Refined POST handling and deletion logic in secret-api.php: ensured... (549d367e) · Commits · Arnolds / Secrets Storage

secret-api.php

+13 −11

Original line number	Diff line number	Diff line
		@@ -45,7 +45,7 @@ $collection = $db->secrets;

		$method = $_SERVER['REQUEST_METHOD'];

		$data = json_decode(file_get_contents('php://input'), true);
		$data = json_decode(file_get_contents('php://input'), true) ?: [];
		if ($method === 'POST' && isset($data['secret'])) {
		if (empty($data['secret'])) {
		http_response_code(400);
		@@ -126,23 +126,25 @@ if ($method === 'POST' && isset($data['secret'])) {
		* Only last one will be allowed to delete the secret. If they fail to delete it, it will be deleted upon expiry.
		*/

		} else if ($method === 'GET' && isset($_GET['displayed'])) {
		} else if ($method === 'POST' && isset($_GET['displayed'])) {
		$id = $_GET['id'] ?? null;
		$displayToken = $_GET['displayed'];
		if (!$id) {
		http_response_code(200);
		exit;
		}
		$displayToken = $data['displayToken'] ?? null;

		$doc = $collection->findOne(['_id' => $id]);
		if (!$doc \|\| $doc['displayToken'] !== $displayToken) {
		if (!$displayToken) {
		http_response_code(200);
		exit;
		}

		$collection->updateOne(['_id' => $id], ['$set' => ['secret' => '', 'deleted' => 'true', 'displayToken' => null, 'displayedAt' => utcNow()]]);
		$res = $collection->updateOne(
		['_id' => $id, 'displayToken' => $displayToken, 'deleted' => false],
		['$set' => [
		'secret' => '',
		'deleted' => true,
		'displayToken' => null,
		'displayedAt' => utcNow()],
		]);

		http_response_code(200);
		echo json_encode(['ok' => true, 'deleted' => $res->getModifiedCount() === 1]);
		exit;
		} else {
		http_response_code(405);