summaryrefslogtreecommitdiff
path: root/public/add/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'public/add/index.php')
-rw-r--r--public/add/index.php38
1 files changed, 38 insertions, 0 deletions
diff --git a/public/add/index.php b/public/add/index.php
new file mode 100644
index 0000000..12119b6
--- /dev/null
+++ b/public/add/index.php
@@ -0,0 +1,38 @@
+<?php declare(strict_types=1);
+
+error_reporting(E_ALL);
+
+require_once(__DIR__.'/../../includes/functions.php');
+
+$config = require_once(__DIR__.'/../../config.php');
+
+if ('OPTIONS' === filter_input(INPUT_SERVER, 'REQUEST_METHOD')) {
+ respondAndExit(200, 'OK', [
+ 'Access-Control-Allow-Methods: POST',
+ 'Access-Control-Allow-Headers: Content-Type, Authorization',
+ ]);
+}
+
+if ('POST' !== filter_input(INPUT_SERVER, 'REQUEST_METHOD')) {
+ respondAndExit(405, 'Method Not Allowed');
+}
+
+if ('Bearer '.$config['bearer_token'] !== filter_input(INPUT_SERVER, 'HTTP_AUTHORIZATION')) {
+ respondAndExit(401, 'Unauthorized', ['WWW-Authenticate: Bearer realm="Bookmarks"']);
+}
+
+if ('application/x-www-form-urlencoded' !== filter_input(INPUT_SERVER, 'CONTENT_TYPE')) {
+ respondAndExit(415, 'Unsupported Media Type');
+}
+
+$url = filter_input(INPUT_POST, 'url', FILTER_VALIDATE_URL);
+
+if (!$url || strlen($url) > $config['max_url_length']) {
+ respondAndExit(400, 'Bad Request');
+}
+
+if (!file_put_contents($config['path_to_file'], "$url\n", FILE_APPEND)) {
+ respondAndExit(500, 'Internal Server Error');
+}
+
+respondAndExit(201, 'Created');