Implement lazy-cleanup for expired invoices with deadline-based deletion

2026-03-26 11:01:32 +01:00
parent c4e3f3cd15
commit ee0d0d4124
5 changed files with 50 additions and 8 deletions
--- a/api/shorten.php
+++ b/api/shorten.php
@@ -24,6 +24,7 @@ $dbFile = __DIR__ . '/../data/urls.json';
 $rawInput = file_get_contents('php://input');
 $input = is_string($rawInput) ? json_decode($rawInput, true) : null;
 $hash = is_array($input) && isset($input['hash']) && is_string($input['hash']) ? $input['hash'] : '';
+$expiryTs = is_array($input) && isset($input['expiry_ts']) ? intval($input['expiry_ts']) : 0;

 if (empty($hash) || strlen($hash) > 500 || !preg_match('/^[a-zA-Z0-9%+_=&.-]{1,500}$/', $hash)) {
    http_response_code(400);
@@ -69,6 +70,9 @@ while (isset($urls[$code])) {

 $signature = hash_hmac('sha256', $hash, $secret);
 $urls[$code] = ['h' => $hash, 's' => $signature];
+if ($expiryTs > 0) {
+    $urls[$code]['e'] = $expiryTs;
+}

 write_json_locked($fp, $urls);

--- a/api/verify.php
+++ b/api/verify.php
@@ -31,16 +31,29 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $decodedProofs = is_string($rawProofs) ? json_decode($rawProofs, true) : [];
    $proofs = is_array($decodedProofs) ? $decodedProofs : [];
    if (isset($proofs[$code])) {
-        $response = ['verified' => true];
        $proofEntry = $proofs[$code];
-        if (is_array($proofEntry)) {
-            foreach ($proofEntry as $k => $v) {
-                if (is_string($k)) {
-                    $response[$k] = $v;
+        $proofExpiry = is_array($proofEntry) ? intval($proofEntry['e'] ?? 0) : 0;
+        
+        // Check if proof has expired (lazy cleanup)
+        if ($proofExpiry > 0 && time() > $proofExpiry) {
+            unset($proofs[$code]);
+            [$fp, $allProofs] = read_json_locked($dbFile);
+            if (isset($allProofs[$code])) {
+                unset($allProofs[$code]);
+                write_json_locked($fp, $allProofs);
+            }
+            echo json_encode(['verified' => false]);
+        } else {
+            $response = ['verified' => true];
+            if (is_array($proofEntry)) {
+                foreach ($proofEntry as $k => $v) {
+                    if (is_string($k)) {
+                        $response[$k] = $v;
+                    }
                }
            }
+            echo json_encode($response);
        }
-        echo json_encode($response);
    } else {
        echo json_encode(['verified' => false]);
    }
@@ -132,6 +145,11 @@ $proofs[$code] = [
    'verified_at' => time()
 ];

+// Copy expiry timestamp from URL if it exists
+if (isset($urls[$code]) && is_array($urls[$code]) && isset($urls[$code]['e']) && $urls[$code]['e'] > 0) {
+    $proofs[$code]['e'] = $urls[$code]['e'];
+}
+
 write_json_locked($fp, $proofs);
 echo json_encode(['ok' => true]);