"unauthorized"]); exit; } $provider = $_POST["provider"] ?? $_GET["provider"] ?? ""; $new_token = $_POST["token"] ?? $_GET["token"] ?? ""; $allowed_providers = [ "whatsapp" => "WHATSAPP_TOKEN", "github" => "GITHUB_TOKEN", "github_pat" => "GITHUB_PAT", "groq" => "GROQ_KEY", "cerebras" => "CEREBRAS_API_KEY", "gemini" => "GEMINI_KEY", "mistral" => "MISTRAL_KEY", "deepseek" => "DEEPSEEK_KEY", "sambanova" => "SAMBANOVA_KEY", "openrouter" => "OPENROUTER_KEY", "alibaba" => "ALIBABA_KEY", "anthropic" => "ANTHROPIC_KEY", "hf" => "HF_TOKEN" ]; if (!isset($allowed_providers[$provider])) { http_response_code(400); echo json_encode(["error" => "unknown provider", "allowed" => array_keys($allowed_providers)]); exit; } if (empty($new_token) || strlen($new_token) < 20) { http_response_code(400); echo json_encode(["error" => "invalid token"]); exit; } $env_key = $allowed_providers[$provider]; $secrets_file = "/etc/weval/secrets.env"; // Log incoming $log_entry = date("c") . " provider=$provider env_key=$env_key len=" . strlen($new_token) . " prefix=" . substr($new_token, 0, 6) . PHP_EOL; @file_put_contents("/var/log/weval-token-updates.log", $log_entry, FILE_APPEND); // Actual write requires sudoer setup · for now return "received" and let cron pick up $queue_dir = "/var/www/html/api/token-updates-pending/"; @mkdir($queue_dir, 0755, true); $queue_file = $queue_dir . "update_${provider}_" . date("Ymd_His") . ".json"; file_put_contents($queue_file, json_encode([ "provider" => $provider, "env_key" => $env_key, "token" => $new_token, "ts" => date("c"), "source" => "blade_yacineutt_selenium" ], JSON_PRETTY_PRINT)); echo json_encode([ "ok" => true, "status" => "queued", "provider" => $provider, "env_key" => $env_key, "queue_file" => basename($queue_file), "note" => "Token queued · will be applied by cron token-apply next run · verification via /api/token-health-real.php" ]);