feat: reverse shares (#86)

* add first concept * add reverse share funcionality to frontend * allow creator to limit share expiration * moved reverse share in seperate module * add table to manage reverse shares * delete complete share if reverse share was deleted * optimize function names * add db migration * enable reverse share email notifications * fix config variable descriptions * fix migration for new installations
2026-04-11 10:27:01 +02:00 · 2023-01-26 13:44:04 +01:00
parent 1ceb07b89e
commit 4a5fb549c6
43 changed files with 1456 additions and 280 deletions
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -62,7 +62,7 @@
        "eslint-plugin-prettier": "^4.2.1",
        "newman": "^5.3.2",
        "prettier": "^2.8.2",
-        "prisma": "^4.8.1",
+        "prisma": "^4.9.0",
        "source-map-support": "^0.5.21",
        "ts-loader": "^9.4.2",
        "tsconfig-paths": "4.1.2",
@@ -1010,9 +1010,9 @@
      }
    },
    "node_modules/@prisma/engines": {
-      "version": "4.8.1",
-      "resolved": "https://registry.npmjs.org/@prisma/engines/-/engines-4.8.1.tgz",
-      "integrity": "sha512-93tctjNXcIS+i/e552IO6tqw17sX8liivv8WX9lDMCpEEe3ci+nT9F+1oHtAafqruXLepKF80i/D20Mm+ESlOw==",
+      "version": "4.9.0",
+      "resolved": "https://registry.npmjs.org/@prisma/engines/-/engines-4.9.0.tgz",
+      "integrity": "sha512-t1pt0Gsp+HcgPJrHFc+d/ZSAaKKWar2G/iakrE07yeKPNavDP3iVKPpfXP22OTCHZUWf7OelwKJxQgKAm5hkgw==",
      "devOptional": true,
      "hasInstallScript": true
    },
@@ -5871,13 +5871,13 @@
      }
    },
    "node_modules/prisma": {
-      "version": "4.8.1",
-      "resolved": "https://registry.npmjs.org/prisma/-/prisma-4.8.1.tgz",
-      "integrity": "sha512-ZMLnSjwulIeYfaU1O6/LF6PEJzxN5par5weykxMykS9Z6ara/j76JH3Yo2AH3bgJbPN4Z6NeCK9s5fDkzf33cg==",
+      "version": "4.9.0",
+      "resolved": "https://registry.npmjs.org/prisma/-/prisma-4.9.0.tgz",
+      "integrity": "sha512-bS96oZ5oDFXYgoF2l7PJ3Mp1wWWfLOo8B/jAfbA2Pn0Wm5Z/owBHzaMQKS3i1CzVBDWWPVnOohmbJmjvkcHS5w==",
      "devOptional": true,
      "hasInstallScript": true,
      "dependencies": {
-        "@prisma/engines": "4.8.1"
+        "@prisma/engines": "4.9.0"
      },
      "bin": {
        "prisma": "build/index.js",
@@ -8255,9 +8255,9 @@
      }
    },
    "@prisma/engines": {
-      "version": "4.8.1",
-      "resolved": "https://registry.npmjs.org/@prisma/engines/-/engines-4.8.1.tgz",
-      "integrity": "sha512-93tctjNXcIS+i/e552IO6tqw17sX8liivv8WX9lDMCpEEe3ci+nT9F+1oHtAafqruXLepKF80i/D20Mm+ESlOw==",
+      "version": "4.9.0",
+      "resolved": "https://registry.npmjs.org/@prisma/engines/-/engines-4.9.0.tgz",
+      "integrity": "sha512-t1pt0Gsp+HcgPJrHFc+d/ZSAaKKWar2G/iakrE07yeKPNavDP3iVKPpfXP22OTCHZUWf7OelwKJxQgKAm5hkgw==",
      "devOptional": true
    },
    "@prisma/engines-version": {
@@ -11995,12 +11995,12 @@
      }
    },
    "prisma": {
-      "version": "4.8.1",
-      "resolved": "https://registry.npmjs.org/prisma/-/prisma-4.8.1.tgz",
-      "integrity": "sha512-ZMLnSjwulIeYfaU1O6/LF6PEJzxN5par5weykxMykS9Z6ara/j76JH3Yo2AH3bgJbPN4Z6NeCK9s5fDkzf33cg==",
+      "version": "4.9.0",
+      "resolved": "https://registry.npmjs.org/prisma/-/prisma-4.9.0.tgz",
+      "integrity": "sha512-bS96oZ5oDFXYgoF2l7PJ3Mp1wWWfLOo8B/jAfbA2Pn0Wm5Z/owBHzaMQKS3i1CzVBDWWPVnOohmbJmjvkcHS5w==",
      "devOptional": true,
      "requires": {
-        "@prisma/engines": "4.8.1"
+        "@prisma/engines": "4.9.0"
      }
    },
    "process-nextick-args": {
--- a/backend/package.json
+++ b/backend/package.json
@@ -67,7 +67,7 @@
    "eslint-plugin-prettier": "^4.2.1",
    "newman": "^5.3.2",
    "prettier": "^2.8.2",
-    "prisma": "^4.8.1",
+    "prisma": "^4.9.0",
    "source-map-support": "^0.5.21",
    "ts-loader": "^9.4.2",
    "tsconfig-paths": "4.1.2",
--- a/backend/prisma/migrations/20230126094911_reverse_share/migration.sql
+++ b/backend/prisma/migrations/20230126094911_reverse_share/migration.sql
@@ -0,0 +1,91 @@
+/*
+  Warnings:
+
+  - The primary key for the `Config` table will be changed. If it partially fails, the table could be left without primary key constraint.
+  - Added the required column `id` to the `Config` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- CreateTable
+CREATE TABLE "ReverseShare" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "token" TEXT NOT NULL,
+    "shareExpiration" DATETIME NOT NULL,
+    "maxShareSize" TEXT NOT NULL,
+    "sendEmailNotification" BOOLEAN NOT NULL,
+    "used" BOOLEAN NOT NULL DEFAULT false,
+    "creatorId" TEXT NOT NULL,
+    "shareId" TEXT,
+    CONSTRAINT "ReverseShare_creatorId_fkey" FOREIGN KEY ("creatorId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE,
+    CONSTRAINT "ReverseShare_shareId_fkey" FOREIGN KEY ("shareId") REFERENCES "Share" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_Config" (
+    "id" INTEGER,
+    "updatedAt" DATETIME NOT NULL,
+    "key" TEXT NOT NULL,
+    "type" TEXT NOT NULL,
+    "value" TEXT NOT NULL,
+    "description" TEXT NOT NULL,
+    "category" TEXT NOT NULL,
+    "obscured" BOOLEAN NOT NULL DEFAULT false,
+    "secret" BOOLEAN NOT NULL DEFAULT true,
+    "locked" BOOLEAN NOT NULL DEFAULT false
+);
+INSERT INTO "new_Config" ("category", "description", "key", "locked", "obscured", "secret", "type", "updatedAt", "value") SELECT "category", "description", "key", "locked", "obscured", "secret", "type", "updatedAt", "value" FROM "Config";
+DROP TABLE "Config";
+ALTER TABLE "new_Config" RENAME TO "Config";
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ReverseShare_token_key" ON "ReverseShare"("token");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ReverseShare_shareId_key" ON "ReverseShare"("shareId");
+
+
+-- Add ids to existing settings
+
+
+UPDATE Config SET id = 1 WHERE key = "SETUP_FINISHED";
+UPDATE Config SET id = 2 WHERE key = "APP_URL";
+UPDATE Config SET id = 3 WHERE key = "SHOW_HOME_PAGE";
+UPDATE Config SET id = 4 WHERE key = "ALLOW_REGISTRATION";
+UPDATE Config SET id = 5 WHERE key = "ALLOW_UNAUTHENTICATED_SHARES";
+UPDATE Config SET id = 6 WHERE key = "MAX_SHARE_SIZE";
+UPDATE Config SET id = 7 WHERE key = "JWT_SECRET";
+UPDATE Config SET id = 8 WHERE key = "TOTP_SECRET";
+UPDATE Config SET id = 9, key = "ENABLE_SHARE_EMAIL_RECIPIENTS" WHERE key = "ENABLE_EMAIL_RECIPIENTS";
+UPDATE Config SET id = 10, key = "SHARE_RECEPIENTS_EMAIL_MESSAGE" WHERE key = "EMAIL_MESSAGE";
+UPDATE Config SET id = 11, key = "SHARE_RECEPIENTS_EMAIL_SUBJECT" WHERE key = "EMAIL_SUBJECT";
+UPDATE Config SET id = 15 WHERE key = "SMTP_HOST";
+UPDATE Config SET id = 16 WHERE key = "SMTP_PORT";
+UPDATE Config SET id = 17 WHERE key = "SMTP_EMAIL";
+UPDATE Config SET id = 18 WHERE key = "SMTP_USERNAME";
+UPDATE Config SET id = 19 WHERE key = "SMTP_PASSWORD";
+
+INSERT INTO Config (`id`, `key`, `description`, `type`, `value`, `category`, `secret`, `updatedAt`) VALUES (14, "SMTP_ENABLED", "Whether SMTP is enabled. Only set this to true if you entered the host, port, email, user and password of your SMTP server.", "boolean", IFNULL((SELECT value FROM Config WHERE key="ENABLE_SHARE_EMAIL_RECIPIENTS"), "false"), "smtp", 0, strftime('%s', 'now'));
+
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_Config" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "updatedAt" DATETIME NOT NULL,
+    "key" TEXT NOT NULL,
+    "type" TEXT NOT NULL,
+    "value" TEXT NOT NULL,
+    "description" TEXT NOT NULL,
+    "category" TEXT NOT NULL,
+    "obscured" BOOLEAN NOT NULL DEFAULT false,
+    "secret" BOOLEAN NOT NULL DEFAULT true,
+    "locked" BOOLEAN NOT NULL DEFAULT false
+);
+INSERT INTO "new_Config" ("id", "category", "description", "key", "locked", "obscured", "secret", "type", "updatedAt", "value") SELECT "id", "category", "description", "key", "locked", "obscured", "secret", "type", "updatedAt", "value" FROM "Config";
+DROP TABLE "Config";
+ALTER TABLE "new_Config" RENAME TO "Config";
+DELETE from Config WHERE key="MAX_FILE_SIZE";
+CREATE UNIQUE INDEX "Config_key_key" ON "Config"("key");
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
--- a/backend/prisma/schema.prisma
+++ b/backend/prisma/schema.prisma
@@ -20,6 +20,7 @@ model User {
  shares        Share[]
  refreshTokens RefreshToken[]
  loginTokens   LoginToken[]
+  reverseShares ReverseShare[]

  totpEnabled  Boolean @default(false)
  totpVerified Boolean @default(false)
@@ -59,13 +60,33 @@ model Share {
  description   String?
  removedReason String?

