Garoshi/Streamer-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9dd1f919949f21a8ba74e190961df10ffe650d49
Streamer-app/api/db.php
Vlastislav Svatek 153c83f7fa first commit
2026-04-26 02:23:11 +02:00

129 lines
4.1 KiB
PHP
Raw Blame History

<?php
// ============================================================
// api/db.php — shared PDO connection + helpers
// ============================================================
require_once __DIR__ . '/../config.php';
// Ensure PHP errors never output HTML into JSON responses
ini_set('display_errors', '0');
ini_set('display_startup_errors', '0');
error_reporting(E_ALL);
// Convert PHP errors to exceptions so they get caught properly
set_error_handler(function(int $errno, string $errstr, string $errfile, int $errline): bool {
throw new ErrorException($errstr, 0, $errno, $errfile, $errline);
});
// Catch fatal errors and return JSON
register_shutdown_function(function(): void {
$err = error_get_last();
if ($err && in_array($err['type'], [E_ERROR, E_PARSE, E_CORE_ERROR, E_COMPILE_ERROR])) {
if (!headers_sent()) {
http_response_code(500);
header('Content-Type: application/json; charset=utf-8');
}
echo json_encode(['error' => 'Internal server error', 'detail' => $err['message']]);
}
});
// Start session once, safely
// For OAuth flows (cross-site redirect), SameSite must be Lax (not Strict)
function start_session(): void {
if (session_status() === PHP_SESSION_NONE) {
$is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
|| (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
|| (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443);
session_set_cookie_params([
'lifetime' => 86400,
'path' => '/',
'secure' => $is_https,
'httponly' => true,
'samesite' => 'Lax', // Lax allows cookie on redirect from OAuth provider
]);
session_start();
}
}
function db(): PDO {
static $pdo = null;
if ($pdo === null) {
$dsn = sprintf(
'pgsql:host=%s;port=%s;dbname=%s',
DB_HOST, DB_PORT, DB_NAME
);
$pdo = new PDO($dsn, DB_USER, DB_PASS, [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
]);
}
return $pdo;
}
function json_out(mixed $data, int $status = 200): never {
http_response_code($status);
header('Content-Type: application/json; charset=utf-8');
echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
exit;
}
function json_error(string $msg, int $status = 400): never {
json_out(['error' => $msg], $status);
}
function cors(): void {
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
// credentials:include requires explicit origin, not wildcard
if ($origin !== '') {
header('Access-Control-Allow-Origin: ' . $origin);
} else {
header('Access-Control-Allow-Origin: *');
}
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');
header('Access-Control-Allow-Credentials: true');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(204);
exit;
}
}
function require_admin(): void {
start_session();
if (empty($_SESSION['is_admin'])) {
json_error('Unauthorized', 401);
}
}
function is_moderator(): bool {
start_session();
if (!empty($_SESSION['is_admin'])) return true;
$user = $_SESSION['oauth_user'] ?? null;
if (!$user) return false;
$stmt = db()->prepare("
SELECT 1 FROM moderators m
JOIN users u ON u.id = m.user_id
WHERE m.user_id = :uid AND (u.banned IS NULL OR u.banned = false)
");
$stmt->execute([':uid' => $user['id']]);
return (bool)$stmt->fetchColumn();
}
function require_mod(): void {
if (!is_moderator()) {
json_error('Unauthorized — moderator access required', 401);
}
}
function body(): array {
$raw = file_get_contents('php://input');
return json_decode($raw, true) ?? [];
}
function sanitize_name(string $name): string {
return strtolower(preg_replace('/[^a-zA-Z0-9_]/', '', trim($name)));
}
Reference in New Issue View Git Blame Copy Permalink