Merge pull request #1 from walid-khalafi/feature/config-security-and-core-refactor

aminrpg · web-flow · commit 041088bb8611 · 2025-08-11T16:29:46.000+03:30
Feature/config security and core refactor
diff --git a/.htaccess b/.htaccess
@@ -1,6 +1,48 @@
+# ---------------------------------------------------------
+# Enable Apache mod_rewrite for clean and dynamic URL handling
+# ---------------------------------------------------------
 RewriteEngine On
+
+# ---------------------------------------------------------
+# Define the base URL path for the rewrite rules
+# Adjust this if the project is in a subfolder (e.g., /myapp/)
+# ---------------------------------------------------------
 RewriteBase /
+
+# ---------------------------------------------------------
+# Prevent rewriting the index.php file itself
+# This ensures direct access to index.php remains unchanged
+# ---------------------------------------------------------
 RewriteRule ^index\.php$ - [L]
+
+# ---------------------------------------------------------
+# Condition: Requested resource does NOT match an existing file
+# ---------------------------------------------------------
 RewriteCond %{REQUEST_FILENAME} !-f
+
+# ---------------------------------------------------------
+# Condition: Requested resource does NOT match an existing directory
+# ---------------------------------------------------------
 RewriteCond %{REQUEST_FILENAME} !-d
+
+# ---------------------------------------------------------
+# Redirect all other requests to index.php
+# This allows a single PHP entry point to handle routing
+# ---------------------------------------------------------
 RewriteRule . /index.php [L]
+
+# =========================================================
+# Additional Security Headers (Optional but Recommended)
+# =========================================================
+
+# Prevent MIME type sniffing by browsers
+Header set X-Content-Type-Options "nosniff"
+
+# Disallow embedding the site in iframes to prevent clickjacking
+Header set X-Frame-Options "DENY"
+
+# Enforce secure HTTP Referrer Policy
+Header always set Referrer-Policy "no-referrer-when-downgrade"
+
+# Mitigate some cross-site scripting (XSS) attacks
+Header set X-XSS-Protection "1; mode=block"
diff --git a/README.md b/README.md
@@ -1,3 +1,53 @@
-# TelegramRobotsProxy
+# 🤖 Telegram Robots Proxy
 
-this Script retranslates queries to telegram bot API
+A lightweight PHP script that acts as a **proxy layer** between your client application and the official **Telegram Bot API**.  
+It receives incoming requests, processes them, and forwards them to the Telegram servers — useful for adding custom logging, security layers, or bypassing access restrictions.
+
+---
+
+## ✨ Features
+- **Proxy functionality** for Telegram Bot API requests
+- Easy to deploy on any server with PHP & Apache
+- Supports clean URLs via `.htaccess` rewrite rules
+- BSD-3-Clause licensed for flexible use
+
+---
+
+## 📂 Project Structure
+├── index.php      # Core proxy script 
+├── .htaccess      # URL rewrite and security headers 
+├── LICENSE        # BSD-3-Clause license 
+└── README.md      # Project documentation
+
+
+## 🚀 Getting Started
+
+### 1. Requirements
+- PHP 7.4+  
+- Apache with `mod_rewrite` enabled
+### 2. Installation
+Clone the repository into your web server's root:
+```bash
+git clone https://github.com/walid-khalafi/TelegramRobotsProxy.git
+cd TelegramRobotsProxy
+
+
+### 3. Configuration
+Edit config.php (create if not present) to set:
+- Your Telegram Bot Token
+- Telegram API endpoint
+- Optional: IP whitelist or API Key
+
+
+### 4. Deployment
+Upload the project to your hosting environment and ensure .htaccess is active.
+
+
+# 🛡 Security Recommendations
+- Restrict access by IP or authentication
+- Enable HTTPS on your server
+- Log requests and mask sensitive data
+
+
+#💡 Contributing
+Contributions are welcome! Fork the repository, make your changes in a feature branch, and submit a Pull Request.
diff --git a/index.php b/index.php
@@ -1,103 +1,157 @@
-<?php 
+<?php
 /**
- * Script retranslates queries to telegram bot API
+ * Telegram API Proxy
+ * -------------------
+ * Acts as a middle layer between the client and Telegram Bot API.
