appwrite · loks0n · Feb 17, 2026 · Feb 17, 2026 · Feb 17, 2026 · Feb 17, 2026
diff --git a/app/controllers/general.php b/app/controllers/general.php
@@ -34,6 +34,7 @@
 use Executor\Executor;
 use MaxMind\Db\Reader;
 use Swoole\Http\Request as SwooleRequest;
+use Swoole\Table;
 use Utopia\Config\Config;
 use Utopia\Console;
 use Utopia\Database\Database;
@@ -1073,21 +1074,20 @@ function router(Http $utopia, Database $dbForPlatform, callable $getProjectDB, S
    ->inject('queueForCertificates')
    ->inject('platform')
     ->inject('authorization')
-   ->action(function (Request $request, Document $console, Database $dbForPlatform, Certificate $queueForCertificates, array $platform, Authorization $authorization) {
+    ->inject('certifiedDomains')
+   ->action(function (Request $request, Document $console, Database $dbForPlatform, Certificate $queueForCertificates, array $platform, Authorization $authorization, Table $certifiedDomains) {
        $hostname = $request->getHostname();
-       $cache = Config::getParam('hostnames', []);
        $platformHostnames = $platform['hostnames'] ?? [];
 
        // 1. Cache hit
-       if (array_key_exists($hostname, $cache)) {
+       if ($certifiedDomains->exists(md5($hostname))) {
            return;
        }
 
        // 2. Domain validation
        $domain = new Domain(!empty($hostname) ? $hostname : '');
        if (empty($domain->get()) || !$domain->isKnown() || $domain->isTest()) {
-           $cache[$domain->get()] = false;
-           Config::setParam('hostnames', $cache);
+           $certifiedDomains->set(md5($domain->get()), ['value' => 0]);
            return;
        }
 
@@ -1101,7 +1101,7 @@ function router(Http $utopia, Database $dbForPlatform, callable $getProjectDB, S
        }
 
        // 4. Check/create rule (requires DB access)
-       $authorization->skip(function () use ($dbForPlatform, $domain, $console, $queueForCertificates, &$cache) {
+       $authorization->skip(function () use ($dbForPlatform, $domain, $console, $queueForCertificates, $certifiedDomains) {
            try {
                // TODO: (@Meldiron) Remove after 1.7.x migration
                $isMd5 = System::getEnv('_APP_RULES_FORMAT') === 'md5';
@@ -1164,8 +1164,7 @@ function router(Http $utopia, Database $dbForPlatform, callable $getProjectDB, S
            } catch (Duplicate $e) {
                Console::info('Certificate already exists');
            } finally {
-               $cache[$domain->get()] = true;
-               Config::setParam('hostnames', $cache);
+               $certifiedDomains->set(md5($domain->get()), ['value' => 1]);
            }
        });
    });

diff --git a/app/http.php b/app/http.php
@@ -40,9 +40,16 @@
 $files = new Files();
 $files->load(__DIR__ . '/../public');
 
-$domains = new Table(1_000_000); // 1 million rows
-$domains->column('value', Table::TYPE_INT, 1);
-$domains->create();
+$riskyDomains = new Table(100_000);
+$riskyDomains->column('value', Table::TYPE_INT, 1);
+$riskyDomains->create();
+
+$certifiedDomains = new Table(100_000);
+$certifiedDomains->column('value', Table::TYPE_INT, 1);
+$certifiedDomains->create();
+
+Http::setResource('riskyDomains', fn () => $riskyDomains);
+Http::setResource('certifiedDomains', fn () => $certifiedDomains);
 
 $http = new Server(
     host: "0.0.0.0",
@@ -71,7 +78,7 @@
 function dispatch(Server $server, int $fd, int $type, $data = null): int
 {
     $resolveWorkerId = function (Server $server, $data = null) {
-        global $totalWorkers, $domains;
+        global $totalWorkers, $riskyDomains;
 
         // If data is not set we can send request to any worker
         // first we try to pick idle worker, if not we randomly pick a worker
@@ -103,7 +110,7 @@ function dispatch(Server $server, int $fd, int $type, $data = null): int
         $risky = false;
         if (str_starts_with($request, 'POST') && str_contains($request, '/executions')) {
             $risky = true;
-        } elseif ($domains->get(md5($domain), 'value') === 1) {
+        } elseif ($riskyDomains->get(md5($domain), 'value') === 1) {
             // executions request coming from custom domain
             $risky = true;
         } else {
@@ -579,7 +586,7 @@ function createDatabase(Http $app, string $resourceKey, string $dbName, array $c
 });
 
 // Fetch domains every `DOMAIN_SYNC_TIMER` seconds and update in the memory
-$http->on(Constant::EVENT_TASK, function () use ($register, $domains) {
+$http->on(Constant::EVENT_TASK, function () use ($register) {
     $lastSyncUpdate = null;
     $pools = $register->get('pools');
     Http::setResource('pools', fn () => $pools);
@@ -588,7 +595,10 @@ function createDatabase(Http $app, string $resourceKey, string $dbName, array $c
     /** @var Utopia\Database\Database $dbForPlatform */
     $dbForPlatform = $app->getResource('dbForPlatform');
 
-    Timer::tick(DOMAIN_SYNC_TIMER * 1000, function () use ($dbForPlatform, $domains, &$lastSyncUpdate, $app) {
+    /** @var Table $riskyDomains */
+    $riskyDomains = $app->getResource('riskyDomains');
+
+    Timer::tick(DOMAIN_SYNC_TIMER * 1000, function () use ($dbForPlatform, $riskyDomains, &$lastSyncUpdate, $app) {
         try {
             $time = DateTime::now();
             $limit = 1000;
@@ -641,7 +651,7 @@ function createDatabase(Http $app, string $resourceKey, string $dbName, array $c
                         continue;
                     }
 
-                    $domains->set(md5($domain), ['value' => 1]);
+                    $riskyDomains->set(md5($domain), ['value' => 1]);
                 }
                 $latestDocument = !empty(array_key_last($results)) ? $results[array_key_last($results)] : null;
             }