37055-vm/api/index.php

<?php
header("Content-Type: application/json");

define('API_ROOMS_DIR', __DIR__ . '/rooms');

if (!is_dir(API_ROOMS_DIR)) {
    mkdir(API_ROOMS_DIR, 0777, true);
}

function getRoomFilePath($roomCode) {
    // Basic validation to prevent directory traversal
    if (preg_match('/^[a-z0-9]{6}$/', $roomCode)) {
        return API_ROOMS_DIR . '/' . $roomCode . '.json';
    }
    return null;
}

function getRoomData($roomCode) {
    $filePath = getRoomFilePath($roomCode);
    if ($filePath && file_exists($filePath)) {
        $data = file_get_contents($filePath);
        return json_decode($data, true);
    }
    return null;
}

function saveRoomData($roomCode, $data) {
    $filePath = getRoomFilePath($roomCode);
    if ($filePath) {
        file_put_contents($filePath, json_encode($data));
    }
}

$action = $_POST['action'] ?? $_GET['action'] ?? '';
$roomCode = $_POST['roomCode'] ?? $_GET['roomCode'] ?? '';

switch ($action) {
    case 'create-room':
        $roomCode = substr(md5(uniqid()), 0, 6);
        $roomData = [
            'host' => uniqid('host_'),
            'participants' => [],
            'offer' => null,
            'host_candidates' => [],
            'participant_candidates' => [],
            'createdAt' => time()
        ];
        saveRoomData($roomCode, $roomData);
        echo json_encode(['roomCode' => $roomCode]);
        break;

    case 'get-room-details':
        $roomData = getRoomData($roomCode);
        if ($roomData) {
            echo json_encode($roomData);
        } else {
            http_response_code(404);
            echo json_encode(['error' => 'Room not found']);
        }
        break;

    case 'signal':
        $roomData = getRoomData($roomCode);
        if ($roomData) {
            $signal = json_decode(file_get_contents('php://input'), true);
            if (isset($signal['offer'])) {
                $roomData['offer'] = $signal['offer'];
            }
            if (isset($signal['answer'])) {
                $roomData['answer'] = $signal['answer'];
            }
            if (isset($signal['candidate'])) {
                if ($signal['isHost']) {
                    $roomData['host_candidates'][] = $signal['candidate'];
                } else {
                    $roomData['participant_candidates'][] = $signal['candidate'];
                }
            }
            saveRoomData($roomCode, $roomData);
            echo json_encode(['success' => true]);
        } else {
            http_response_code(404);
            echo json_encode(['error' => 'Room not found']);
        }
        break;

    default:
        http_response_code(400);
        echo json_encode(['error' => 'Invalid action']);
}