Public File Sharing (#72)

* Public File Sharing This implements public file sharing (read-only) with and without passwords (#57). It also fixes a problem with filenames including special characters like `#` not working properly (#71). You can share a directory or a single file, by using the new share icon on the right of the directories/files, and click on it to manage an existing file share (setting a new password, or deleting the file share). There is some other minor cleanup and other copy updates in the README. Closes #57 Fixes #71 * Hide UI elements when sharing isn't allowed
2025-06-20 12:04:16 +01:00
parent c7d6b8077b
commit 7fac7febcf
29 changed files with 1541 additions and 155 deletions
--- a/routes/file-share/[fileShareId]/open/[fileName].tsx
+++ b/routes/file-share/[fileShareId]/open/[fileName].tsx
@@ -0,0 +1,82 @@
+import { Handlers } from 'fresh/server.ts';
+import { join } from 'std/path/join.ts';
+
+import { FreshContextState } from '/lib/types.ts';
+import { ensureFileSharePathIsValidAndSecurelyAccessible, FileModel, FileShareModel } from '/lib/models/files.ts';
+import { AppConfig } from '/lib/config.ts';
+
+interface Data {}
+
+export const handler: Handlers<Data, FreshContextState> = {
+  async GET(request, context) {
+    const { fileShareId, fileName } = context.params;
+
+    if (!fileShareId || !fileName) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const isPublicFileSharingAllowed = await AppConfig.isPublicFileSharingAllowed();
+
+    if (!isPublicFileSharingAllowed) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const fileShare = await FileShareModel.getById(fileShareId);
+
+    if (!fileShare) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    if (fileShare.extra.hashed_password) {
+      const { fileShareId: fileShareIdFromSession, hashedPassword: hashedPasswordFromSession } =
+        (await FileShareModel.getDataFromRequest(request)) || {};
+
+      if (
+        !fileShareIdFromSession || fileShareIdFromSession !== fileShareId ||
+        hashedPasswordFromSession !== fileShare.extra.hashed_password
+      ) {
+        return new Response('Redirect', { status: 303, headers: { 'Location': `/file-share/${fileShareId}/verify` } });
+      }
+    }
+
+    const searchParams = new URL(request.url).searchParams;
+
+    let currentPath = searchParams.get('path') || '/';
+
+    // Send invalid paths back to root
+    if (!currentPath.startsWith('/') || currentPath.includes('../')) {
+      currentPath = '/';
+    }
+
+    // Always append a trailing slash
+    if (!currentPath.endsWith('/')) {
+      currentPath = `${currentPath}/`;
+    }
+
+    // Confirm that currentPath is not _outside_ the fileShare.file_path
+    await ensureFileSharePathIsValidAndSecurelyAccessible(fileShare.user_id, fileShare.file_path, currentPath);
+
+    const isFileSharePathDirectory = fileShare.file_path.endsWith('/');
+
+    const fileSharePathDirectory = isFileSharePathDirectory
+      ? fileShare.file_path
+      : `${fileShare.file_path.split('/').slice(0, -1).join('/')}/`;
+
+    currentPath = isFileSharePathDirectory ? join(fileShare.file_path, currentPath) : fileSharePathDirectory;
+
+    const fileResult = await FileModel.get(fileShare.user_id, currentPath, decodeURIComponent(fileName));
+
+    if (!fileResult.success) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    return new Response(fileResult.contents!, {
+      status: 200,
+      headers: {
+        'cache-control': 'no-cache, no-store, must-revalidate',
+        'content-type': fileResult.contentType!,
+        'content-length': fileResult.byteSize!.toString(),
+      },
+    });
+  },
+};