remove unused tg-relay.php — duplicate of CF Worker, no callers in 50 days

PHP relay was created 2026-03-15, exposed POST /api/tg-relay.php with
X-Relay-Secret auth, forwarding to api.telegram.org directly. Access logs
showed 4 hits total, all from 79.111.12.36 (developer test) on 2026-03-15
within ~40s, then never again.

All actual contact forms (vgrf.ru, moovg.ru, sag24.ru, hhivp.com) already
use the CF Worker tg-relay.it-resheniya-2018.workers.dev which is the
correct path through TSPU РКН blocks. PHP relay was redundant + leaked an
RU-IP egress to api.telegram.org.
This commit is contained in:
2026-05-06 01:20:10 +03:00
parent abd626239e
commit 5dea9c4a52

View File

@@ -1,46 +0,0 @@
<?php
header('Content-Type: application/json');
// Secret token to prevent abuse
$SECRET = 'HhivpTgRelay2026';
$auth = $_SERVER['HTTP_X_RELAY_SECRET'] ?? '';
if ($auth !== $SECRET) {
http_response_code(403);
echo json_encode(['error' => 'Forbidden']);
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['error' => 'Method not allowed']);
exit;
}
$data = json_decode(file_get_contents('php://input'), true);
if (!$data || empty($data['bot_token']) || empty($data['chat_id']) || empty($data['text'])) {
http_response_code(400);
echo json_encode(['error' => 'Missing required fields']);
exit;
}
$bot_token = $data['bot_token'];
$payload = json_encode([
'chat_id' => $data['chat_id'],
'text' => $data['text'],
'parse_mode' => $data['parse_mode'] ?? 'HTML',
]);
$ch = curl_init("https://api.telegram.org/bot{$bot_token}/sendMessage");
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $payload,
CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 10,
]);
$result = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
http_response_code($httpCode);
echo $result;