Public File Sharing (#72)

* Public File Sharing This implements public file sharing (read-only) with and without passwords (#57). It also fixes a problem with filenames including special characters like `#` not working properly (#71). You can share a directory or a single file, by using the new share icon on the right of the directories/files, and click on it to manage an existing file share (setting a new password, or deleting the file share). There is some other minor cleanup and other copy updates in the README. Closes #57 Fixes #71 * Hide UI elements when sharing isn't allowed
2025-06-20 12:04:16 +01:00
parent c7d6b8077b
commit 7fac7febcf
29 changed files with 1541 additions and 155 deletions
--- a/routes/file-share/[fileShareId].tsx
+++ b/routes/file-share/[fileShareId].tsx
@@ -0,0 +1,133 @@
+import { Handlers, PageProps } from 'fresh/server.ts';
+import { join } from 'std/path/join.ts';
+
+import { Directory, DirectoryFile, FreshContextState } from '/lib/types.ts';
+import {
+  DirectoryModel,
+  ensureFileSharePathIsValidAndSecurelyAccessible,
+  FileModel,
+  FileShareModel,
+} from '/lib/models/files.ts';
+import { AppConfig } from '/lib/config.ts';
+import FilesWrapper from '/islands/files/FilesWrapper.tsx';
+
+interface Data {
+  shareDirectories: Directory[];
+  shareFiles: DirectoryFile[];
+  currentPath: string;
+  baseUrl: string;
+  fileShareId?: string;
+}
+
+export const handler: Handlers<Data, FreshContextState> = {
+  async GET(request, context) {
+    const { fileShareId } = context.params;
+
+    if (!fileShareId) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const isPublicFileSharingAllowed = await AppConfig.isPublicFileSharingAllowed();
+
+    if (!isPublicFileSharingAllowed) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const baseUrl = (await AppConfig.getConfig()).auth.baseUrl;
+
+    const fileShare = await FileShareModel.getById(fileShareId);
+
+    if (!fileShare) {
+      return new Response('Not Found', { status: 404 });
+    }
+
+    const searchParams = new URL(request.url).searchParams;
+
+    let currentPath = searchParams.get('path') || '/';
+
+    // Send invalid paths back to root
+    if (!currentPath.startsWith('/') || currentPath.includes('../')) {
+      currentPath = '/';
+    }
+
+    // Always append a trailing slash
+    if (!currentPath.endsWith('/')) {
+      currentPath = `${currentPath}/`;
+    }
+
+    // Confirm that currentPath is not _outside_ the fileShare.file_path
+    await ensureFileSharePathIsValidAndSecurelyAccessible(fileShare.user_id, fileShare.file_path, currentPath);
+
+    const isFileSharePathDirectory = fileShare.file_path.endsWith('/');
+
+    currentPath = isFileSharePathDirectory ? join(fileShare.file_path, currentPath) : fileShare.file_path;
+
+    const isFilePathDirectory = currentPath.endsWith('/');
+
+    const fileSharePathDirectory = isFileSharePathDirectory
+      ? fileShare.file_path
+      : `${fileShare.file_path.split('/').slice(0, -1).join('/')}/`;
+
+    const filePathDirectory = isFilePathDirectory ? currentPath : `${currentPath.split('/').slice(0, -1).join('/')}/`;
+
+    // Does the file share require a password? If so, redirect to the verification page
+    if (fileShare.extra.hashed_password) {
+      const { fileShareId: fileShareIdFromSession, hashedPassword: hashedPasswordFromSession } =
+        (await FileShareModel.getDataFromRequest(request)) || {};
+
+      if (
+        !fileShareIdFromSession || fileShareIdFromSession !== fileShareId ||
+        hashedPasswordFromSession !== fileShare.extra.hashed_password
+      ) {
+        return new Response('Redirect', { status: 303, headers: { 'Location': `/file-share/${fileShareId}/verify` } });
+      }
+    }
+
+    let shareDirectories = await DirectoryModel.list(
+      fileShare.user_id,
+      isFilePathDirectory ? currentPath : filePathDirectory,
+    );
+
+    let shareFiles = await FileModel.list(fileShare.user_id, isFilePathDirectory ? currentPath : filePathDirectory);
+
+    if (!isFileSharePathDirectory) {
+      shareDirectories = shareDirectories.filter((directory) =>
+        directory.directory_name === currentPath.split('/').pop()
+      );
+      shareFiles = shareFiles.filter((file) => file.file_name === currentPath.split('/').pop());
+    }
+
+    // Remove the filePathDirectory from the directories' paths, and set has_write_access to false
+    shareDirectories = shareDirectories.map((directory) => ({
+      ...directory,
+      has_write_access: false,
+      parent_path: directory.parent_path.replace(fileSharePathDirectory, '/'),
+    }));
+
+    // Remove the filePathDirectory from the files' paths, and set has_write_access to false
+    shareFiles = shareFiles.map((file) => ({
+      ...file,
+      has_write_access: false,
+      parent_path: file.parent_path.replace(fileSharePathDirectory, '/'),
+    }));
+
+    const publicCurrentPath = currentPath.replace(fileShare.file_path, '/');
+
+    return await context.render({ shareDirectories, shareFiles, currentPath: publicCurrentPath, baseUrl, fileShareId });
+  },
+};
+
+export default function FilesPage({ data }: PageProps<Data, FreshContextState>) {
+  return (
+    <main>
+      <FilesWrapper
+        initialDirectories={data.shareDirectories}
+        initialFiles={data.shareFiles}
+        initialPath={data.currentPath}
+        baseUrl={data.baseUrl}
+        isFileSharingAllowed
+        fileShareId={data.fileShareId}
+      />
+    </main>
+  );
+}