digidoc/api.php

<?php

session_start();

$listeDomaines = '../../domaines-autorises.txt';
if (isset($_SESSION['domainesAutorises']) || file_exists($listeDomaines)) {
	if (isset($_SESSION['domainesAutorises']) && $_SESSION['domainesAutorises'] !== '') {
		$domainesAutorises = $_SESSION['domainesAutorises'];
	} else if (file_exists($listeDomaines)) {
		$domainesAutorises = file_get_contents($listeDomaines);
		$_SESSION['domainesAutorises'] = $domainesAutorises;
	}
	$domainesAutorises = explode(',', $domainesAutorises);
	$origine = $_SERVER['SERVER_NAME'];
	if (in_array($origine, $domainesAutorises, true)) {
		header('Access-Control-Allow-Origin: $origine');
		header('Access-Control-Allow-Methods: POST');
		header('Access-Control-Max-Age: 1000');
		header('Access-Control-Allow-Headers: Content-Type, X-Requested-With');
	} else {
		echo 'erreur';
		exit();
	}
} else {
	echo 'erreur';
	exit();
}

$_POST = json_decode(file_get_contents('php://input'), true);

if (!empty($_POST['token']) && !empty($_POST['lien'])) {
	$token = $_POST['token'];
	$domaine = $_SERVER['SERVER_NAME'];
	$lien = $_POST['lien'];
	$donnees = array(
		'token' => $token,
		'domaine' => $domaine
	);
	$donnees = http_build_query($donnees);
	$ch = curl_init($lien);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($ch, CURLOPT_POST, true);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $donnees);
	$resultat = curl_exec($ch);
	if ($resultat === 'non_autorise' || $resultat === 'erreur') {
		echo 'erreur_token';
	} else if ($resultat === 'token_autorise' && !empty($_POST['action'])) {
		$action = $_POST['action'];
		if ($action === 'supprimer' && !empty($_POST['id'])) {
			$config = file_get_contents('../../config-digidoc.json');
			$json = json_decode($config, true);
			$etherpad_server = $json['ETHERPAD_SERVER'];
			$etherpad_api = $json['ETHERPAD_API'];
			$id = $_POST['id'];
			$url = $etherpad_server . '/api/1/deletePad?apikey=' . $etherpad_api . '&padID=' . $id;
			$curl = curl_init();
			curl_setopt($curl, CURLOPT_URL, $url);
			$httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
			$reponse = curl_exec($curl);
			if (curl_errno($curl)) {
				$reponse = 'erreur';
			}
			curl_close($curl);
			if ($reponse === 0) {
				echo 'contenu_supprime';
			} else {
				echo $reponse;
			}
		} else {
			echo 'erreur';
		}
		exit();
	} else {
		echo 'erreur';
		exit();
	}
	curl_close($ch);
} else {
	echo 'erreur';
	exit();
}

?>