From efa73e027a2a41424eeb0ae806674bd85e218010 Mon Sep 17 00:00:00 2001
From: Last2014 <info@last2014.com>
Date: Sun, 14 Sep 2025 19:56:03 +0900
Subject: [PATCH] =?UTF-8?q?API=E3=83=88=E3=83=BC=E3=82=AF=E3=83=B3?=
 =?UTF-8?q?=E3=81=AE=E7=85=A7=E4=BC=9A=E3=82=A8=E3=83=B3=E3=83=89=E3=83=9D?=
 =?UTF-8?q?=E3=82=A4=E3=83=B3=E3=83=88=E3=82=92=E4=BD=9C=E6=88=90=E3=83=BB?=
 =?UTF-8?q?=E8=AA=A4=E3=81=A3=E3=81=9FHTTP=E3=83=AC=E3=82=B9=E3=83=9D?=
 =?UTF-8?q?=E3=83=B3=E3=82=B9=E3=82=B3=E3=83=BC=E3=83=89=E3=82=92=E4=BF=AE?=
 =?UTF-8?q?=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 api/token/inquiry.php        | 108 +++++++++++++++++++++++++++++++++++
 api/ueuse/bookmark/index.php |   2 +-
 api/ueuse/delete.php         |   2 +-
 3 files changed, 110 insertions(+), 2 deletions(-)
 create mode 100644 api/token/inquiry.php

diff --git a/api/token/inquiry.php b/api/token/inquiry.php
new file mode 100644
index 0000000..2a9775f
--- /dev/null
+++ b/api/token/inquiry.php
@@ -0,0 +1,108 @@
+<?php
+
+$domain = $_SERVER['HTTP_HOST'];
+require(__DIR__ . '/../../db.php');
+require(__DIR__ . "/../../function/function.php");
+blockedIP($_SERVER['REMOTE_ADDR']);
+
+header("Content-Type: application/json; charset=utf-8");
+header("Access-Control-Allow-Origin: *");
+
+
+
+$pdo = null;
+try {
+    $option = array(
+        PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+        PDO::MYSQL_ATTR_MULTI_STATEMENTS => false
+    );
+    $pdo = new PDO('mysql:charset=utf8mb4;dbname='.DB_NAME.';host='.DB_HOST , DB_USER, DB_PASS, $option);
+} catch(PDOException $e) {
+    // 接続エラーのときエラー内容を取得する
+    $error_message[] = $e->getMessage();
+}
+
+$Get_Post_Json = file_get_contents("php://input");
+if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
+    // トークン取得
+    $token = getAPIToken();
+    if($token == "_ERR:INPUT_NOT_FOUND"){
+        $err = "input_not_found";
+        $response = array(
+            'error_code' => $err,
+            'success' => false
+        );
+        http_response_code(401);
+        echo json_encode($response, JSON_UNESCAPED_UNICODE);
+        exit;
+    }
+    if($token == "_ERR:FORMAT_FIFFERENT"){
+        $err = "token_invalid";
+        $response = array(
+            'error_code' => $err,
+            'success' => false
+        );
+        http_response_code(403);
+        echo json_encode($response, JSON_UNESCAPED_UNICODE);
+        exit;
+    }
+
+    session_start();
+    
+    if( !empty($pdo) ) {
+        $tokenQuery = $pdo->prepare("SELECT userid, scope FROM api WHERE token = :token");
+        $tokenQuery->bindValue(':token', $token);
+        $tokenQuery->execute();
+        $tokenData = $tokenQuery->fetch();
+        
+        if(!(empty($tokenData["userid"]))){
+            $allow_scope = array_unique(array_map('trim', explode(",", $tokenData["scope"])));
+            $userdata = getUserData($pdo, $tokenData["userid"]);
+            
+            $response = array(
+                'allow_scopes' => $allow_scope,
+                'username' => decode_yajirushi(htmlspecialchars_decode($userdata["username"])),
+                'userid' => decode_yajirushi(htmlspecialchars_decode($userdata["userid"])),
+                'success' => true
+            );
+            echo json_encode($response, JSON_UNESCAPED_UNICODE);
+        }else{
+            $userQuery = $pdo->prepare("SELECT * FROM account WHERE token = :token");
+            $userQuery->bindValue(':token', $token);
+            $userQuery->execute();
+            $userData = $userQuery->fetch();
+    
+            if(empty($userData["userid"])){
+                $response = array(
+                    'error_code' => 'token_invalid',
+                    'success' => false
+                );
+                http_response_code(403);
+                echo json_encode($response, JSON_UNESCAPED_UNICODE);
+            }elseif($userData["role"] === "ice"){
+                $response = array(
+                    'error_code' => 'this_account_has_been_frozen',
+                    'success' => false
+                );
+                http_response_code(400);
+                echo json_encode($response, JSON_UNESCAPED_UNICODE);
+            }else{
+                $response = array(
+                    'error_code' => 'could_not_complete',
+                    'success' => false
+                );
+                http_response_code(500);
+                echo json_encode($response, JSON_UNESCAPED_UNICODE);
+            }
+        }
+    }
+}else{
+    $err = "input_not_found";
+    $response = array(
+        'error_code' => $err,
+        'success' => false
+    );
+    http_response_code(401);
+    echo json_encode($response, JSON_UNESCAPED_UNICODE);
+}
+?>
diff --git a/api/ueuse/bookmark/index.php b/api/ueuse/bookmark/index.php
index e57800b..7360137 100644
--- a/api/ueuse/bookmark/index.php
+++ b/api/ueuse/bookmark/index.php
@@ -197,7 +197,7 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
                     'error_code' => $err,
                     'success' => false
                 );
-                http_response_code(400);
+                http_response_code(500);
                 echo json_encode($response, JSON_UNESCAPED_UNICODE);
             }
         }else{
diff --git a/api/ueuse/delete.php b/api/ueuse/delete.php
index 9f39245..d9a900a 100644
--- a/api/ueuse/delete.php
+++ b/api/ueuse/delete.php
@@ -88,7 +88,7 @@ if(isset($_GET['token']) || (!(empty($Get_Post_Json)))) {
                         'userid' => decode_yajirushi(htmlspecialchars_decode($userData["userid"])),
                         'success' => false
                     );
-                    http_response_code(400);
+                    http_response_code(500);
                     echo json_encode($response, JSON_UNESCAPED_UNICODE);
                     exit;
                 }