From 6b7bdcd17d5ec8fa0b08fc935cd349f20a913feb Mon Sep 17 00:00:00 2001
From: Jukka Lampikoski <jukka@lampikoski.com>
Date: Tue, 10 Mar 2026 11:28:04 +0200
Subject: [PATCH] TEMP: Add data diagnostics endpoints for production recovery

Will be removed after data is restored.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 api.php | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/api.php b/api.php
index 3abf78c..ca185e7 100644
--- a/api.php
+++ b/api.php
@@ -970,6 +970,55 @@ switch ($action) {
         echo json_encode($config);
         break;
 
+    // ---------- TEMP: DATA DIAGNOSTICS (poista myöhemmin) ----------
+    case 'data_diag':
+        $config = loadConfig();
+        $key = $_GET['key'] ?? '';
+        if ($key !== $config['api_key']) { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; }
+        $result = ['data_dir' => [],'companies_dir' => [], 'cuitunet_dir' => [], 'root_customers_exists' => false];
+        // Listaa data/ tiedostot
+        foreach (glob(DATA_DIR . '/*') as $f) $result['data_dir'][] = basename($f) . (is_dir($f) ? '/' : ' (' . filesize($f) . 'b)');
+        // Listaa data/companies/
+        foreach (glob(DATA_DIR . '/companies/*') as $f) $result['companies_dir'][] = basename($f) . (is_dir($f) ? '/' : ' (' . filesize($f) . 'b)');
+        // Listaa data/companies/cuitunet/
+        foreach (glob(DATA_DIR . '/companies/cuitunet/*') as $f) $result['cuitunet_dir'][] = basename($f) . (is_dir($f) ? '/' : ' (' . filesize($f) . 'b)');
+        $result['root_customers_exists'] = file_exists(DATA_DIR . '/customers.json');
+        $result['companies_json_exists'] = file_exists(COMPANIES_FILE);
+        // Myös backups
+        foreach (glob(DATA_DIR . '/companies/cuitunet/backups/*') as $f) $result['backups'][] = basename($f) . ' (' . filesize($f) . 'b)';
+        foreach (glob(DATA_DIR . '/backups/*') as $f) $result['root_backups'][] = basename($f) . ' (' . filesize($f) . 'b)';
+        echo json_encode($result, JSON_PRETTY_PRINT);
+        break;
+
+    case 'data_read':
+        $config = loadConfig();
+        $key = $_GET['key'] ?? '';
+        if ($key !== $config['api_key']) { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; }
+        $file = $_GET['file'] ?? '';
+        // Salli vain data/ alla olevat tiedostot
+        $path = DATA_DIR . '/' . str_replace('..', '', $file);
+        if (file_exists($path) && !is_dir($path)) {
+            echo file_get_contents($path);
+        } else {
+            http_response_code(404);
+            echo json_encode(['error' => 'Not found', 'path' => $path]);
+        }
+        break;
+
+    case 'data_write':
+        $config = loadConfig();
+        $key = $_GET['key'] ?? '';
+        if ($key !== $config['api_key']) { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; }
+        if ($method !== 'POST') break;
+        $file = $_GET['file'] ?? '';
+        $path = DATA_DIR . '/' . str_replace('..', '', $file);
+        $dir = dirname($path);
+        if (!is_dir($dir)) mkdir($dir, 0755, true);
+        $body = file_get_contents('php://input');
+        file_put_contents($path, $body);
+        echo json_encode(['success' => true, 'path' => $path, 'bytes' => strlen($body)]);
+        break;
+
     // ---------- CAPTCHA ----------
     case 'captcha':
         $a = rand(1, 20);