initial commit

src/pages/api/share/[shareId]/enterPassword.ts

@@ -0,0 +1,44 @@
+import type { NextApiRequest, NextApiResponse } from "next";
+import {
+  SecurityDocument,
+  ShareDocument,
+} from "../../../../types/Appwrite.type";
+import awServer from "../../../../utils/appwriteServer.util";
+import { hashPassword } from "../../../../utils/shares/security.util";
+
+const handler = async (req: NextApiRequest, res: NextApiResponse) => {
+  const shareId = req.query.shareId as string;
+  let hashedPassword;
+  try {
+    hashedPassword = await checkPassword(shareId, req.body.password);
+  } catch (e) {
+    return res.status(403).json({ message: e });
+  }
+  if (hashedPassword)
+    res.setHeader(
+      "Set-Cookie",
+      `${shareId}-password=${hashedPassword}; Path=/api/share/${shareId}; max-age=3600; HttpOnly`
+    );
+  res.send(200);
+};
+
+export const checkPassword = async (shareId: string, password?: string) => {
+  let hashedPassword;
+  const shareDocument = await awServer.database.getDocument<ShareDocument>(
+    "shares",
+    shareId
+  );
+  await awServer.database
+    .getDocument<SecurityDocument>("shareSecurity", shareDocument.securityID)
+    .then((securityDocument) => {
+      if (securityDocument.password) {
+        hashedPassword = hashPassword(password as string, shareId);
+        if (hashedPassword !== securityDocument.password) {
+          throw "wrong_password";
+        }
+      }
+    });
+  return hashedPassword;
+};
+
+export default handler;

src/pages/api/share/[shareId]/index.ts

@@ -0,0 +1,64 @@
+import type { NextApiRequest, NextApiResponse } from "next";
+import { ShareDocument } from "../../../../types/Appwrite.type";
+import { AppwriteFileWithPreview } from "../../../../types/File.type";
+import awServer from "../../../../utils/appwriteServer.util";
+import { checkSecurity } from "../../../../utils/shares/security.util";
+
+const handler = async (req: NextApiRequest, res: NextApiResponse) => {
+  const shareId = req.query.shareId as string;
+  const fileList: AppwriteFileWithPreview[] = [];
+  const hashedPassword = req.cookies[`${shareId}-password`];
+
+  if (!(await shareExists(shareId)))
+    return res.status(404).json({ message: "not_found" });
+
+  try {
+    await checkSecurity(shareId, hashedPassword);
+  } catch (e) {
+    return res.status(403).json({ message: e });
+  }
+
+  addVisitorCount(shareId);
+
+  const fileListWithoutPreview = (await awServer.storage.listFiles(shareId))
+    .files;
+
+  for (const file of fileListWithoutPreview) {
+    const filePreview = await awServer.storage.getFilePreview(
+      shareId,
+      file.$id
+    );
+    fileList.push({ ...file, preview: filePreview });
+  }
+
+  if (hashedPassword)
+    res.setHeader(
+      "Set-Cookie",
+      `${shareId}-password=${hashedPassword}; Path=/share/${shareId}; max-age=3600; HttpOnly`
+    );
+  res.status(200).json(fileList);
+};
+
+const shareExists = async (shareId: string) => {
+  try {
+    const shareDocument = await awServer.database.getDocument<ShareDocument>(
+      "shares",
+      shareId
+    );
+    return shareDocument.enabled && shareDocument.expiresAt > Date.now();
+  } catch (e) {
+    return false;
+  }
+};
+
+const addVisitorCount = async (shareId: string) => {
+  const currentDocument = await awServer.database.getDocument<ShareDocument>(
+    "shares",
+    shareId
+  );
+  currentDocument.visitorCount++;
+
+  awServer.database.updateDocument("shares", shareId, currentDocument);
+};
+
+export default handler;