-  creatorId  String?
-  creator    User?            @relation(fields: [creatorId], references: [id], onDelete: Cascade)
+  creatorId String?
+  creator   User?   @relation(fields: [creatorId], references: [id], onDelete: Cascade)
+
+  reverseShare ReverseShare?
+
  security   ShareSecurity?
  recipients ShareRecipient[]
  files      File[]
 }

+model ReverseShare {
+  id        String   @id @default(uuid())
+  createdAt DateTime @default(now())
+
+  token                 String   @unique @default(uuid())
+  shareExpiration       DateTime
+  maxShareSize          String
+  sendEmailNotification Boolean
+  used                  Boolean  @default(false)
+
+  creatorId String
+  creator   User   @relation(fields: [creatorId], references: [id], onDelete: Cascade)
+
+  shareId String? @unique
+  share   Share?  @relation(fields: [shareId], references: [id], onDelete: Cascade)
+}
+
 model ShareRecipient {
  id    String @id @default(uuid())
  email String
@@ -97,9 +118,10 @@ model ShareSecurity {
 }

 model Config {
+  id        Int      @id
  updatedAt DateTime @updatedAt

-  key         String  @id
+  key         String  @unique
  type        String
  value       String
  description String
--- a/backend/prisma/seed/config.seed.ts
+++ b/backend/prisma/seed/config.seed.ts
@@ -3,6 +3,7 @@ import * as crypto from "crypto";

 const configVariables: Prisma.ConfigCreateInput[] = [
  {
+    id: 1,
    key: "SETUP_FINISHED",
    description: "Whether the setup has been finished",
    type: "boolean",
@@ -12,6 +13,7 @@ const configVariables: Prisma.ConfigCreateInput[] = [
    locked: true,
  },
  {
+    id: 2,
    key: "APP_URL",
    description: "On which URL Pingvin Share is available",
    type: "string",
@@ -20,6 +22,7 @@ const configVariables: Prisma.ConfigCreateInput[] = [
    secret: false,
  },
  {
+    id: 3,
    key: "SHOW_HOME_PAGE",
    description: "Whether to show the home page",
    type: "boolean",
@@ -28,6 +31,7 @@ const configVariables: Prisma.ConfigCreateInput[] = [
    secret: false,
  },
  {
+    id: 4,
    key: "ALLOW_REGISTRATION",
    description: "Whether registration is allowed",
    type: "boolean",
@@ -36,6 +40,7 @@ const configVariables: Prisma.ConfigCreateInput[] = [
    secret: false,
  },
  {
+    id: 5,
    key: "ALLOW_UNAUTHENTICATED_SHARES",
    description: "Whether unauthorized users can create shares",
    type: "boolean",
@@ -44,6 +49,8 @@ const configVariables: Prisma.ConfigCreateInput[] = [
    secret: false,
  },
  {
+    id: 6,
+
    key: "MAX_SHARE_SIZE",
    description: "Maximum share size in bytes",
    type: "number",
@@ -52,6 +59,7 @@ const configVariables: Prisma.ConfigCreateInput[] = [
    secret: false,
  },
  {
+    id: 7,
    key: "JWT_SECRET",
    description: "Long random string used to sign JWT tokens",
    type: "string",
@@ -60,6 +68,7 @@ const configVariables: Prisma.ConfigCreateInput[] = [
    locked: true,
  },
  {
+    id: 8,
    key: "TOTP_SECRET",
    description: "A 16 byte random string used to generate TOTP secrets",
    type: "string",
@@ -68,65 +77,103 @@ const configVariables: Prisma.ConfigCreateInput[] = [
    locked: true,
  },
  {
-    key: "ENABLE_EMAIL_RECIPIENTS",
+    id: 9,
+    key: "ENABLE_SHARE_EMAIL_RECIPIENTS",
    description:
-      "Whether to send emails to recipients. Only set this to true if you entered the host, port, email, user and password of your SMTP server.",
+      "Whether to allow emails to share recipients. Only enable this if you have enabled SMTP.",
    type: "boolean",
    value: "false",
    category: "email",
    secret: false,
  },
  {
-    key: "EMAIL_MESSAGE",
+    id: 10,
+    key: "SHARE_RECEPIENTS_EMAIL_MESSAGE",
    description:
-      "Message which gets sent to the recipients. {creator} and {shareUrl} will be replaced with the creator's name and the share URL.",
+      "Message which gets sent to the share recipients. {creator} and {shareUrl} will be replaced with the creator's name and the share URL.",
    type: "text",
    value:
      "Hey!\n{creator} shared some files with you. View or download the files with this link: {shareUrl}\nShared securely with Pingvin Share 🐧",
-      category: "email",
+    category: "email",
  },
  {
-    key: "EMAIL_SUBJECT",
-    description: "Subject of the email which gets sent to the recipients.",
+    id: 11,
+    key: "SHARE_RECEPIENTS_EMAIL_SUBJECT",
+    description:
+      "Subject of the email which gets sent to the share recipients.",
    type: "string",
    value: "Files shared with you",
    category: "email",
  },
  {
+    id: 12,
+    key: "REVERSE_SHARE_EMAIL_MESSAGE",
+    description:
+      "Message which gets sent when someone created a share with your reverse share link. {shareUrl} will be replaced with the creator's name and the share URL.",
+    type: "text",
+    value:
+      "Hey!\nA share was just created with your reverse share link: {shareUrl}\nShared securely with Pingvin Share 🐧",
+    category: "email",
+  },
+  {
+    id: 13,
+    key: "REVERSE_SHARE_EMAIL_SUBJECT",
+    description:
+      "Subject of the email which gets sent when someone created a share with your reverse share link.",
+    type: "string",
+    value: "Reverse share link used",
+    category: "email",
+  },
+  {
+    id: 14,
+    key: "SMTP_ENABLED",
+    description:
+      "Whether SMTP is enabled. Only set this to true if you entered the host, port, email, user and password of your SMTP server.",
+    type: "boolean",
+    value: "false",
+    category: "smtp",
+    secret: false,
+  },
+  {
+    id: 15,
    key: "SMTP_HOST",
    description: "Host of the SMTP server",
    type: "string",
    value: "",
-  category: "email",
+    category: "smtp",
  },
  {
+    id: 16,
    key: "SMTP_PORT",
    description: "Port of the SMTP server",
    type: "number",
    value: "0",
-    category: "email",
+    category: "smtp",
  },
  {
+    id: 17,
    key: "SMTP_EMAIL",
    description: "Email address which the emails get sent from",
    type: "string",
    value: "",
-    category: "email",
+    category: "smtp",
  },
  {
+    id: 18,
    key: "SMTP_USERNAME",
    description: "Username of the SMTP server",
    type: "string",
    value: "",
-    category: "email",
+    category: "smtp",
  },
  {
+    id: 19,
    key: "SMTP_PASSWORD",
    description: "Password of the SMTP server",
    type: "string",
    value: "",
    obscured: true,
-    category: "email",
+    category: "smtp",
  },
 ];