+ * Intercepts incoming HTTP requests and forwards them to the Telegram servers,
+ * optionally logging request/response details for debugging or analytics.
  */
+
 class TelegramApiProxy {
-	private $url;
-	private $ch;
-	private $log = false;
-
-	public function __construct(){
-		$this->getUrl();
-		$this->initCurl();
-	}
-
-	public function setLog(bool $log){
-		$this->log = $log;
-	}
-
-	private function log(string $m){
-		if(!$this->log) return;
-		file_put_contents('proxy.log', $m . PHP_EOL, FILE_APPEND);
-	}
-
-	public function start(){
-		$this->log('[' . date('Y-m-d H:i:s') . '] Query init. URL: ' . $this->url);
-		$this->sendRequest();
-
-		$response = curl_exec($this->ch);
-		$debug = curl_getinfo($this->ch);
-		$this->log('Response headers: code=' . $debug['http_code'] . '; content_type=' . $debug['content_type'] . '; size_upload=' . $debug['size_upload'] . '; size_download=' . $debug['size_upload'] . ';');
-		$this->log('Response body: ' . $response);
-		$this->log(' ');
-
-		$this->sendResponse($response, $debug['content_type'], $debug['http_code']);
-	}
-
-	private function sendResponse(string $response, string $type, int $code){
-		header('Content-type: ' . $type, $code);
-		die($response);
-	}
-
-	public function getUrl(){
-		$dir = dirname($_SERVER['SCRIPT_NAME']); // detect path to dir
-		if(strpos($_SERVER['REQUEST_URI'], $dir) === 0){
-			$uri = substr($_SERVER['REQUEST_URI'], strlen($dir));
-		} else {
-			$uri = $_SERVER['REQUEST_URI'];
-		}
-
-		if(substr($uri, 0, 1) != '/'){
-			$uri = '/' . $uri;
-		}
-		
-		return $this->url = "https://api.telegram.org" . $uri;
-	}
-
-	private function initCurl(){
-		$this->ch = curl_init($this->url);
-		curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, true);			
-		return $this->ch;
-	}
-
-	private function sendRequest(){
-		$method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
-		$method = 'GET';
-		
-		$this->log('HTTP Request: ' . $method);
-
-		$this->log('HTTP Request2: ' . file_get_contents('php://input'));
-		
-		if($method == 'POST' || file_get_contents('php://input')!='' || sizeof($_POST)>0){
-			curl_setopt($this->ch, CURLOPT_POST, true);
-		
-			if(sizeof($_FILES) > 0){
-				$post = [];
-				foreach ($_FILES as $name => $file) {
-					$post[$name] = new CURLFile($file['tmp_name'], $file['type'], $file['name']);	
-				}
-
-				foreach ($_POST as $name => $value) {
-					$post[$name] = $value;	
-				}
-
-			} else {
-				$post = file_get_contents('php://input');
-				$ct = $_SERVER['HTTP_CONTENT_TYPE'] ?? $_SERVER['CONTENT_TYPE'];
-				curl_setopt($this->ch, CURLOPT_HTTPHEADER, ['Content-type: ' . $ct]);
-			}
-			
-            $this->log('Send To Telegram HTTP Request body: ' . json_encode($post,JSON_UNESCAPED_UNICODE ));
-			curl_setopt($this->ch, CURLOPT_POSTFIELDS, $post);
-			$this->log('Send data: ' . var_export($post, true));
-
-		} else {
-			curl_setopt($this->ch, CURLOPT_CUSTOMREQUEST, $method);
-		}
-	}
+    /** @var string Fully qualified API request URL */
+    private $url;
+
+    /** @var resource cURL handler */
+    private $ch;
+
+    /** @var bool Enable/disable request logging */
+    private $log = false;
+
+    /**
+     * Constructor:
+     * - Detects target URL
+     * - Initializes cURL session
+     */
+    public function __construct() {
+        $this->getUrl();
+        $this->initCurl();
+    }
+
+    /**
+     * Enable or disable logging.
+     * @param bool $log
+     */
+    public function setLog(bool $log) {
+        $this->log = $log;
+    }
+
+    /**
+     * Append message to log file if logging is enabled.
