feat(links): allow direct access to spaces via public links; add file preview/edit/download; improve password validation

Author: johaven

backend/src/applications/links/constants/routes.ts

@@ -11,9 +11,11 @@ export const PUBLIC_LINKS_ROUTE = {
   LINK: 'link',
   VALIDATION: 'validation',
   ACCESS: 'access',
+  DOWNLOAD: 'download',
   AUTH: 'auth'
 }
 
 export const API_PUBLIC_LINK_VALIDATION = `${PUBLIC_LINKS_ROUTE.BASE}/${PUBLIC_LINKS_ROUTE.VALIDATION}`
 export const API_PUBLIC_LINK_ACCESS = `${PUBLIC_LINKS_ROUTE.BASE}/${PUBLIC_LINKS_ROUTE.ACCESS}`
+export const API_PUBLIC_LINK_DOWNLOAD = `${PUBLIC_LINKS_ROUTE.BASE}/${PUBLIC_LINKS_ROUTE.DOWNLOAD}`
 export const API_PUBLIC_LINK_AUTH = `${PUBLIC_LINKS_ROUTE.BASE}/${PUBLIC_LINKS_ROUTE.AUTH}`

backend/src/applications/links/interfaces/link-space.interface.ts

@@ -4,8 +4,20 @@
  * See the LICENSE file for licensing details
  */
 
+import type { FileEditorProvider } from '../../../configuration/config.interfaces'
+
 export interface SpaceLink {
-  share?: { name: string; alias: string; hasParent: boolean; isDir: boolean; mime: string }
-  space?: { name: string; alias: string }
-  owner?: { login?: string; fullName: string; avatar?: string }
+  share?: {
+    name: string
+    alias: string
+    hasParent: boolean
+    isDir: boolean
+    mtime: number
+    mime: string
+    size: number
+    permissions: string
+  } | null
+  space?: { name: string; alias: string } | null
+  owner?: { login?: string; fullName: string; avatar?: string } | null
+  fileEditors?: FileEditorProvider
 }

backend/src/applications/links/links.controller.ts

@@ -18,7 +18,7 @@ import { LinksManager } from './services/links-manager.service'
 @Controller(PUBLIC_LINKS_ROUTE.BASE)
 @AuthTokenOptional()
 export class LinksController {
-  constructor(private readonly linksPublicManager: LinksManager) {}
+  constructor(private readonly linksManager: LinksManager) {}
 
   @Get(`${PUBLIC_LINKS_ROUTE.VALIDATION}/:uuid`)
   linkValidation(
@@ -29,7 +29,7 @@ export class LinksController {
     ok: boolean
     link: SpaceLink
   }> {
-    return this.linksPublicManager.linkValidation(user, uuid)
+    return this.linksManager.linkValidation(user, uuid)
   }
 
   @Get(`${PUBLIC_LINKS_ROUTE.ACCESS}/:uuid`)
@@ -38,8 +38,18 @@ export class LinksController {
     @Param('uuid') uuid: string,
     @Req() req: FastifyRequest,
     @Res({ passthrough: true }) res: FastifyReply
-  ): Promise<StreamableFile | LoginResponseDto> {
-    return this.linksPublicManager.linkAccess(user, uuid, req, res)
+  ): Promise<LoginResponseDto | Omit<LoginResponseDto, 'token'>> {
+    return this.linksManager.linkAccess(user, uuid, req, res)
+  }
+
+  @Get(`${PUBLIC_LINKS_ROUTE.DOWNLOAD}/:uuid`)
+  linkDownload(
+    @GetUser() user: UserModel,
+    @Param('uuid') uuid: string,
+    @Req() req: FastifyRequest,
+    @Res({ passthrough: true }) res: FastifyReply
+  ): Promise<StreamableFile> {
+    return this.linksManager.linkDownload(user, uuid, req, res)
   }
 
