TSF snippet ZIP creator.

index.php

<?php

$request = strtok( substr_replace( $_SERVER['REQUEST_URI'], '', 0, strlen( dirname( $_SERVER['PHP_SELF'] ) ) ), '.' );
$r_parts = array_values( array_filter( explode( '/', $request ) ) );

if ( empty( $r_parts[0] ) ) {
	http_response_code( 400 );
	exit;
}

$snippet_name     = basename( preg_replace( '/[^a-z0-9\_-]/i', '', end( $r_parts ) ) );
$hash             = md5( $request . round( time() / 14400 ) ); // Create a new hash every 4 hours.
$snippet_zip_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "tsfplugindownloader-$snippet_name-$hash.zip";

if ( ! file_exists( $snippet_zip_file ) ) {
	$github_repo       = 'sybrew/tsf-snippets';
	$github_branch     = 'main';

	$snippet_file_path = trim( preg_replace( '/[^a-z0-9\/_-]/i', '', $request ), '/' );

	// Recheck allowed files every 5 minutes.
	$aff_hash           = md5( round( time() / 300 ) );
	$allowed_files_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . "tsfplugindownloaderaff-$aff_hash.json";

	$allowed_files     = (array) ( file_get_contents( $allowed_files_file ) ?: [] );
	$allowed_files_key = "$github_repo$github_branch";

	if ( empty( $allowed_files[ $allowed_files_key ] ) ) {
		$allowed_files[ $allowed_files_key ] = file_get_contents(
			"https://api.github.com/repos/$github_repo/git/trees/$github_branch?recursive=1",
			false,
			stream_context_create( [ 'http' => [
				'timeout' => 3,
				'header' => [ "User-Agent: PHP Snippet Fetcher\r\n" ],
			] ] ),
		);

		// Do double work here (json_decode) just to capture JSON errors. This is fine since it happens during a caching cycle.
		// See if the JSON yields results and isn't causing an error.
		if (
			   empty( $allowed_files[ $allowed_files_key ] )
			|| ( json_decode( $allowed_files[ $allowed_files_key ] ) && json_last_error() !== JSON_ERROR_NONE )
		) {
			http_response_code( 503 );
			exit( 'Error: Could not create a permitted filelist from GitHub.' );
		}

		// This may fail, and that is fine. We got the data, and can regain it next time.
		file_put_contents( $allowed_files_file, $allowed_files, LOCK_EX );
	}

	if ( ! in_array(
		"$snippet_file_path.php",
		array_column( json_decode( $allowed_files[ $allowed_files_key ] )?->tree, 'path' ),
		true,
	) ) {
		http_response_code( 403 );
		exit( 'Error: File is not on the permitted list.' );
	}

	// Download the file from GitHub
	$snippet_contents = file_get_contents( "https://raw.githubusercontent.com/$github_repo/$github_branch/$snippet_file_path.php" );

	if ( ! $snippet_contents ) {
		http_response_code( 503 );
		exit( 'Error: Could not download snippet from GitHub.' );
	}

	$zip     = new ZipArchive();
	$created = $zip->open( $snippet_zip_file, ZipArchive::CREATE );

	if ( true !== $created ) {
		http_response_code( 503 );
		exit( 'Error: Could not create a snippet ZIP file.' );
	}

	$zip->addFromString( "$snippet_name.php", $snippet_contents );
	$zip->close();
}

http_response_code( 200 );
header( 'Content-Description: File Transfer' );
header( 'Content-Type: application/zip' );
header( "Content-Disposition: attachment; filename=\"{$snippet_name}.zip\"", true );
header( 'Content-Length: ' . filesize( $snippet_zip_file ), true );
header( 'Expires: 0' );
header( 'Cache-Control: must-revalidate' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s \G\M\T', filemtime( $snippet_zip_file ) ) );
header( 'Pragma: public' );
header( 'X-Robots-Tag: noindex, nofollow', true );

readfile( $snippet_zip_file );
exit;