Initial Commit
This commit is contained in:
DOMINIK SCHRADER
90
index.php
Normal file
90
index.php
Normal file
@@ -0,0 +1,90 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
error_reporting(E_ALL);
|
||||
ini_set('display_errors', '0');
|
||||
ini_set('log_errors', '1');
|
||||
ini_set('error_log', __DIR__ . '/error.log');
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
|
||||
$uri = $_SERVER['REQUEST_URI'] ?? '/';
|
||||
$path = parse_url($uri, PHP_URL_PATH) ?: '/';
|
||||
|
||||
$allowedOrigins = [
|
||||
'http://127.0.0.1:5500',
|
||||
'http://localhost:5500',
|
||||
'http://127.0.0.1:8000', // falls Frontend auch hier läuft
|
||||
'http://localhost:8000',
|
||||
];
|
||||
|
||||
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
|
||||
if (in_array($origin, $allowedOrigins, true)) {
|
||||
header('Access-Control-Allow-Origin: ' . $origin);
|
||||
header('Vary: Origin');
|
||||
}
|
||||
header('Access-Control-Allow-Credentials: true');
|
||||
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
|
||||
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
|
||||
if ($method === 'OPTIONS') {
|
||||
http_response_code(204);
|
||||
exit();
|
||||
}
|
||||
|
||||
session_set_cookie_params([
|
||||
'lifetime' => 60 * 60 * 8,
|
||||
'path' => '/',
|
||||
'domain' => '',
|
||||
'secure' => false, // in Produktion true + HTTPS
|
||||
'httponly' => true,
|
||||
'samesite' => 'Lax',
|
||||
]);
|
||||
session_start();
|
||||
|
||||
require_once __DIR__ . '/config/database.php';
|
||||
$database = new Database();
|
||||
$db = $database->getConnection();
|
||||
if (!$db) {
|
||||
http_response_code(500);
|
||||
echo json_encode(['message' => 'Datenbankverbindung fehlgeschlagen']);
|
||||
exit();
|
||||
}
|
||||
|
||||
function currentUser(): ?array { return $_SESSION['user'] ?? null; }
|
||||
function isAuthenticated(): bool { return isset($_SESSION['user']); }
|
||||
function requireAuth(): void {
|
||||
if (!isAuthenticated()) { http_response_code(401); echo json_encode(['message'=>'Nicht angemeldet']); exit; }
|
||||
}
|
||||
function requireRole(string $role): void {
|
||||
requireAuth();
|
||||
if (($_SESSION['user']['role'] ?? '') !== $role) {
|
||||
http_response_code(403); echo json_encode(['message'=>'Zugriff verweigert']); exit;
|
||||
}
|
||||
}
|
||||
|
||||
error_log("API Request: $method $path");
|
||||
|
||||
// Auth
|
||||
if ($method === 'POST' && $path === '/api/auth/login') { include __DIR__ . '/api/auth/login.php'; exit; }
|
||||
if ($method === 'POST' && $path === '/api/auth/logout') { include __DIR__ . '/api/auth/logout.php'; exit; }
|
||||
if ($method === 'GET' && $path === '/api/auth/me') { include __DIR__ . '/api/auth/me.php'; exit; }
|
||||
|
||||
// Public
|
||||
if ($method === 'GET' && $path === '/api/kurse') { include __DIR__ . '/api/kurse/get.php'; exit; }
|
||||
if ($method === 'GET' && $path === '/api/betriebe') { include __DIR__ . '/api/betriebe/get.php'; exit; }
|
||||
if ($method === 'POST' && $path === '/api/anmeldung') { include __DIR__ . '/api/anmeldung/create.php'; exit; }
|
||||
|
||||
// Admin-only
|
||||
if ($method === 'GET' && $path === '/api/berichte/teilnehmer-pro-betrieb') {
|
||||
requireRole('admin'); include __DIR__ . '/api/berichte/teilnehmer_betrieb.php'; exit;
|
||||
}
|
||||
if ($method === 'GET' && $path === '/api/berichte/teilnehmer-pro-kurs') {
|
||||
requireRole('admin'); include __DIR__ . '/api/berichte/teilnehmer_kurs.php'; exit;
|
||||
}
|
||||
if ($method === 'GET' && preg_match('#^/api/rechnungen/betrieb/(\d+)$#', $path, $m)) {
|
||||
requireRole('admin'); $_GET['betrieb_id'] = $m[1]; include __DIR__ . '/api/rechnungen/generate.php'; exit;
|
||||
}
|
||||
|
||||
http_response_code(404);
|
||||
echo json_encode(['message' => 'Endpoint nicht gefunden', 'path' => $path, 'method' => $method]);
|
||||
Reference in New Issue
Block a user