session / User
// (falls index.php evtl. schon session_start() macht, ist das idempotent)
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
$userId = $_SESSION['user_id'] ?? null;
$isLoggedIn = $userId ? 1 : 0;
$sessionId = session_id() ?: null;
$ipAddress = $_SERVER['REMOTE_ADDR'] ?? null;
$userAgent = $_SERVER['HTTP_USER_AGENT'] ?? null;
// 3. DB-Verbindung
// Dokumentroot der API-Subdomain zeigt auf /api,
// config liegt ein Level darüber: /config/db.php
require $_SERVER['DOCUMENT_ROOT'] . '/../config/db.php'; // $pdo
if ($pdo instanceof PDO) {
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
// 4. Werte aus dem Report aggregieren (minimal)
$measuredBytes = 0;
if (!empty($data['quick']) && is_array($data['quick'])) {
$measuredBytes += (int)($data['quick']['size_bytes'] ?? 0);
}
if (!empty($data['benchmark']) && is_array($data['benchmark'])) {
$measuredBytes += (int)($data['benchmark']['size_bytes'] ?? 0);
}
if (!empty($data['writeverify']) && is_array($data['writeverify'])) {
$measuredBytes += (int)($data['writeverify']['total_bytes'] ?? 0);
}
// Browser/OS & Stick-Infos erstmal noch leer, später aus meta/parsing füllen
$browserName = null;
$browserVersion = null;
$osName = null;
$osVersion = null;
$volumeLabel = null;
$manufacturer = null;
$modelName = null;
$usbType = null;
$filesystem = null;
$advCapacityBytes = null;
$capacityStatus = 'unknown';
// Kompletten Report als JSON-String speichern
$testReportJson = $raw;
try {
$sql = "
INSERT INTO web_quicktests (
user_id,
is_logged_in,
usb_device_id,
browser_name,
browser_version,
os_name,
os_version,
volume_label,
manufacturer,
model_name,
usb_type,
advertised_capacity_bytes,
measured_capacity_bytes,
capacity_status,
filesystem,
test_report_json,
ip_address,
session_id
) VALUES (
:user_id,
:is_logged_in,
:usb_device_id,
:browser_name,
:browser_version,
:os_name,
:os_version,
:volume_label,
:manufacturer,
:model_name,
:usb_type,
:adv_capacity,
:measured_capacity,
:capacity_status,
:filesystem,
:test_report_json,
:ip_address,
:session_id
)
";
$stmt = $pdo->prepare($sql);
$ok = $stmt->execute([
'user_id' => $userId,
'is_logged_in' => $isLoggedIn,
'usb_device_id' => null,
'browser_name' => $browserName,
'browser_version' => $browserVersion,
'os_name' => $osName,
'os_version' => $osVersion,
'volume_label' => $volumeLabel,
'manufacturer' => $manufacturer,
'model_name' => $modelName,
'usb_type' => $usbType,
'adv_capacity' => $advCapacityBytes,
'measured_capacity' => $measuredBytes ?: null,
'capacity_status' => $capacityStatus,
'filesystem' => $filesystem,
'test_report_json' => $testReportJson,
'ip_address' => $ipAddress,
'session_id' => $sessionId,
]);
if (!$ok) {
$info = $stmt->errorInfo();
throw new RuntimeException($info[2] ?? 'Unknown DB error during insert');
}
return [
'ok' => true,
'id' => (int)$pdo->lastInsertId(),
];
} catch (Throwable $e) {
http_response_code(500);
return [
'ok' => false,
'error' => 'DB error: ' . $e->getMessage(),
];
}
}

14
api/result/browser-quick-test.php → api/v1/result/browser.quick.test.php
View File

@@ -1,12 +1,12 @@
<?php
// /public/api/result/browser-quick-test.php
// /api/v1/browser.quick.test.php
declare(strict_types=1);
session_start();
// DB einbinden bitte Pfad an DEINE Struktur anpassen!
require $_SERVER['DOCUMENT_ROOT']. '/../config/fileload.php'; // z.B. stellt $pdo (PDO) bereit
// DB einbinden Pfad abhängig von deinem Setup, aktuell:
require $_SERVER['DOCUMENT_ROOT']. '/../config/db.php'; // stellt $pdo (PDO) bereit
header('Content-Type: application/json; charset=utf-8');
@@ -37,19 +37,18 @@ $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? null;
// ---------------------------------------------------------------------
// 3. Grobe Auswertung aus dem Report (optional)
// → vorerst alles im JSON speichern, Felder in web_quicktests eher neutral lassen
// ---------------------------------------------------------------------
$modeRequested = $data['mode_requested'] ?? 'unknown';
$meta = $data['meta'] ?? [];
// Hier könntest du später Browser/OS parsen
// Browser/OS-Parsing kannst du später ergänzen
$browserName = null;
$browserVersion = null;
$osName = null;
$osVersion = null;
// Beispiel: Gesamtmenge geschriebener/verifizierter Bytes aggregieren
// Gesamtmenge geschriebener/verifizierter Bytes aggregieren
$measuredBytes = 0;
if (!empty($data['quick']) && is_array($data['quick'])) {
@@ -65,8 +64,7 @@ if (!empty($data['writeverify']) && is_array($data['writeverify'])) {
// Kapazitätsstatus vorerst neutral
$capacityStatus = 'unknown';
// Volume-/Stick-Daten hast du aktuell im Browser noch nicht separat,
// darum bleiben diese Felder (erstmal) NULL:
// Volume-/Stick-Daten aktuell noch nicht separat:
$volumeLabel = null;
$manufacturer = null;
$modelName = null;

2
api/target/quickcheck.php → api/v1/target/quickcheck.php
View File

@@ -1,5 +1,5 @@
<?php
// api/target/quickcheck.php
// api/v1/quickcheck.php
/**
* Diese Funktion wird von api/index.php aufgerufen.

4
public/assets/js/fakecheck/fakecheck.browser.js
View File

@@ -888,8 +888,8 @@
// apiBase kommt aus fakecheck.core.js (detectApiBase)
const apiBase = (cfg && cfg.apiBase) ? cfg.apiBase : "";
const base = apiBase.replace(/\/+$/, "");
// Fallback: falls apiBase aus irgendeinem Grund leer ist, lokal auf /api routen
const url = base ? (base + "/browser.quick.test") : "/api/browser.quick.test";
// v1-Endpunkt
const url = base ? (base + "/v1/browser.quick.test") : "/api/v1/browser.quick.test";
try {
const response = await fetch(url, {