<?php
// serve_pdf.php - 安全代理，只允許有效 token 的請求存取 /home/pdf/
session_start();
$token = $_GET['token'] ?? '';
if (empty($token)
    || !isset($_SESSION['done_pdf_token'])
    || $token !== $_SESSION['done_pdf_token']
    || empty($_SESSION['done_pdf_path'])) {
    http_response_code(403);
    exit('無效的存取請求');
}
$path = $_SESSION['done_pdf_path'];
if (!file_exists($path) || !is_readable($path)) {
    http_response_code(404);
    exit('PDF 檔案不存在');
}
// 確認路徑在 /home/pdf/ 下，防止路徑遍歷
if (strpos(realpath($path), '/home/pdf/') !== 0) {
    http_response_code(403);
    exit('不合法的路徑');
}
header('Content-Type: application/pdf');
header('Content-Length: ' . filesize($path));
header('Content-Disposition: inline; filename="' . basename($path) . '"');
header('Cache-Control: no-store');
readfile($path);