feat: add /share/file-by-username endpoint

2024-11-14 22:06:00 +00:00 · 2024-06-12 17:10:48 -04:00 · 2024-06-12 17:10:48 -04:00 · 5d214c7b52
commit 5d214c7b52
parent 1859668257
5 changed files with 128 additions and 1 deletions
--- a/packages/backend/src/api/APIError.js
+++ b/packages/backend/src/api/APIError.js
@ -388,6 +388,12 @@ module.exports = class APIError {
            message: ({ identifier }) => `Entity not found: ${quot(identifier)}`,
        },

+        // Share
+        'user_does_not_exist': {
+            status: 422,
+            message: ({ username }) => `The user ${quot(username)} does not exist.`
+        },
+
        // Chat
        // TODO: specifying these errors here might be a violation
        // of separation of concerns. Services could register their
--- a/packages/backend/src/routers/share.js
+++ b/packages/backend/src/routers/share.js
@ -0,0 +1,90 @@
+const express = require('express');
+const { Endpoint } = require('../util/expressutil');
+
+const validator = require('validator');
+const APIError = require('../api/APIError');
+const { get_user } = require('../helpers');
+const { Context } = require('../util/context');
+const auth2 = require('../middleware/auth2');
+const config = require('../config');
+
+const { PermissionUtil } = require('../services/auth/PermissionService');
+
+const uuidv4 = require('uuid').v4;
+
+const router = express.Router();
+router.use(auth2);
+
+Endpoint({
+    route: '/file-by-username',
+    methods: ['POST'],
+    handler: async (req, res) => {
+        const svc_token = req.services.get('token');
+        const svc_email = req.services.get('email');
+        const svc_permission = req.services.get('permission');
+
+        console.log('which actor exists?',
+            req.actor,
+            Context.get('actor'))
+        const actor = Context.get('actor');
+
+        const username = req.body.username;
+        if ( ! (typeof username === 'string') ) {
+            throw APIError.create('field_invalid', null, {
+                key: 'username',
+                expected: 'string',
+                got: typeof username,
+            });
+        }
+
+        let path = req.body.path;
+        if ( ! (typeof path === 'string') ) {
+            throw APIError.create('field_invalid', null, {
+                key: 'path',
+                expected: 'string',
+                got: typeof path,
+            });
+        }
+
+        const access_level = req.body.access_level || 'write';
+        if ( ! ['read','write'].includes(access_level) ) {
+            throw APIError.create('field_invalid', null, {
+                key: 'access_level',
+                expected: '"read" or "write"',
+            });
+        }
+
+        const recipient = await get_user({ username });
+        if ( ! recipient ) {
+            throw APIError.create('user_does_not_exist', null, {
+                username
+            });
+        }
+
+        await svc_permission.grant_user_user_permission(
+            actor, username,
+            PermissionUtil.join('fs', path, access_level),
+            {}, {},
+        );
+
+        if ( path.startsWith('/') ) path = path.slice(1);
+        const link = `${config.origin}/show/${path}`;
+
+        const email_values = {
+            link,
+            susername: req.user.username,
+            ...(recipient ? {
+                rusername: recipient.username,
+            } : {}),
+        };
+
+        const email_tmpl = recipient ?
+            'share_existing_user' : 'share_new_user';
+
+        await svc_email.send_email({ email: recipient.email }, email_tmpl, email_values);
+        
+        res.send({});
+    },
+}).attach(router);
+
+module.exports = router;
--- a/packages/backend/src/services/EmailService.js
+++ b/packages/backend/src/services/EmailService.js
@ -130,7 +130,17 @@ If this was not you, please contact support@puter.com immediately.
        <p>Sincerely,</p>
        <p>Puter</p>
        `
-    }
+    },
+    // TODO: revise email contents
+    'share_existing_user': {
+        subject: 'Puter share from {{susername}}',
+        html: `
+        <p>Hi there {{rusername}},</p>
+        <p>{{link}}</p>
+        <p>Sincerely,</p>
+        <p>Puter</p>
+        `
+    },
 }

 class Emailservice extends BaseService {
--- a/packages/backend/src/services/PuterAPIService.js
+++ b/packages/backend/src/services/PuterAPIService.js
@ -76,6 +76,7 @@ class PuterAPIService extends BaseService {
        app.use(require('../routers/healthcheck'))
        app.use(require('../routers/test'))
        app.use(require('../routers/update-taskbar-items'))
+        app.use('/share', require('../routers/share'));
        require('../routers/whoami')(app);

    }
--- a/packages/backend/src/services/auth/PermissionService.js
+++ b/packages/backend/src/services/auth/PermissionService.js
@ -158,6 +158,19 @@ class PermissionUtil {
        }
        return unescaped_str;
    }
+    
+    static escape_permission_component (component) {
+        let escaped_str = '';
+        for ( let i = 0 ; i < component.length ; i++ ) {
+            const c = component[i];
+            if ( c === ':' ) {
+                escaped_str += '\\C';
+                continue;
+            }
+            escaped_str += c;
+        }
+        return escaped_str;
+    }

    static split (permission) {
        return permission
@ -165,6 +178,13 @@ class PermissionUtil {
            .map(PermissionUtil.unescape_permission_component)
            ;
    }
+    
+    static join (...components) {
+        return components
+            .map(PermissionUtil.escape_permission_component)
+            .join(':')
+            ;
+    }
 }

 class PermissionService extends BaseService {