   @Post(`${PUBLIC_LINKS_ROUTE.AUTH}/:uuid`)
@@ -50,6 +60,6 @@ export class LinksController {
     @Req() req: FastifyRequest,
     @Res({ passthrough: true }) res: FastifyReply
   ): Promise<LoginResponseDto> {
-    return this.linksPublicManager.linkAuthentication(user, uuid, linkPasswordDto, req, res)
+    return this.linksManager.linkAuthentication(user, uuid, linkPasswordDto, req, res)
   }
 }

backend/src/applications/links/services/links-manager.service.spec.ts

@@ -196,7 +196,6 @@ describe(LinksManager.name, () => {
         share: { isDir: false, name: 'file.txt', alias: 'share-alias' }
       } as any
       linksQueriesMock.spaceLink.mockResolvedValueOnce(spaceLink)
-
       spacesManagerMock.spaceEnv.mockResolvedValueOnce({} as any)
       const streamable: any = { some: 'stream' }
       filesManagerMock.sendFileFromSpace.mockReturnValueOnce({
@@ -208,7 +207,7 @@ describe(LinksManager.name, () => {
       const logErrorSpy = jest.spyOn((service as any).logger, 'error').mockImplementation(() => undefined as any)
       linksQueriesMock.incrementLinkNbAccess.mockRejectedValueOnce(new Error('increment boom'))
 
-      const result = await service.linkAccess(identity, link.uuid, req, res)
+      const result = await service.linkDownload(identity, link.uuid, req, res)
 
       expect(result).toBe(streamable)
       expect(filesManagerMock.sendFileFromSpace).toHaveBeenCalled()
@@ -270,7 +269,7 @@ describe(LinksManager.name, () => {
 
       const result = await service.linkAccess(sameUserIdentity as any, link.uuid, req, res)
 
-      expect(result).toBeUndefined()
+      expect(result.user.id).toEqual(baseLink.user.id)
       expect(authManagerMock.setCookies).not.toHaveBeenCalled()
       expect(linksQueriesMock.incrementLinkNbAccess).not.toHaveBeenCalled()
     })
@@ -282,6 +281,7 @@ describe(LinksManager.name, () => {
         space: null,
         share: { isDir: false, name: 'bad.txt', alias: 'share' }
       } as any
+      linksQueriesMock.spaceLink.mockReset()
       linksQueriesMock.spaceLink.mockResolvedValueOnce(spaceLink)
 
       spacesManagerMock.spaceEnv.mockResolvedValueOnce({} as any)
@@ -290,7 +290,7 @@ describe(LinksManager.name, () => {
         stream: jest.fn()
       } as any)
 
-      await expect(service.linkAccess(identity, link.uuid, req, res)).rejects.toMatchObject({
+      await expect(service.linkDownload(identity, link.uuid, req, res)).rejects.toMatchObject({
         status: 500
       })
       expect(linksQueriesMock.incrementLinkNbAccess).toHaveBeenCalledWith(link.uuid)

backend/src/applications/links/services/links-manager.service.ts

@@ -9,6 +9,7 @@ import { FastifyReply, FastifyRequest } from 'fastify'
 import { LoginResponseDto } from '../../../authentication/dto/login-response.dto'
 import { JwtIdentityPayload } from '../../../authentication/interfaces/jwt-payload.interface'
 import { AuthManager } from '../../../authentication/services/auth-manager.service'
+import { serverConfig } from '../../../configuration/config.environment'
 import { FilesManager } from '../../files/services/files-manager.service'
 import { SendFile } from '../../files/utils/send-file'
 import { SPACE_REPOSITORY } from '../../spaces/constants/spaces'
@@ -41,43 +42,67 @@ export class LinksManager {
       this.logger.warn(`${this.linkValidation.name} - ${uuid} : ${check}`)
     }
     const spaceLink: SpaceLink = ok ? await this.linksQueries.spaceLink(uuid) : null
-    if (spaceLink?.owner?.login) {
-      spaceLink.owner.avatar = await getAvatarBase64(spaceLink.owner.login)
-      // for security reasons
-      delete spaceLink.owner.login
+    if (ok) {
+      if (spaceLink?.owner?.login) {
+        spaceLink.owner.avatar = await getAvatarBase64(spaceLink.owner.login)
+        // For security reasons
+        delete spaceLink.owner.login
+      }
+      if (spaceLink?.share) {
+        // Only used when the link is a file or a directory
+        spaceLink.fileEditors = serverConfig.fileEditors
+      }
     }
     return { ok: ok, error: ok ? null : check, link: spaceLink }
   }
 
