true, "data" => $data]); exit; } function json_error(string $code, string $message, int $status = 400): never { http_response_code($status); header('Content-Type: application/json; charset=UTF-8'); echo json_encode(["ok" => false, "error" => ["code" => $code, "message" => $message]]); exit; } function read_json_body(): array { $raw = file_get_contents('php://input'); $data = json_decode($raw, true); if (!is_array($data)) { json_error('INVALID_BODY', 'Request body must be valid JSON', 400); } return $data; } function read_encrypted_json_body(string $tokenHex): array { $outer = read_json_body(); if (empty($outer['encrypted'])) { json_error('ENCRYPTION_REQUIRED', 'Sensitive requests must send an encrypted payload', 400); } try { $plain = qdb_decrypt_sensitive_envelope($outer, $tokenHex); } catch (Throwable $e) { error_log('decrypt body failed: ' . $e->getMessage()); json_error('DECRYPT_FAILED', 'Could not decrypt request payload', 400); } $data = json_decode($plain, true); if (!is_array($data)) { json_error('INVALID_BODY', 'Decrypted body must be valid JSON object', 400); } return $data; } function json_success_sensitive(mixed $data, string $tokenHex, int $status = 200): never { $plain = json_encode($data, JSON_UNESCAPED_UNICODE | JSON_THROW_ON_ERROR); json_success(qdb_sensitive_envelope($plain, $tokenHex), $status); }