public-note/api.php at main · YusufEren97/public-note · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
/**
 * Public Note API
 *
 * GET ?id=<hash> - Retrieve encrypted note
 * POST { id, content } - Save encrypted note
 */

header('Content-Type: application/json; charset=utf-8');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit;
}

$notesDir = __DIR__ . '/notes';

if (!is_dir($notesDir)) {
    mkdir($notesDir, 0755, true);
}

function isValidHash($hash)
{
    return preg_match('/^[a-f0-9]{64}$/i', $hash);
}

if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $id = $_GET['id'] ?? '';

    if (empty($id)) {
        echo json_encode(['success' => false, 'error' => 'ID required']);
        exit;
    }

    if (!isValidHash($id)) {
        echo json_encode(['success' => false, 'error' => 'Invalid ID format']);
        exit;
    }

    $filePath = $notesDir . '/' . $id . '.json';

    if (file_exists($filePath)) {
        $data = json_decode(file_get_contents($filePath), true);
        echo json_encode([
            'success' => true,
            'content' => $data['content'] ?? ''
        ]);
    }
    else {
        echo json_encode([
            'success' => true,
            'content' => null
        ]);
    }
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $input = json_decode(file_get_contents('php://input'), true);

    $id = $input['id'] ?? '';
    $content = $input['content'] ?? '';

    if (empty($id)) {
        echo json_encode(['success' => false, 'error' => 'ID required']);
        exit;
    }

    if (!isValidHash($id)) {
        echo json_encode(['success' => false, 'error' => 'Invalid ID format']);
        exit;
    }

    $filePath = $notesDir . '/' . $id . '.json';

    $data = [
        'content' => $content,
        'updated' => date('Y-m-d H:i:s')
    ];

    if (file_put_contents($filePath, json_encode($data, JSON_PRETTY_PRINT), LOCK_EX)) {
        echo json_encode(['success' => true]);
    }
    else {
        echo json_encode(['success' => false, 'error' => 'Save failed']);
    }
    exit;
}

http_response_code(405);
echo json_encode(['success' => false, 'error' => 'Method not allowed']);