File: /var/www/html/tmpr/../tmpr/../tmpr/../tmpr/../tmpr/../wowX/php/ai-proxy.php
<?php
/**
* AI Proxy for securing API keys.
* This script forwards requests to AI service providers (OpenAI, Stability.ai, Clipdrop)
* without exposing API keys to the client.
*/
// Basic security check: ensure request is from same origin
if (!isset($_SERVER['HTTP_REFERER'])) {
http_response_code(403);
echo json_encode(['error' => 'Access Denied!']);
exit;
}
$referer = $_SERVER['HTTP_REFERER'];
$host = $_SERVER['HTTP_HOST'];
if (strpos($referer, $host) === false) {
http_response_code(403);
echo json_encode(['error' => 'Forbidden: Cross-origin requests not allowed.']);
exit;
}
// Get service and endpoint from query parameters
$service = $_GET['service'] ?? '';
$endpoint = $_GET['endpoint'] ?? '';
if (!$service || !$endpoint) {
http_response_code(400);
echo json_encode(['error' => 'Missing service or endpoint parameter.']);
exit;
}
// Map services to their base URLs and keys
$services = [
'openai' => [
'base_url' => 'https://api.openai.com/v1/',
'api_key' => getenv('OPENAI_API_KEY'),
'auth_header' => 'Authorization: Bearer '
],
'stabilityai' => [
'base_url' => 'https://api.stability.ai/v1/',
'api_key' => getenv('STABILITYAI_API_KEY'),
'auth_header' => 'Authorization: Bearer '
],
'clipdrop' => [
'base_url' => 'https://clipdrop-api.co/',
'api_key' => getenv('CLIPDROP_API_KEY'),
'auth_header' => 'x-api-key: '
]
];
if (!isset($services[$service])) {
http_response_code(400);
echo json_encode(['error' => "Unsupported service: $service"]);
exit;
}
$config = $services[$service];
if (!$config['api_key']) {
http_response_code(500);
echo json_encode(['error' => "API key for $service not configured on server."]);
exit;
}
// Build full URL
$url = $config['base_url'] . $endpoint;
// Prepare cURL request
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
// Set headers
$headers = [
$config['auth_header'] . $config['api_key']
];
// Handle different content types and methods
$method = $_SERVER['REQUEST_METHOD'];
if ($method === 'POST') {
curl_setopt($ch, CURLOPT_POST, true);
// If it's a JSON request
if (isset($_SERVER['CONTENT_TYPE']) && strpos($_SERVER['CONTENT_TYPE'], 'application/json') !== false) {
$json_data = file_get_contents('php://input');
curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data);
$headers[] = 'Content-Type: application/json';
}
// If it's a FormData request (multipart/form-data)
else if (isset($_SERVER['CONTENT_TYPE']) && strpos($_SERVER['CONTENT_TYPE'], 'multipart/form-data') !== false) {
// For multipart, we need to rebuild the post fields including files
$post_fields = $_POST;
foreach ($_FILES as $key => $file) {
$post_fields[$key] = new CURLFile($file['tmp_name'], $file['type'], $file['name']);
}
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
// Note: cURL automatically sets the correct multipart/form-data header
}
// Other POST requests (e.g., application/x-www-form-urlencoded)
else {
curl_setopt($ch, CURLOPT_POSTFIELDS, $_POST);
}
}
// Forward other headers if needed (Stability.ai uses these)
if ($service === 'stabilityai') {
if (isset($_SERVER['HTTP_STABILITY_CLIENT_ID'])) {
$headers[] = 'Stability-Client-ID: ' . $_SERVER['HTTP_STABILITY_CLIENT_ID'];
}
if (isset($_SERVER['HTTP_STABILITY_CLIENT_VERSION'])) {
$headers[] = 'Stability-Client-Version: ' . $_SERVER['HTTP_STABILITY_CLIENT_VERSION'];
}
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
// Execute request and get response
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$content_type = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
if (curl_errno($ch)) {
http_response_code(500);
echo json_encode(['error' => 'cURL Error: ' . curl_error($ch)]);
} else {
http_response_code($http_code);
header("Content-Type: $content_type");
echo $response;
}
curl_close($ch);