Commit 7272bca0 authored by Arnolds's avatar Arnolds
Browse files

Updated secret-api.php: refined secret retrieval logic, added support for... 

Updated secret-api.php: refined secret retrieval logic, added support for `displayToken` generation, improved expired/deleted secret response handling, and optimized metadata updates (retrieved count, timestamps).
parent bbed55bf

secret-api.php

+28 −16
Original line number Diff line number Diff line
@@ -88,27 +88,39 @@ if ($method === 'POST' && isset($data['secret'])) { 
        exit;

    }



    $displayToken = Uuid::uuid4()->toString();



    $doc = $collection->findOne(['_id' => $id]);

    if (!$doc) {

        http_response_code(404);

        echo json_encode(['error' => '<p class="mb-0 text-wrap-balance">Ups 😅! Tu atvēri saiti, kurā, iespējams, bija paslēpts kāds noslēpums... bet tagad te ir tikai tukšums.</p>

<p class="mb-0 text-wrap-balance">Varbūt kāds jau paspēja to nočiept 🕵️, varbūt tas nekad te nav bijis 🫠, vai vienkārši – termiņš beidzies ⏳.</p>

<p class="mb-0 text-wrap-balance">Dodies pie noslēpuma autora pēc svaigas, vēl smaržojošas saites 🔗!</p>']);

    if (!$doc || !empty($doc['deleted']) || ($doc['expiresAt'] ?? null) < utcNow()) {

        http_response_code(200);

        echo json_encode([

            'secret' => null,

            'encrypted' => true,

            'displayToken' => $doc['displayToken'],

        ]);

        exit;

    }



    // $collection->deleteOne(['_id' => $id]);

    $displayToken = Uuid::uuid4()->toString();

    $lastRetrievedAt = utcNow();

    if (!$doc['firstRetrievedAt']) {

        $firstRetrievedAt = $lastRetrievedAt;

    } else {

        $firstRetrievedAt = $doc['firstRetrievedAt'];

    }

    $retrievedCount = $doc['retrievedCount'] + 1;

    $collection->updateOne(['_id' => $id], ['$set' => ['displayToken' => $displayToken, 'lastRetrievedAt' => $lastRetrievedAt, 'retrievedCount' => $retrievedCount, 'firstRetrievedAt' => $firstRetrievedAt]]);



    echo json_encode(['secret' => $doc['secret'], 'encrypted' => $doc['encrypted'], 'displayToken' => $displayToken]);

    $firstRetrievedAt = $firstRetrievedAt ?? $lastRetrievedAt;

    $retrievedCount = (int)($doc['retrievedCount'] ?? 0) + 1;



    $collection->updateOne(

        ['_id' => $id],

        ['$set' => [

            'displayToken' => $displayToken,

            'lastRetrievedAt' => $lastRetrievedAt,

            'retrievedCount' => $retrievedCount,

            'firstRetrievedAt' => $firstRetrievedAt,

        ]],

    );



    echo json_encode([

        'ok' => true,

        'secret' => $doc['secret'],

        'encrypted' => $doc['encrypted'],

        'displayToken' => $displayToken,

    ]);

    /**

     * If two or more people open the same link at the same time, the last one will have correct displayToken.

     * Only last one will be allowed to delete the secret. If they fail to delete it, it will be deleted upon expiry.