KI Chat Bubble

Profice WebSite/scripts/add/flowise-proxy.php

@@ -0,0 +1,68 @@
+<?php
+/**
+ * Flowise Chat Proxy — credentials hidden server-side
+ * Called via .htaccess rewrite: /api/v1/prediction/* → this file
+ */
+
+// SENSITIVE — never expose these in client-side JS
+$FLOWISE_HOST     = 'https://flowise.profice.de';
+$FLOWISE_CHATFLOW = 'd63d3d02-b5fa-482c-9161-c21c615fb625';
+
+// CORS — restrict to your domain in production
+$allowedOrigins = [
+    'https://profice.de',
+    'https://www.profice.de',
+    'http://localhost',
+    'http://127.0.0.1',
+    'https://staging.profice.de'
+];
+
+$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
+header('Content-Type: application/json');
+if (in_array($origin, $allowedOrigins)) {
+    header("Access-Control-Allow-Origin: $origin");
+} else {
+    header('Access-Control-Allow-Origin: https://profice.de');
+}
+header('Access-Control-Allow-Methods: POST, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type, Authorization');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit();
+}
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    echo json_encode(['error' => 'Method not allowed']);
+    exit();
+}
+
+$input = file_get_contents('php://input');
+$target = "$FLOWISE_HOST/api/v1/prediction/$FLOWISE_CHATFLOW";
+
+$ch = curl_init($target);
+curl_setopt_array($ch, [
+    CURLOPT_POST           => true,
+    CURLOPT_POSTFIELDS     => $input,
+    CURLOPT_HTTPHEADER     => ['Content-Type: application/json', 'Accept: application/json'],
+    CURLOPT_RETURNTRANSFER => true,
+    CURLOPT_TIMEOUT        => 60,
+    CURLOPT_CONNECTTIMEOUT => 10,
+    CURLOPT_SSL_VERIFYPEER => true,
+]);
+
+$response = curl_exec($ch);
+$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+$error    = curl_error($ch);
+curl_close($ch);
+
+if ($error) {
+    http_response_code(502);
+    echo json_encode(['error' => 'Proxy error', 'detail' => $error]);
+    exit();
+}
+
+http_response_code($httpCode);
+echo $response;
+?>