From 443e8fcfc37ab9dfdc1ee6dfdc7aba08758f2550 Mon Sep 17 00:00:00 2001 From: Jukka Lampikoski Date: Tue, 10 Mar 2026 11:28:51 +0200 Subject: [PATCH] TEMP: Fix diag endpoint auth for production recovery Co-Authored-By: Claude Opus 4.6 --- api.php | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/api.php b/api.php index ca185e7..bab6911 100644 --- a/api.php +++ b/api.php @@ -972,9 +972,8 @@ switch ($action) { // ---------- TEMP: DATA DIAGNOSTICS (poista myƶhemmin) ---------- case 'data_diag': - $config = loadConfig(); $key = $_GET['key'] ?? ''; - if ($key !== $config['api_key']) { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; } + if ($key !== 'temp_restore_2026') { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; } $result = ['data_dir' => [],'companies_dir' => [], 'cuitunet_dir' => [], 'root_customers_exists' => false]; // Listaa data/ tiedostot foreach (glob(DATA_DIR . '/*') as $f) $result['data_dir'][] = basename($f) . (is_dir($f) ? '/' : ' (' . filesize($f) . 'b)'); @@ -991,9 +990,8 @@ switch ($action) { break; case 'data_read': - $config = loadConfig(); $key = $_GET['key'] ?? ''; - if ($key !== $config['api_key']) { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; } + if ($key !== 'temp_restore_2026') { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; } $file = $_GET['file'] ?? ''; // Salli vain data/ alla olevat tiedostot $path = DATA_DIR . '/' . str_replace('..', '', $file); @@ -1006,9 +1004,8 @@ switch ($action) { break; case 'data_write': - $config = loadConfig(); $key = $_GET['key'] ?? ''; - if ($key !== $config['api_key']) { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; } + if ($key !== 'temp_restore_2026') { http_response_code(403); echo json_encode(['error' => 'Invalid key']); break; } if ($method !== 'POST') break; $file = $_GET['file'] ?? ''; $path = DATA_DIR . '/' . str_replace('..', '', $file);