swissmakers_gmbh/swiss-datashare
12
0
Fork 0
mirror of https://github.com/swissmakers/swiss-datashare.git synced 2026-04-19 13:33:13 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
ce19d22c68fc738d8ce315e88a364d6d97dd31de
swiss-datashare/src/pages/api/share/[shareId]/index.ts
Elias Schneider ce19d22c68 Add feature to send share with email
2022-05-06 10:25:10 +02:00

84 lines
2.4 KiB
TypeScript
Raw Blame History

import type { NextApiRequest, NextApiResponse } from "next";
import { ShareDocument } from "../../../../types/Appwrite.type";
import { AppwriteFileWithPreview } from "../../../../types/File.type";
import awServer from "../../../../utils/appwriteServer.util";
import { checkSecurity } from "../../../../utils/shares/security.util";
import * as jose from "jose";
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
const shareId = req.query.shareId as string;
const fileList: AppwriteFileWithPreview[] = [];
const hashedPassword = req.cookies[`${shareId}-password`];
let shareDocument;
try {
shareDocument = await awServer.database.getDocument<ShareDocument>(
"shares",
shareId
);
} catch {
return res.status(404).json({ message: "not_found" });
}
if (!shareExists(shareDocument)) {
return res.status(404).json({ message: "not_found" });
}
if (!hasUserAccess(req.cookies.aw_token, shareDocument)) {
return res.status(403).json({ message: "forbidden" });
}
try {
await checkSecurity(shareId, hashedPassword);
} catch (e) {
return res.status(403).json({ message: e });
}
addVisitorCount(shareId);
const fileListWithoutPreview = (
await awServer.storage.listFiles(shareId, undefined, 100)
).files;
for (const file of fileListWithoutPreview) {
const filePreview = await awServer.storage.getFilePreview(
shareId,
file.$id
);
fileList.push({ ...file, preview: filePreview });
}
if (hashedPassword)
res.setHeader(
"Set-Cookie",
`${shareId}-password=${hashedPassword}; Path=/share/${shareId}; max-age=3600; HttpOnly`
);
res.status(200).json(fileList);
};
const hasUserAccess = (jwt: string, shareDocument: ShareDocument) => {
if (shareDocument.users?.length == 0) return true;
try {
const userId = jose.decodeJwt(jwt).userId as string;
return shareDocument.users?.includes(userId);
} catch {
return false;
}
};
const shareExists = async (shareDocument: ShareDocument) => {
return shareDocument.enabled && shareDocument.expiresAt > Date.now();
};
const addVisitorCount = async (shareId: string) => {
const currentDocument = await awServer.database.getDocument<ShareDocument>(
"shares",
shareId
);
currentDocument.visitorCount++;
awServer.database.updateDocument("shares", shareId, currentDocument);
};
export default handler;
Reference in New Issue View Git Blame Copy Permalink