99 lines
3.4 KiB
PHP
99 lines
3.4 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
require_once __DIR__ . '/../src/Calco2ApiClient.php';
|
|
|
|
// --- Basic CORS (adjust origin to your site/domain) ---
|
|
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
|
|
$allowedOrigin = preg_match('#^https://(www\.)?your-frontend\.example$#', $origin) ? $origin : '';
|
|
if ($allowedOrigin) {
|
|
header('Access-Control-Allow-Origin: ' . $allowedOrigin);
|
|
header('Vary: Origin');
|
|
header('Access-Control-Allow-Credentials: true');
|
|
}
|
|
header('Access-Control-Allow-Headers: Content-Type');
|
|
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
|
|
|
|
// Handle preflight
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
|
http_response_code(204);
|
|
exit;
|
|
}
|
|
|
|
// --- Rate limit (very simple, per IP). Replace with Redis if needed. ---
|
|
session_start();
|
|
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
|
|
$bucket = $_SESSION['ratelimit'][$ip] ?? ['count' => 0, 'start' => time()];
|
|
if (time() - $bucket['start'] > 60) { // 60-second window
|
|
$bucket = ['count' => 0, 'start' => time()];
|
|
}
|
|
$bucket['count']++;
|
|
$_SESSION['ratelimit'][$ip] = $bucket;
|
|
if ($bucket['count'] > 120) { // 120 requests/min/IP
|
|
http_response_code(429);
|
|
header('Content-Type: application/json');
|
|
echo json_encode(['error' => 'Too Many Requests']);
|
|
exit;
|
|
}
|
|
|
|
// --- Instantiate API client ---
|
|
$base = getenv('CALCO2_API_BASE') ?: 'https://api.calco2la.to';
|
|
$key = getenv('CALCO2_API_KEY') ?: '';
|
|
if (!$key) {
|
|
http_response_code(500);
|
|
header('Content-Type: application/json');
|
|
echo json_encode(['error' => 'Server misconfiguration: missing API key']);
|
|
exit;
|
|
}
|
|
$client = new Calco2ApiClient($base, $key);
|
|
|
|
// --- Whitelist router ---
|
|
$input = json_decode(file_get_contents('php://input') ?: '[]', true) ?: [];
|
|
$endpoint = $_GET['endpoint'] ?? $input['endpoint'] ?? '';
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
try {
|
|
switch ($endpoint) {
|
|
case 'airports.search':
|
|
// GET /?endpoint=airports.search&q=FRA&limit=10
|
|
$q = $_GET['q'] ?? '';
|
|
$limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 20;
|
|
$offset= isset($_GET['offset']) ? (int)$_GET['offset'] : 0;
|
|
$data = $client->searchAirports($q, $limit, $offset);
|
|
echo json_encode($data);
|
|
break;
|
|
|
|
case 'airports.get':
|
|
// GET /?endpoint=airports.get&code=FRA
|
|
$code = $_GET['code'] ?? '';
|
|
if ($code === '') throw new InvalidArgumentException('Missing airport code');
|
|
$data = $client->getAirport($code);
|
|
echo json_encode($data);
|
|
break;
|
|
|
|
case 'flights.estimate':
|
|
// POST with JSON body: { endpoint: "flights.estimate", params: {...} }
|
|
if ($method !== 'POST') throw new RuntimeException('Use POST');
|
|
$params = $input['params'] ?? [];
|
|
$data = $client->flightEstimate($params);
|
|
echo json_encode($data);
|
|
break;
|
|
|
|
case 'flights.get':
|
|
// GET /?endpoint=flights.get&id=abc123
|
|
$id = $_GET['id'] ?? '';
|
|
if ($id === '') throw new InvalidArgumentException('Missing flight id');
|
|
$data = $client->getFlightById($id);
|
|
echo json_encode($data);
|
|
break;
|
|
|
|
default:
|
|
http_response_code(404);
|
|
echo json_encode(['error' => 'Unknown or unsupported endpoint']);
|
|
}
|
|
} catch (Throwable $e) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => $e->getMessage()]);
|
|
}
|