+     * @param string $m
+     */
+    private function log(string $m) {
+        if (!$this->log) return;
+        file_put_contents('proxy.log', $m . PHP_EOL, FILE_APPEND);
+    }
+
+    /**
+     * Main request handler:
+     * - Logs initialization
+     * - Prepares and sends the request
+     * - Handles the response
+     */
+    public function start() {
+        $this->log('[' . date('Y-m-d H:i:s') . '] Query init. URL: ' . $this->url);
+        $this->sendRequest();
+
+        $response = curl_exec($this->ch);
+        $debug = curl_getinfo($this->ch);
+
+        $this->log(sprintf(
+            'Response headers: code=%d; content_type=%s; size_upload=%d; size_download=%d;',
+            $debug['http_code'] ?? 0,
+            $debug['content_type'] ?? '',
+            $debug['size_upload'] ?? 0,
+            $debug['size_download'] ?? 0
+        ));
+
+        $this->log('Response body: ' . $response);
+        $this->log(str_repeat('-', 50));
+
+        $this->sendResponse($response, $debug['content_type'] ?? 'application/json', $debug['http_code'] ?? 200);
+    }
+
+    /**
+     * Send the HTTP response back to client with correct headers.
+     * @param string $response
+     * @param string $type
+     * @param int $code
+     */
+    private function sendResponse(string $response, string $type, int $code) {
+        http_response_code($code);
+        header('Content-Type: ' . $type);
+        echo $response;
+        exit;
+    }
+
+    /**
+     * Construct full Telegram API URL based on incoming request URI.
+     * @return string
+     */
+    public function getUrl() {
+        $dir = dirname($_SERVER['SCRIPT_NAME']); // Detect script directory
+        if (strpos($_SERVER['REQUEST_URI'], $dir) === 0) {
+            $uri = substr($_SERVER['REQUEST_URI'], strlen($dir));
+        } else {
+            $uri = $_SERVER['REQUEST_URI'];
+        }
+
+        if (substr($uri, 0, 1) !== '/') {
+            $uri = '/' . $uri;
+        }
+
+        return $this->url = "https://api.telegram.org" . $uri;
+    }
+
+    /**
+     * Initialize cURL session for the prepared URL.
+     * @return resource
+     */
+    private function initCurl() {
+        $this->ch = curl_init($this->url);
+        curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, true);
+        return $this->ch;
+    }
+
+    /**
+     * Prepare and send the HTTP request to Telegram API.
+     */
+    private function sendRequest() {
+        $method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
+        $this->log('HTTP Request: ' . $method);
+        $rawInput = file_get_contents('php://input');
+        $this->log('HTTP Raw Input: ' . $rawInput);
+
+        if ($method === 'POST' || $rawInput !== '' || !empty($_POST)) {
+            curl_setopt($this->ch, CURLOPT_POST, true);
+
+            if (!empty($_FILES)) {
+                // Prepare file uploads
+                $post = [];
+                foreach ($_FILES as $name => $file) {
+                    $post[$name] = new CURLFile($file['tmp_name'], $file['type'], $file['name']);
+                }
+                foreach ($_POST as $name => $value) {
+                    $post[$name] = $value;
+                }
+            } else {
+                // Forward raw POST body (e.g., JSON payload)
+                $post = $rawInput;
+                $ct = $_SERVER['HTTP_CONTENT_TYPE'] ?? $_SERVER['CONTENT_TYPE'] ?? 'application/json';
+                curl_setopt($this->ch, CURLOPT_HTTPHEADER, ['Content-Type: ' . $ct]);
+            }
+
+            $this->log('Send To Telegram HTTP Request body: ' . json_encode($post, JSON_UNESCAPED_UNICODE));
+            curl_setopt($this->ch, CURLOPT_POSTFIELDS, $post);
+        } else {
+            curl_setopt($this->ch, CURLOPT_CUSTOMREQUEST, $method);
+        }
+    }
 }
 
-$proxy = new TelegramApiProxy;
-$proxy->setLog(false); // use logs only for debug
-$proxy->start();
-?>
+// -------------------------------------------------------------
+// Bootstrap
+// -------------------------------------------------------------
+$proxy = new TelegramApiProxy();
+$proxy->setLog(false); // Enable (true) only for debugging
+$proxy->start();
