iio/pingvin-share
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3cb7285e8f8e7fc49df935b4e0e1b1f6d253c4da
pingvin-share/src/pages/api/share/[shareId]/index.ts
Elias Schneider 3cb7285e8f Add User Info Page
2022-05-11 13:50:28 +02:00

91 lines
2.6 KiB
TypeScript
Raw Blame History

import type { NextApiRequest, NextApiResponse } from "next";
import { ShareDocument } from "../../../../types/Appwrite.type";
import { AppwriteFileWithPreview } from "../../../../types/File.type";
import awServer from "../../../../utils/appwriteServer.util";
import { checkSecurity } from "../../../../utils/shares/security.util";
import * as jose from "jose";
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
const shareId = req.query.shareId as string;
if (req.method == "POST") {
const fileList: AppwriteFileWithPreview[] = [];
const hashedPassword = req.cookies[`${shareId}-password`];
let shareDocument;
try {
shareDocument = await awServer.database.getDocument<ShareDocument>(
"shares",
shareId
);
} catch {
return res.status(404).json({ message: "not_found" });
}
if (!shareExists(shareDocument)) {
return res.status(404).json({ message: "not_found" });
}
if (!hasUserAccess(req.cookies.aw_token, shareDocument)) {
return res.status(403).json({ message: "forbidden" });
}
try {
await checkSecurity(shareId, hashedPassword);
} catch (e) {
return res.status(403).json({ message: e });
}
addVisitorCount(shareId);
const fileListWithoutPreview = (
await awServer.storage.listFiles(shareId, undefined, 100)
).files;
for (const file of fileListWithoutPreview) {
const filePreview = await awServer.storage.getFilePreview(
shareId,
file.$id
);
fileList.push({ ...file, preview: filePreview });
}
if (hashedPassword)
res.setHeader(
"Set-Cookie",
`${shareId}-password=${hashedPassword}; Path=/share/${shareId}; max-age=3600; HttpOnly`
);
res.status(200).json(fileList);
} else if (req.method == "DELETE") {
awServer.database.updateDocument("shares", shareId, {
enabled: false,
});
}
};
// Util functions
const hasUserAccess = (jwt: string, shareDocument: ShareDocument) => {
if (shareDocument.users?.length == 0) return true;
try {
const userId = jose.decodeJwt(jwt).userId as string;
return shareDocument.users?.includes(userId);
} catch {
return false;
}
};
const shareExists = async (shareDocument: ShareDocument) => {
return shareDocument.enabled && shareDocument.expiresAt > Date.now();
};
const addVisitorCount = async (shareId: string) => {
const currentDocument = await awServer.database.getDocument<ShareDocument>(
"shares",
shareId
);
currentDocument.visitorCount++;
awServer.database.updateDocument("shares", shareId, currentDocument);
};
export default handler;
Reference in New Issue View Git Blame Copy Permalink