@hasna/shortlinks 0.1.13 → 0.1.15

package/dist/config.d.ts

@@ -3,6 +3,12 @@ export declare const DEFAULT_DATA_DIR: string;
 export interface ShortlinksConfig {
     defaultDomain?: string;
     publicBaseUrl?: string;
+    mode?: "local" | "remote" | "api";
+    api?: {
+        baseUrl?: string;
+        token?: string;
+        tokenEnv?: string;
+    };
     cloudflare?: {
         accountId?: string;
         workerName?: string;
@@ -16,5 +22,7 @@ export declare function getDatabasePath(explicitPath?: string): string;
 export declare function loadConfig(): ShortlinksConfig;
 export declare function saveConfig(config: ShortlinksConfig): void;
 export declare function updateConfig(patch: ShortlinksConfig): ShortlinksConfig;
+export declare function getApiBaseUrl(config?: ShortlinksConfig): string | null;
+export declare function getApiToken(config?: ShortlinksConfig): string | null;
 export declare function normalizeHostname(input: string): string;
 export declare function formatShortUrl(hostname: string, slug: string, publicBaseUrl?: string): string;

package/dist/index.d.ts

@@ -8,9 +8,10 @@ export { applyPgMigrations } from "./pg-migrate.js";
 export { SHORTLINKS_STORAGE_TABLES, STORAGE_TABLES, getStoragePg, getStorageStatus, parseStorageTables, pullStorageChanges, pushStorageChanges, runStorageMigrations, syncStorageChanges, } from "./storage-sync.js";
 export type { StorageStatus, StorageSyncResult, SyncResult } from "./storage-sync.js";
 export { createShortlinksHandler, serveShortlinks } from "./server.js";
+export { ShortlinksApiClient } from "./api-client.js";
 export { createCloudflarePlan, generateWorkerScript, writeWorkerFiles, upsertCloudflareDnsRecord } from "./cloudflare.js";
 export { createLocalSetupPlan, registerMachinesDns } from "./local.js";
 export { PG_MIGRATIONS } from "./pg-migrations.js";
-export { formatShortUrl, getConfigPath, getDataDir, getDatabasePath, loadConfig, normalizeHostname, saveConfig } from "./config.js";
+export { formatShortUrl, getApiBaseUrl, getApiToken, getConfigPath, getDataDir, getDatabasePath, loadConfig, normalizeHostname, saveConfig } from "./config.js";
 export { normalizeSlug, randomToken } from "./slug.js";
 export type { AddDomainInput, Click, ClickInput, CreateLinkInput, Domain, Link, LinkStats } from "./types.js";

