-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapi.php
More file actions
117 lines (96 loc) · 3.92 KB
/
api.php
File metadata and controls
117 lines (96 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
// Version: 1.1.6
// Last Updated: 2026-03-27
// api.php
require_once 'db.php';
header('Content-Type: application/json');
// --- Configuration ---
// Generate a strong string here (e.g., openssl rand -hex 32)
// CloudBot will need to send this in the header or POST body to submit quotes.
$apiKey = 'CHANGEMEEEEEEEEEEEEEEEEEEEEEEEE';
$db = DB::getInstance();
$method = $_SERVER['REQUEST_METHOD'];
$action = $_GET['action'] ?? '';
// ============================================================================
// 1. PUBLIC GET REQUESTS (Read-Only)
// ============================================================================
if ($method === 'GET') {
// Fetch a random approved quote (Usage: !hqdb)
if ($action === 'random') {
$stmt = $db->prepare("SELECT id, quote_text, score FROM quotes WHERE status = 'approved' ORDER BY RANDOM() LIMIT 1");
$stmt->execute();
$quote = $stmt->fetch();
if ($quote) {
echo json_encode(['success' => true, 'data' => $quote]);
} else {
http_response_code(404);
echo json_encode(['success' => false, 'error' => 'Database empty.']);
}
exit;
}
// Fetch a specific quote by ID (Usage: !hqdb 123)
if ($action === 'get') {
$id = (int)($_GET['id'] ?? 0);
$stmt = $db->prepare("SELECT id, quote_text, score FROM quotes WHERE id = :id AND status = 'approved'");
$stmt->execute([':id' => $id]);
$quote = $stmt->fetch();
if ($quote) {
echo json_encode(['success' => true, 'data' => $quote]);
} else {
http_response_code(404);
echo json_encode(['success' => false, 'error' => 'Quote not found.']);
}
exit;
}
http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Invalid GET action.']);
exit;
}
// ============================================================================
// 2. AUTHENTICATED POST REQUESTS (Write)
// ============================================================================
if ($method === 'POST') {
// Check for the API Key in the headers or POST body
$providedKey = $_SERVER['HTTP_X_API_KEY'] ?? $_POST['api_key'] ?? '';
// Use hash_equals to prevent timing attacks
if (!hash_equals($apiKey, $providedKey)) {
http_response_code(401);
echo json_encode(['success' => false, 'error' => 'Unauthorized. Invalid API key.']);
exit;
}
// Submit a new quote to the moderation queue (Usage: !hqdb add <text>)
if ($action === 'add') {
$quoteText = trim($_POST['quote_text'] ?? '');
$ipAddress = $_SERVER['REMOTE_ADDR']; // This will be the server IP where CloudBot runs
if (empty($quoteText)) {
http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Payload cannot be null.']);
exit;
}
try {
$db->beginTransaction();
// Bypass standard flood control for API submissions, insert directly to pending
$stmt = $db->prepare("INSERT INTO quotes (quote_text, submitted_by_ip) VALUES (:text, :ip)");
$stmt->execute([':text' => $quoteText, ':ip' => $ipAddress]);
$newId = $db->lastInsertId();
$db->commit();
echo json_encode([
'success' => true,
'message' => 'Quote transmitted to buffer.',
'id' => $newId
]);
} catch (Exception $e) {
$db->rollBack();
http_response_code(500);
echo json_encode(['success' => false, 'error' => 'Database fault.']);
}
exit;
}
http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Invalid POST action.']);
exit;
}
// Default fallback
http_response_code(405);
echo json_encode(['success' => false, 'error' => 'Method Not Allowed.']);
exit;