--- a/backend/src/app.module.ts
+++ b/backend/src/app.module.ts
@@ -13,6 +13,7 @@ import { PrismaModule } from "./prisma/prisma.module";
 import { ShareModule } from "./share/share.module";
 import { UserModule } from "./user/user.module";
 import { ClamScanModule } from "./clamscan/clamscan.module";
+import { ReverseShareModule } from "./reverseShare/reverseShare.module";

@Module({
  imports: [
@@ -30,6 +31,7 @@ import { ClamScanModule } from "./clamscan/clamscan.module";
    }),
    ScheduleModule.forRoot(),
    ClamScanModule,
+    ReverseShareModule,
  ],
  providers: [
    {
--- a/backend/src/config/config.service.ts
+++ b/backend/src/config/config.service.ts
@@ -29,6 +29,7 @@ export class ConfigService {

  async listForAdmin() {
    return await this.prisma.config.findMany({
+      orderBy: { id: "asc" },
      where: { locked: { equals: false } },
    });
  }
--- a/backend/src/email/email.service.ts
+++ b/backend/src/email/email.service.ts
@@ -8,6 +8,9 @@ export class EmailService {
  constructor(private config: ConfigService) {}

  getTransporter() {
+    if (!this.config.get("SMTP_ENABLED"))
+      throw new InternalServerErrorException("SMTP is disabled");
+
    return nodemailer.createTransport({
      host: this.config.get("SMTP_HOST"),
      port: parseInt(this.config.get("SMTP_PORT")),
@@ -19,8 +22,12 @@ export class EmailService {
    });
  }

-  async sendMail(recipientEmail: string, shareId: string, creator: User) {
-    if (!this.config.get("ENABLE_EMAIL_RECIPIENTS"))
+  async sendMailToShareRecepients(
+    recipientEmail: string,
+    shareId: string,
+    creator?: User
+  ) {
+    if (!this.config.get("ENABLE_SHARE_EMAIL_RECIPIENTS"))
      throw new InternalServerErrorException("Email service disabled");

    const shareUrl = `${this.config.get("APP_URL")}/share/${shareId}`;
@@ -28,11 +35,25 @@ export class EmailService {
    await this.getTransporter().sendMail({
      from: `"Pingvin Share" <${this.config.get("SMTP_EMAIL")}>`,
      to: recipientEmail,
-      subject: this.config.get("EMAIL_SUBJECT"),
+      subject: this.config.get("SHARE_RECEPIENTS_EMAIL_SUBJECT"),
      text: this.config
-        .get("EMAIL_MESSAGE")
+        .get("SHARE_RECEPIENTS_EMAIL_MESSAGE")
+        .replaceAll("\\n", "\n")
+        .replaceAll("{creator}", creator?.username ?? "Someone")
+        .replaceAll("{shareUrl}", shareUrl),
+    });
+  }
+
+  async sendMailToReverseShareCreator(recipientEmail: string, shareId: string) {
+    const shareUrl = `${this.config.get("APP_URL")}/share/${shareId}`;
+
+    await this.getTransporter().sendMail({
+      from: `"Pingvin Share" <${this.config.get("SMTP_EMAIL")}>`,
+      to: recipientEmail,
+      subject: this.config.get("REVERSE_SHARE_EMAIL_SUBJECT"),
+      text: this.config
+        .get("REVERSE_SHARE_EMAIL_MESSAGE")
        .replaceAll("\\n", "\n")
-        .replaceAll("{creator}", creator.username)
        .replaceAll("{shareUrl}", shareUrl),
    });
  }
--- a/backend/src/file/file.controller.ts
+++ b/backend/src/file/file.controller.ts
@@ -14,6 +14,7 @@ import * as contentDisposition from "content-disposition";
 import { Response } from "express";
 import { JwtGuard } from "src/auth/guard/jwt.guard";
 import { FileDownloadGuard } from "src/file/guard/fileDownload.guard";
+import { CreateShareGuard } from "src/share/guard/createShare.guard";
 import { ShareOwnerGuard } from "src/share/guard/shareOwner.guard";
 import { ShareSecurityGuard } from "src/share/guard/shareSecurity.guard";
 import { FileService } from "./file.service";
@@ -24,7 +25,7 @@ export class FileController {