package/dist/index.js

@@ -5136,17 +5136,31 @@ function saveConfig(config) {
 `);
 }
 function updateConfig(patch) {
+  const current = loadConfig();
   const next = {
-    ...loadConfig(),
+    ...current,
     ...patch,
+    api: {
+      ...current.api,
+      ...patch.api
+    },
     cloudflare: {
-      ...loadConfig().cloudflare,
+      ...current.cloudflare,
       ...patch.cloudflare
     }
   };
   saveConfig(next);
   return next;
 }
+function getApiBaseUrl(config = loadConfig()) {
+  const baseUrl = process.env.SHORTLINKS_API_URL || process.env.HASNA_SHORTLINKS_API_URL || config.api?.baseUrl || "";
+  return baseUrl ? baseUrl.replace(/\/+$/, "") : null;
+}
+function getApiToken(config = loadConfig()) {
+  const envName = config.api?.tokenEnv || "SHORTLINKS_API_TOKEN";
+  const token = process.env[envName] || process.env.SHORTLINKS_API_TOKEN || process.env.HASNA_SHORTLINKS_API_TOKEN || config.api?.token || "";
+  return token || null;
+}
 function normalizeHostname(input) {
   const raw = input.trim().toLowerCase();
   if (!raw)
@@ -6212,6 +6226,120 @@ function json(data, status = 200) {
     headers: { "content-type": "application/json; charset=utf-8" }
   });
 }
+function apiToken(options) {
+  return options.apiToken || process.env.SHORTLINKS_API_TOKEN || process.env.HASNA_SHORTLINKS_API_TOKEN || null;
+}
+function requestToken(request) {
+  const auth = request.headers.get("authorization") || "";
+  const bearer = auth.toLowerCase().startsWith("bearer ") ? auth.slice(7).trim() : "";
+  return bearer || request.headers.get("x-shortlinks-token") || request.headers.get("x-api-key");
+}
+function isAuthorized(request, options) {
+  const token = apiToken(options);
+  if (!token)
+    return true;
+  return requestToken(request) === token;
+}
+async function readJsonBody(request) {
+  try {
+    const parsed = await request.json();
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function requireMethod(store, method) {
+  const fn = store[method];
+  if (typeof fn !== "function")
+    throw new Error(`Store does not support ${String(method)}.`);
+  return fn.bind(store);
+}
+async function handleApi(request, apiPath, store, options) {
+  if (apiPath === "/health") {
+    return json({ ok: true, service: "shortlinks", api_auth_required: Boolean(apiToken(options)), stats: await store.totalStats() });
+  }
+  if (!isAuthorized(request, options))
+    return json({ error: "Unauthorized" }, 401);
+  const url = new URL(request.url);
+  const segments = apiPath.replace(/^\/+|\/+$/g, "").split("/").filter(Boolean);
+  try {
+    if (apiPath === "/links" && request.method === "GET") {
+      const listLinks = requireMethod(store, "listLinks");
+      return json(await listLinks({
+        domain: url.searchParams.get("domain") || undefined,
+        activeOnly: url.searchParams.get("active") === "true",
+        limit: Number(url.searchParams.get("limit") || "100")
+      }));
+    }
+    if (apiPath === "/links" && request.method === "POST") {
+      const body = await readJsonBody(request);
+      const destinationUrl = String(body.destination_url || body.url || "");
+      if (!destinationUrl)
+        return json({ error: "destination_url is required" }, 400);
+      const createLink = requireMethod(store, "createLink");
+      return json(await createLink({
+        destinationUrl,
+        domain: typeof body.domain === "string" ? body.domain : undefined,
+        slug: typeof body.slug === "string" ? body.slug : undefined,
+        title: typeof body.title === "string" ? body.title : undefined,
+        expiresAt: typeof body.expires_at === "string" ? body.expires_at : typeof body.expires === "string" ? body.expires : undefined,
+        slugLength: typeof body.length === "number" ? body.length : undefined
+      }), 201);
+    }
+    if (segments[0] === "links" && segments[1] && request.method === "GET") {
+      const getLink = requireMethod(store, "getLink");
+      const domain = url.searchParams.get("domain") || undefined;
+      const link = domain ? await getLink(domain, segments[1]) : await getLink(segments[1]);
+      return link ? json(link) : json({ error: "Link not found." }, 404);
+    }
+    if (segments[0] === "links" && segments[1] && request.method === "DELETE") {
+      const deleteLink = requireMethod(store, "deleteLink");
+      const domain = url.searchParams.get("domain") || undefined;
