Public File Sharing (#72)

* Public File Sharing

This implements public file sharing (read-only) with and without passwords (#57).

It also fixes a problem with filenames including special characters like `#` not working properly (#71).

You can share a directory or a single file, by using the new share icon on the right of the directories/files, and click on it to manage an existing file share (setting a new password, or deleting the file share).

There is some other minor cleanup and other copy updates in the README.

Closes #57
Fixes #71

* Hide UI elements when sharing isn't allowed

routes/file-share/[fileShareId].tsx

@@ -0,0 +1,133 @@
+import { Handlers, PageProps } from 'fresh/server.ts';
+import { join } from 'std/path/join.ts';
+
+import { Directory, DirectoryFile, FreshContextState } from '/lib/types.ts';
+import {
+  DirectoryModel,
+  ensureFileSharePathIsValidAndSecurelyAccessible,
+  FileModel,
+  FileShareModel,
+} from '/lib/models/files.ts';
+import { AppConfig } from '/lib/config.ts';
+import FilesWrapper from '/islands/files/FilesWrapper.tsx';
+
+interface Data {
+  shareDirectories: Directory[];
+  shareFiles: DirectoryFile[];
+  currentPath: string;
+  baseUrl: string;
+  fileShareId?: string;
+}
+
+export const handler: Handlers<Data, FreshContextState> = {
+  async GET(request, context) {
+    const { fileShareId } = context.params;
+
+    if (!fileShareId) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const isPublicFileSharingAllowed = await AppConfig.isPublicFileSharingAllowed();
+
+    if (!isPublicFileSharingAllowed) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const baseUrl = (await AppConfig.getConfig()).auth.baseUrl;
+
+    const fileShare = await FileShareModel.getById(fileShareId);
+
+    if (!fileShare) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const searchParams = new URL(request.url).searchParams;
+
+    let currentPath = searchParams.get('path') || '/';
+
+    // Send invalid paths back to root
+    if (!currentPath.startsWith('/') || currentPath.includes('../')) {
+      currentPath = '/';
+    }
+
+    // Always append a trailing slash
+    if (!currentPath.endsWith('/')) {
+      currentPath = `${currentPath}/`;
+    }
+
+    // Confirm that currentPath is not _outside_ the fileShare.file_path
+    await ensureFileSharePathIsValidAndSecurelyAccessible(fileShare.user_id, fileShare.file_path, currentPath);
+
+    const isFileSharePathDirectory = fileShare.file_path.endsWith('/');
+
+    currentPath = isFileSharePathDirectory ? join(fileShare.file_path, currentPath) : fileShare.file_path;
+
+    const isFilePathDirectory = currentPath.endsWith('/');
+
+    const fileSharePathDirectory = isFileSharePathDirectory
+      ? fileShare.file_path
+      : `${fileShare.file_path.split('/').slice(0, -1).join('/')}/`;
+
+    const filePathDirectory = isFilePathDirectory ? currentPath : `${currentPath.split('/').slice(0, -1).join('/')}/`;
+
+    // Does the file share require a password? If so, redirect to the verification page
+    if (fileShare.extra.hashed_password) {
+      const { fileShareId: fileShareIdFromSession, hashedPassword: hashedPasswordFromSession } =
+        (await FileShareModel.getDataFromRequest(request)) || {};
+
+      if (
+        !fileShareIdFromSession || fileShareIdFromSession !== fileShareId ||
+        hashedPasswordFromSession !== fileShare.extra.hashed_password
+      ) {
+        return new Response('Redirect', { status: 303, headers: { 'Location': `/file-share/${fileShareId}/verify` } });
+      }
+    }
+
+    let shareDirectories = await DirectoryModel.list(
+      fileShare.user_id,
+      isFilePathDirectory ? currentPath : filePathDirectory,
+    );
+
+    let shareFiles = await FileModel.list(fileShare.user_id, isFilePathDirectory ? currentPath : filePathDirectory);
+
+    if (!isFileSharePathDirectory) {
+      shareDirectories = shareDirectories.filter((directory) =>
+        directory.directory_name === currentPath.split('/').pop()
+      );
+      shareFiles = shareFiles.filter((file) => file.file_name === currentPath.split('/').pop());
+    }
+
+    // Remove the filePathDirectory from the directories' paths, and set has_write_access to false
+    shareDirectories = shareDirectories.map((directory) => ({
+      ...directory,
+      has_write_access: false,
+      parent_path: directory.parent_path.replace(fileSharePathDirectory, '/'),
+    }));
+
+    // Remove the filePathDirectory from the files' paths, and set has_write_access to false
+    shareFiles = shareFiles.map((file) => ({
+      ...file,
+      has_write_access: false,
+      parent_path: file.parent_path.replace(fileSharePathDirectory, '/'),
+    }));
+
+    const publicCurrentPath = currentPath.replace(fileShare.file_path, '/');
+
+    return await context.render({ shareDirectories, shareFiles, currentPath: publicCurrentPath, baseUrl, fileShareId });
+  },
+};
+
+export default function FilesPage({ data }: PageProps<Data, FreshContextState>) {
+  return (
+    <main>
+      <FilesWrapper
+        initialDirectories={data.shareDirectories}
+        initialFiles={data.shareFiles}
+        initialPath={data.currentPath}
+        baseUrl={data.baseUrl}
+        isFileSharingAllowed
+        fileShareId={data.fileShareId}
+      />
+    </main>
+  );
+}

