60 * 60 * 8, 'path' => '/', 'domain' => '', 'secure' => false, // in Produktion true + HTTPS 'httponly' => true, 'samesite' => 'Lax', ]); session_start(); require_once __DIR__ . '/config/database.php'; $database = new Database(); $db = $database->getConnection(); if (!$db) { http_response_code(500); echo json_encode(['message' => 'Datenbankverbindung fehlgeschlagen']); exit(); } function currentUser(): ?array { return $_SESSION['user'] ?? null; } function isAuthenticated(): bool { return isset($_SESSION['user']); } function requireAuth(): void { if (!isAuthenticated()) { http_response_code(401); echo json_encode(['message'=>'Nicht angemeldet']); exit; } } function requireRole(string $role): void { requireAuth(); if (($_SESSION['user']['role'] ?? '') !== $role) { http_response_code(403); echo json_encode(['message'=>'Zugriff verweigert']); exit; } } error_log("API Request: $method $path"); // Auth if ($method === 'POST' && $path === '/api/auth/login') { include __DIR__ . '/api/auth/login.php'; exit; } if ($method === 'POST' && $path === '/api/auth/logout') { include __DIR__ . '/api/auth/logout.php'; exit; } if ($method === 'GET' && $path === '/api/auth/me') { include __DIR__ . '/api/auth/me.php'; exit; } // Public if ($method === 'GET' && $path === '/api/kurse') { include __DIR__ . '/api/kurse/get.php'; exit; } if ($method === 'GET' && $path === '/api/betriebe') { include __DIR__ . '/api/betriebe/get.php'; exit; } if ($method === 'POST' && $path === '/api/anmeldung') { include __DIR__ . '/api/anmeldung/create.php'; exit; } // Admin-only if ($method === 'GET' && $path === '/api/berichte/teilnehmer-pro-betrieb') { requireRole('admin'); include __DIR__ . '/api/berichte/teilnehmer_betrieb.php'; exit; } if ($method === 'GET' && $path === '/api/berichte/teilnehmer-pro-kurs') { requireRole('admin'); include __DIR__ . '/api/berichte/teilnehmer_kurs.php'; exit; } if ($method === 'GET' && preg_match('#^/api/rechnungen/betrieb/(\d+)$#', $path, $m)) { requireRole('admin'); $_GET['betrieb_id'] = $m[1]; include __DIR__ . '/api/rechnungen/generate.php'; exit; } http_response_code(404); echo json_encode(['message' => 'Endpoint nicht gefunden', 'path' => $path, 'method' => $method]);