Hamza/jordan_bot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-15 04:16:32

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-15 04:16:32 +03:00
parent 5b34f3ae07
commit fefe913ab7
7 changed files with 99 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
backend/config/db.php
View File

@@ -39,6 +39,29 @@ if (!$envLoaded) {
exit;
}
// Security: API Key Validation
$expectedApiKey = $_ENV['API_KEY'] ?? 'JORDAN_BOT_SECRET_2026'; // Fallback if not in .env
$headers = getallheaders();
$providedKey = $headers['X-API-Key'] ?? ($headers['x-api-key'] ?? null);
if ($providedKey !== $expectedApiKey) {
http_response_code(401);
echo json_encode(['success' => false, 'message' => 'Unauthorized: Invalid or missing API Key']);
exit;
}
// Extra Security: App Signature Fingerprint Validation (Optional)
$expectedAppSignature = $_ENV['APP_SIGNATURE_SHA256'] ?? null;
if (!empty($expectedAppSignature)) {
$providedSignature = $headers['X-App-Signature'] ?? ($headers['x-app-signature'] ?? null);
// Ignore case and compare
if (strcasecmp($providedSignature, $expectedAppSignature) !== 0) {
http_response_code(403);
echo json_encode(['success' => false, 'message' => 'Forbidden: Invalid App Signature (Anti-Tamper)']);
exit;
}
}
$host = $_ENV['DB_HOST'] ?? 'localhost';
$dbname = $_ENV['DB_NAME'] ?? 'jordan_bot_db';
$username = $_ENV['DB_USER'] ?? 'root';