+      return json(domain ? await deleteLink(domain, segments[1]) : await deleteLink(segments[1]));
+    }
+    if (segments[0] === "links" && segments[1] && segments[2] === "active" && request.method === "POST") {
+      const body = await readJsonBody(request);
+      const setLinkActive = requireMethod(store, "setLinkActive");
+      const domain = url.searchParams.get("domain") || undefined;
+      const active = Boolean(body.active);
+      return json(domain ? await setLinkActive(domain, segments[1], active) : await setLinkActive(segments[1], active));
+    }
+    if (apiPath === "/stats" && request.method === "GET") {
+      return json(await store.totalStats());
+    }
+    if (segments[0] === "stats" && segments[1] && request.method === "GET") {
+      const getStats = requireMethod(store, "getStats");
+      const domain = url.searchParams.get("domain") || undefined;
+      return json(domain ? await getStats(domain, segments[1]) : await getStats(segments[1]));
+    }
+    if (apiPath === "/domains" && request.method === "GET") {
+      const listDomains = requireMethod(store, "listDomains");
+      return json(await listDomains());
+    }
+    if (apiPath === "/domains" && request.method === "POST") {
+      const body = await readJsonBody(request);
+      const hostname2 = String(body.hostname || "");
+      if (!hostname2)
+        return json({ error: "hostname is required" }, 400);
+      const addDomain = requireMethod(store, "addDomain");
+      return json(await addDomain({
+        hostname: hostname2,
+        provider: typeof body.provider === "string" ? body.provider : "manual",
+        defaultDomain: Boolean(body.default_domain || body.default),
+        originUrl: typeof body.origin_url === "string" ? body.origin_url : undefined,
+        notes: typeof body.notes === "string" ? body.notes : undefined
+      }), 201);
+    }
+    if (segments[0] === "domains" && segments[1] && request.method === "GET") {
+      const getDomain = requireMethod(store, "getDomain");
+      const domain = await getDomain(segments[1]);
+      return domain ? json(domain) : json({ error: "Domain not found." }, 404);
+    }
+  } catch (error) {
+    return json({ error: error instanceof Error ? error.message : String(error) }, 400);
+  }
+  return json({ error: "Not found." }, 404);
+}
 function getHost(request, fallback) {
   const forwarded = request.headers.get("x-forwarded-host");
   const host = forwarded || request.headers.get("host") || fallback || "";
@@ -6230,8 +6358,13 @@ function createShortlinksHandler(options = {}) {
   const store = options.store || new ShortlinksStore(options.dbPath);
   const redirectStatus = options.redirectStatus || 302;
   const reservedPathPrefixes = new Set((options.reservedPathPrefixes ?? ["a"]).map((prefix) => prefix.toLowerCase()));
+  const apiPathPrefix = (options.apiPathPrefix || process.env.SHORTLINKS_API_PATH_PREFIX || "/api").replace(/\/+$/, "") || "/api";
   return async (request) => {
     const url = new URL(request.url);
+    if (url.pathname === apiPathPrefix || url.pathname.startsWith(`${apiPathPrefix}/`)) {
+      const apiPath = url.pathname.slice(apiPathPrefix.length) || "/";
+      return handleApi(request, apiPath, store, options);
+    }
     if (url.pathname === "/healthz") {
       return json({ ok: true, service: "shortlinks", stats: await store.totalStats() });
     }
@@ -6283,6 +6416,154 @@ function serveShortlinks(options = {}) {
   const fetch2 = createShortlinksHandler(options);
   return Bun.serve({ hostname: host, port, fetch: fetch2 });
 }
+// src/api-client.ts
+function normalizeBaseUrl(value) {
+  return value.replace(/\/+$/, "");
+}
+function requireBaseUrl(options) {
+  const baseUrl = options.baseUrl || getApiBaseUrl(loadConfig());
+  if (!baseUrl) {
+    throw new Error("Shortlinks API URL is not configured. Run `shortlinks config set api-url <url>` or set SHORTLINKS_API_URL.");
+  }
+  return normalizeBaseUrl(baseUrl);
+}
+function requireToken(options) {
+  const token = options.token || getApiToken(loadConfig());
+  if (!token) {
+    throw new Error("Shortlinks API token is not configured. Set SHORTLINKS_API_TOKEN or run `shortlinks config set api-token-env <name>`.");
+  }
+  return token;
+}
+async function readJson(response) {
+  const text = await response.text();
+  let parsed = {};
+  if (text) {
+    try {
