schmidt1024/xmrpay.link
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1acf9909435b36af139906c6103440439ba34969
xmrpay.link/api/node.php
Alexander Schmidt 1acf990943 feat: v2 — view-key payment confirmation with live monitoring 
- Payment monitor: enter private view key to track incoming payments
- Scans mempool + last 100 blocks via PHP proxy with 4-node failover
- Lightweight crypto: 30KB noble-curves bundle (Ed25519 + Keccak-256)
- Subaddress support (network byte 42 detection, a*D validation)
- Confirmation progress bar (0-10 confirmations)
- Underpayment detection
- Deadline badges (7/14/30 days) replacing minutes input
- QR code: standard colors (black on white) for wallet scanner compatibility
- QR hint positioned below QR code
- View key masked input, never stored or transmitted
2026-03-25 09:09:46 +01:00

134 lines
3.7 KiB
PHP
Raw Blame History

<?php
/**
* Monero Daemon RPC Proxy
* Forwards allowed RPC requests to Monero nodes, bypassing CORS.
* The private view key NEVER passes through this proxy.
*/
header('Content-Type: application/json');
// Only POST
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['error' => 'Method not allowed']);
exit;
}
// Nodes in priority order
$NODES = [
'http://node.xmr.rocks:18089',
'http://node.community.rino.io:18081',
'http://node.sethforprivacy.com:18089',
'http://xmr-node.cakewallet.com:18081',
];
// Allowed RPC methods (whitelist)
$ALLOWED_JSON_RPC = ['get_info', 'get_block', 'get_block_header_by_height'];
$ALLOWED_HTTP = ['get_transaction_pool', 'gettransactions', 'get_transaction_pool_hashes.bin'];
// Rate limiting (simple file-based, 60 requests/minute per IP)
$RATE_DIR = __DIR__ . '/../data/rate/';
if (!is_dir($RATE_DIR)) @mkdir($RATE_DIR, 0755, true);
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$rateFile = $RATE_DIR . md5($ip) . '.json';
$now = time();
$rateData = [];
if (file_exists($rateFile)) {
$rateData = json_decode(file_get_contents($rateFile), true) ?: [];
// Clean old entries
$rateData = array_filter($rateData, fn($t) => $t > $now - 60);
}
if (count($rateData) >= 1000) {
http_response_code(429);
echo json_encode(['error' => 'Rate limit exceeded']);
exit;
}
$rateData[] = $now;
file_put_contents($rateFile, json_encode($rateData));
// Parse request
$input = json_decode(file_get_contents('php://input'), true);
if (!$input || !isset($input['method'])) {
http_response_code(400);
echo json_encode(['error' => 'Missing method']);
exit;
}
$method = $input['method'];
$params = $input['params'] ?? [];
// Determine endpoint type
$isJsonRpc = in_array($method, $ALLOWED_JSON_RPC);
$isHttp = in_array($method, $ALLOWED_HTTP);
if (!$isJsonRpc && !$isHttp) {
http_response_code(403);
echo json_encode(['error' => 'Method not allowed: ' . $method]);
exit;
}
// Cache last working node
$cacheFile = __DIR__ . '/../data/node_cache.json';
$cachedNode = null;
if (file_exists($cacheFile)) {
$cache = json_decode(file_get_contents($cacheFile), true);
if ($cache && ($cache['time'] ?? 0) > $now - 300) {
$cachedNode = $cache['node'];
}
}
// Order nodes: cached first
$orderedNodes = $NODES;
if ($cachedNode && in_array($cachedNode, $NODES)) {
$orderedNodes = array_merge([$cachedNode], array_filter($NODES, fn($n) => $n !== $cachedNode));
}
// Try nodes
$lastError = '';
foreach ($orderedNodes as $node) {
if ($isJsonRpc) {
$url = $node . '/json_rpc';
$body = json_encode([
'jsonrpc' => '2.0',
'id' => '0',
'method' => $method,
'params' => (object)$params
]);
} else {
$url = $node . '/' . $method;
$body = json_encode((object)$params);
}
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $body,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
CURLOPT_TIMEOUT => 15,
CURLOPT_CONNECTTIMEOUT => 5,
]);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$curlError = curl_error($ch);
curl_close($ch);
if ($response !== false && $httpCode >= 200 && $httpCode < 300) {
// Cache this working node
file_put_contents($cacheFile, json_encode(['node' => $node, 'time' => $now]));
echo $response;
exit;
}
$lastError = $curlError ?: "HTTP $httpCode";
}
// All nodes failed
http_response_code(502);
echo json_encode(['error' => 'All nodes unreachable', 'detail' => $lastError]);
Reference in New Issue View Git Blame Copy Permalink