38443-vm/api_v1_messages.php

<?php
header('Content-Type: application/json');
require_once 'auth/session.php';
require_once 'includes/opengraph.php';
require_once 'includes/ai_filtering.php';

// Check for Bot token in headers
$headers = getallheaders();
$bot_token = null;
if (isset($headers['Authorization']) && preg_match('/Bot\s+(\S+)/', $headers['Authorization'], $matches)) {
    $bot_token = $matches[1];
}

$user_id = null;
if ($bot_token) {
    $stmt = db()->prepare("SELECT id FROM users WHERE bot_token = ? AND is_bot = TRUE");
    $stmt->execute([$bot_token]);
    $bot = $stmt->fetch();
    if ($bot) {
        $user_id = $bot['id'];
    } else {
        http_response_code(401);
        echo json_encode(['success' => false, 'error' => 'Invalid Bot Token']);
        exit;
    }
} elseif (isset($_SESSION['user_id'])) {
    $user_id = $_SESSION['user_id'];
} else {
    http_response_code(401);
    echo json_encode(['success' => false, 'error' => 'Unauthorized']);
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'PUT') {
    $data = json_decode(file_get_contents('php://input'), true);
    $message_id = $data['id'] ?? 0;
    $content = $data['content'] ?? '';

    if (empty($content)) {
        echo json_encode(['success' => false, 'error' => 'Content cannot be empty']);
        exit;
    }

    try {
        $stmt = db()->prepare("UPDATE messages SET content = ? WHERE id = ? AND user_id = ?");
        $stmt->execute([$content, $message_id, $user_id]);
        
        if ($stmt->rowCount() > 0) {
            echo json_encode(['success' => true]);
        } else {
            echo json_encode(['success' => false, 'error' => 'Message not found or unauthorized']);
        }
    } catch (Exception $e) {
        echo json_encode(['success' => false, 'error' => $e->getMessage()]);
    }
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
    $data = json_decode(file_get_contents('php://input'), true);
    $message_id = $data['id'] ?? 0;

    try {
        $stmt = db()->prepare("DELETE FROM messages WHERE id = ? AND user_id = ?");
        $stmt->execute([$message_id, $user_id]);
        
        if ($stmt->rowCount() > 0) {
            echo json_encode(['success' => true]);
        } else {
            echo json_encode(['success' => false, 'error' => 'Message not found or unauthorized']);
        }
    } catch (Exception $e) {
        echo json_encode(['success' => false, 'error' => $e->getMessage()]);
    }
    exit;
}

$content = '';
$channel_id = 0;
$attachment_url = null;

if (strpos($_SERVER['CONTENT_TYPE'] ?? '', 'application/json') !== false) {
    $data = json_decode(file_get_contents('php://input'), true);
    $content = $data['content'] ?? '';
    $channel_id = $data['channel_id'] ?? 0;
} else {
    $content = $_POST['content'] ?? '';
    $channel_id = $_POST['channel_id'] ?? 0;
    
    // Check if file sharing is allowed in this channel
    $stmt = db()->prepare("SELECT allow_file_sharing FROM channels WHERE id = ?");
    $stmt->execute([$channel_id]);
    $channel = $stmt->fetch();
    $can_share_files = $channel ? (bool)$channel['allow_file_sharing'] : true;

    if (isset($_FILES['file']) && $_FILES['file']['error'] === UPLOAD_ERR_OK) {
        if (!$can_share_files) {
            echo json_encode(['success' => false, 'error' => 'File sharing is disabled in this channel.']);
            exit;
        }
        $upload_dir = 'assets/uploads/';
        if (!is_dir($upload_dir)) mkdir($upload_dir, 0775, true);
        
        $filename = time() . '_' . basename($_FILES['file']['name']);
        $target_file = $upload_dir . $filename;
        
        if (move_uploaded_file($_FILES['file']['tmp_name'], $target_file)) {
            $attachment_url = $target_file;
        }
    }
}

if (empty($content) && empty($attachment_url)) {
    echo json_encode(['success' => false, 'error' => 'Empty content and no attachment']);
    exit;
}

if (!empty($content)) {
    $moderation = moderateContent($content);
    if (!$moderation['is_safe']) {
        echo json_encode(['success' => false, 'error' => 'Message flagged as inappropriate: ' . ($moderation['reason'] ?? 'Violation of community standards')]);
        exit;
    }
}

$metadata = null;
if (!empty($content)) {
    $urls = extractUrls($content);
    if (!empty($urls)) {
        // Fetch OG data for the first URL
        $ogData = fetchOpenGraphData($urls[0]);
        if ($ogData) {
            $metadata = json_encode($ogData);
        }
    }
}

try {
    $stmt = db()->prepare("INSERT INTO messages (channel_id, user_id, content, attachment_url, metadata) VALUES (?, ?, ?, ?, ?)");
    $stmt->execute([$channel_id, $user_id, $content, $attachment_url, $metadata]);
    $last_id = db()->lastInsertId();

    // Fetch message with username for the response
    $stmt = db()->prepare("SELECT m.*, u.username, u.avatar_url FROM messages m JOIN users u ON m.user_id = u.id WHERE m.id = ?");
    $stmt->execute([$last_id]);
    $msg = $stmt->fetch();

    echo json_encode([
        'success' => true,
        'message' => [
            'id' => $msg['id'],
            'user_id' => $msg['user_id'],
            'username' => $msg['username'],
            'avatar_url' => $msg['avatar_url'],
            'content' => $msg['content'],
            'attachment_url' => $msg['attachment_url'],
            'metadata' => $msg['metadata'] ? json_decode($msg['metadata']) : null,
            'time' => date('H:i', strtotime($msg['created_at']))
        ]
    ]);
} catch (Exception $e) {
    echo json_encode(['success' => false, 'error' => $e->getMessage()]);
}