+      parsed = JSON.parse(text);
+    } catch {
+      parsed = { error: text };
+    }
+  }
+  if (!response.ok) {
+    const message = parsed && typeof parsed === "object" && "error" in parsed ? String(parsed.error) : `HTTP ${response.status}`;
+    throw new Error(message);
+  }
+  return parsed;
+}
+
+class ShortlinksApiClient {
+  options;
+  constructor(options = {}) {
+    this.options = options;
+  }
+  url(path, query) {
+    const url = new URL(`${requireBaseUrl(this.options)}${path}`);
+    for (const [key, value] of Object.entries(query ?? {})) {
+      if (value !== undefined && value !== "")
+        url.searchParams.set(key, String(value));
+    }
+    return url.toString();
+  }
+  headers(extra) {
+    return {
+      authorization: `Bearer ${requireToken(this.options)}`,
+      ...extra ?? {}
+    };
+  }
+  async totalStats() {
+    const response = await fetch(this.url("/stats"), { headers: this.headers() });
+    return readJson(response);
+  }
+  async createLink(input) {
+    const response = await fetch(this.url("/links"), {
+      method: "POST",
+      headers: this.headers({ "content-type": "application/json" }),
+      body: JSON.stringify({
+        destination_url: input.destinationUrl,
+        domain: input.domain,
+        slug: input.slug,
+        title: input.title,
+        expires_at: input.expiresAt,
+        length: input.slugLength
+      })
+    });
+    return readJson(response);
+  }
+  async listLinks(options = {}) {
+    const response = await fetch(this.url("/links", {
+      domain: options.domain,
+      active: options.activeOnly,
+      limit: options.limit
+    }), { headers: this.headers() });
+    return readJson(response);
+  }
+  async getLink(domainOrSlug, maybeSlug) {
+    const slug = maybeSlug ?? domainOrSlug;
+    const response = await fetch(this.url(`/links/${encodeURIComponent(slug)}`, {
+      domain: maybeSlug ? domainOrSlug : undefined
+    }), { headers: this.headers() });
+    if (response.status === 404)
+      return null;
+    return readJson(response);
+  }
+  async setLinkActive(domainOrSlug, maybeSlugOrActive, maybeActive) {
+    const hasDomain = typeof maybeSlugOrActive === "string";
+    const slug = hasDomain ? maybeSlugOrActive : domainOrSlug;
+    const active = hasDomain ? Boolean(maybeActive) : Boolean(maybeSlugOrActive);
+    const response = await fetch(this.url(`/links/${encodeURIComponent(slug)}/active`, {
+      domain: hasDomain ? domainOrSlug : undefined
+    }), {
+      method: "POST",
+      headers: this.headers({ "content-type": "application/json" }),
+      body: JSON.stringify({ active })
+    });
+    return readJson(response);
+  }
+  async deleteLink(domainOrSlug, maybeSlug) {
+    const slug = maybeSlug ?? domainOrSlug;
+    const response = await fetch(this.url(`/links/${encodeURIComponent(slug)}`, {
+      domain: maybeSlug ? domainOrSlug : undefined
+    }), {
+      method: "DELETE",
+      headers: this.headers()
+    });
+    return readJson(response);
+  }
+  async getStats(domainOrSlug, maybeSlug) {
+    const slug = maybeSlug ?? domainOrSlug;
+    const response = await fetch(this.url(`/stats/${encodeURIComponent(slug)}`, {
+      domain: maybeSlug ? domainOrSlug : undefined
+    }), { headers: this.headers() });
+    return readJson(response);
+  }
+  async addDomain(input) {
+    const response = await fetch(this.url("/domains"), {
+      method: "POST",
+      headers: this.headers({ "content-type": "application/json" }),
+      body: JSON.stringify({
+        hostname: input.hostname,
+        provider: input.provider,
+        default_domain: input.defaultDomain,
+        origin_url: input.originUrl,
+        notes: input.notes
+      })
+    });
+    return readJson(response);
+  }
+  async listDomains() {
+    const response = await fetch(this.url("/domains"), { headers: this.headers() });
+    return readJson(response);
+  }
+  async getDomain(hostname2) {
+    const response = await fetch(this.url(`/domains/${encodeURIComponent(hostname2)}`), { headers: this.headers() });
+    if (response.status === 404)
+      return null;
+    return readJson(response);
+  }
+  async close() {
+    return;
+  }
+}
 // src/cloudflare.ts
 import { mkdirSync as mkdirSync3, writeFileSync as writeFileSync3 } from "fs";
 import { join as join4 } from "path";
@@ -6315,26 +6596,33 @@ function generateWorkerScript() {
     }
 
