iio/pingvin-share
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add feature to send share with email

Browse Source
This commit is contained in:
Elias Schneider
2022-05-06 10:25:10 +02:00
parent 506e6b0cab
commit ce19d22c68
22 changed files with 365 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/pages/api/share/[shareId]/index.ts
View File

@@ -3,14 +3,30 @@ import { ShareDocument } from "../../../../types/Appwrite.type";
import { AppwriteFileWithPreview } from "../../../../types/File.type";
import awServer from "../../../../utils/appwriteServer.util";
import { checkSecurity } from "../../../../utils/shares/security.util";
import * as jose from "jose";
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
const shareId = req.query.shareId as string;
const fileList: AppwriteFileWithPreview[] = [];
const hashedPassword = req.cookies[`${shareId}-password`];
if (!(await shareExists(shareId)))
let shareDocument;
try {
shareDocument = await awServer.database.getDocument<ShareDocument>(
"shares",
shareId
);
} catch {
return res.status(404).json({ message: "not_found" });
}
if (!shareExists(shareDocument)) {
return res.status(404).json({ message: "not_found" });
}
if (!hasUserAccess(req.cookies.aw_token, shareDocument)) {
return res.status(403).json({ message: "forbidden" });
}
try {
await checkSecurity(shareId, hashedPassword);
@@ -20,8 +36,9 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
addVisitorCount(shareId);
const fileListWithoutPreview = (await awServer.storage.listFiles(shareId, undefined, 100))
.files;
const fileListWithoutPreview = (
await awServer.storage.listFiles(shareId, undefined, 100)
).files;
for (const file of fileListWithoutPreview) {
const filePreview = await awServer.storage.getFilePreview(
@@ -39,18 +56,20 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
res.status(200).json(fileList);
};
const shareExists = async (shareId: string) => {
const hasUserAccess = (jwt: string, shareDocument: ShareDocument) => {
if (shareDocument.users?.length == 0) return true;
try {
const shareDocument = await awServer.database.getDocument<ShareDocument>(
"shares",
shareId
);
return shareDocument.enabled && shareDocument.expiresAt > Date.now();
} catch (e) {
const userId = jose.decodeJwt(jwt).userId as string;
return shareDocument.users?.includes(userId);
} catch {
return false;
}
};
const shareExists = async (shareDocument: ShareDocument) => {
return shareDocument.enabled && shareDocument.expiresAt > Date.now();
};
const addVisitorCount = async (shareId: string) => {
const currentDocument = await awServer.database.getDocument<ShareDocument>(
"shares",