<?php
require_once __DIR__ . '/core/ImageServer.php';

if (!isset($_GET['src'])) {
    http_response_code(400);
    echo json_encode(['error' => 'No image specified']);
    exit;
}

$imagePath = $_GET['src']; // example: 'uploads/img_xyz.jpg'

// SECURITY: Block directory traversal
$imagePath = str_replace(['../', '..\\'], '', $imagePath);

$fullPath = realpath(__DIR__ . '/' . $imagePath);

if (!$fullPath || !file_exists($fullPath)) {
    http_response_code(404);
    echo json_encode(['error' => 'Image not found!']);
    exit;
}

// Delegate to the class
$imageServer = new ImageServer();
$imageServer->serve($imagePath);
header('Cache-Control: max-age=' . (60 * 60 * 24)); // Cache for 1 day
// Removed invalid method call as ImageServer does not have setContentType method