remove unused tg-relay.php — duplicate of CF Worker, no callers in 50 days
PHP relay was created 2026-03-15, exposed POST /api/tg-relay.php with X-Relay-Secret auth, forwarding to api.telegram.org directly. Access logs showed 4 hits total, all from 79.111.12.36 (developer test) on 2026-03-15 within ~40s, then never again. All actual contact forms (vgrf.ru, moovg.ru, sag24.ru, hhivp.com) already use the CF Worker tg-relay.it-resheniya-2018.workers.dev which is the correct path through TSPU РКН blocks. PHP relay was redundant + leaked an RU-IP egress to api.telegram.org.
This commit is contained in:
@@ -1,46 +0,0 @@
|
|||||||
<?php
|
|
||||||
header('Content-Type: application/json');
|
|
||||||
|
|
||||||
// Secret token to prevent abuse
|
|
||||||
$SECRET = 'HhivpTgRelay2026';
|
|
||||||
$auth = $_SERVER['HTTP_X_RELAY_SECRET'] ?? '';
|
|
||||||
if ($auth !== $SECRET) {
|
|
||||||
http_response_code(403);
|
|
||||||
echo json_encode(['error' => 'Forbidden']);
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
||||||
http_response_code(405);
|
|
||||||
echo json_encode(['error' => 'Method not allowed']);
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
$data = json_decode(file_get_contents('php://input'), true);
|
|
||||||
if (!$data || empty($data['bot_token']) || empty($data['chat_id']) || empty($data['text'])) {
|
|
||||||
http_response_code(400);
|
|
||||||
echo json_encode(['error' => 'Missing required fields']);
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
$bot_token = $data['bot_token'];
|
|
||||||
$payload = json_encode([
|
|
||||||
'chat_id' => $data['chat_id'],
|
|
||||||
'text' => $data['text'],
|
|
||||||
'parse_mode' => $data['parse_mode'] ?? 'HTML',
|
|
||||||
]);
|
|
||||||
|
|
||||||
$ch = curl_init("https://api.telegram.org/bot{$bot_token}/sendMessage");
|
|
||||||
curl_setopt_array($ch, [
|
|
||||||
CURLOPT_POST => true,
|
|
||||||
CURLOPT_POSTFIELDS => $payload,
|
|
||||||
CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
|
|
||||||
CURLOPT_RETURNTRANSFER => true,
|
|
||||||
CURLOPT_TIMEOUT => 10,
|
|
||||||
]);
|
|
||||||
$result = curl_exec($ch);
|
|
||||||
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|
||||||
curl_close($ch);
|
|
||||||
|
|
||||||
http_response_code($httpCode);
|
|
||||||
echo $result;
|
|
||||||
Reference in New Issue
Block a user