routes/file-share/[fileShareId]/open/[fileName].tsx

@@ -0,0 +1,82 @@
+import { Handlers } from 'fresh/server.ts';
+import { join } from 'std/path/join.ts';
+
+import { FreshContextState } from '/lib/types.ts';
+import { ensureFileSharePathIsValidAndSecurelyAccessible, FileModel, FileShareModel } from '/lib/models/files.ts';
+import { AppConfig } from '/lib/config.ts';
+
+interface Data {}
+
+export const handler: Handlers<Data, FreshContextState> = {
+  async GET(request, context) {
+    const { fileShareId, fileName } = context.params;
+
+    if (!fileShareId || !fileName) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const isPublicFileSharingAllowed = await AppConfig.isPublicFileSharingAllowed();
+
+    if (!isPublicFileSharingAllowed) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const fileShare = await FileShareModel.getById(fileShareId);
+
+    if (!fileShare) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    if (fileShare.extra.hashed_password) {
+      const { fileShareId: fileShareIdFromSession, hashedPassword: hashedPasswordFromSession } =
+        (await FileShareModel.getDataFromRequest(request)) || {};
+
+      if (
+        !fileShareIdFromSession || fileShareIdFromSession !== fileShareId ||
+        hashedPasswordFromSession !== fileShare.extra.hashed_password
+      ) {
+        return new Response('Redirect', { status: 303, headers: { 'Location': `/file-share/${fileShareId}/verify` } });
+      }
+    }
+
+    const searchParams = new URL(request.url).searchParams;
+
+    let currentPath = searchParams.get('path') || '/';
+
+    // Send invalid paths back to root
+    if (!currentPath.startsWith('/') || currentPath.includes('../')) {
+      currentPath = '/';
+    }
+
+    // Always append a trailing slash
+    if (!currentPath.endsWith('/')) {
+      currentPath = `${currentPath}/`;
+    }
+
+    // Confirm that currentPath is not _outside_ the fileShare.file_path
+    await ensureFileSharePathIsValidAndSecurelyAccessible(fileShare.user_id, fileShare.file_path, currentPath);
+
+    const isFileSharePathDirectory = fileShare.file_path.endsWith('/');
+
+    const fileSharePathDirectory = isFileSharePathDirectory
+      ? fileShare.file_path
+      : `${fileShare.file_path.split('/').slice(0, -1).join('/')}/`;
+
+    currentPath = isFileSharePathDirectory ? join(fileShare.file_path, currentPath) : fileSharePathDirectory;
+
+    const fileResult = await FileModel.get(fileShare.user_id, currentPath, decodeURIComponent(fileName));
+
+    if (!fileResult.success) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    return new Response(fileResult.contents!, {
+      status: 200,
+      headers: {
+        'cache-control': 'no-cache, no-store, must-revalidate',
+        'content-type': fileResult.contentType!,
+        'content-length': fileResult.byteSize!.toString(),
+      },
+    });
+  },
+};

routes/file-share/[fileShareId]/verify.tsx

@@ -0,0 +1,107 @@
+import { Handlers, PageProps } from 'fresh/server.ts';
+
+import { FreshContextState } from '/lib/types.ts';
+import { getFormDataField } from '/lib/form-utils.tsx';
+import { AppConfig } from '/lib/config.ts';
+import { FileShareModel } from '/lib/models/files.ts';
+import { generateHash } from '/lib/utils/misc.ts';
+import { PASSWORD_SALT } from '/lib/auth.ts';
+import ShareVerifyForm from '/components/files/ShareVerifyForm.tsx';
+
+interface Data {
+  error?: {
+    title: string;
+    message: string;
+  };
+}
+
+export const handler: Handlers<Data, FreshContextState> = {
+  async GET(request, context) {
+    const { fileShareId } = context.params;
+
+    if (!fileShareId) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const isPublicFileSharingAllowed = await AppConfig.isPublicFileSharingAllowed();
+
+    if (!isPublicFileSharingAllowed) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const fileShare = await FileShareModel.getById(fileShareId);
+
+    if (!fileShare) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    if (!fileShare.extra.hashed_password) {
+      return new Response('Redirect', { status: 303, headers: { 'Location': `/file-share/${fileShareId}` } });
+    }
+
+    return await context.render({});
+  },
+  async POST(request, context) {
+    const { fileShareId } = context.params;
+
+    if (!fileShareId) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const isPublicFileSharingAllowed = await AppConfig.isPublicFileSharingAllowed();
+
+    if (!isPublicFileSharingAllowed) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const fileShare = await FileShareModel.getById(fileShareId);
+
+    if (!fileShare) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    if (!fileShare.extra.hashed_password) {
+      return new Response('Redirect', { status: 303, headers: { 'Location': `/file-share/${fileShareId}` } });
+    }
+
+    try {
+      const formData = await request.formData();
+      const password = getFormDataField(formData, 'password');
+
+      if (!password) {
+        throw new Error('Password is required');
+      }
+
+      const hashedPassword = await generateHash(`${password}:${PASSWORD_SALT}`, 'SHA-256');
+
+      if (hashedPassword !== fileShare.extra.hashed_password) {
+        throw new Error('Invalid password');
+      }
+
+      const response = new Response('Redirect', { status: 303, headers: { 'Location': `/file-share/${fileShareId}` } });
+
+      return await FileShareModel.createSessionCookie(request, response, fileShareId, hashedPassword);
+    } catch (error) {
+      console.error('File share verification error:', error);
+
+      return await context.render({
+        error: {
+          title: 'Verification Failed',
+          message: (error as Error).message,
+        },
+      });
+    }
+  },
+};
+
+export default function ShareVerifyPage({ data }: PageProps<Data, FreshContextState>) {
+  return (
+    <main>
+      <section class='max-w-screen-md mx-auto flex flex-col items-center justify-center'>
+        <ShareVerifyForm
+          error={data.error}
+        />
+      </section>
+    </main>
+  );
+}