     const incoming = new URL(request.url);
+    const proxyTo = (targetOrigin, marker) => {
+      const upstream = new URL(incoming.pathname + incoming.search, targetOrigin);
+      const headers = new Headers(request.headers);
+      headers.set("x-forwarded-host", incoming.host);
+      headers.set("x-shortlinks-worker", marker);
+
+      return fetch(upstream.toString(), {
+        method: request.method,
+        headers,
+        body: request.method === "GET" || request.method === "HEAD" ? undefined : request.body,
+        redirect: "manual"
+      });
+    };
+
     const reserved = (env.SHORTLINKS_RESERVED_PATH_PREFIXES || "a")
       .split(",")
       .map((value) => value.trim().toLowerCase())
       .filter(Boolean);
     const firstSegment = decodeURIComponent(incoming.pathname.replace(/^\\/+/, "").split("/")[0] || "").toLowerCase();
     if (firstSegment && reserved.includes(firstSegment)) {
+      if (env.ATTACHMENTS_ORIGIN) {
+        return proxyTo(env.ATTACHMENTS_ORIGIN, "attachments");
+      }
       return new Response("Reserved path prefix", { status: 404 });
     }
 
-    const upstream = new URL(incoming.pathname + incoming.search, origin);
-    const headers = new Headers(request.headers);
-    headers.set("x-forwarded-host", incoming.host);
-    headers.set("x-shortlinks-worker", "cloudflare");
-
-    return fetch(upstream.toString(), {
-      method: request.method,
-      headers,
-      body: request.method === "GET" || request.method === "HEAD" ? undefined : request.body,
-      redirect: "manual"
-    });
+    return proxyTo(origin, "cloudflare");
   }
 };
 `;
@@ -6352,14 +6640,15 @@ compatibility_date = "2026-05-01"
 
 [vars]
 SHORTLINKS_ORIGIN = "${options.origin || "https://shortlinks.example.com"}"
+ATTACHMENTS_ORIGIN = "${options.attachmentsOrigin || ""}"
 SHORTLINKS_RESERVED_PATH_PREFIXES = "a"
 `);
   return { workerPath, wranglerPath };
 }
 function cloudflareAuthHeaders(token) {
-  const apiToken = token || process.env.CLOUDFLARE_API_TOKEN;
-  if (apiToken)
-    return { authorization: `Bearer ${apiToken}` };
+  const apiToken2 = token || process.env.CLOUDFLARE_API_TOKEN;
+  if (apiToken2)
+    return { authorization: `Bearer ${apiToken2}` };
   const apiKey = process.env.CLOUDFLARE_API_KEY;
   const email = process.env.CLOUDFLARE_EMAIL;
   if (apiKey && email) {
@@ -6504,6 +6793,8 @@ export {
   getConnectionString,
   getConfigPath,
   getCanonicalShortlinksRdsConfig,
+  getApiToken,
+  getApiBaseUrl,
   generateWorkerScript,
   formatShortUrl,
   createShortlinksHandler,
@@ -6512,6 +6803,7 @@ export {
   applyPgMigrations,
   ShortlinksStore,
   ShortlinksDatabase,
+  ShortlinksApiClient,
   STORAGE_TABLES,
   STORAGE_MODE_ENV,
   STORAGE_DATABASE_ENV,

package/dist/server.d.ts

@@ -1,4 +1,4 @@
-import type { ClickInput, Link } from "./types.js";
+import type { AddDomainInput, ClickInput, CreateLinkInput, Domain, Link, LinkStats } from "./types.js";
 export interface ShortlinksRuntimeStore {
     totalStats(): {
         domains: number;
@@ -11,6 +11,19 @@ export interface ShortlinksRuntimeStore {
     }>;
     resolve(hostname: string, slug: string): Link | null | Promise<Link | null>;
     recordClick(link: Link, input?: ClickInput): unknown | Promise<unknown>;
+    createLink?(input: CreateLinkInput): Link | Promise<Link>;
+    listLinks?(input?: {
+        domain?: string;
+        activeOnly?: boolean;
+        limit?: number;
+    }): Link[] | Promise<Link[]>;
+    getLink?(hostnameOrSlug: string, slug?: string): Link | null | Promise<Link | null>;
+    setLinkActive?(hostnameOrSlug: string, slugOrActive: string | boolean, maybeActive?: boolean): Link | Promise<Link>;
+    deleteLink?(hostnameOrSlug: string, slug?: string): Link | Promise<Link>;
+    getStats?(hostnameOrSlug: string, slug?: string): LinkStats | Promise<LinkStats>;
+    addDomain?(input: AddDomainInput): Domain | Promise<Domain>;
+    listDomains?(): Domain[] | Promise<Domain[]>;
+    getDomain?(hostname: string): Domain | null | Promise<Domain | null>;
 }
 export interface ShortlinksHandlerOptions {
     store?: ShortlinksRuntimeStore;
@@ -18,6 +31,8 @@ export interface ShortlinksHandlerOptions {
     defaultHost?: string;
     redirectStatus?: 301 | 302 | 307 | 308;
     reservedPathPrefixes?: string[];
+    apiPathPrefix?: string;
+    apiToken?: string | null;
 }
 export declare function createShortlinksHandler(options?: ShortlinksHandlerOptions): (request: Request) => Response | Promise<Response>;
 export declare function serveShortlinks(options?: ShortlinksHandlerOptions & {

