Public File Sharing (#72)
* Public File Sharing This implements public file sharing (read-only) with and without passwords (#57). It also fixes a problem with filenames including special characters like `#` not working properly (#71). You can share a directory or a single file, by using the new share icon on the right of the directories/files, and click on it to manage an existing file share (setting a new password, or deleting the file share). There is some other minor cleanup and other copy updates in the README. Closes #57 Fixes #71 * Hide UI elements when sharing isn't allowed
This commit is contained in:
Bruno Bernardino
65
routes/api/files/update-share.tsx
Normal file
65
routes/api/files/update-share.tsx
Normal file
@@ -0,0 +1,65 @@
|
||||
import { Handlers } from 'fresh/server.ts';
|
||||
|
||||
import { Directory, DirectoryFile, FreshContextState } from '/lib/types.ts';
|
||||
import { DirectoryModel, FileModel, FileShareModel } from '/lib/models/files.ts';
|
||||
import { generateHash } from '/lib/utils/misc.ts';
|
||||
import { PASSWORD_SALT } from '/lib/auth.ts';
|
||||
import { AppConfig } from '/lib/config.ts';
|
||||
|
||||
interface Data {}
|
||||
|
||||
export interface RequestBody {
|
||||
pathInView: string;
|
||||
fileShareId: string;
|
||||
password?: string;
|
||||
}
|
||||
|
||||
export interface ResponseBody {
|
||||
success: boolean;
|
||||
newFiles: DirectoryFile[];
|
||||
newDirectories: Directory[];
|
||||
}
|
||||
|
||||
export const handler: Handlers<Data, FreshContextState> = {
|
||||
async POST(request, context) {
|
||||
if (!context.state.user) {
|
||||
return new Response('Unauthorized', { status: 401 });
|
||||
}
|
||||
|
||||
const isPublicFileSharingAllowed = await AppConfig.isPublicFileSharingAllowed();
|
||||
|
||||
if (!isPublicFileSharingAllowed) {
|
||||
return new Response('Forbidden', { status: 403 });
|
||||
}
|
||||
|
||||
const requestBody = await request.clone().json() as RequestBody;
|
||||
|
||||
if (
|
||||
!requestBody.fileShareId || !requestBody.pathInView || !requestBody.pathInView.trim() ||
|
||||
!requestBody.pathInView.startsWith('/') || requestBody.pathInView.includes('../')
|
||||
) {
|
||||
return new Response('Bad Request', { status: 400 });
|
||||
}
|
||||
|
||||
const fileShare = await FileShareModel.getById(requestBody.fileShareId);
|
||||
|
||||
if (!fileShare || fileShare.user_id !== context.state.user.id) {
|
||||
return new Response('Not Found', { status: 404 });
|
||||
}
|
||||
|
||||
if (requestBody.password) {
|
||||
fileShare.extra.hashed_password = await generateHash(`${requestBody.password}:${PASSWORD_SALT}`, 'SHA-256');
|
||||
} else {
|
||||
delete fileShare.extra.hashed_password;
|
||||
}
|
||||
|
||||
await FileShareModel.update(fileShare);
|
||||
|
||||
const newFiles = await FileModel.list(context.state.user.id, requestBody.pathInView);
|
||||
const newDirectories = await DirectoryModel.list(context.state.user.id, requestBody.pathInView);
|
||||
|
||||
const responseBody: ResponseBody = { success: true, newFiles, newDirectories };
|
||||
|
||||
return new Response(JSON.stringify(responseBody));
|
||||
},
|
||||
};
|
||||
Reference in New Issue
Block a user