projects/usbcheck.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

index

Browse Source
This commit is contained in:
Lars Gebhardt-Kusche
2025-11-30 23:27:42 +01:00
parent 7af24dbcf4
commit 6ff6879420
1 changed files with 64 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
api/index.php
View File

@@ -3,28 +3,66 @@
declare(strict_types=1);
$apibasedir = $_SERVER['DOCUMENT_ROOT']; // bei dir: /.../projects/usbcheck/staging/api
$apibasedir = $_SERVER['DOCUMENT_ROOT'];
require $apibasedir . '/../config/fileload.php';
// Basis-Header (CORS, JSON)
header('Content-Type: application/json; charset=utf-8');
header('Access-Control-Allow-Origin: *');
/*
|--------------------------------------------------------------------------
| CORS Dynamische Freigabe
|--------------------------------------------------------------------------
| WICHTIG: credentials:true verbietet Access-Control-Allow-Origin: *
| Darum erlauben wir nur explizite Frontend-Domains.
*/
$allowedOrigins = [
'https://staging.usbcheck.it',
'https://usbcheck.it',
'http://localhost', // optional für lokale Entwicklung
];
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
if (in_array($origin, $allowedOrigins, true)) {
// Dynamische Freigabe der erlaubten Domain
header("Access-Control-Allow-Origin: {$origin}");
header("Vary: Origin"); // wichtig gegen Proxy-Caching-Probleme
} else {
// Fallback: Staging-Domain
header("Access-Control-Allow-Origin: https://staging.usbcheck.it");
header("Vary: Origin");
}
// Weitere CORS-Header
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
// JSON Response Header
header('Content-Type: application/json; charset=utf-8');
// OPTIONS Preflight-Anfrage vorzeitig beenden
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(204);
exit;
}
// Pfad aus der URL holen
/*
|--------------------------------------------------------------------------
| Routing vorbereiten
|--------------------------------------------------------------------------
*/
$uri = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH);
$path = rtrim($uri, '/');
if ($path === '') {
$path = '/';
}
// Root-Info (optional)
/*
|--------------------------------------------------------------------------
| Root-Info (optional)
|--------------------------------------------------------------------------
*/
if ($path === '/') {
echo json_encode([
'ok' => true,
@@ -39,10 +77,15 @@ if ($path === '/') {
exit;
}
// Routing nach Bereich
/*
|--------------------------------------------------------------------------
| Versioniertes Routing /v1/*
|--------------------------------------------------------------------------
*/
if (str_starts_with($path, '/v1/')) {
// alles hinter /v1/ in Segmente zerlegen
$rel = substr($path, strlen('/v1/')); // z.B. "browser.quick.test" oder "quickcheck" oder "foo/bar"
$rel = substr($path, strlen('/v1/')); // z.B. "browser.quick.test"
$rel = ltrim($rel, '/');
$segments = $rel === '' ? [] : explode('/', $rel);
@@ -51,12 +94,21 @@ if (str_starts_with($path, '/v1/')) {
exit;
}
/*
|--------------------------------------------------------------------------
| Internal API /internal/*
|--------------------------------------------------------------------------
*/
if (str_starts_with($path, '/internal/')) {
require_once $apibasedir . '/router/router.internal.php';
exit;
}
// Fallback: unbekannter Bereich
/*
|--------------------------------------------------------------------------
| Fallback: Unbekannter Bereich
|--------------------------------------------------------------------------
*/
http_response_code(404);
echo json_encode([
'ok' => false,