2 files changed, 51 insertions, 2 deletions

diff --git a/static/api/leak-files.php b/static/api/leak-files.php
new file mode 100644
index 0000000..cd0a104
--- /dev/null
+++ b/static/api/leak-files.php
@@ -0,0 +1,42 @@
+<?php
+// Return list of video files in Leak folder
+header('Content-Type: application/json');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Credentials: true');
+
+$leakDir = '/var/www/thesiah/recordings/Leak';
+$files = [];
+
+try {
+    if (is_dir($leakDir) && is_readable($leakDir)) {
+        $items = scandir($leakDir);
+        if ($items !== false) {
+            foreach ($items as $item) {
+                if ($item === '.' || $item === '..') continue;
+                $path = $leakDir . '/' . $item;
+                if (is_file($path) && is_readable($path)) {
+                    $ext = strtolower(pathinfo($item, PATHINFO_EXTENSION));
+                    if (in_array($ext, ['mp4', 'mov', 'avi', 'mkv', 'webm'])) {
+                        $files[] = [
+                            'name' => $item,
+                            'url' => '/recordings/Leak/' . urlencode($item),
+                            'size' => filesize($path),
+                            'modified' => filemtime($path)
+                        ];
+                    }
+                }
+            }
+            // 최신 파일부터 정렬
+            usort($files, function($a, $b) {
+                return $b['modified'] - $a['modified'];
+            });
+        }
+    }
+} catch (Exception $e) {
+    // 에러 발생 시 빈 배열 반환
+    $files = [];
+}
+
+echo json_encode(['files' => $files]);
+?>
+
diff --git a/static/api/whoami.php b/static/api/whoami.php
index f32cd2c..18a66f2 100644
--- a/static/api/whoami.php
+++ b/static/api/whoami.php
@@ -4,8 +4,15 @@ header('Content-Type: application/json');
 header('Access-Control-Allow-Origin: *');
 header('Access-Control-Allow-Credentials: true');
 
-// nginx에서 전달된 사용자 정보 읽기 (X-Auth-User 헤더 또는 REMOTE_USER)
-$user = $_SERVER['HTTP_X_AUTH_USER'] ?? $_SERVER['REMOTE_USER'] ?? '';
+// nginx에서 전달된 사용자 정보 읽기 (쿠키 우선, 그 다음 헤더, 마지막으로 REMOTE_USER)
+$user = '';
+if (isset($_COOKIE['user']) && $_COOKIE['user']) {
+    $user = $_COOKIE['user'];
+} elseif (isset($_SERVER['HTTP_X_AUTH_USER']) && $_SERVER['HTTP_X_AUTH_USER']) {
+    $user = $_SERVER['HTTP_X_AUTH_USER'];
+} elseif (isset($_SERVER['REMOTE_USER']) && $_SERVER['REMOTE_USER']) {
+    $user = $_SERVER['REMOTE_USER'];
+}
 
 echo json_encode(['user' => $user]);
 ?>