Public File Sharing (#72)

* Public File Sharing

This implements public file sharing (read-only) with and without passwords (#57).

It also fixes a problem with filenames including special characters like `#` not working properly (#71).

You can share a directory or a single file, by using the new share icon on the right of the directories/files, and click on it to manage an existing file share (setting a new password, or deleting the file share).

There is some other minor cleanup and other copy updates in the README.

Closes #57
Fixes #71

* Hide UI elements when sharing isn't allowed

routes/api/files/create-share.tsx

@@ -0,0 +1,86 @@
+import { Handlers } from 'fresh/server.ts';
+
+import { Directory, DirectoryFile, FileShare, FreshContextState } from '/lib/types.ts';
+import { DirectoryModel, FileModel, FileShareModel, getPathInfo } from '/lib/models/files.ts';
+import { generateHash } from '/lib/utils/misc.ts';
+import { PASSWORD_SALT } from '/lib/auth.ts';
+import { AppConfig } from '/lib/config.ts';
+
+interface Data {}
+
+export interface RequestBody {
+  pathInView: string;
+  filePath: string;
+  password?: string;
+}
+
+export interface ResponseBody {
+  success: boolean;
+  newFiles: DirectoryFile[];
+  newDirectories: Directory[];
+  createdFileShareId: string;
+}
+
+export const handler: Handlers<Data, FreshContextState> = {
+  async POST(request, context) {
+    if (!context.state.user) {
+      return new Response('Unauthorized', { status: 401 });
+    }
+
+    const isPublicFileSharingAllowed = await AppConfig.isPublicFileSharingAllowed();
+
+    if (!isPublicFileSharingAllowed) {
+      return new Response('Forbidden', { status: 403 });
+    }
+
+    const requestBody = await request.clone().json() as RequestBody;
+
+    if (
+      !requestBody.filePath || !requestBody.pathInView || !requestBody.filePath.trim() ||
+      !requestBody.pathInView.trim() || !requestBody.filePath.startsWith('/') ||
+      requestBody.filePath.includes('../') || !requestBody.pathInView.startsWith('/') ||
+      requestBody.pathInView.includes('../')
+    ) {
+      return new Response('Bad Request', { status: 400 });
+    }
+
+    // Confirm the file path belongs to the user
+    const { isDirectory, isFile } = await getPathInfo(
+      context.state.user.id,
+      requestBody.filePath,
+    );
+
+    // Confirm the file path ends with a / if it's a directory, and doesn't end with a / if it's a file
+    if (isDirectory && !requestBody.filePath.endsWith('/')) {
+      requestBody.filePath = `${requestBody.filePath}/`;
+    } else if (isFile && requestBody.filePath.endsWith('/')) {
+      requestBody.filePath = requestBody.filePath.slice(0, -1);
+    }
+
+    const extra: FileShare['extra'] = {};
+
+    if (requestBody.password) {
+      extra.hashed_password = await generateHash(`${requestBody.password}:${PASSWORD_SALT}`, 'SHA-256');
+    }
+
+    const fileShare: Omit<FileShare, 'id' | 'created_at'> = {
+      user_id: context.state.user.id,
+      file_path: requestBody.filePath,
+      extra,
+    };
+
+    const createdFileShare = await FileShareModel.create(fileShare);
+
+    const newFiles = await FileModel.list(context.state.user.id, requestBody.pathInView);
+    const newDirectories = await DirectoryModel.list(context.state.user.id, requestBody.pathInView);
+
+    const responseBody: ResponseBody = {
+      success: true,
+      newFiles,
+      newDirectories,
+      createdFileShareId: createdFileShare.id,
+    };
+
+    return new Response(JSON.stringify(responseBody));
+  },
+};

routes/api/files/delete-share.tsx

@@ -0,0 +1,56 @@
+import { Handlers } from 'fresh/server.ts';
+
+import { Directory, DirectoryFile, FreshContextState } from '/lib/types.ts';
+import { DirectoryModel, FileModel, FileShareModel } from '/lib/models/files.ts';
+import { AppConfig } from '/lib/config.ts';
+
+interface Data {}
+
+export interface RequestBody {
+  pathInView: string;
+  fileShareId: string;
+}
+
+export interface ResponseBody {
+  success: boolean;
+  newFiles: DirectoryFile[];
+  newDirectories: Directory[];
+}
+
+export const handler: Handlers<Data, FreshContextState> = {
+  async POST(request, context) {
+    if (!context.state.user) {
+      return new Response('Unauthorized', { status: 401 });
+    }
+
+    const isPublicFileSharingAllowed = await AppConfig.isPublicFileSharingAllowed();
+
+    if (!isPublicFileSharingAllowed) {
+      return new Response('Forbidden', { status: 403 });
+    }
+
+    const requestBody = await request.clone().json() as RequestBody;
+
+    if (
+      !requestBody.fileShareId || !requestBody.pathInView || !requestBody.pathInView.trim() ||
+      !requestBody.pathInView.startsWith('/') || requestBody.pathInView.includes('../')
+    ) {
+      return new Response('Bad Request', { status: 400 });
+    }
+
+    const fileShare = await FileShareModel.getById(requestBody.fileShareId);
+
+    if (!fileShare || fileShare.user_id !== context.state.user.id) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    await FileShareModel.delete(requestBody.fileShareId);
+
+    const newFiles = await FileModel.list(context.state.user.id, requestBody.pathInView);
+    const newDirectories = await DirectoryModel.list(context.state.user.id, requestBody.pathInView);
+
+    const responseBody: ResponseBody = { success: true, newFiles, newDirectories };
+
+    return new Response(JSON.stringify(responseBody));
+  },
+};

