HEX
Server: Apache
System: Linux vpshost11508.publiccloud.com.br 5.15.179-grsec-vpshost-10.lc.el8.x86_64 #1 SMP Mon Apr 7 12:04:45 -03 2025 x86_64
User: wicomm2 (10002)
PHP: 8.3.0
Disabled: apache_child_terminate,dl,escapeshellarg,escapeshellcmd,exec,link,mail,openlog,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_check_syntax,php_strip_whitespace,popen,proc_close,proc_open,shell_exec,symlink,system
$ pwd: /home/storage/5/78/dd/wicomm2/public_html/clientes/milon/shared-checkout/
Upload Files
File: /home/storage/5/78/dd/wicomm2/public_html/clientes/milon/shared-checkout/index.php
<?php

// ===============================
// CORS – liberar APENAS loja.milon.com.br
// ===============================
$allowedOrigin = 'https://loja.milon.com.br';

if (isset($_SERVER['HTTP_ORIGIN']) && $_SERVER['HTTP_ORIGIN'] === $allowedOrigin) {
    header("Access-Control-Allow-Origin: {$allowedOrigin}");
    header("Access-Control-Allow-Credentials: true");
}

header("Access-Control-Allow-Methods: GET, POST, PATCH, DELETE, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization");
header("Content-Type: application/json");

// ===============================
// DESABILITAR CACHE (browser + CDN)
// ===============================
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Expires: 0");
header("X-Cache-Disabled: true");

// ===============================
// Preflight (OPTIONS)
// ===============================
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit;
}

// ===============================
// CONFIGURAÇÃO VTEX
// ===============================
$VTEX_ACCOUNT = 'grupokyly';

// ===============================
// CURL PADRÃO VTEX (SEM CACHE)
// ===============================
function vtex_curl($url, $method, $body = null) {

    $ch = curl_init($url);

    $headers = [
        "Content-Type: application/json",
        "Cache-Control: no-cache",
        "Pragma: no-cache"
    ];

    curl_setopt_array($ch, [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_CUSTOMREQUEST => $method,
        CURLOPT_HTTPHEADER => $headers,
    ]);

    if ($body !== null) {
        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($body));
    }

    $response = curl_exec($ch);
    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

    curl_close($ch);

    return [
        'httpCode' => $httpCode,
        'response' => json_decode($response, true)
    ];
}

// ===============================
// VERIFICA SE O CARRINHO EXISTE
// ===============================
function cart_exists($email) {
    global $VTEX_ACCOUNT;

    // Encode seguro + quebra de cache
    $emailEncoded = rawurlencode($email);
    $timestamp = time();

    $url = "https://{$VTEX_ACCOUNT}.myvtex.com/api/dataentities/SC/search"
         . "?_where=email={$emailEncoded}"
         . "&_fields=id,email,product_ids,quantity,sellers"
         . "&_t={$timestamp}";

    $result = vtex_curl($url, 'GET');

    return [
        'email'  => $email,
        'exists' => !empty($result['response']),
        'data'   => $result['response']
    ];
}

// ===============================
// ROTAS
// ===============================
$method = $_SERVER['REQUEST_METHOD'];

// ---------- GET ----------
if ($method === "GET") {

    $email = $_GET['email'] ?? null;

    if (!$email) {
        http_response_code(400);
        echo json_encode(['error' => 'Parâmetro email é obrigatório']);
        exit;
    }

    $result = cart_exists($email);

    echo json_encode([
        'status'  => 'success',
        'method'  => 'GET',
        'email'   => $email,
        'exists'  => $result['exists'],
        'response'=> $result['data']
    ]);
    exit;

// ---------- POST ----------
} else if ($method === "POST") {

    $body = json_decode(file_get_contents("php://input"), true);

    $required = ['email', 'product_ids', 'quantity', 'sellers'];
    foreach ($required as $field) {
        if (empty($body[$field])) {
            http_response_code(400);
            echo json_encode(['error' => "Campo obrigatório: {$field}"]);
            exit;
        }
    }

    $url = "https://{$VTEX_ACCOUNT}.myvtex.com/api/dataentities/SC/documents";

    $payload = [
        'email'       => $body['email'],
        'product_ids' => $body['product_ids'],
        'quantity'    => $body['quantity'],
        'sellers'     => $body['sellers']
    ];

    $result = vtex_curl($url, 'POST', $payload);

    http_response_code($result['httpCode']);
    echo json_encode($result);
    exit;

// ---------- PATCH ----------
} else if ($method === "PATCH") {

    $body = json_decode(file_get_contents("php://input"), true);

    if (empty($body['id'])) {
        http_response_code(400);
        echo json_encode(['error' => 'ID é obrigatório']);
        exit;
    }

    $id = $body['id'];
    unset($body['id']);

    $url = "https://{$VTEX_ACCOUNT}.myvtex.com/api/dataentities/SC/documents/{$id}";

    $result = vtex_curl($url, 'PATCH', $body);

    http_response_code($result['httpCode']);
    echo json_encode($result);
    exit;

// ---------- DELETE ----------
} else if ($method === "DELETE") {

    $id = $_GET['id'] ?? null;

    if (!$id) {
        http_response_code(400);
        echo json_encode(['error' => 'ID é obrigatório']);
        exit;
    }

    $url = "https://{$VTEX_ACCOUNT}.myvtex.com/api/dataentities/SC/documents/{$id}";

    vtex_curl($url, 'DELETE');

    echo json_encode([
        'status' => 'success',
        'deleted_id' => $id
    ]);
    exit;

// ---------- MÉTODO INVÁLIDO ----------
} else {

    http_response_code(405);
    echo json_encode([
        'status'  => 'error',
        'message' => 'Método não permitido'
    ]);
}
@ Telegram