-  async linkAccess(identity: JwtIdentityPayload, uuid: string, req: FastifyRequest, res: FastifyReply): Promise<StreamableFile | LoginResponseDto> {
+  async linkAccess(
+    identity: JwtIdentityPayload,
+    uuid: string,
+    req: FastifyRequest,
+    res: FastifyReply
+  ): Promise<LoginResponseDto | Omit<LoginResponseDto, 'token'>> {
     const [link, check, ok] = await this.linkEnv(identity, uuid)
     if (!ok) {
       this.logger.warn(`${this.linkAccess.name} - *${link.user.login}* (${link.user.id}) : ${check}`)
       throw new HttpException(check as string, HttpStatus.BAD_REQUEST)
     }
     const user = new UserModel(link.user)
-    const spaceLink: SpaceLink = await this.linksQueries.spaceLink(uuid)
-    if (!spaceLink.space && !spaceLink.share.isDir) {
-      // download the file (authentication has been verified before)
-      this.logger.log(`${this.linkAccess.name} - *${user.login}* (${user.id}) downloading ${spaceLink.share.name}`)
-      this.incrementLinkNbAccess(link)
-      const spaceEnv: SpaceEnv = await this.spaceEnvFromLink(user, spaceLink)
-      const sendFile: SendFile = this.filesManager.sendFileFromSpace(spaceEnv, spaceLink.share.name)
-      try {
-        await sendFile.checks()
-        return await sendFile.stream(req, res)
-      } catch (e) {
-        this.logger.error(`${this.linkAccess.name} - unable to send file : ${e}`)
-        throw new HttpException('Unable to download file', HttpStatus.INTERNAL_SERVER_ERROR)
-      }
-    } else if (link.user.id !== identity.id) {
-      // authenticate user to allow access to the directory
+    if (link.user.id !== identity.id) {
+      // Authenticate user to allow access to the directory
       this.logger.log(`${this.linkAccess.name} - *${user.login}* (${user.id}) is logged`)
       this.incrementLinkNbAccess(link)
       this.usersManager.updateAccesses(user, req.ip, true).catch((e: Error) => this.logger.error(`${this.linkAccess.name} - ${e}`))
       return this.authManager.setCookies(user, res)
     }
-    // already authenticated
+    // Already authenticated
+    return { user: user, server: serverConfig }
+  }
+
+  async linkDownload(identity: JwtIdentityPayload, uuid: string, req: FastifyRequest, res: FastifyReply): Promise<StreamableFile> {
+    const [link, check, ok] = await this.linkEnv(identity, uuid)
+    if (!ok) {
+      this.logger.warn(`${this.linkDownload.name} - *${link.user.login}* (${link.user.id}) : ${check}`)
+      throw new HttpException(check as string, HttpStatus.BAD_REQUEST)
+    }
+    const spaceLink: SpaceLink = await this.linksQueries.spaceLink(uuid)
+    if (spaceLink.space || spaceLink.share?.isDir) {
+      this.logger.error(`${this.linkDownload.name} - the provided link does not reference a downloadable file`)
+      throw new HttpException('This link does not allow file download', HttpStatus.BAD_REQUEST)
+    }
+    const user = new UserModel(link.user)
+    // Download the file (authentication has been verified before)
+    this.logger.log(`${this.linkDownload.name} - *${user.login}* (${user.id}) downloading ${spaceLink.share.name}`)
+    this.incrementLinkNbAccess(link)
+    const spaceEnv: SpaceEnv = await this.spaceEnvFromLink(user, spaceLink)
+    const sendFile: SendFile = this.filesManager.sendFileFromSpace(spaceEnv, spaceLink.share.name)
+    try {
+      await sendFile.checks()
+      return await sendFile.stream(req, res)
+    } catch (e) {
+      this.logger.error(`${this.linkDownload.name} - unable to send file : ${e}`)
+      throw new HttpException('Unable to download file', HttpStatus.INTERNAL_SERVER_ERROR)
+    }
   }
 
   async linkAuthentication(identity: JwtIdentityPayload, uuid: string, linkPasswordDto: UserPasswordDto, req: FastifyRequest, res: FastifyReply) {

