From 4b4a46225f395b2cc3e4225e0cd3c5143fca487f Mon Sep 17 00:00:00 2001
From: marc-go <goringm64@gmail.com>
Date: Wed, 18 Feb 2026 15:05:34 +0100
Subject: [PATCH] Add API keys and server list api

---
 api/servers/list.php |  35 +++++++++++++++++++++++++++++
 api/setup/setup.php  |  20 +++++++++++++++++
 front/test.php       |  14 ++++++++++--
 main.php             |  51 +++++++++++++++++++++++++++++++++++++++++++
 mcServ.db            | Bin 16384 -> 32768 bytes
 5 files changed, 118 insertions(+), 2 deletions(-)
 create mode 100644 api/servers/list.php

diff --git a/api/servers/list.php b/api/servers/list.php
new file mode 100644
index 0000000..3de19a0
--- /dev/null
+++ b/api/servers/list.php
@@ -0,0 +1,35 @@
+<?php
+require "../../main.php";
+
+$mcServ = new mcServ;
+
+if (!$mcServ->checkApiAuth()) {
+    die('{"status":500, "error":"Unauthrized"}');
+}
+
+$db = $mcServ->getDB();
+
+$sql = "SELECT * FROM servers";
+$stmt = $db->query($sql);
+
+$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+$servers = [];
+
+if ($result) {
+    foreach ($result as $server_res) {
+        $server["name"] = $server_res["name"];
+        $server["uuid"] = $server_res["uuid"];
+
+        $servers[] = $server;
+    }
+
+    $json["servers"] = $servers;
+}else{
+    $json["servers"] = [];
+}
+
+$json["status"] = 200;
+
+echo json_encode($json);
+?>
\ No newline at end of file
diff --git a/api/setup/setup.php b/api/setup/setup.php
index eb9a86f..e442508 100755
--- a/api/setup/setup.php
+++ b/api/setup/setup.php
@@ -33,6 +33,26 @@ CREATE TABLE IF NOT EXISTS users (
 
 $db->exec($sql);
 
+$sql = "
+CREATE table IF NOT EXISTS servers (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    uuid VARCHAR(50) UNIQUE NOT NULL,
+    name VARCHAR(30)
+)
+";
+
+$db->exec($sql);
+
+$sql = "
+CREATE TABLE IF NOT EXISTS api_keys (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    key VARCHAR(100) UNIQUE NOT NULL,
+    user_id INTEGER
+)
+";
+
+$db->exec($sql);
+
 $sql = "
 INSERT INTO users (username, mail, passwd) VALUES (:user, :mail, :passwd)
 ";
diff --git a/front/test.php b/front/test.php
index d4de878..73f3aba 100755
--- a/front/test.php
+++ b/front/test.php
@@ -1,4 +1,14 @@
 <?php
-foreach ($_SERVER as $key => $value) {
+ini_set("display_errors", 1);
+ini_set("display_startup_errors", 1);
+error_reporting(E_ALL);
+
+/*foreach ($_SERVER as $key => $value) {
     echo $key . " = " . $value . "<br>";
-}
\ No newline at end of file
+}*/
+
+require "../main.php";
+
+$mcServ = new mcServ();
+
+echo $mcServ->checkApiAuth() ? "TRUE" : "FALSE";
diff --git a/main.php b/main.php
index 4f88634..2fe52a3 100755
--- a/main.php
+++ b/main.php
@@ -15,6 +15,8 @@ ini_set("display_startup_errors", 1);
 error_reporting(E_ALL);
 
 class mcServ {
+    private $api_keys;
+
     public function checkConf() {
         if (!file_exists("../mcServ.db")) {
             return false;
@@ -64,4 +66,53 @@ class mcServ {
 
         return $hash;
     }
+
+    public function checkApiAuth() {
+        if ($this->checkLogin()) {
+            return true;
+        }elseif (isset($_SERVER["HTTP_X_API_KEY"])) {
+            $key = $_SERVER["HTTP_X_API_KEY"];
+
+            $db = $this->getDB();
+
+            $sql = "SELECT * FROM api_keys WHERE key = :key";
+
+            $stmt = $db->prepare($sql);
+
+            $stmt->execute([":key" => $key]);
+
+            $result = $stmt->fetch(PDO::FETCH_ASSOC);
+
+            if ($result) {
+                $user_id = $result["user_id"];
+
+                $sql = "SELECT username FROM users WHERE id = :id";
+                $stmt = $db->prepare($sql);
+
+                $stmt->execute([":id" => $user_id]);
+                $result = $stmt->fetch(PDO::FETCH_ASSOC);
+
+                $username = $result["username"];
+
+                $this->api_keys[$key] = $username;
+
+                return true;
+            }else{
+                return false;
+            }
+        }else{
+            return false;
+        }
+    }
+
+    public function getUser() {
+        if ($this->checkLogin()) {
+            return $_COOKIE["username"];
+        }elseif (isset($_SERVER["HTTP_X_API_KEY"])) {
+            $key = $_SERVER["HTTP_X_API_KEY"];
+            if (isset($this->api_keys[$key])) {
+                return $this->api_keys[$key];
+            }
+        }
+    }
 }
\ No newline at end of file
diff --git a/mcServ.db b/mcServ.db
index ed72102e4bb14ac7a53dad88da58bc046431a0f7..27a01a49c0799a2477117fe9b792b1e38e4ca0ee 100644
GIT binary patch
delta 633
zcmZo@U~Fh$njkI6&cMLH0mLxCJW<D3nw>$fs*soe2Ln5=Ap^fO|5?71y#M)T@fz};
z+t|3B$D~n;ja^(;ma&PwBrz!`HL)NwK0CFt7)G-@2e~?ixGID=I{CONKt(6J@f+0x
zRVjoy2042;25A@?7-%Yl`gsP1x+?hjhbZ`k`uON@DF8ufacWU~W{QHRUx=%_YY>;F
zK0BMZvn(S+W?o8aMR8$HW=U#%VrfY}m>&<bHr^1%;%Jm$VHcN{hB**uURi2Uaj^u1
zW<_xyNOH0ZziC=2&`Ox&OmVp_FEKY2uFBXzlS@;Vl}+4H8kggsR>vDc8El(R@>wf#
zG4tPH;Qz+|lK;+TL4|Yt2Hecd(u`0gOx#S&vYc?gFfxmCf<mO27Z^uO{M#A$AMkGn
z>RQbos?Nm1An#~sWNcz;W^Q2_lAn{4TBJ}_o(c@0B88IF;t~ajnR1LQ46=qWg-~@!
z@?2n}pE2-%;eQ4+`WC+mFS9%&OuZ!&H_$;a9>^Jt{GS;3KLJ%f=a*#Q0T~XL1{uZ3
P{{?6iSehTmMb-@f%W<uH

delta 85
zcmZo@U}|V!oFFa8#K6G70>m)DI8nz~n2ABJtdp1j2Lm(TNd|st{<C~1Hwy}c^KCxK
hXRXM_$p4Lj|J!Ckh3EVe16a8@7@5U6ON&#BiUGi?6C3~l