create-berna-stencil 1.0.8 → 1.0.9

package/src/api/endpoints/protected/secret.php

@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../modules/Response.php';
+
+if ($method !== 'GET') {
+    Response::error('Method not allowed', 405);
+}
+
+Response::success([
+    'message'    => 'Protected endpoint is working',
+    'endpoint'   => 'secret',
+    'visibility' => 'protected',
+    'params'     => $requestParams,
+]);

package/src/api/endpoints/protected/send-mail.php

@@ -0,0 +1,75 @@
+<?php
+
+declare(strict_types=1);
+
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\Exception;
+
+/**
+ * NOTA: Non serve require 'vendor/autoload.php' o 'init.php' 
+ * perché questo file viene incluso da index.php che ha già caricato tutto.
+ */
+
+// 1. Controllo Metodo (Vogliamo solo POST)
+if ($method !== 'POST') {
+    Response::error('Method not allowed', 405);
+}
+
+// 2. Funzioni di Sanitizzazione (Locali o spostabili in un helper)
+$clean = fn($v) => htmlspecialchars(trim((string)($v ?? '')), ENT_QUOTES, 'UTF-8');
+$safeNum = fn($v) => filter_var($v ?? '', FILTER_SANITIZE_NUMBER_INT);
+
+// 3. Recupero Dati (supporta sia $_POST standard che JSON)
+$input = $_POST;
+if (empty($input)) {
+    $input = json_decode(file_get_contents('php://input'), true) ?? [];
+}
+
+$formType    = $clean($input['formType'] ?? 'Contatto Generico');
+$name        = $clean($input['name'] ?? '');
+$phoneNumber = $safeNum($input['phoneNumber'] ?? '');
+
+// Validazione minima
+if (empty($name)) {
+    Response::error('Il campo nome è obbligatorio');
+}
+
+// 4. Configurazione PHPMailer
+$mail = new PHPMailer(true);
+
+try {
+    // Usiamo le variabili d'ambiente caricate da init.php
+    $mail->isSMTP();
+    $mail->Host       = $_ENV['MAIL_HOST'];
+    $mail->SMTPAuth   = true;
+    $mail->Username   = $_ENV['MAIL_USERNAME'];
+    $mail->Password   = $_ENV['MAIL_PASSWORD'];
+    $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
+    $mail->Port       = (int)$_ENV['MAIL_PORT'];
+    $mail->CharSet    = 'UTF-8';
+
+    $mail->setFrom($_ENV['MAIL_USERNAME'], $_ENV['MAIL_FROM_NAME'] ?? 'API Robot');
+    $mail->addAddress($_ENV['MAIL_TO_ADDRESS'], $_ENV['MAIL_TO_NAME'] ?? 'Admin');
+
+    $mail->isHTML(true);
+    $mail->Subject = "Nuovo invio modulo: {$formType}";
+
+    // Costruzione Body
+    $htmlBody = "<h2>Dettagli Richiesta</h2>";
+    $htmlBody .= "<p><strong>Nome:</strong> {$name}</p>";
+    if (!empty($phoneNumber)) {
+        $htmlBody .= "<p><strong>Telefono:</strong> {$phoneNumber}</p>";
+    }
+
+    $mail->Body    = $htmlBody;
+    $mail->AltBody = strip_tags(str_replace(['<br>', '</p>'], ["\n", "\n\n"], $htmlBody));
+
+    $mail->send();
+
+    // Risposta JSON di successo
+    Response::success(['message' => 'Email inviata con successo']);
+
+} catch (Exception $e) {
+    // Risposta JSON di errore
+    Response::error("Errore nell'invio della mail: {$mail->ErrorInfo}", 500);
+}

package/src/api/endpoints/public/ping.php

@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../modules/Response.php';
+
+if ($method !== 'GET') {
+    Response::error('Method not allowed', 405);
+}
+
+Response::success([
+    'message'     => 'Public endpoint is working',
+    'endpoint'    => 'ping',
+    'visibility'  => 'public',
+    'params'      => $requestParams,
+]);

