create-berna-stencil 1.0.13 → 1.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/create.js +1 -1
- package/package.json +1 -1
- package/src/api/.htaccess +11 -5
- package/src/api/core/.htaccess +2 -0
- package/src/api/core/init.php +5 -0
- package/src/api/endpoints/protected/{secret.php → prova-chiusa.php} +2 -2
- package/src/api/endpoints/public/{ping.php → prova-aperta.php} +2 -2
- package/src/api/index.php +2 -0
- package/src/api/endpoints/protected/send-mail.php +0 -75
package/bin/create.js
CHANGED
package/package.json
CHANGED
package/src/api/.htaccess
CHANGED
|
@@ -2,11 +2,17 @@
|
|
|
2
2
|
RewriteEngine On
|
|
3
3
|
RewriteBase /api/
|
|
4
4
|
|
|
5
|
-
#
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
# 1. Proteggi i file sensibili (come .env o file di log)
|
|
6
|
+
<FilesMatch "^\.env|composer\.(json|lock)$">
|
|
7
|
+
Require all denied
|
|
8
|
+
</FilesMatch>
|
|
9
9
|
|
|
10
|
-
#
|
|
10
|
+
# 2. Impedisce l'accesso diretto alla cartella core e endpoints
|
|
11
|
+
# Se qualcuno cerca di navigare in queste cartelle, becca un 403
|
|
12
|
+
RewriteRule ^(core|endpoints|modules)($|/) - [F,L]
|
|
13
|
+
|
|
14
|
+
# 3. Regola standard per il routing verso il motore
|
|
15
|
+
RewriteCond %{REQUEST_FILENAME} !-f
|
|
16
|
+
RewriteCond %{REQUEST_FILENAME} !-d
|
|
11
17
|
RewriteRule ^(.*)$ index.php [QSA,L]
|
|
12
18
|
</IfModule>
|
package/src/api/core/init.php
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
declare(strict_types=1);
|
|
4
4
|
|
|
5
|
-
require_once __DIR__ . '/../../modules/Response.php';
|
|
5
|
+
require_once __DIR__ . '/../../core/modules/Response.php';
|
|
6
6
|
|
|
7
7
|
if ($method !== 'GET') {
|
|
8
8
|
Response::error('Method not allowed', 405);
|
|
@@ -10,7 +10,7 @@ if ($method !== 'GET') {
|
|
|
10
10
|
|
|
11
11
|
Response::success([
|
|
12
12
|
'message' => 'Protected endpoint is working',
|
|
13
|
-
'endpoint' => '
|
|
13
|
+
'endpoint' => 'prova-chiusa',
|
|
14
14
|
'visibility' => 'protected',
|
|
15
15
|
'params' => $requestParams,
|
|
16
16
|
]);
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
declare(strict_types=1);
|
|
4
4
|
|
|
5
|
-
require_once __DIR__ . '/../../modules/Response.php';
|
|
5
|
+
require_once __DIR__ . '/../../core/modules/Response.php';
|
|
6
6
|
|
|
7
7
|
if ($method !== 'GET') {
|
|
8
8
|
Response::error('Method not allowed', 405);
|
|
@@ -10,7 +10,7 @@ if ($method !== 'GET') {
|
|
|
10
10
|
|
|
11
11
|
Response::success([
|
|
12
12
|
'message' => 'Public endpoint is working',
|
|
13
|
-
'endpoint' => '
|
|
13
|
+
'endpoint' => 'prova-aperta',
|
|
14
14
|
'visibility' => 'public',
|
|
15
15
|
'params' => $requestParams,
|
|
16
16
|
]);
|
package/src/api/index.php
CHANGED
|
@@ -1,75 +0,0 @@
|
|
|
1
|
-
<?php
|
|
2
|
-
|
|
3
|
-
declare(strict_types=1);
|
|
4
|
-
|
|
5
|
-
use PHPMailer\PHPMailer\PHPMailer;
|
|
6
|
-
use PHPMailer\PHPMailer\Exception;
|
|
7
|
-
|
|
8
|
-
/**
|
|
9
|
-
* NOTA: Non serve require 'vendor/autoload.php' o 'init.php'
|
|
10
|
-
* perché questo file viene incluso da index.php che ha già caricato tutto.
