32245fccdf
Remove v2 view-key payment monitor (privacy concern — nobody should enter their private view key on a website). Replace with TX proof verification where the sender provides TX Hash + TX Key from their wallet. The proof is cryptographically verified client-side and stored with the invoice for persistent "Paid" status. - Remove monitor.js and all view-key monitoring UI/logic - Add TX proof section: sender enters TX Hash + TX Key - Client-side verification via check_tx_key equivalent (noble-curves) - api/verify.php stores/retrieves payment proofs per invoice - Short URL redirect now includes invoice code for status lookup - Invoice link shows "Paid" badge once proof is verified - Deadline badges (7/14/30 days) for payment terms
87 lines
2.2 KiB
PHP
87 lines
2.2 KiB
PHP
<?php
|
|
/**
|
|
* TX Proof Storage API
|
|
* POST: Store verified payment proof for an invoice
|
|
* GET: Retrieve payment status for an invoice
|
|
*/
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
$dbFile = __DIR__ . '/../data/proofs.json';
|
|
$proofs = [];
|
|
if (file_exists($dbFile)) {
|
|
$proofs = json_decode(file_get_contents($dbFile), true) ?: [];
|
|
}
|
|
|
|
// GET: Retrieve proof
|
|
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
|
$code = $_GET['code'] ?? '';
|
|
if (empty($code) || !preg_match('/^[a-z0-9]{4,10}$/', $code)) {
|
|
echo json_encode(['verified' => false]);
|
|
exit;
|
|
}
|
|
|
|
if (isset($proofs[$code])) {
|
|
echo json_encode(array_merge(['verified' => true], $proofs[$code]));
|
|
} else {
|
|
echo json_encode(['verified' => false]);
|
|
}
|
|
exit;
|
|
}
|
|
|
|
// POST: Store proof
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
http_response_code(405);
|
|
echo json_encode(['error' => 'Method not allowed']);
|
|
exit;
|
|
}
|
|
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
if (!$input) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Invalid JSON']);
|
|
exit;
|
|
}
|
|
|
|
$code = $input['code'] ?? '';
|
|
$txHash = $input['tx_hash'] ?? '';
|
|
$amount = floatval($input['amount'] ?? 0);
|
|
$confirmations = intval($input['confirmations'] ?? 0);
|
|
|
|
// Validate
|
|
if (!preg_match('/^[a-z0-9]{4,10}$/', $code)) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Invalid code']);
|
|
exit;
|
|
}
|
|
if (!preg_match('/^[0-9a-fA-F]{64}$/', $txHash)) {
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'Invalid tx_hash']);
|
|
exit;
|
|
}
|
|
|
|
// Verify the short URL code exists
|
|
$urlsFile = __DIR__ . '/../data/urls.json';
|
|
if (!file_exists($urlsFile)) {
|
|
http_response_code(404);
|
|
echo json_encode(['error' => 'Invoice not found']);
|
|
exit;
|
|
}
|
|
$urls = json_decode(file_get_contents($urlsFile), true) ?: [];
|
|
if (!isset($urls[$code])) {
|
|
http_response_code(404);
|
|
echo json_encode(['error' => 'Invoice not found']);
|
|
exit;
|
|
}
|
|
|
|
// Store proof
|
|
$proofs[$code] = [
|
|
'tx_hash' => strtolower($txHash),
|
|
'amount' => $amount,
|
|
'confirmations' => $confirmations,
|
|
'verified_at' => time()
|
|
];
|
|
|
|
file_put_contents($dbFile, json_encode($proofs, JSON_PRETTY_PRINT));
|
|
echo json_encode(['ok' => true]);
|