54 lines
1.8 KiB
PHP
54 lines
1.8 KiB
PHP
<?php
|
|
header('Content-Type: application/json');
|
|
|
|
// Basic security check: ensure it's a POST request
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
http_response_code(405); // Method Not Allowed
|
|
echo json_encode(['success' => false, 'error' => 'Invalid request method.']);
|
|
exit;
|
|
}
|
|
|
|
$input = file_get_contents('php://input');
|
|
$data = json_decode($input, true);
|
|
|
|
if (json_last_error() !== JSON_ERROR_NONE || !isset($data['apiKey']) || !isset($data['apiSecret'])) {
|
|
http_response_code(400); // Bad Request
|
|
echo json_encode(['success' => false, 'error' => 'Invalid JSON or missing credentials.']);
|
|
exit;
|
|
}
|
|
|
|
$apiKey = $data['apiKey'];
|
|
$apiSecret = $data['apiSecret'];
|
|
|
|
// In a real application, you MUST encrypt this data.
|
|
// For this example, we'll store it in a JSON file in a protected directory.
|
|
|
|
$storageDir = __DIR__ . '/../.keys'; // Store outside of web root if possible, or protect with .htaccess
|
|
if (!is_dir($storageDir)) {
|
|
if (!mkdir($storageDir, 0750, true)) {
|
|
http_response_code(500); // Internal Server Error
|
|
echo json_encode(['success' => false, 'error' => 'Failed to create storage directory.']);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// Add a .htaccess file to the directory to deny direct access
|
|
if (!file_exists($storageDir . '/.htaccess')) {
|
|
file_put_contents($storageDir . '/.htaccess', 'deny from all');
|
|
}
|
|
|
|
$credentials = [
|
|
'apiKey' => $apiKey,
|
|
'apiSecret' => $apiSecret, // Again, ENCRYPT THIS in a real app
|
|
];
|
|
|
|
$filePath = $storageDir . '/credentials.json';
|
|
|
|
if (file_put_contents($filePath, json_encode($credentials, JSON_PRETTY_PRINT))) {
|
|
chmod($filePath, 0640); // Set restrictive permissions
|
|
echo json_encode(['success' => true]);
|
|
} else {
|
|
http_response_code(500); // Internal Server Error
|
|
echo json_encode(['success' => false, 'error' => 'Failed to save credentials.']);
|
|
}
|