Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
Medowar
/
feuerwehr-freising-antragsformular
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: e579b75d99
Branche Tagy
feuerwehr-freis...
/
api
/
save-draft.php

save-draft.php 3.6 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 
  1. <?php
    2. 

  2. 

  3. declare(strict_types=1);
    4. 

  4. 

  5. use App\App\Bootstrap;
    6. 

  6. use App\Form\FormSchema;
    7. 

  7. use App\Storage\FileUploadStore;
    8. 

  8. use App\Storage\JsonStore;
    9. 

  9. use App\Security\Csrf;
    10. 

  10. use App\Security\RateLimiter;
    11. 

  11. 

  12. require dirname(__DIR__) . '/src/autoload.php';
    13. 

  13. Bootstrap::init();
    14. 

  14. 

  15. if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    16. 

  16.     Bootstrap::jsonResponse(['ok' => false, 'message' => 'Method not allowed'], 405);
    17. 

  17. }
    18. 

  18. 

  19. $csrf = $_POST['csrf'] ?? '';
    20. 

  20. if (!Csrf::validate(is_string($csrf) ? $csrf : null)) {
    21. 

  21.     Bootstrap::jsonResponse(['ok' => false, 'message' => 'Ungültiges CSRF-Token.'], 419);
    22. 

  22. }
    23. 

  23. 

  24. if (trim((string) ($_POST['website'] ?? '')) !== '') {
    25. 

  25.     Bootstrap::jsonResponse(['ok' => false, 'message' => 'Anfrage blockiert.'], 400);
    26. 

  26. }
    27. 

  27. 

  28. $email = strtolower(trim((string) ($_POST['email'] ?? '')));
    29. 

  29. if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
    30. 

  30.     Bootstrap::jsonResponse(['ok' => false, 'message' => 'Bitte gültige E-Mail eingeben.'], 422);
    31. 

  31. }
    32. 

  32. 

  33. $app = Bootstrap::config('app');
    34. 

  34. $limiter = new RateLimiter();
    35. 

  35. $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
    36. 

  36. $rateKey = sprintf('save:%s:%s', $ip, $email);
    37. 

  37. if (!$limiter->allow($rateKey, (int) $app['rate_limit']['requests'], (int) $app['rate_limit']['window_seconds'])) {
    38. 

  38.     Bootstrap::jsonResponse(['ok' => false, 'message' => 'Zu viele Speicheranfragen.'], 429);
    39. 

  39. }
    40. 

  40. 

  41. $step = (int) ($_POST['step'] ?? 1);
    42. 

  42. $formDataRaw = $_POST['form_data'] ?? [];
    43. 

  43. $formData = [];
    44. 

  44. if (is_array($formDataRaw)) {
    45. 

  45.     foreach ($formDataRaw as $key => $value) {
    46. 

  46.         if (!is_string($key)) {
    47. 

  47.             continue;
    48. 

  48.         }
    49. 

  49.         $formData[$key] = is_array($value) ? '' : trim((string) $value);
    50. 

  50.     }
    51. 

  51. }
    52. 

  52. 

  53. $store = new JsonStore();
    54. 

  54. 

  55. try {
    56. 

  56.     $result = $store->withEmailLock($email, static function () use ($store, $email, $step, $formData): array {
    57. 

  57.         if ($store->hasSubmission($email)) {
    58. 

  58.             return [
    59. 

  59.                 'blocked' => true,
    60. 

  60.                 'message' => 'Für diese E-Mail wurde bereits ein Antrag abgeschlossen.',
    61. 

  61.             ];
    62. 

  62.         }
    63. 

  63. 

  64.         return [
    65. 

  65.             'blocked' => false,
    66. 

  66.             'draft' => $store->saveDraft($email, [
    67. 

  67.                 'step' => max(1, $step),
    68. 

  68.                 'form_data' => $formData,
    69. 

  69.                 'uploads' => [],
    70. 

  70.             ]),
    71. 

  71.         ];
    72. 

  72.     });
    73. 

  73. } catch (Throwable $e) {
    74. 

  74.     Bootstrap::log('app', 'save-draft lock error: ' . $e->getMessage());
    75. 

  75.     Bootstrap::jsonResponse(['ok' => false, 'message' => 'Speichern derzeit nicht möglich.'], 500);
    76. 

  76. }
    77. 

  77. 

  78. if (($result['blocked'] ?? false) === true) {
    79. 

  79.     Bootstrap::jsonResponse([
    80. 

  80.         'ok' => false,
    81. 

  81.         'already_submitted' => true,
    82. 

  82.         'message' => (string) ($result['message'] ?? 'Bereits abgeschlossen.'),
    83. 

  83.     ], 409);
    84. 

  84. }
    85. 

  85. 

  86. $schema = new FormSchema();
    87. 

  87. $uploadStore = new FileUploadStore();
    88. 

  88. $uploadResult = $uploadStore->processUploads($_FILES, $schema->getUploadFields(), $store->emailKey($email));
    89. 

  89. 

  90. if (!empty($uploadResult['uploads'])) {
    91. 

  91.     try {
    92. 

  92.         $store->withEmailLock($email, static function () use ($store, $email, $step, $formData, $uploadResult): void {
    93. 

  93.             if ($store->hasSubmission($email)) {
    94. 

  94.                 return;
    95. 

  95.             }
    96. 

  96. 

  97.             $store->saveDraft($email, [
    98. 

  98.                 'step' => max(1, $step),
    99. 

  99.                 'form_data' => $formData,
    100. 

  100.                 'uploads' => $uploadResult['uploads'],
    101. 

  101.             ]);
    102. 

  102.         });
    103. 

  103.     } catch (Throwable $e) {
    104. 

  104.         Bootstrap::log('app', 'save-draft upload merge error: ' . $e->getMessage());
    105. 

  105.     }
    106. 

  106. }
    107. 

  107. 

  108. $draft = $store->getDraft($email);
    109. 

  109. 

  110. Bootstrap::jsonResponse([
    111. 

  111.     'ok' => true,
    112. 

  112.     'message' => 'Entwurf gespeichert.',
    113. 

  113.     'updated_at' => $draft['updated_at'] ?? null,
    114. 

  114.     'upload_errors' => $uploadResult['errors'],
    115. 

  115.     'uploads' => $draft['uploads'] ?? [],
    116. 

  116. ]);
    117.