PDQ/lib/identity.php

<?php
require_once __DIR__ . '/db.php';

// Resolve the current actor (who is making this request).
// - ICG pages call current_actor('ICG').
// - Vendor pages call current_actor_from_vendor($_GET['v'] ?? '').
// - AJAX endpoints read both an explicit ?actor=ICG flag (set by PDQ.php) and a
//   ?v=<slug> flag (set by vendor.php). The actor is whichever side called us.
// This matches the existing trust model: access to PDQ.php vs vendor.php IS the
// only access control we have. Don't trust the actor value with anything you
// wouldn't already trust the URL with.

function current_actor(string $expected): string {
    if ($expected !== 'ICG') {
        throw new InvalidArgumentException("current_actor expects 'ICG'");
    }
    return 'ICG';
}

function current_actor_from_vendor(string $slug): array {
    $v = find_vendor_by_slug($slug);
    if (!$v) {
        http_response_code(404);
        echo "Unknown vendor: " . htmlspecialchars($slug);
        exit;
    }
    return $v;
}

// Resolve the actor for an AJAX endpoint based on POST/GET fields:
//   actor=ICG               -> 'ICG'
//   v=<vendor-slug>         -> vendor slug
// Returns [actor_label, vendor_id_or_null].
function resolve_request_actor(): array {
    $params = $_SERVER['REQUEST_METHOD'] === 'POST' ? $_POST : $_GET;

    if (($params['actor'] ?? '') === 'ICG') {
        return ['ICG', null];
    }
    if (!empty($params['v'])) {
        $v = find_vendor_by_slug($params['v']);
        if ($v) return [$v['slug'], (int) $v['id']];
    }
    http_response_code(400);
    echo 'No actor specified';
    exit;
}