  @Post()
  @SkipThrottle()
-  @UseGuards(JwtGuard, ShareOwnerGuard)
+  @UseGuards(CreateShareGuard, ShareOwnerGuard)
  async create(
    @Query() query: any,

--- a/backend/src/file/file.module.ts
+++ b/backend/src/file/file.module.ts
@@ -1,11 +1,12 @@
 import { Module } from "@nestjs/common";
 import { JwtModule } from "@nestjs/jwt";
+import { ReverseShareModule } from "src/reverseShare/reverseShare.module";
 import { ShareModule } from "src/share/share.module";
 import { FileController } from "./file.controller";
 import { FileService } from "./file.service";

@Module({
-  imports: [JwtModule.register({}), ShareModule],
+  imports: [JwtModule.register({}), ReverseShareModule, ShareModule],
  controllers: [FileController],
  providers: [FileService],
  exports: [FileService],
--- a/backend/src/file/file.service.ts
+++ b/backend/src/file/file.service.ts
@@ -30,7 +30,7 @@ export class FileService {

    const share = await this.prisma.share.findUnique({
      where: { id: shareId },
-      include: { files: true },
+      include: { files: true, reverseShare: true },
    });

    if (share.uploadLocked)
@@ -64,9 +64,12 @@ export class FileService {
      0
    );

