security: clean repository without media files and sensitive data

- Removed area/ directory with 816MB of media files - Removed sensitive FTP credentials from Git history - Implemented .env.upload system for secure deployments - Added comprehensive .gitignore for future protection This commit represents a clean slate with all sensitive data removed.
2025-09-07 11:05:29 +02:00
commit b4758b4f26
61 changed files with 23829 additions and 0 deletions
--- a/backend/public/index.php
+++ b/backend/public/index.php
@@ -0,0 +1,33 @@
+<?php
+// CORS-Header für alle API-Routen setzen
+if (preg_match('#^/api/#', $_SERVER['REQUEST_URI'])) {
+    header('Access-Control-Allow-Origin: *');
+    header('Access-Control-Allow-Headers: Content-Type, Authorization');
+    header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
+    if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+        http_response_code(200);
+        exit;
+    }
+}
+// Statische Auslieferung von /area/...
+if (preg_match('#^/area/#', $_SERVER['REQUEST_URI'])) {
+    $relPath = str_replace('/area', '', parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH));
+    // URL-decode für Sonderzeichen wie +
+    $relPath = urldecode($relPath);
+    $file = realpath(__DIR__ . '/../../area' . $relPath);
+    $base = realpath(__DIR__ . '/../../area');
+    
+    if ($file && is_file($file) && strpos($file, $base) === 0) {
+        $mime = mime_content_type($file);
+        header('Access-Control-Allow-Origin: *');
+        header('Content-Type: ' . $mime);
+        readfile($file);
+        exit;
+    }
+}
+
+// Einstiegspunkt für die PHP-API
+require_once __DIR__ . '/../src/Core/Application.php';
+
+$app = new Application();
+$app->run();