package/src/api/index.php

@@ -0,0 +1,95 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * Caricamento delle dipendenze e configurazione iniziale.
+ */
+require_once __DIR__ . '/init.php';
+require_once __DIR__ . '/modules/Response.php';
+
+// =====================================================
+// 1. ANALISI DELLA RICHIESTA (REQUEST PARSING)
+// =====================================================
+
+$method = $_SERVER['REQUEST_METHOD'];
+$uri    = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
+
+// Pulizia URI: rimuoviamo /api e eventuali slash finali
+$uri    = rtrim(preg_replace('#^/api#', '', $uri), '/') ?: '/';
+$parts  = array_values(array_filter(explode('/', $uri)));
+
+$resource = $parts[0] ?? null;
+
+// =====================================================
+// 2. RISOLUZIONE ENDPOINT (ROUTING)
+// =====================================================
+
+$publicPath    = __DIR__ . '/endpoints/public/'    . $resource . '.php';
+$protectedPath = __DIR__ . '/endpoints/protected/' . $resource . '.php';
+
+$isPublic    = $resource !== null && file_exists($publicPath);
+$isProtected = $resource !== null && file_exists($protectedPath);
+
+/**
+ * SE L'ENDPOINT NON ESISTE (RITORNO HTML 404)
+ */
+if (!$isPublic && !$isProtected) {
+    http_response_code(404);
+    
+    // Cerchiamo il file 404.html generato da Eleventy nella root di Laragon
+    $errorPage = $_SERVER['DOCUMENT_ROOT'] . '/404.html';
+    
+    if (file_exists($errorPage)) {
+        header('Content-Type: text/html; charset=UTF-8');
+        echo file_get_contents($errorPage);
+    } else {
+        echo "<h1>404 Not Found</h1>";
+        echo "The requested URL was not found on this server.";
+    }
+    exit;
+}
+
+// =====================================================
+// 3. HEADERS E CORS (Solo se l'endpoint esiste)
+// =====================================================
+
+header('Content-Type: application/json; charset=UTF-8');
+header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type, X-Api-Key');
+
+$allowedOrigins = array_filter(array_map('trim', explode(',', $_ENV['CORS_ALLOWED_ORIGINS'] ?? '')));
+$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
+
+if (in_array($origin, $allowedOrigins, true) || in_array('*', $allowedOrigins, true)) {
+    header("Access-Control-Allow-Origin: $origin");
+} else {
+    header("Access-Control-Allow-Origin: " . ($allowedOrigins[0] ?? ''));
+}
+
+if ($method === 'OPTIONS') {
+    http_response_code(204);
+    exit;
+}
+
+// =====================================================
+// 4. GUARDIA DI AUTENTICAZIONE
+// =====================================================
+
+if ($isProtected) {
+    $apiKey   = $_SERVER['HTTP_X_API_KEY'] ?? '';
+    $validKey = $_ENV['API_KEY'] ?? '';
+
+    if ($validKey === '' || $apiKey !== $validKey) {
+        Response::error('Unauthorized', 401);
+    }
+}
+
+// =====================================================
+// 5. ESECUZIONE (DISPATCH)
+// =====================================================
+
+$requestParams = array_slice($parts, 1);
+
+// Carica il file dell'endpoint richiesto
+require $isProtected ? $protectedPath : $publicPath;

package/src/api/init.php

@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+require_once __DIR__ . '/vendor/autoload.php';
+require_once __DIR__ . '/modules/Response.php';
+
+// --- GESTORE GLOBALE ERRORI E ECCEZIONI ---
+// Trasforma ogni errore PHP in una risposta JSON pulita
+set_exception_handler(function ($exception) {
+    Response::error(
+        $exception->getMessage(),
+        500,
+        ['file' => $exception->getFile(), 'line' => $exception->getLine()]
+    );
+});
+
+set_error_handler(function ($severity, $message, $file, $line) {
+    if (!(error_reporting() & $severity)) return;
+    throw new ErrorException($message, 0, $severity, $file, $line);
+});
+
+// --- CARICAMENTO DOTENV ---
+// dirname(__DIR__, 1) sale di un livello (da api/ a Berna-Stencil-out/)
+try {
+    $dotenv = Dotenv\Dotenv::createImmutable(dirname(__DIR__, 1));
+    $dotenv->load();
+} catch (Exception $e) {
+    Response::error("Impossibile caricare il file .env. Assicurati che esista nella root e si chiami esattamente .env", 500);
+}
+
+$dotenv->required([
+    'API_KEY',
+    'CORS_ALLOWED_ORIGINS',
+]);
+
+if (($_ENV['APP_ENV'] ?? 'production') === 'production') {
+    ini_set('display_errors', '0');
+    error_reporting(0);
+} else {
+    ini_set('display_errors', '1');
+    error_reporting(E_ALL);
+}

package/src/api/modules/Response.php

@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+class Response
+{
+    public static function success(mixed $data = null, int $code = 200): never
+    {
+        http_response_code($code);
+        echo json_encode([
+            'status' => 'success',
+            'data'   => $data,
+        ], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+        exit;
+    }
+
+    public static function error(string $message, int $code = 400, mixed $details = null): never
+    {
+        http_response_code($code);
+        $body = [
+            'status'  => 'error',
+            'message' => $message,
+            'code'    => $code,
+        ];
+        if ($details !== null) {
+            $body['details'] = $details;
+        }
+        echo json_encode($body, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+        exit;
+    }
+
+    public static function noContent(): never
+    {
+        http_response_code(204);
+        exit;
+    }
+}

package/src/api/vendor/autoload.php

@@ -0,0 +1,22 @@
+<?php
+
+// autoload.php @generated by Composer
+
+if (PHP_VERSION_ID < 50600) {
+    if (!headers_sent()) {
+        header('HTTP/1.1 500 Internal Server Error');
+    }
+    $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
+    if (!ini_get('display_errors')) {
+        if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
+            fwrite(STDERR, $err);
+        } elseif (!headers_sent()) {
+            echo $err;
+        }
+    }
+    throw new RuntimeException($err);
+}
+
+require_once __DIR__ . '/composer/autoload_real.php';
+
+return ComposerAutoloaderInite875ae8441d070d7dda5f4b47a2117aa::getLoader();