+    const shareSizeSum = fileSizeSum + diskFileSize + buffer.byteLength;
+
    if (
-      fileSizeSum + diskFileSize + buffer.byteLength >
-      this.config.get("MAX_SHARE_SIZE")
+      shareSizeSum > this.config.get("MAX_SHARE_SIZE") ||
+      (share.reverseShare?.maxShareSize &&
+        shareSizeSum > parseInt(share.reverseShare.maxShareSize))
    ) {
      throw new HttpException(
        "Max share size exceeded",
--- a/backend/src/reverseShare/dto/createReverseShare.dto.ts
+++ b/backend/src/reverseShare/dto/createReverseShare.dto.ts
@@ -0,0 +1,12 @@
+import { IsBoolean, IsString } from "class-validator";
+
+export class CreateReverseShareDTO {
+  @IsBoolean()
+  sendEmailNotification: boolean;
+
+  @IsString()
+  maxShareSize: string;
+
+  @IsString()
+  shareExpiration: string;
+}
--- a/backend/src/reverseShare/dto/reverseShare.dto.ts
+++ b/backend/src/reverseShare/dto/reverseShare.dto.ts
@@ -0,0 +1,18 @@
+import { Expose, plainToClass } from "class-transformer";
+
+export class ReverseShareDTO {
+  @Expose()
+  id: string;
+
+  @Expose()
+  maxShareSize: string;
+
+  @Expose()
+  shareExpiration: Date;
+
+  from(partial: Partial<ReverseShareDTO>) {
+    return plainToClass(ReverseShareDTO, partial, {
+      excludeExtraneousValues: true,
+    });
+  }
+}
--- a/backend/src/reverseShare/dto/reverseShareTokenWithShare.ts
+++ b/backend/src/reverseShare/dto/reverseShareTokenWithShare.ts
@@ -0,0 +1,23 @@
+import { OmitType } from "@nestjs/mapped-types";
+import { Expose, plainToClass, Type } from "class-transformer";
+import { MyShareDTO } from "src/share/dto/myShare.dto";
+import { ReverseShareDTO } from "./reverseShare.dto";
+
+export class ReverseShareTokenWithShare extends OmitType(ReverseShareDTO, [
+  "shareExpiration",
+] as const) {
+  @Expose()
+  shareExpiration: Date;
+
+  @Expose()
+  @Type(() => OmitType(MyShareDTO, ["recipients"] as const))
+  share: Omit<MyShareDTO, "recipients" | "files" | "from" | "fromList">;
+
+  fromList(partial: Partial<ReverseShareTokenWithShare>[]) {
+    return partial.map((part) =>
+      plainToClass(ReverseShareTokenWithShare, part, {
+        excludeExtraneousValues: true,
+      })
+    );
+  }
+}
--- a/backend/src/reverseShare/guards/reverseShareOwner.guard.ts
+++ b/backend/src/reverseShare/guards/reverseShareOwner.guard.ts
@@ -0,0 +1,22 @@
+import { CanActivate, ExecutionContext, Injectable } from "@nestjs/common";
+import { User } from "@prisma/client";
+import { Request } from "express";
+import { PrismaService } from "src/prisma/prisma.service";
+
+@Injectable()
+export class ReverseShareOwnerGuard implements CanActivate {
+  constructor(private prisma: PrismaService) {}
+
+  async canActivate(context: ExecutionContext) {
+    const request: Request = context.switchToHttp().getRequest();
+    const { reverseShareId } = request.params;
+
+    const reverseShare = await this.prisma.reverseShare.findUnique({
+      where: { id: reverseShareId },
+    });
+
+    if (!reverseShare) return false;
+
+    return reverseShare.creatorId == (request.user as User).id;
+  }
+}
--- a/backend/src/reverseShare/reverseShare.controller.ts
+++ b/backend/src/reverseShare/reverseShare.controller.ts
@@ -0,0 +1,64 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  NotFoundException,
+  Param,
+  Post,
+  UseGuards,
+} from "@nestjs/common";
+import { Throttle } from "@nestjs/throttler";
+import { User } from "@prisma/client";
+import { GetUser } from "src/auth/decorator/getUser.decorator";
+import { JwtGuard } from "src/auth/guard/jwt.guard";
+import { ConfigService } from "src/config/config.service";
+import { CreateReverseShareDTO } from "./dto/createReverseShare.dto";
+import { ReverseShareDTO } from "./dto/reverseShare.dto";
+import { ReverseShareTokenWithShare } from "./dto/reverseShareTokenWithShare";
+import { ReverseShareOwnerGuard } from "./guards/reverseShareOwner.guard";
+import { ReverseShareService } from "./reverseShare.service";
+
+@Controller("reverseShares")
+export class ReverseShareController {
+  constructor(
+    private reverseShareService: ReverseShareService,
+    private config: ConfigService
+  ) {}
+
+  @Post()
+  @UseGuards(JwtGuard)
+  async create(@Body() body: CreateReverseShareDTO, @GetUser() user: User) {
+    const token = await this.reverseShareService.create(body, user.id);
+
+    const link = `${this.config.get("APP_URL")}/upload/${token}`;
+
+    return { token, link };
+  }
+
+  @Throttle(20, 60)
+  @Get(":reverseShareToken")
+  async getByToken(@Param("reverseShareToken") reverseShareToken: string) {
+    const isValid = await this.reverseShareService.isValid(reverseShareToken);
+
+    if (!isValid) throw new NotFoundException("Reverse share token not found");
+
+    return new ReverseShareDTO().from(
+      await this.reverseShareService.getByToken(reverseShareToken)
+    );
+  }
+
+  @Get()
+  @UseGuards(JwtGuard)
+  async getAllByUser(@GetUser() user: User) {
+    return new ReverseShareTokenWithShare().fromList(
+      await this.reverseShareService.getAllByUser(user.id)
+    );
+  }
+
+  @Delete(":reverseShareId")
+  @UseGuards(JwtGuard, ReverseShareOwnerGuard)
+  async remove(@Param("reverseShareId") id: string) {
+    await this.reverseShareService.remove(id);
+  }
+}
--- a/backend/src/reverseShare/reverseShare.module.ts
+++ b/backend/src/reverseShare/reverseShare.module.ts
@@ -0,0 +1,12 @@
+import { forwardRef, Module } from "@nestjs/common";
+import { FileModule } from "src/file/file.module";
