From 171c957c40172a994189cdc1824421b3a9bd379b Mon Sep 17 00:00:00 2001 From: Joe Carstairs Date: Thu, 4 Jun 2026 15:14:25 +0100 Subject: [PATCH] http: adds php api routes under do/ --- example.env | 10 ++- http/php/config.php | 19 ++++++ http/public/do/send_email.php | 124 ++++++++++++++++++++++++++++++++++ http/public/do/send_otp.php | 104 ++++++++++++++++++++++++++++ http/public/do/verify_otp.php | 63 +++++++++++++++++ 5 files changed, 319 insertions(+), 1 deletion(-) mode change 100755 => 100644 example.env create mode 100644 http/public/do/send_email.php create mode 100644 http/public/do/send_otp.php create mode 100644 http/public/do/verify_otp.php diff --git a/example.env b/example.env old mode 100755 new mode 100644 index d4fab80..5fa480e --- a/example.env +++ b/example.env @@ -3,9 +3,17 @@ LOCAL_SMTP_USER= # The envelope-from used by the local SMTP server -# Recommended to be the same as REMOTE_SMTP_USER, else the remote may reject it +# Theoretically should be "LOCAL_SMTP_FROM_NAME ", but in +# practice this seems to cause bugs, while setting it to LOCAL_SMTP_FROM works LOCAL_SMTP_ENVELOPE_FROM= +# The from address used by the local SMTP server +# Recommended to be the same as REMOTE_SMTP_USER, else the remote may reject it +LOCAL_SMTP_FROM= + +# The from name used by the local SMTP server +LOCAL_SMTP_FROM_NAME= + # The host of the remote SMTP server, e.g. smtp.gmail.com REMOTE_SMTP_HOST= diff --git a/http/php/config.php b/http/php/config.php index 9fee39a..a83b493 100644 --- a/http/php/config.php +++ b/http/php/config.php @@ -1,5 +1,24 @@ sent you a message:\n\n\n$message", +); +Db\recordSentEmail($db, $messageId); +syslog(LOG_INFO, "Sent an email to Joe. Message ID: $messageId"); + +http_response_code(200); +echo $messageId; +exit(); + +/// functions /// + +function verifyToken(PDO $db, string $userId, string $token) +{ + if (!Db\isTokenValid($db, $userId, $token)) { + http_response_code(400); + echo "token is not valid"; + exit(); + } +} + +function limitMaxDailyEmails(PDO $db) +{ + $countEmailsSentLast24Hours = Db\countEmailsSentLast24Hours($db); + if ($countEmailsSentLast24Hours > Config\maxDailyEmails()) { + $msg = + "$countEmailsSentLast24Hours emails have been sent in the last 24 hours, but the max daily load is " . + Config\maxDailyEmails() . + "."; + syslog(LOG_WARNING, $msg); + http_response_code(500); + echo $msg; + exit(); + } +} + +function getNameFromPayloadAndValidate(array $payload): string +{ + $name = (string) $payload["name"]; + if (is_null($name) || $name == "") { + http_response_code(400); + echo "name must not be empty"; + exit(); + } + return $name; +} + +function getEmailFromPayloadAndValidate(array $payload): string +{ + $email = (string) $payload["email"]; + if (is_null($email) || $email == "") { + http_response_code(400); + echo "email must not be empty"; + exit(); + } + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + http_response_code(400); + echo "<$email> is not a valid email address."; + exit(); + } + return $email; +} + +function getMessageFromPayloadAndValidate(array $payload): string +{ + $message = (string) $payload["message"]; + if (is_null($message) || $message == "") { + http_response_code(400); + echo "message must not be empty"; + exit(); + } + return $message; +} + +function getTokenFromPayloadAndValidate(array $payload): string +{ + $token = (string) $payload["token"]; + if (is_null($token) || $token == "") { + http_response_code(400); + echo "token must not be empty"; + exit(); + } + return $token; +} + +function getUserIdFromPayloadAndValidate(array $payload): string +{ + $userId = (string) $payload["userId"]; + if (is_null($userId) || $userId == "") { + http_response_code(400); + echo "userId must not be empty"; + exit(); + } + return $userId; +} diff --git a/http/public/do/send_otp.php b/http/public/do/send_otp.php new file mode 100644 index 0000000..5ca4d85 --- /dev/null +++ b/http/public/do/send_otp.php @@ -0,0 +1,104 @@ + Config\maxDailyEmails()) { + $msg = + "$name <$email> requested an OTP email, but $countEmailsSentLast24Hours emails have already been sent, whereas the max daily load is " . + Config\maxDailyEmails() . + "."; + syslog(LOG_WARNING, $msg); + http_response_code(500); + echo $msg; + exit(); + } +} + +function getNameFromPayloadAndValidate(array $payload): string +{ + $name = (string) $payload["name"]; + if (is_null($name) || $name == "") { + http_response_code(400); + echo "name must not be empty"; + exit(); + } + return $name; +} + +function getEmailFromPayloadAndValidate(array $payload): string +{ + $email = (string) $payload["email"]; + if (is_null($email) || $email == "") { + http_response_code(400); + echo "email must not be empty"; + exit(); + } + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + http_response_code(400); + echo "<$email> is not a valid email address."; + exit(); + } + return $email; +} + +function getTypeFromPayloadAndValidate(array $payload): string +{ + $type = (string) $payload["type"]; + if (!in_array($type, SEND_OTP_TYPES)) { + http_response_code(400); + echo "type must be one of: " . SEND_OTP_TYPES; + exit(); + } + return $type; +} diff --git a/http/public/do/verify_otp.php b/http/public/do/verify_otp.php new file mode 100644 index 0000000..7f86858 --- /dev/null +++ b/http/public/do/verify_otp.php @@ -0,0 +1,63 @@ +