package/dist/server.js

@@ -49,11 +49,16 @@ function saveConfig(config) {
 `);
 }
 function updateConfig(patch) {
+  const current = loadConfig();
   const next = {
-    ...loadConfig(),
+    ...current,
     ...patch,
+    api: {
+      ...current.api,
+      ...patch.api
+    },
     cloudflare: {
-      ...loadConfig().cloudflare,
+      ...current.cloudflare,
       ...patch.cloudflare
     }
   };
@@ -538,6 +543,120 @@ function json(data, status = 200) {
     headers: { "content-type": "application/json; charset=utf-8" }
   });
 }
+function apiToken(options) {
+  return options.apiToken || process.env.SHORTLINKS_API_TOKEN || process.env.HASNA_SHORTLINKS_API_TOKEN || null;
+}
+function requestToken(request) {
+  const auth = request.headers.get("authorization") || "";
+  const bearer = auth.toLowerCase().startsWith("bearer ") ? auth.slice(7).trim() : "";
+  return bearer || request.headers.get("x-shortlinks-token") || request.headers.get("x-api-key");
+}
+function isAuthorized(request, options) {
+  const token = apiToken(options);
+  if (!token)
+    return true;
+  return requestToken(request) === token;
+}
+async function readJsonBody(request) {
+  try {
+    const parsed = await request.json();
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function requireMethod(store, method) {
+  const fn = store[method];
+  if (typeof fn !== "function")
+    throw new Error(`Store does not support ${String(method)}.`);
+  return fn.bind(store);
+}
+async function handleApi(request, apiPath, store, options) {
+  if (apiPath === "/health") {
+    return json({ ok: true, service: "shortlinks", api_auth_required: Boolean(apiToken(options)), stats: await store.totalStats() });
+  }
+  if (!isAuthorized(request, options))
+    return json({ error: "Unauthorized" }, 401);
+  const url = new URL(request.url);
+  const segments = apiPath.replace(/^\/+|\/+$/g, "").split("/").filter(Boolean);
+  try {
+    if (apiPath === "/links" && request.method === "GET") {
+      const listLinks = requireMethod(store, "listLinks");
+      return json(await listLinks({
+        domain: url.searchParams.get("domain") || undefined,
+        activeOnly: url.searchParams.get("active") === "true",
+        limit: Number(url.searchParams.get("limit") || "100")
+      }));
+    }
+    if (apiPath === "/links" && request.method === "POST") {
+      const body = await readJsonBody(request);
+      const destinationUrl = String(body.destination_url || body.url || "");
+      if (!destinationUrl)
+        return json({ error: "destination_url is required" }, 400);
+      const createLink = requireMethod(store, "createLink");
+      return json(await createLink({
+        destinationUrl,
+        domain: typeof body.domain === "string" ? body.domain : undefined,
+        slug: typeof body.slug === "string" ? body.slug : undefined,
+        title: typeof body.title === "string" ? body.title : undefined,
+        expiresAt: typeof body.expires_at === "string" ? body.expires_at : typeof body.expires === "string" ? body.expires : undefined,
+        slugLength: typeof body.length === "number" ? body.length : undefined
+      }), 201);
+    }
+    if (segments[0] === "links" && segments[1] && request.method === "GET") {
+      const getLink = requireMethod(store, "getLink");
+      const domain = url.searchParams.get("domain") || undefined;
+      const link = domain ? await getLink(domain, segments[1]) : await getLink(segments[1]);
+      return link ? json(link) : json({ error: "Link not found." }, 404);
+    }
+    if (segments[0] === "links" && segments[1] && request.method === "DELETE") {
+      const deleteLink = requireMethod(store, "deleteLink");
+      const domain = url.searchParams.get("domain") || undefined;
+      return json(domain ? await deleteLink(domain, segments[1]) : await deleteLink(segments[1]));
+    }
+    if (segments[0] === "links" && segments[1] && segments[2] === "active" && request.method === "POST") {
+      const body = await readJsonBody(request);
+      const setLinkActive = requireMethod(store, "setLinkActive");
