feat: Add comprehensive documentation suite and reorganize project structure

- Created complete documentation in docs/ directory - Added PROJECT_OVERVIEW.md with feature highlights and getting started guide - Added ARCHITECTURE.md with system design and technical details - Added SECURITY.md with comprehensive security implementation guide - Added DEVELOPMENT.md with development workflows and best practices - Added DEPLOYMENT.md with production deployment instructions - Added API.md with complete REST API documentation - Added CONTRIBUTING.md with contribution guidelines - Added CHANGELOG.md with version history and migration notes - Reorganized all documentation files into docs/ directory for better organization - Updated README.md with proper documentation links and quick navigation - Enhanced project structure with professional documentation standards
2025-10-21 00:39:45 -07:00
commit 0b7e2d0a5b
6080 changed files with 1332936 additions and 0 deletions
--- a/api/privacy.php
+++ b/api/privacy.php
@@ -0,0 +1,55 @@
+<?php
+define('_ISVALID', true);
+include_once __DIR__ . '/../f_core/config.core.php';
+
+header('Content-Type: application/json');
+
+// Require login
+if (!VSession::isLoggedIn()) {
+    http_response_code(401);
+    echo json_encode(['status' => 'error', 'message' => 'Authentication required']);
+    exit;
+}
+
+$action = VSecurity::getParam('action', 'alpha', 'export');
+$uid    = (int) $_SESSION['USER_ID'];
+
+// Basic rate limit
+if (!VSecurity::checkRateLimit('privacy_' . $uid, 5, 60)) {
+    http_response_code(429);
+    echo json_encode(['status' => 'error', 'message' => 'Too many requests']);
+    exit;
+}
+
+switch ($action) {
+    case 'export':
+        // TODO: Collect actual data
+        $bundle = [
+            'user' => [
+                'id' => $uid,
+                'username' => $_SESSION['USER_NAME'] ?? null,
+                'display_name' => $_SESSION['USER_DNAME'] ?? null,
+            ],
+            'files' => [],
+            'subscriptions' => [],
+        ];
+        echo json_encode(['status' => 'ok', 'data' => $bundle]);
+        break;
+
+    case 'delete':
+        if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !VSecurity::validateCSRFFromPost('privacy_delete')) {
+            http_response_code(400);
+            echo json_encode(['status' => 'error', 'message' => 'Invalid CSRF or method']);
+            exit;
+        }
+        // TODO: Implement soft-delete/anonymization workflow
+        VLogger::getInstance()->warning('User requested account deletion', ['user_id' => $uid]);
+        http_response_code(202);
+        echo json_encode(['status' => 'accepted', 'message' => 'Deletion request received']);
+        break;
+
+    default:
+        http_response_code(400);
+        echo json_encode(['status' => 'error', 'message' => 'Unknown action']);
+}
+