+import { ReverseShareController } from "./reverseShare.controller";
+import { ReverseShareService } from "./reverseShare.service";
+
+@Module({
+  imports: [forwardRef(() => FileModule)],
+  controllers: [ReverseShareController],
+  providers: [ReverseShareService],
+  exports: [ReverseShareService],
+})
+export class ReverseShareModule {}
--- a/backend/src/reverseShare/reverseShare.service.ts
+++ b/backend/src/reverseShare/reverseShare.service.ts
@@ -0,0 +1,94 @@
+import { BadRequestException, Injectable } from "@nestjs/common";
+import * as moment from "moment";
+import { ConfigService } from "src/config/config.service";
+import { FileService } from "src/file/file.service";
+import { PrismaService } from "src/prisma/prisma.service";
+import { CreateReverseShareDTO } from "./dto/createReverseShare.dto";
+
+@Injectable()
+export class ReverseShareService {
+  constructor(
+    private config: ConfigService,
+    private prisma: PrismaService,
+    private fileService: FileService
+  ) {}
+
+  async create(data: CreateReverseShareDTO, creatorId: string) {
+    // Parse date string to date
+    const expirationDate = moment()
+      .add(
+        data.shareExpiration.split("-")[0],
+        data.shareExpiration.split(
+          "-"
+        )[1] as moment.unitOfTime.DurationConstructor
+      )
+      .toDate();
+
+    const globalMaxShareSize = this.config.get("MAX_SHARE_SIZE");
+
+    if (globalMaxShareSize < data.maxShareSize)
+      throw new BadRequestException(
+        `Max share size can't be greater than ${globalMaxShareSize} bytes.`
+      );
+
+    const reverseShare = await this.prisma.reverseShare.create({
+      data: {
+        shareExpiration: expirationDate,
+        maxShareSize: data.maxShareSize,
+        sendEmailNotification: data.sendEmailNotification,
+        creatorId,
+      },
+    });
+
+    return reverseShare.token;
+  }
+
+  async getByToken(reverseShareToken: string) {
+    const reverseShare = await this.prisma.reverseShare.findUnique({
+      where: { token: reverseShareToken },
+    });
+
+    return reverseShare;
+  }
+
+  async getAllByUser(userId: string) {
+    const reverseShares = await this.prisma.reverseShare.findMany({
+      where: {
+        creatorId: userId,
+        shareExpiration: { gt: new Date() },
+      },
+      orderBy: {
+        shareExpiration: "desc",
+      },
+      include: { share: { include: { creator: true } } },
+    });
+
+    return reverseShares;
+  }
+
+  async isValid(reverseShareToken: string) {
+    const reverseShare = await this.prisma.reverseShare.findUnique({
+      where: { token: reverseShareToken },
+    });
+
+    if (!reverseShare) return false;
+
+    const isExpired = new Date() > reverseShare.shareExpiration;
+    const isUsed = reverseShare.used;
+
+    return !(isExpired || isUsed);
+  }
+
+  async remove(id: string) {
+    const share = await this.prisma.share.findFirst({
+      where: { reverseShare: { id } },
+    });
+
+    if (share) {
+      await this.prisma.share.delete({ where: { id: share.id } });
+      await this.fileService.deleteAllFiles(share.id);
+    } else {
+      await this.prisma.reverseShare.delete({ where: { id } });
+    }
+  }
+}
--- a/backend/src/share/guard/createShare.guard.ts
+++ b/backend/src/share/guard/createShare.guard.ts
@@ -0,0 +1,29 @@
+import { ExecutionContext, Injectable } from "@nestjs/common";
+import { JwtGuard } from "src/auth/guard/jwt.guard";
+import { ConfigService } from "src/config/config.service";
+import { ReverseShareService } from "src/reverseShare/reverseShare.service";
+
+@Injectable()
+export class CreateShareGuard extends JwtGuard {
+  constructor(
+    configService: ConfigService,
+    private reverseShareService: ReverseShareService
+  ) {
+    super(configService);
+  }
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    if (await super.canActivate(context)) return true;
+
+    const reverseShareTokenId = context.switchToHttp().getRequest()
+      .cookies.reverse_share_token;
+
+    if (!reverseShareTokenId) return false;
+
+    const isReverseShareTokenValid = await this.reverseShareService.isValid(
+      reverseShareTokenId
+    );
+
+    return isReverseShareTokenValid;
+  }
+}
--- a/backend/src/share/share.controller.ts
+++ b/backend/src/share/share.controller.ts
@@ -6,24 +6,31 @@ import {
  HttpCode,
  Param,
  Post,
+  Req,
  UseGuards,
 } from "@nestjs/common";
 import { Throttle } from "@nestjs/throttler";
 import { User } from "@prisma/client";
+import { Request } from "express";
 import { GetUser } from "src/auth/decorator/getUser.decorator";
 import { JwtGuard } from "src/auth/guard/jwt.guard";
+import { ConfigService } from "src/config/config.service";
 import { CreateShareDTO } from "./dto/createShare.dto";
 import { MyShareDTO } from "./dto/myShare.dto";
 import { ShareDTO } from "./dto/share.dto";
 import { ShareMetaDataDTO } from "./dto/shareMetaData.dto";
 import { SharePasswordDto } from "./dto/sharePassword.dto";
+import { CreateShareGuard } from "./guard/createShare.guard";
 import { ShareOwnerGuard } from "./guard/shareOwner.guard";
 import { ShareSecurityGuard } from "./guard/shareSecurity.guard";
 import { ShareTokenSecurity } from "./guard/shareTokenSecurity.guard";
 import { ShareService } from "./share.service";
@Controller("shares")
 export class ShareController {
-  constructor(private shareService: ShareService) {}
+  constructor(
+    private shareService: ShareService,
+    private config: ConfigService
+  ) {}

