'Method not allowed']); exit; } verify_origin(); if (!check_rate_limit('shorten', 20, 3600)) { http_response_code(429); echo json_encode(['error' => 'Rate limit exceeded']); exit; } $dbFile = __DIR__ . '/../data/urls.json'; $rawInput = file_get_contents('php://input'); $input = is_string($rawInput) ? json_decode($rawInput, true) : null; $hash = is_array($input) && isset($input['hash']) && is_string($input['hash']) ? $input['hash'] : ''; $expiryTs = is_array($input) && isset($input['expiry_ts']) ? intval($input['expiry_ts']) : 0; if (empty($hash) || strlen($hash) > 500 || !preg_match('/^[a-zA-Z0-9%+_=&.-]{1,500}$/', $hash)) { http_response_code(400); echo json_encode(['error' => 'Invalid data']); exit; } $secret = get_hmac_secret(); [$fp, $urls] = read_json_locked($dbFile); if (!is_array($urls)) { $urls = []; } // Check if this hash already exists foreach ($urls as $code => $data) { $stored_hash = is_array($data) ? ($data['h'] ?? null) : $data; if (!is_string($stored_hash)) { continue; } if ($stored_hash === $hash) { flock($fp, LOCK_UN); fclose($fp); echo json_encode(['code' => $code]); exit; } } // Generate short code (6 chars) function generateCode(int $length = 6): string { $chars = 'abcdefghijkmnpqrstuvwxyz23456789'; $code = ''; for ($i = 0; $i < $length; $i++) { $code .= $chars[random_int(0, strlen($chars) - 1)]; } return $code; } $code = generateCode(); while (isset($urls[$code])) { $code = generateCode(); } $signature = hash_hmac('sha256', $hash, $secret); $urls[$code] = ['h' => $hash, 's' => $signature]; if ($expiryTs > 0) { $urls[$code]['e'] = $expiryTs; } write_json_locked($fp, $urls); echo json_encode(['code' => $code]);