Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Siro/backend/upload_audio.php

72 lines
2.7 KiB
PHP
Raw Permalink Blame History

<?php
// ============================================================
// upload_audio.php — رفع ملفات صوتية بشكل آمن
// ============================================================
require_once __DIR__ . '/connect.php';
header('Content-Type: application/json; charset=UTF-8');
try {
// ✅ FIX C-03: إضافة Rate Limiting
$limiter = new RateLimiter($redis);
$limiter->enforce(RateLimiter::identifier(), 'upload');
// Get the audio file from the request
if (!isset($_FILES['audio']) || $_FILES['audio']['error'] !== UPLOAD_ERR_OK) {
uploadLog("File upload error code: " . ($_FILES['audio']['error'] ?? 'NO_FILE'), 'ERROR');
echo json_encode(array('status' => 'The audio file was not uploaded successfully.'));
exit;
}
$audio_file = $_FILES['audio'];
// Validate MIME type using finfo
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mime_type = $finfo->file($audio_file['tmp_name']);
$allowed_mime_types = ['audio/mp4', 'audio/mpeg', 'audio/wav', 'audio/x-m4a', 'audio/ogg', 'audio/webm'];
if (!in_array($mime_type, $allowed_mime_types, true)) {
uploadLog("Invalid MIME type: $mime_type", 'WARNING', ['ip' => $_SERVER['REMOTE_ADDR'] ?? 'unknown']);
echo json_encode(array('status' => 'The audio file is not a valid format (MIME mismatch).'));
exit;
}
// Get extension from MIME type (safe)
$ext = match ($mime_type) {
'audio/mp4', 'audio/x-m4a' => 'm4a',
'audio/mpeg' => 'mp3',
'audio/wav' => 'wav',
'audio/ogg' => 'ogg',
'audio/webm' => 'webm',
default => 'bin',
};
// ✅ Generate secure random filename to prevent path traversal and overwrite
$new_filename = bin2hex(random_bytes(16)) . '.' . $ext;
// Move the audio file to the uploads directory
$target_dir = __DIR__ . "/upload_audio/";
if (!is_dir($target_dir)) {
mkdir($target_dir, 0750, true);
}
$target_file = $target_dir . $new_filename;
if (!move_uploaded_file($audio_file['tmp_name'], $target_file)) {
uploadLog("Failed to move file", 'ERROR', ['error' => print_r($audio_file, true)]);
echo json_encode(array('status' => 'Failed to move the audio file.'));
exit;
}
// Construct the link (domain from env, not from Host header)
$appDomain = getenv('APP_DOMAIN') ?: 'api.siromove.com';
$linkAudio = "https://$appDomain/siro/upload_audio/" . $new_filename;
uploadLog("Audio uploaded successfully: $linkAudio", 'INFO');
echo json_encode(array('status' => 'Audio file uploaded successfully.', 'link' => $linkAudio));
} catch (Exception $e) {
error_log("[upload_audio] Error: " . $e->getMessage());
echo json_encode(array('status' => 'Server error.'));
}
?>
Reference in New Issue View Git Blame Copy Permalink