html/api/cf-purge.php

<?php
// Wave 213 · /api/cf-purge.php — Auto CF purge helper
// Usage: curl "https://.../api/cf-purge.php?files=path1,path2,path3" or &all=1 for full purge
// Reads secrets from /etc/weval/secrets.env, uses GlobalKey auth (Yacine mode)
@require_once __DIR__ . '/wevia-sanitizer-guard.php';
header('Content-Type: application/json; charset=utf-8');
header('Access-Control-Allow-Origin: *');

$CF = ['token'=>null, 'zone'=>null, 'email'=>null];
$secrets = @file('/etc/weval/secrets.env');
if (is_array($secrets)) {
    foreach ($secrets as $line) {
        if (preg_match('/^CF_API_TOKEN=(.*)$/', trim($line), $m)) $CF['token'] = trim($m[1], '"\'');
        if (preg_match('/^CF_ZONE_ID=(.*)$/', trim($line), $m)) $CF['zone'] = trim($m[1], '"\'');
        if (preg_match('/^CF_EMAIL=(.*)$/', trim($line), $m)) $CF['email'] = trim($m[1], '"\'');
    }
}
if (!$CF['token'] || !$CF['zone']) {
    http_response_code(500); echo json_encode(['ok'=>false,'err'=>'secrets missing']); exit;
}

$files_param = $_GET['files'] ?? '';
$all = !empty($_GET['all']);

if ($all) {
    $payload = ['purge_everything'=>true];
} else {
    $files_raw = $files_param ? explode(',', $files_param) : [
        'https://weval-consulting.com/weval-technology-platform.html'
    ];
    $files = [];
    foreach ($files_raw as $f) {
        $f = trim($f);
        if (!$f) continue;
        if (strpos($f, 'http') !== 0) $f = 'https://weval-consulting.com' . (strpos($f,'/')===0?'':'/') . $f;
        $files[] = $f;
    }
    if (empty($files)) { echo json_encode(['ok'=>false,'err'=>'no files']); exit; }
    $payload = ['files'=>$files];
}

$ch = curl_init("https://api.cloudflare.com/client/v4/zones/{$CF['zone']}/purge_cache");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'X-Auth-Email: '.$CF['email'],
    'X-Auth-Key: '.$CF['token'],
    'Content-Type: application/json'
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
$resp = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

$decoded = @json_decode($resp, true);
echo json_encode([
    'ok' => $decoded['success'] ?? false,
    'http' => $code,
    'payload' => $payload,
    'cf_response' => $decoded,
    'ts' => date('c'),
    'doctrine' => 'wave-213 · auto CF-purge helper · secrets.env · global key auth'
]);