Hamza/jordan_bot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-15 15:39:58

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-15 15:39:58 +03:00
parent 0d9709d292
commit 62e74d205d
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/config/db.php
View File

@@ -40,17 +40,20 @@ if (!$envLoaded) {
} }
// Security: API Key Validation // Security: API Key Validation
$expectedApiKey = $_ENV['API_KEY'] ?? 'JORDAN_BOT_SECRET_2026'; // Fallback if not in .env $expectedApiKey = $_ENV['API_KEY'] ?? 'JORDAN_BOT_SECRET_2026';
$headers = getallheaders(); $headers = getallheaders();
$providedKey = $headers['X-API-Key'] ?? ($headers['x-api-key'] ?? null); $providedKey = $headers['X-API-Key'] ?? ($headers['x-api-key'] ?? null);
// Debug Logging
error_log("JordanBot API Check: Provided Key: [$providedKey], Expected Key (from ENV): [" . ($_ENV['API_KEY'] ?? 'NULL') . "], Fallback: [JORDAN_BOT_SECRET_2026]");
if ($providedKey !== $expectedApiKey) { if ($providedKey !== $expectedApiKey) {
http_response_code(401); http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Unauthorized: Invalid or missing API Key']); echo json_encode(['success' => false, 'message' => 'Unauthorized: Invalid or missing API Key']);
exit; exit;
} }
// Extra Security: App Signature Fingerprint Validation (Optional) // Extra Security: App Signature Fingerprint Validation (Temporarily Disabled for Debugging)
/* /*
$expectedSignatures = $_ENV['APP_SIGNATURE_SHA256'] ?? null; $expectedSignatures = $_ENV['APP_SIGNATURE_SHA256'] ?? null;
if (!empty($expectedSignatures)) { if (!empty($expectedSignatures)) {