76 lines
2.6 KiB
PHP
76 lines
2.6 KiB
PHP
<?php
|
|
// V9.57 Token update callback endpoint - receive new tokens from Blade yacineutt selenium
|
|
// Security: POST only, key auth, write to secrets.env via sudoer chattr unlock/relock pattern
|
|
header("Content-Type: application/json");
|
|
header("Access-Control-Allow-Origin: *");
|
|
if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") {
|
|
header("Access-Control-Allow-Headers: Content-Type, Authorization");
|
|
exit;
|
|
}
|
|
|
|
$auth_key = "TOKEN_UPDATE_KEY_2026_WEVAL_BLADE";
|
|
$input_key = $_POST["k"] ?? $_GET["k"] ?? "";
|
|
if ($input_key !== $auth_key) {
|
|
http_response_code(403);
|
|
echo json_encode(["error" => "unauthorized"]);
|
|
exit;
|
|
}
|
|
|
|
$provider = $_POST["provider"] ?? $_GET["provider"] ?? "";
|
|
$new_token = $_POST["token"] ?? $_GET["token"] ?? "";
|
|
|
|
$allowed_providers = [
|
|
"whatsapp" => "WHATSAPP_TOKEN",
|
|
"github" => "GITHUB_TOKEN",
|
|
"github_pat" => "GITHUB_PAT",
|
|
"groq" => "GROQ_KEY",
|
|
"cerebras" => "CEREBRAS_API_KEY",
|
|
"gemini" => "GEMINI_KEY",
|
|
"mistral" => "MISTRAL_KEY",
|
|
"deepseek" => "DEEPSEEK_KEY",
|
|
"sambanova" => "SAMBANOVA_KEY",
|
|
"openrouter" => "OPENROUTER_KEY",
|
|
"alibaba" => "ALIBABA_KEY",
|
|
"anthropic" => "ANTHROPIC_KEY",
|
|
"hf" => "HF_TOKEN"
|
|
];
|
|
|
|
if (!isset($allowed_providers[$provider])) {
|
|
http_response_code(400);
|
|
echo json_encode(["error" => "unknown provider", "allowed" => array_keys($allowed_providers)]);
|
|
exit;
|
|
}
|
|
if (empty($new_token) || strlen($new_token) < 20) {
|
|
http_response_code(400);
|
|
echo json_encode(["error" => "invalid token"]);
|
|
exit;
|
|
}
|
|
|
|
$env_key = $allowed_providers[$provider];
|
|
$secrets_file = "/etc/weval/secrets.env";
|
|
|
|
// Log incoming
|
|
$log_entry = date("c") . " provider=$provider env_key=$env_key len=" . strlen($new_token) . " prefix=" . substr($new_token, 0, 6) . PHP_EOL;
|
|
@file_put_contents("/var/log/weval-token-updates.log", $log_entry, FILE_APPEND);
|
|
|
|
// Actual write requires sudoer setup · for now return "received" and let cron pick up
|
|
$queue_dir = "/var/www/html/api/token-updates-pending/";
|
|
@mkdir($queue_dir, 0755, true);
|
|
$queue_file = $queue_dir . "update_${provider}_" . date("Ymd_His") . ".json";
|
|
file_put_contents($queue_file, json_encode([
|
|
"provider" => $provider,
|
|
"env_key" => $env_key,
|
|
"token" => $new_token,
|
|
"ts" => date("c"),
|
|
"source" => "blade_yacineutt_selenium"
|
|
], JSON_PRETTY_PRINT));
|
|
|
|
echo json_encode([
|
|
"ok" => true,
|
|
"status" => "queued",
|
|
"provider" => $provider,
|
|
"env_key" => $env_key,
|
|
"queue_file" => basename($queue_file),
|
|
"note" => "Token queued · will be applied by cron token-apply next run · verification via /api/token-health-real.php"
|
|
]);
|