  @Get()
  @UseGuards(JwtGuard)
@@ -46,9 +53,16 @@ export class ShareController {
  }

  @Post()
-  @UseGuards(JwtGuard)
-  async create(@Body() body: CreateShareDTO, @GetUser() user: User) {
-    return new ShareDTO().from(await this.shareService.create(body, user));
+  @UseGuards(CreateShareGuard)
+  async create(
+    @Body() body: CreateShareDTO,
+    @Req() request: Request,
+    @GetUser() user: User
+  ) {
+    const { reverse_share_token } = request.cookies;
+    return new ShareDTO().from(
+      await this.shareService.create(body, user, reverse_share_token)
+    );
  }

  @Delete(":id")
@@ -59,11 +73,15 @@ export class ShareController {

  @Post(":id/complete")
  @HttpCode(202)
-  @UseGuards(JwtGuard, ShareOwnerGuard)
-  async complete(@Param("id") id: string) {
-    return new ShareDTO().from(await this.shareService.complete(id));
+  @UseGuards(CreateShareGuard, ShareOwnerGuard)
+  async complete(@Param("id") id: string, @Req() request: Request) {
+    const { reverse_share_token } = request.cookies;
+    return new ShareDTO().from(
+      await this.shareService.complete(id, reverse_share_token)
+    );
  }