|
|
11
|
-
*/
|
|
12
|
-
|
|
13
|
-
// 1. Controllo Metodo (Vogliamo solo POST)
|
|
14
|
-
if ($method !== 'POST') {
|
|
15
|
-
Response::error('Method not allowed', 405);
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
// 2. Funzioni di Sanitizzazione (Locali o spostabili in un helper)
|
|
19
|
-
$clean = fn($v) => htmlspecialchars(trim((string)($v ?? '')), ENT_QUOTES, 'UTF-8');
|
|
20
|
-
$safeNum = fn($v) => filter_var($v ?? '', FILTER_SANITIZE_NUMBER_INT);
|
|
21
|
-
|
|
22
|
-
// 3. Recupero Dati (supporta sia $_POST standard che JSON)
|
|
23
|
-
$input = $_POST;
|
|
24
|
-
if (empty($input)) {
|
|
25
|
-
$input = json_decode(file_get_contents('php://input'), true) ?? [];
|
|
26
|
-
}
|
|
27
|
-
|
|
28
|
-
$formType = $clean($input['formType'] ?? 'Contatto Generico');
|
|
29
|
-
$name = $clean($input['name'] ?? '');
|
|
30
|
-
$phoneNumber = $safeNum($input['phoneNumber'] ?? '');
|
|
31
|
-
|
|
32
|
-
// Validazione minima
|
|
33
|
-
if (empty($name)) {
|
|
34
|
-
Response::error('Il campo nome è obbligatorio');
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
// 4. Configurazione PHPMailer
|
|
38
|
-
$mail = new PHPMailer(true);
|
|
39
|
-
|
|
40
|
-
try {
|
|
41
|
-
// Usiamo le variabili d'ambiente caricate da init.php
|
|
42
|
-
$mail->isSMTP();
|
|
43
|
-
$mail->Host = $_ENV['MAIL_HOST'];
|
|
44
|
-
$mail->SMTPAuth = true;
|
|
45
|
-
$mail->Username = $_ENV['MAIL_USERNAME'];
|
|
46
|
-
$mail->Password = $_ENV['MAIL_PASSWORD'];
|
|
47
|
-
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
|
|
48
|
-
$mail->Port = (int)$_ENV['MAIL_PORT'];
|
|
49
|
-
$mail->CharSet = 'UTF-8';
|
|
50
|
-
|
|
51
|
-
$mail->setFrom($_ENV['MAIL_USERNAME'], $_ENV['MAIL_FROM_NAME'] ?? 'API Robot');
|
|
52
|
-
$mail->addAddress($_ENV['MAIL_TO_ADDRESS'], $_ENV['MAIL_TO_NAME'] ?? 'Admin');
|
|
53
|
-
|
|
54
|
-
$mail->isHTML(true);
|
|
55
|
-
$mail->Subject = "Nuovo invio modulo: {$formType}";
|
|
56
|
-
|
|
57
|
-
// Costruzione Body
|
|
58
|
-
$htmlBody = "<h2>Dettagli Richiesta</h2>";
|
|
59
|
-
$htmlBody .= "<p><strong>Nome:</strong> {$name}</p>";
|
|
60
|
-
if (!empty($phoneNumber)) {
|
|
61
|
-
$htmlBody .= "<p><strong>Telefono:</strong> {$phoneNumber}</p>";
|
|
62
|
-
}
|
|
63
|
-
|
|
64
|
-
$mail->Body = $htmlBody;
|
|
65
|
-
$mail->AltBody = strip_tags(str_replace(['<br>', '</p>'], ["\n", "\n\n"], $htmlBody));
|
|
66
|
-
|
|
67
|
-
$mail->send();
|
|
68
|
-
|
|
69
|
-
// Risposta JSON di successo
|
|
70
|
-
Response::success(['message' => 'Email inviata con successo']);
|
|
71
|
-
|
|
72
|
-
} catch (Exception $e) {
|
|
73
|
-
// Risposta JSON di errore
|
|
74
|
-
Response::error("Errore nell'invio della mail: {$mail->ErrorInfo}", 500);
|
|
75
|
-
}
|