diff --git a/core/router.php b/core/router.php index 5e4aa5c..06e23c5 100644 --- a/core/router.php +++ b/core/router.php @@ -5,6 +5,7 @@ if ($api_class == 'admin') { // 处理管理员请求 // ... } else { + http_response_code(401) echo json_encode(['error' => 'Unauthorized', 'code' => 401]); exit; } @@ -15,6 +16,7 @@ elseif ($api_class != 'admin') { // 处理已登录用户请求 // ... } else { + http_response_code(401) echo json_encode(['error' => 'Unauthorized', 'code' => 401]); exit; } diff --git a/index.php b/index.php index d7fce03..9635a52 100644 --- a/index.php +++ b/index.php @@ -1,19 +1,44 @@ - 'Home page')); + exit(); +} +// 验证输入是否符合预期格式 +elseif (!preg_match('/^[a-zA-Z0-9_]+$/', $api_class) || !preg_match('/^[a-zA-Z0-9_]+$/', $api)) { + http_response_code(400); // Bad Request + echo json_encode(array('error' => 'Invalid input')); + exit(); +} + +// 构建文件路径 +$file_path = 'includes/' . $api_class . '/' . $api . '.php'; + +// 检查文件是否存在 +if (!file_exists($file_path)) { + http_response_code(404); // Not Found + echo json_encode(array('error' => '404 Not Found', 'message' => 'The requested resource could not be found')); + exit(); +} + +// 如果不是 public API,则启用路由 if ($api_class != 'public') { include 'core/login_router.php'; } -header("Content-Type: application/json"); -include 'includes/' . $api_class . '/' . $api . '.php'; - +// 包含文件 +include $file_path; +?> \ No newline at end of file