backend/src/share/guard/shareSecurity.guard.ts

import {
  CanActivate,
  ExecutionContext,
  ForbiddenException,
  Injectable,
  NotFoundException,
} from "@nestjs/common";
import { Reflector } from "@nestjs/core";
import { Request } from "express";
import * as moment from "moment";
import { PrismaService } from "src/prisma/prisma.service";
import { ShareService } from "src/share/share.service";

@Injectable()
export class ShareSecurityGuard implements CanActivate {
  constructor(
    private reflector: Reflector,
    private shareService: ShareService,
    private prisma: PrismaService
  ) {}

  async canActivate(context: ExecutionContext) {
    const request: Request = context.switchToHttp().getRequest();
    const shareToken = request.get("X-Share-Token");
    const shareId = Object.prototype.hasOwnProperty.call(
      request.params,
      "shareId"
    )
      ? request.params.shareId
      : request.params.id;

    const share = await this.prisma.share.findUnique({
      where: { id: shareId },
      include: { security: true },
    });

    if (!share || (moment().isAfter(share.expiration) && moment(share.expiration).unix() !== 0))
      throw new NotFoundException("Share not found");

    if (share.security?.password && !shareToken)
      throw new ForbiddenException(
        "This share is password protected",
        "share_password_required"
      );

    if (!this.shareService.verifyShareToken(shareId, shareToken))
      throw new ForbiddenException(
        "Share token required",
        "share_token_required"
      );

    return true;
  }
}
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`import {`
			`CanActivate,`
			`ExecutionContext,`
			`ForbiddenException,`
			`Injectable,`
			`NotFoundException,`
			`} from "@nestjs/common";`
			`import { Reflector } from "@nestjs/core";`
			`import { Request } from "express";`
			`import * as moment from "moment";`
			`import { PrismaService } from "src/prisma/prisma.service";`
			`import { ShareService } from "src/share/share.service";`

			`@Injectable()`
			`export class ShareSecurityGuard implements CanActivate {`
			`constructor(`
			`private reflector: Reflector,`
			`private shareService: ShareService,`
			`private prisma: PrismaService`
			`) {}`

			`async canActivate(context: ExecutionContext) {`
			`const request: Request = context.switchToHttp().getRequest();`
feat: improve share security 2022-10-13 23:23:33 +02:00			`const shareToken = request.get("X-Share-Token");`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`const shareId = Object.prototype.hasOwnProperty.call(`
			`request.params,`
			`"shareId"`
			`)`
			`? request.params.shareId`
			`: request.params.id;`

			`const share = await this.prisma.share.findUnique({`
			`where: { id: shareId },`
			`include: { security: true },`
			`});`

feature: Added "never" expiration date 2022-10-12 16:59:04 -04:00			`if (!share \|\| (moment().isAfter(share.expiration) && moment(share.expiration).unix() !== 0))`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`throw new NotFoundException("Share not found");`

feat: improve share security 2022-10-13 23:23:33 +02:00			`if (share.security?.password && !shareToken)`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`throw new ForbiddenException(`
feat: improve share security 2022-10-13 23:23:33 +02:00			`"This share is password protected",`
			`"share_password_required"`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`);`

feat: improve share security 2022-10-13 23:23:33 +02:00			`if (!this.shareService.verifyShareToken(shareId, shareToken))`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`throw new ForbiddenException(`
feat: improve share security 2022-10-13 23:23:33 +02:00			`"Share token required",`
feat: remove appwrite and add nextjs backend 2022-10-09 22:30:32 +02:00			`"share_token_required"`
			`);`

			`return true;`
			`}`
			`}`