<?php
/* ===========================================================
   PACK BEACON – SECURE API CONFIG
   Version: Secure API v1
   Author: ChatGPT
   Description:
   - ใช้ร่วมกับ API ที่ต้องการ Token + Signature + Timestamp
   - ป้องกันการปลอม request / replay attack
   =========================================================== */

/* ===========================================================
   SECURITY
=========================================================== */
define("API_TOKEN",   "PACKBEACON2025");
define("API_SECRET",  "PackBeacon@Secure!");

/* Timestamp ใช้ได้ภายในกี่วินาที → ป้องกัน Replay Attack */
define("TIMESTAMP_WINDOW", 60 * 5); // 5 นาที

/* ===========================================================
   DATABASE CONNECTION
=========================================================== */

$DB_HOST = "localhost";
$DB_USER = "pack";
$DB_PASS = "@pack2025";
$DB_NAME = "pack";
/*

$DB_HOST = "localhost";
$DB_USER = "root";
$DB_PASS = "";
$DB_NAME = "pack_beacon";
*/
$conn = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if ($conn->connect_error) {
    http_response_code(500);
    die(json_encode([
        "status" => "error",
        "message" => "Database connection failed"
    ]));
}

$conn->set_charset("utf8mb4");

/* ===========================================================
   JSON RESPONSE HELPER
=========================================================== */
function api_json($arr) {
    header("Content-Type: application/json; charset=utf-8");
    echo json_encode($arr, JSON_UNESCAPED_UNICODE);
    exit;
}

/* ===========================================================
   CREATE SIGNATURE
   raw_data = ตัวข้อมูล JSON (string)
   timestamp = UNIX Time
=========================================================== */
function make_signature($raw_data, $timestamp) {
    return hash_hmac(
        "sha256",
        API_TOKEN . "|" . $timestamp . "|" . $raw_data,
        API_SECRET
    );
}

/* ===========================================================
   VERIFY SIGNATURE
=========================================================== */
function verify_signature($client_token, $client_timestamp, $client_signature, $raw_data) {

    // เช็ค Token ถูกต้อง
    if ($client_token !== API_TOKEN) {
        return "Invalid API token";
    }

    // Timestamp ต้องไม่เกินเวลาที่กำหนด
    if (abs(time() - $client_timestamp) > TIMESTAMP_WINDOW) {
        return "Request timestamp expired";
    }

    // Signature ฝั่ง server
    $server_sig = make_signature($raw_data, $client_timestamp);

    if (!hash_equals($server_sig, $client_signature)) {
        return "Invalid signature";
    }

    return true;
}

/* ===========================================================
   GET RAW JSON INPUT
=========================================================== */
function get_raw_post() {
    return file_get_contents("php://input");
}

?>