+      const domain = url.searchParams.get("domain") || undefined;
+      const active = Boolean(body.active);
+      return json(domain ? await setLinkActive(domain, segments[1], active) : await setLinkActive(segments[1], active));
+    }
+    if (apiPath === "/stats" && request.method === "GET") {
+      return json(await store.totalStats());
+    }
+    if (segments[0] === "stats" && segments[1] && request.method === "GET") {
+      const getStats = requireMethod(store, "getStats");
+      const domain = url.searchParams.get("domain") || undefined;
+      return json(domain ? await getStats(domain, segments[1]) : await getStats(segments[1]));
+    }
+    if (apiPath === "/domains" && request.method === "GET") {
+      const listDomains = requireMethod(store, "listDomains");
+      return json(await listDomains());
+    }
+    if (apiPath === "/domains" && request.method === "POST") {
+      const body = await readJsonBody(request);
+      const hostname2 = String(body.hostname || "");
+      if (!hostname2)
+        return json({ error: "hostname is required" }, 400);
+      const addDomain = requireMethod(store, "addDomain");
+      return json(await addDomain({
+        hostname: hostname2,
+        provider: typeof body.provider === "string" ? body.provider : "manual",
+        defaultDomain: Boolean(body.default_domain || body.default),
+        originUrl: typeof body.origin_url === "string" ? body.origin_url : undefined,
+        notes: typeof body.notes === "string" ? body.notes : undefined
+      }), 201);
+    }
+    if (segments[0] === "domains" && segments[1] && request.method === "GET") {
+      const getDomain = requireMethod(store, "getDomain");
+      const domain = await getDomain(segments[1]);
+      return domain ? json(domain) : json({ error: "Domain not found." }, 404);
+    }
+  } catch (error) {
+    return json({ error: error instanceof Error ? error.message : String(error) }, 400);
+  }
+  return json({ error: "Not found." }, 404);
+}
 function getHost(request, fallback) {
   const forwarded = request.headers.get("x-forwarded-host");
   const host = forwarded || request.headers.get("host") || fallback || "";
@@ -556,8 +675,13 @@ function createShortlinksHandler(options = {}) {
   const store = options.store || new ShortlinksStore(options.dbPath);
   const redirectStatus = options.redirectStatus || 302;
   const reservedPathPrefixes = new Set((options.reservedPathPrefixes ?? ["a"]).map((prefix) => prefix.toLowerCase()));
+  const apiPathPrefix = (options.apiPathPrefix || process.env.SHORTLINKS_API_PATH_PREFIX || "/api").replace(/\/+$/, "") || "/api";
   return async (request) => {
     const url = new URL(request.url);
+    if (url.pathname === apiPathPrefix || url.pathname.startsWith(`${apiPathPrefix}/`)) {
+      const apiPath = url.pathname.slice(apiPathPrefix.length) || "/";
+      return handleApi(request, apiPath, store, options);
+    }
     if (url.pathname === "/healthz") {
       return json({ ok: true, service: "shortlinks", stats: await store.totalStats() });
     }

package/dist/storage.js

@@ -5139,17 +5139,31 @@ function saveConfig(config) {
 `);
 }
 function updateConfig(patch) {
+  const current = loadConfig();
   const next = {
-    ...loadConfig(),
+    ...current,
     ...patch,
+    api: {
+      ...current.api,
+      ...patch.api
+    },
     cloudflare: {
-      ...loadConfig().cloudflare,
+      ...current.cloudflare,
       ...patch.cloudflare
     }
   };
   saveConfig(next);
   return next;
 }
+function getApiBaseUrl(config = loadConfig()) {
+  const baseUrl = process.env.SHORTLINKS_API_URL || process.env.HASNA_SHORTLINKS_API_URL || config.api?.baseUrl || "";
+  return baseUrl ? baseUrl.replace(/\/+$/, "") : null;
+}
+function getApiToken(config = loadConfig()) {
+  const envName = config.api?.tokenEnv || "SHORTLINKS_API_TOKEN";
+  const token = process.env[envName] || process.env.SHORTLINKS_API_TOKEN || process.env.HASNA_SHORTLINKS_API_TOKEN || config.api?.token || "";
+  return token || null;
+}
 function normalizeHostname(input) {
   const raw = input.trim().toLowerCase();
   if (!raw)