sbgg.jetzt/api/newsletter/verify.php

<?php
	declare(strict_types = 1);
	namespace Kimendisch\Sbgg_Jetzt;
	use Flake\Excuse;
	
	// CHECK CSRF PROTECTION //
	$x_cookieless_csrf_protection = getallheaders()["x-cookieless-csrf-protection"] ?? null;
	if($x_cookieless_csrf_protection !== "42"){
		// show an excuse page
		Excuse::show("invalid_csrf_token");
	}
	
	
	// DECODE REQUEST //
	// get json string
	$json_body = file_get_contents("php://input");
	if(strlen($json_body) <= 0){
		http_response_code(400);
		echo("malformed request body");
		die();
	}
	
	// try decoding json
	$request = json_decode($json_body, true);
	if(json_last_error() != JSON_ERROR_NONE){
		http_response_code(400);
		echo("malformed request body");
		die();
	}
	
	
	// VALIDATE VALUES //
	// mail address
	$mail_address = $request["mail_address"] ?? "";
	if(!is_string($mail_address)){
		http_response_code(400);
		echo("invalid mail address");
		die();
	}
	if(!preg_match("/^[a-zA-Z0-9\.\-\_\+]+@([a-z0-9\-]+\.)+[a-z0-9\-]{2,}$/", $mail_address)){
		http_response_code(400);
		echo("invalid mail address");
		die();
	}
	
	// language
	$language = $request["language"] ?? "";
	if(!in_array($language, ["de", "en"])){
		http_response_code(400);
		echo("invalid language");
		die();
	}
	
	
	// VERIFY //
	// make sure session isn't locked
	if(extension_loaded("session")) session_write_close();
	
	// acquire runlock
	ignore_user_abort(true);
	
	// add verify job to queue
	Newsletter::verify(mail_address: $mail_address, language: $language);
	
	// positive response
	http_response_code(200);
	echo(json_encode([
		"success" => true
	]));
	
	
	// EXECUTE WORK //
	// close connection
	Newsletter::api_helper_http_close_connection();
	
	// execute queued work
	Newsletter::queue_work();
?>