routes/api/files/get-share.tsx

@@ -0,0 +1,46 @@
+import { Handlers } from 'fresh/server.ts';
+
+import { FileShare, FreshContextState } from '/lib/types.ts';
+import { FileShareModel } from '/lib/models/files.ts';
+import { AppConfig } from '/lib/config.ts';
+
+interface Data {}
+
+export interface RequestBody {
+  fileShareId: string;
+}
+
+export interface ResponseBody {
+  success: boolean;
+  fileShare: FileShare;
+}
+
+export const handler: Handlers<Data, FreshContextState> = {
+  async POST(request, context) {
+    if (!context.state.user) {
+      return new Response('Unauthorized', { status: 401 });
+    }
+
+    const isPublicFileSharingAllowed = await AppConfig.isPublicFileSharingAllowed();
+
+    if (!isPublicFileSharingAllowed) {
+      return new Response('Forbidden', { status: 403 });
+    }
+
+    const requestBody = await request.clone().json() as RequestBody;
+
+    if (!requestBody.fileShareId) {
+      return new Response('Bad Request', { status: 400 });
+    }
+
+    const fileShare = await FileShareModel.getById(requestBody.fileShareId);
+
+    if (!fileShare || fileShare.user_id !== context.state.user.id) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const responseBody: ResponseBody = { success: true, fileShare };
+
+    return new Response(JSON.stringify(responseBody));
+  },
+};

routes/api/files/update-share.tsx

@@ -0,0 +1,65 @@
+import { Handlers } from 'fresh/server.ts';
+
+import { Directory, DirectoryFile, FreshContextState } from '/lib/types.ts';
+import { DirectoryModel, FileModel, FileShareModel } from '/lib/models/files.ts';
+import { generateHash } from '/lib/utils/misc.ts';
+import { PASSWORD_SALT } from '/lib/auth.ts';
+import { AppConfig } from '/lib/config.ts';
+
+interface Data {}
+
+export interface RequestBody {
+  pathInView: string;
+  fileShareId: string;
+  password?: string;
+}
+
+export interface ResponseBody {
+  success: boolean;
+  newFiles: DirectoryFile[];
+  newDirectories: Directory[];
+}
+
+export const handler: Handlers<Data, FreshContextState> = {
+  async POST(request, context) {
+    if (!context.state.user) {
+      return new Response('Unauthorized', { status: 401 });
+    }
+
+    const isPublicFileSharingAllowed = await AppConfig.isPublicFileSharingAllowed();
+
+    if (!isPublicFileSharingAllowed) {
+      return new Response('Forbidden', { status: 403 });
+    }
+
+    const requestBody = await request.clone().json() as RequestBody;
+
+    if (
+      !requestBody.fileShareId || !requestBody.pathInView || !requestBody.pathInView.trim() ||
+      !requestBody.pathInView.startsWith('/') || requestBody.pathInView.includes('../')
+    ) {
+      return new Response('Bad Request', { status: 400 });
+    }
+
+    const fileShare = await FileShareModel.getById(requestBody.fileShareId);
+
+    if (!fileShare || fileShare.user_id !== context.state.user.id) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    if (requestBody.password) {
+      fileShare.extra.hashed_password = await generateHash(`${requestBody.password}:${PASSWORD_SALT}`, 'SHA-256');
+    } else {
+      delete fileShare.extra.hashed_password;
+    }
+
+    await FileShareModel.update(fileShare);
+
+    const newFiles = await FileModel.list(context.state.user.id, requestBody.pathInView);
+    const newDirectories = await DirectoryModel.list(context.state.user.id, requestBody.pathInView);
+
+    const responseBody: ResponseBody = { success: true, newFiles, newDirectories };
+
+    return new Response(JSON.stringify(responseBody));
+  },
+};