first commit

public/.htaccess

@@ -0,0 +1,3 @@
+RewriteEngine On
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^ index.php [QSA,L]

public/index.php

@@ -0,0 +1,102 @@
+<?php
+
+ini_set('display_startup_errors', '0');
+ini_set('display_errors', '0');
+
+function proxy_env($name, $default)
+{
+    $value = getenv($name);
+    return $value === false || $value === '' ? $default : $value;
+}
+
+function proxy_json($statusCode, $payload)
+{
+    http_response_code($statusCode);
+    header('Content-Type: application/json');
+    echo json_encode($payload);
+    exit;
+}
+
+function proxy_header($name)
+{
+    $key = 'HTTP_'.strtoupper(str_replace('-', '_', $name));
+    return isset($_SERVER[$key]) ? $_SERVER[$key] : '';
+}
+
+$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
+$endpoint = ltrim($path, '/');
+
+if ($endpoint === '' || $endpoint === 'healthz') {
+    proxy_json(200, array('status' => 1, 'msg' => 'SPOTA proxy is running'));
+}
+
+$endpoint = basename($endpoint);
+$allowedEndpoints = array_filter(array_map('trim', explode(',', proxy_env('SPOTA_ALLOWED_ENDPOINTS', 'login.php'))));
+
+if (!in_array($endpoint, $allowedEndpoints, true)) {
+    proxy_json(404, array('status' => 0, 'msg' => 'Endpoint not allowed'));
+}
+
+$token = proxy_env('PROXY_TOKEN', '');
+if ($token !== '') {
+    $providedToken = proxy_header('X-Proxy-Token');
+    if ($providedToken === '' && isset($_GET['proxy_token'])) {
+        $providedToken = $_GET['proxy_token'];
+        unset($_GET['proxy_token']);
+    }
+
+    if (!hash_equals($token, $providedToken)) {
+        proxy_json(401, array('status' => 0, 'msg' => 'Unauthorized'));
+    }
+}
+
+$baseUrl = rtrim(proxy_env('SPOTA_BASE_URL', 'https://spota.untan.ac.id/steven/API'), '/');
+$targetUrl = $baseUrl.'/'.$endpoint;
+
+if (!empty($_GET)) {
+    $targetUrl .= '?'.http_build_query($_GET);
+}
+
+$method = strtoupper($_SERVER['REQUEST_METHOD']);
+$body = file_get_contents('php://input');
+$headers = array('Accept: application/json');
+$contentType = isset($_SERVER['CONTENT_TYPE']) ? trim($_SERVER['CONTENT_TYPE']) : '';
+
+if ($contentType !== '') {
+    $headers[] = 'Content-Type: '.$contentType;
+}
+
+$ch = curl_init($targetUrl);
+curl_setopt_array($ch, array(
+    CURLOPT_RETURNTRANSFER => true,
+    CURLOPT_CONNECTTIMEOUT => (int) proxy_env('CONNECT_TIMEOUT', '10'),
+    CURLOPT_TIMEOUT => (int) proxy_env('REQUEST_TIMEOUT', '30'),
+    CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,
+    CURLOPT_HTTPHEADER => $headers,
+));
+
+if ($method === 'POST') {
+    curl_setopt($ch, CURLOPT_POST, true);
+    curl_setopt($ch, CURLOPT_POSTFIELDS, $body !== '' ? $body : http_build_query($_POST));
+} elseif ($method !== 'GET') {
+    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
+    if ($body !== '') {
+        curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
+    }
+}
+
+$response = curl_exec($ch);
+
+if ($response === false) {
+    error_log('SPOTA proxy failed for '.$endpoint.': '.curl_error($ch));
+    curl_close($ch);
+    proxy_json(502, array('status' => 0, 'msg' => 'Tidak dapat terhubung ke server SPOTA.'));
+}
+
+$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+$responseType = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
+curl_close($ch);
+
+http_response_code($httpCode > 0 ? $httpCode : 200);
+header('Content-Type: '.($responseType !== null && $responseType !== '' ? $responseType : 'application/json'));
+echo $response;

public/login.php

@@ -0,0 +1,3 @@
+<?php
+
+require __DIR__.'/index.php';