ObsidianJustSharePlease/server/public/share.php

<?php

switch ($_SERVER["REQUEST_METHOD"]) {
    case "GET":
        parse_str($_SERVER["QUERY_STRING"], $query);
        $content = file_get_contents(get_markdown_path($query["id"]));
        if (!$content) {
            http_response_code(404);
            echo "Not found";
            break;
        }
        echo $content;
        break;
    case "POST":
        $body = json_decode(file_get_contents("php://input"), true);
        $content = $body["content"];
        if (!$content) {
            http_response_code(400);
            echo "No content";
            break;
        }

        try {
            // generate id and deletion/edit password
            $id = bin2hex(random_bytes(4));
            $password = bin2hex(random_bytes(16));
        } catch (Exception $e) {
            http_response_code(500);
            echo $e->getMessage();
            break;
        }

        $meta = json_encode([
            "id" => $id,
            "deletion_password" => $password
        ]);

        // store markdown and metadata in data path
        file_put_contents(get_markdown_path($id), $content);
        file_put_contents(get_meta_path($id), $meta);

        echo $meta;
        break;
    case "PATCH":
        // TODO update using PATCH
    case "DELETE":
        parse_str($_SERVER["QUERY_STRING"], $query);
        $id = $query["id"];
        $password = $_SERVER["HTTP_PASSWORD"];
        if (!$id || !$password) {
            http_response_code(400);
            echo "No id or password";
            break;
        }

        // check deletion password match
        $meta = json_decode(file_get_contents(get_meta_path($id)), true);
        if ($password != $meta["deletion_password"]) {
            http_response_code(401);
            echo "Unauthorized";
            break;
        }

        // delete content and meta
        unlink(get_markdown_path($id));
        unlink(get_meta_path($id));
        break;
}

function get_markdown_path(string $id): string {
    return get_data_path() . $id . ".md";
}

function get_meta_path(string $id): string {
    return get_data_path() . $id . ".json";
}

function get_data_path(): string {
    return dirname(getcwd()) . "/data/";
}
<?php 2023-08-09 18:11:29 +02:00			`<?php`
slightly change plans 2023-08-09 17:57:29 +02:00
serve GET requests 2023-08-09 20:13:44 +02:00			`switch ($_SERVER["REQUEST_METHOD"]) {`
			`case "GET":`
implement POST 2023-08-10 19:47:55 +02:00			`parse_str($_SERVER["QUERY_STRING"], $query);`
			`$content = file_get_contents(get_markdown_path($query["id"]));`
serve GET requests 2023-08-09 20:13:44 +02:00			`if (!$content) {`
			`http_response_code(404);`
implement POST 2023-08-10 19:47:55 +02:00			`echo "Not found";`
serve GET requests 2023-08-09 20:13:44 +02:00			`break;`
			`}`
			`echo $content;`
			`break;`
			`case "POST":`
implement POST 2023-08-10 19:47:55 +02:00			`$body = json_decode(file_get_contents("php://input"), true);`
implement DELETE 2023-08-10 20:03:53 +02:00			`$content = $body["content"];`
implement POST 2023-08-10 19:47:55 +02:00			`if (!$content) {`
			`http_response_code(400);`
			`echo "No content";`
			`break;`
			`}`

			`try {`
			`// generate id and deletion/edit password`
use hex numbers for randomness 2023-08-10 20:31:56 +02:00			`$id = bin2hex(random_bytes(4));`
			`$password = bin2hex(random_bytes(16));`
implement POST 2023-08-10 19:47:55 +02:00			`} catch (Exception $e) {`
			`http_response_code(500);`
			`echo $e->getMessage();`
			`break;`
			`}`

			`$meta = json_encode([`
			`"id" => $id,`
			`"deletion_password" => $password`
			`]);`

			`// store markdown and metadata in data path`
			`file_put_contents(get_markdown_path($id), $content);`
			`file_put_contents(get_meta_path($id), $meta);`

			`echo $meta;`
serve GET requests 2023-08-09 20:13:44 +02:00			`break;`
implement POST 2023-08-10 19:47:55 +02:00			`case "PATCH":`
			`// TODO update using PATCH`
serve GET requests 2023-08-09 20:13:44 +02:00			`case "DELETE":`
implement DELETE 2023-08-10 20:03:53 +02:00			`parse_str($_SERVER["QUERY_STRING"], $query);`
			`$id = $query["id"];`
			`$password = $_SERVER["HTTP_PASSWORD"];`
			`if (!$id \|\| !$password) {`
			`http_response_code(400);`
			`echo "No id or password";`
			`break;`
			`}`

			`// check deletion password match`
			`$meta = json_decode(file_get_contents(get_meta_path($id)), true);`
			`if ($password != $meta["deletion_password"]) {`
			`http_response_code(401);`
			`echo "Unauthorized";`
			`break;`
			`}`

			`// delete content and meta`
			`unlink(get_markdown_path($id));`
			`unlink(get_meta_path($id));`
serve GET requests 2023-08-09 20:13:44 +02:00			`break;`
			`}`
implement POST 2023-08-10 19:47:55 +02:00
			`function get_markdown_path(string $id): string {`
			`return get_data_path() . $id . ".md";`
			`}`

			`function get_meta_path(string $id): string {`
			`return get_data_path() . $id . ".json";`
			`}`

			`function get_data_path(): string {`
			`return dirname(getcwd()) . "/data/";`
			`}`