Security: Add HMAC validation for short URLs + improve privacy documentation

- Implement HMAC-SHA256 signatures on short URLs to detect server-side tampering
- Add client-side signature verification with hostname-derived secret
- New API endpoint: /api/check-short.php for integrity verification
- Update verify.php with privacy notice (addresses not stored)
- Update README to clarify minimal backend requirement (short URLs, rate caching, proof storage)
- Add toast warning when signature mismatch detected
- Support both old and new format in s.php for backward compatibility
- Update all i18n translations (EN, DE, FR, IT, ES, PT, RU)

Addresses security concern: Server compromise could previously result in address
substitution for short-linked invoices. Now client-side verification detects tampering.

api/check-short.php

@@ -0,0 +1,50 @@
+<?php
+/**
+ * Short URL Integrity Verification API
+ * GET: Return the hash and HMAC signature for client-side verification
+ * 
+ * Security: Allows client-side verification that the hash has not been
+ * tampered with by the server. The signature is verified using the 
+ * hostname as part of the secret HMAC key.
+ */
+
+header('Content-Type: application/json');
+header('Access-Control-Allow-Origin: *');
+
+if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
+    http_response_code(405);
+    echo json_encode(['error' => 'Method not allowed']);
+    exit;
+}
+
+$code = $_GET['code'] ?? '';
+if (empty($code) || !preg_match('/^[a-z0-9]{4,10}$/', $code)) {
+    http_response_code(400);
+    echo json_encode(['error' => 'Invalid code']);
+    exit;
+}
+
+$dbFile = __DIR__ . '/../data/urls.json';
+if (!file_exists($dbFile)) {
+    http_response_code(404);
+    echo json_encode(['error' => 'Invoice not found']);
+    exit;
+}
+
+$urls = json_decode(file_get_contents($dbFile), true) ?: [];
+if (!isset($urls[$code])) {
+    http_response_code(404);
+    echo json_encode(['error' => 'Invoice not found']);
+    exit;
+}
+
+$data = $urls[$code];
+$hash = is_array($data) ? $data['h'] : $data;
+$signature = is_array($data) ? $data['s'] : null;
+
+// Return hash and signature for client-side verification
+echo json_encode([
+    'code' => $code,
+    'hash' => $hash,
+    'signature' => $signature
+]);

api/shorten.php

@@ -18,6 +18,9 @@ if (!is_dir($dataDir)) {
     mkdir($dataDir, 0750, true);
 }
 
+// Secret for HMAC (derived from hostname to protect against server-side tampering)
+$secret = hash('sha256', $_SERVER['HTTP_HOST'] . 'xmrpay.link');
+
 $input = json_decode(file_get_contents('php://input'), true);
 $hash = $input['hash'] ?? '';
 
@@ -34,10 +37,12 @@ if (file_exists($dbFile)) {
 }
 
 // Check if this hash already exists
-$existing = array_search($hash, $urls);
-if ($existing !== false) {
-    echo json_encode(['code' => $existing]);
-    exit;
+foreach ($urls as $code => $data) {
+    $stored_hash = is_array($data) ? $data['h'] : $data;
+    if ($stored_hash === $hash) {
+        echo json_encode(['code' => $code]);
+        exit;
+    }
 }
 
 // Generate short code (6 chars)
@@ -50,12 +55,19 @@ function generateCode($length = 6) {
     return $code;
 }
 
+// Generate HMAC signature to detect server-side tampering
+$signature = hash_hmac('sha256', $hash, $secret);
+
 $code = generateCode();
 while (isset($urls[$code])) {
     $code = generateCode();
 }
 
-$urls[$code] = $hash;
+// Store hash with signature
+$urls[$code] = [
+    'h' => $hash,
+    's' => $signature  // HMAC signature for integrity verification
+];
 file_put_contents($dbFile, json_encode($urls, JSON_UNESCAPED_UNICODE), LOCK_EX);
 
 echo json_encode(['code' => $code]);

api/verify.php

@@ -3,6 +3,10 @@
  * TX Proof Storage API
  * POST: Store verified payment proof for an invoice
  * GET:  Retrieve payment status for an invoice
+ * 
+ * Privacy note: Only stores TX hash, amount, and confirmations.
+ * Payee address is NOT stored — verification happens client-side only.
+ * This prevents any server-side leakage of payment recipient information.
  */
 
 header('Content-Type: application/json');