94 lines
3.2 KiB
PHP
94 lines
3.2 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
require_once __DIR__ . '/../src/Calco2latoApiClient.php';
|
|
|
|
// --- Basic CORS (adjust origin to your site/domain) ---
|
|
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
|
|
$allowedOrigin = preg_match('#^https://(www\.)?your-frontend\.example$#', $origin) ? $origin : '';
|
|
if ($allowedOrigin) {
|
|
header('Access-Control-Allow-Origin: ' . $allowedOrigin);
|
|
header('Vary: Origin');
|
|
header('Access-Control-Allow-Credentials: true');
|
|
}
|
|
header('Access-Control-Allow-Headers: Content-Type');
|
|
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
|
|
|
|
// Handle preflight
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
|
http_response_code(204);
|
|
exit;
|
|
}
|
|
|
|
// --- Rate limit (very simple, per IP). Replace with Redis if needed. ---
|
|
session_start();
|
|
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
|
|
$bucket = $_SESSION['ratelimit'][$ip] ?? ['count' => 0, 'start' => time()];
|
|
if (time() - $bucket['start'] > 60) { // 60-second window
|
|
$bucket = ['count' => 0, 'start' => time()];
|
|
}
|
|
$bucket['count']++;
|
|
$_SESSION['ratelimit'][$ip] = $bucket;
|
|
if ($bucket['count'] > 120) { // 120 requests/min/IP
|
|
http_response_code(429);
|
|
header('Content-Type: application/json');
|
|
echo json_encode(['error' => 'Too Many Requests']);
|
|
exit;
|
|
}
|
|
|
|
// --- read .env file with CALCO2LATO_API_BASE and CALCO2LATO_API_KEY
|
|
$env = file_get_contents(__DIR__."/../src/.env");
|
|
$lines = explode("\n",$env);
|
|
|
|
foreach($lines as $line){
|
|
preg_match("/([^#]+)\=(.*)/",$line,$matches);
|
|
if(isset($matches[2])){ putenv(trim($line)); }
|
|
}
|
|
|
|
// --- Read config ---
|
|
$base = getenv('CALCO2LATO_API_BASE') ?: 'https://api.calco2la.to';
|
|
$key = getenv('CALCO2LATO_API_KEY') ?: '';
|
|
if (!$key) {
|
|
http_response_code(500);
|
|
header('Content-Type: application/json');
|
|
echo json_encode(['error' => 'Server misconfiguration: missing API key']);
|
|
exit;
|
|
}
|
|
|
|
// --- Instantiate API client ---
|
|
$client = new Calco2latoApiClient($base, $key);
|
|
|
|
// --- Whitelist router ---
|
|
$input = json_decode(file_get_contents('php://input') ?: '[]', true) ?: [];
|
|
$endpoint = $_GET['endpoint'] ?? $input['endpoint'] ?? '';
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
try {
|
|
switch ($endpoint) {
|
|
case 'airports.search':
|
|
// GET /?endpoint=airports.search&q=FRA&per_page=10
|
|
$q = $_GET['q'] ?? '';
|
|
$per_page = isset($_GET['per_page']) ? (int)$_GET['per_page'] : 20;
|
|
$page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
|
|
$data = $client->searchAirports($q, $per_page, $page);
|
|
echo json_encode($data);
|
|
break;
|
|
|
|
case 'flights.estimate':
|
|
// POST with JSON body: { endpoint: "flights.estimate", params: {...} }
|
|
if ($method !== 'POST') throw new RuntimeException('Use POST');
|
|
$params = $input['params'] ?? [];
|
|
$data = $client->flightEstimate($params);
|
|
echo json_encode($data);
|
|
break;
|
|
|
|
default:
|
|
http_response_code(404);
|
|
echo json_encode(['error' => 'Unknown or unsupported endpoint']);
|
|
}
|
|
} catch (Throwable $e) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => $e->getMessage()]);
|
|
}
|