+  @Throttle(10, 60)
  @Get("isShareIdAvailable/:id")
  async isShareIdAvailable(@Param("id") id: string) {
    return this.shareService.isShareIdAvailable(id);
--- a/backend/src/share/share.module.ts
+++ b/backend/src/share/share.module.ts
@@ -3,6 +3,7 @@ import { JwtModule } from "@nestjs/jwt";
 import { ClamScanModule } from "src/clamscan/clamscan.module";
 import { EmailModule } from "src/email/email.module";
 import { FileModule } from "src/file/file.module";
+import { ReverseShareModule } from "src/reverseShare/reverseShare.module";
 import { ShareController } from "./share.controller";
 import { ShareService } from "./share.service";

@@ -11,6 +12,7 @@ import { ShareService } from "./share.service";
    JwtModule.register({}),
    EmailModule,
    ClamScanModule,
+    ReverseShareModule,
    forwardRef(() => FileModule),
  ],
  controllers: [ShareController],
--- a/backend/src/share/share.service.ts
+++ b/backend/src/share/share.service.ts
@@ -15,6 +15,7 @@ import { ConfigService } from "src/config/config.service";
 import { EmailService } from "src/email/email.service";
 import { FileService } from "src/file/file.service";
 import { PrismaService } from "src/prisma/prisma.service";
+import { ReverseShareService } from "src/reverseShare/reverseShare.service";
 import { CreateShareDTO } from "./dto/createShare.dto";

@Injectable()
@@ -25,10 +26,11 @@ export class ShareService {
    private emailService: EmailService,
    private config: ConfigService,
    private jwtService: JwtService,
+    private reverseShareService: ReverseShareService,
    private clamScanService: ClamScanService
  ) {}

-  async create(share: CreateShareDTO, user?: User) {
+  async create(share: CreateShareDTO, user?: User, reverseShareToken?: string) {
    if (!(await this.isShareIdAvailable(share.id)).isAvailable)
      throw new BadRequestException("Share id already in use");

@@ -39,30 +41,36 @@ export class ShareService {
      share.security.password = await argon.hash(share.security.password);
    }

-    // We have to add an exception for "never" (since moment won't like that)
    let expirationDate: Date;
-    if (share.expiration !== "never") {
-      expirationDate = moment()
-        .add(
-          share.expiration.split("-")[0],
-          share.expiration.split(
-            "-"
-          )[1] as moment.unitOfTime.DurationConstructor
-        )
-        .toDate();

-      // Throw error if expiration date is now
-      if (expirationDate.setMilliseconds(0) == new Date().setMilliseconds(0))
-        throw new BadRequestException("Invalid expiration date");
+    // If share is created by a reverse share token override the expiration date
+    if (reverseShareToken) {
+      const { shareExpiration } = await this.reverseShareService.getByToken(
+        reverseShareToken
+      );
+
+      expirationDate = shareExpiration;
    } else {
-      expirationDate = moment(0).toDate();
+      // We have to add an exception for "never" (since moment won't like that)
+      if (share.expiration !== "never") {
+        expirationDate = moment()
+          .add(
+            share.expiration.split("-")[0],
+            share.expiration.split(
+              "-"
+            )[1] as moment.unitOfTime.DurationConstructor
+          )
+          .toDate();
+      } else {
+        expirationDate = moment(0).toDate();
+      }
    }

    fs.mkdirSync(`./data/uploads/shares/${share.id}`, {
      recursive: true,
    });

-    return await this.prisma.share.create({
+    const shareTuple = await this.prisma.share.create({
      data: {
        ...share,
        expiration: expirationDate,
@@ -75,6 +83,18 @@ export class ShareService {
        },
      },
    });
+
+    if (reverseShareToken) {
+      // Assign share to reverse share token
+      await this.prisma.reverseShare.update({
+        where: { token: reverseShareToken },
+        data: {
+          shareId: share.id,
+        },
+      });
+    }
+
+    return shareTuple;
  }

  async createZip(shareId: string) {
@@ -96,10 +116,15 @@ export class ShareService {
    await archive.finalize();
  }

-  async complete(id: string) {
+  async complete(id: string, reverseShareToken?: string) {
    const share = await this.prisma.share.findUnique({
      where: { id },
-      include: { files: true, recipients: true, creator: true },
+      include: {
+        files: true,
+        recipients: true,
+        creator: true,
+        reverseShare: { include: { creator: true } },
+      },
    });

    if (await this.isShareCompleted(id))
@@ -118,16 +143,34 @@ export class ShareService {

    // Send email for each recepient
    for (const recepient of share.recipients) {
-      await this.emailService.sendMail(
+      await this.emailService.sendMailToShareRecepients(
        recepient.email,
        share.id,
        share.creator
      );
    }

+    if (
+      share.reverseShare &&
+      this.config.get("SMTP_ENABLED") &&
+      share.reverseShare.sendEmailNotification
+    ) {
+      await this.emailService.sendMailToReverseShareCreator(
+        share.reverseShare.creator.email,
+        share.id
+      );
+    }
+
    // Check if any file is malicious with ClamAV
    this.clamScanService.checkAndRemove(share.id);

+    if (reverseShareToken) {
+      await this.prisma.reverseShare.update({
+        where: { token: reverseShareToken },
+        data: { used: true },
+      });
+    }
+
    return await this.prisma.share.update({
      where: { id },
      data: { uploadLocked: true },