ff14-mitigator/config.php

<?php

function load_env_file(string $path): void {
    if (!is_file($path)) return;

    foreach (file($path, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) ?: [] as $line) {
        $line = trim($line);
        if ($line === '' || str_starts_with($line, '#')) continue;

        [$key, $value] = array_pad(explode('=', $line, 2), 2, '');
        $key = trim($key);
        if ($key === '') continue;

        $value = trim($value);
        if (
            strlen($value) >= 2
            && (($value[0] === '"' && $value[-1] === '"') || ($value[0] === "'" && $value[-1] === "'"))
        ) {
            $value = substr($value, 1, -1);
        }

        $_ENV[$key] = $value;
        putenv($key . '=' . $value);
    }
}

function env_value(string $key, ?string $default = null): string {
    $value = $_ENV[$key] ?? getenv($key);
    if ($value === false || $value === null || $value === '') {
        if ($default !== null) return $default;
        throw new RuntimeException('Missing required environment value: ' . $key);
    }
    return (string)$value;
}

function env_bool(string $key, bool $default = false): bool {
    $value = strtolower(env_value($key, $default ? 'true' : 'false'));
    return in_array($value, ['1', 'true', 'yes', 'on'], true);
}

load_env_file(__DIR__ . '/.env');

define('DEV_MODE',      env_bool('DEV_MODE'));
define('CLIENT_ID',     env_value('CLIENT_ID'));
define('REDIRECT_URI',  env_value('REDIRECT_URI'));
define('AUTHORIZE_URI', env_value('AUTHORIZE_URI'));
define('TOKEN_URI',     env_value('TOKEN_URI'));
define('GRAPHQL_URI',   env_value('GRAPHQL_URI'));

function session_start_safe(): void {
    if (session_status() === PHP_SESSION_NONE) {
        session_set_cookie_params([
            'lifetime' => 0,
            'path'     => '/',
            'secure'   => false, // set to true in production (HTTPS)
            'httponly' => true,
            'samesite' => 'Lax',
        ]);
        session_start();
    }
}

function default_return_path(): string {
    $script = str_replace('\\', '/', $_SERVER['SCRIPT_NAME'] ?? '/index.php');
    $base   = rtrim(dirname(dirname($script)), '/');
    return ($base === '' ? '' : $base) . '/index.php';
}

function safe_return_path(?string $value): string {
    $value = trim((string)$value);
    if ($value === '') return default_return_path();

    $parts = parse_url($value);
    if ($parts === false) return default_return_path();
    if (isset($parts['host'])) {
        $currentHost = strtolower(explode(':', $_SERVER['HTTP_HOST'] ?? '')[0]);
        if (strtolower($parts['host']) !== $currentHost) return default_return_path();
    } elseif (str_starts_with($value, '//')) {
        return default_return_path();
    }

    $path = $parts['path'] ?? '';
    if ($path === '') $path = default_return_path();
    if ($path[0] !== '/') $path = '/' . ltrim($path, '/');

    $query = isset($parts['query']) ? '?' . $parts['query'] : '';
    return $path . $query;
}

function current_return_path(): string {
    return safe_return_path($_SERVER['REQUEST_URI'] ?? null);
}

function auth_start_href(?string $returnPath = null): string {
    return 'auth/start.php?return=' . rawurlencode($returnPath ?? current_return_path());
}