backend/src/applications/links/services/links-queries.service.ts

@@ -155,7 +155,10 @@ export class LinksQueries {
           alias: shares.alias,
           hasParent: isNotNull(shares.parentId).mapWith(Boolean),
           isDir: sql`IF (${isNotNull(shares.externalPath)} OR ${isNotNull(shareSpaceRoot.externalPath)}, 1 ,${files.isDir})`.mapWith(Boolean),
-          mime: files.mime
+          mime: files.mime,
+          mtime: files.mtime,
+          size: files.size,
+          permissions: sharesMembers.permissions
         },
         space: { name: spaces.name, alias: spaces.alias },
         owner: { login: shareOwner.login, fullName: userFullNameSQL(shareOwner) }
@@ -176,7 +179,11 @@ export class LinksQueries {
       )
       .where(eq(links.uuid, uuid))
       .limit(1)
-    return r
+    return {
+      ...r,
+      space: r.space?.name ? r.space : null,
+      share: r.share?.name ? r.share : null
+    }
   }
 
   async incrementLinkNbAccess(uuid: string) {

frontend/src/app/applications/links/components/public/public-link-auth.component.html

@@ -10,19 +10,20 @@
       <img alt="" height="40" [src]="logoUrl">
     </a>
   </div>
-  <img (click)="validPassword()" alt="" class="cursor-pointer" [src]="linkProtected" height="96">
-  <div class="d-flex mt-2 ms-auto me-auto" style="width: 250px">
-    <div class="input-group">
-    <span class="input-group-text bg-gray-light">
-      <fa-icon [icon]="icons.faKey"></fa-icon>
-    </span>
+  <div class="d-flex flex-column align-items-center" style="margin: 1.2rem 1rem;">
+    <img (click)="validPassword()" alt="" class="cursor-pointer" [src]="linkProtected" height="96">
+  </div>
+  <div class="d-flex flex-column align-items-center mt-2 ms-auto me-auto">
+    <div class="input-group" style="max-width: 200px">
       <input [(ngModel)]="password"
              (keyup.enter)="validPassword()"
+             [class.is-invalid]="password?.length < passwordMinLength"
              autocomplete="off"
              class="form-control border-0"
              [placeholder]="'Password' | translate:locale.language"
-             type="password">
-      <button [disabled]="!password?.length"
+             type="password"
+             required>
+      <button [disabled]="password?.length < passwordMinLength"
               (click)="validPassword()"
               class="btn btn-default btn-custom border-0"
               type="button">
@@ -33,7 +34,7 @@
   <div class="error-text no-select">
     <span class="hr"></span>
     <div>
-      <span class="solve" l10nTranslate>This share is protected by a password</span>
+      <span class="solve" l10nTranslate>This access is protected by a password</span>
     </div>
   </div>
 </div>

frontend/src/app/applications/links/components/public/public-link-auth.component.ts

@@ -9,6 +9,7 @@ import { FormsModule } from '@angular/forms'
 import { ActivatedRoute, Params, RouterLink } from '@angular/router'
 import { FaIconComponent } from '@fortawesome/angular-fontawesome'
 import { faKey, faSignInAlt } from '@fortawesome/free-solid-svg-icons'
+import { USER_PASSWORD_MIN_LENGTH } from '@sync-in-server/backend/src/applications/users/constants/user'
 import { L10N_LOCALE, L10nLocale, L10nTranslateDirective, L10nTranslatePipe } from 'angular-l10n'
 import { linkProtected, logoUrl } from '../../../files/files.constants'
 import { LinksService } from '../../services/links.service'
@@ -23,6 +24,7 @@ export class PublicLinkAuthComponent {
   protected readonly logoUrl = logoUrl
   protected readonly linkProtected = linkProtected
   protected readonly icons = { faKey, faSignInAlt }
+  protected readonly passwordMinLength = USER_PASSWORD_MIN_LENGTH
   protected password = ''
   private readonly activatedRoute = inject(ActivatedRoute)
   private readonly linksService = inject(LinksService)
@@ -33,7 +35,7 @@ export class PublicLinkAuthComponent {
   }
 
   validPassword() {
-    if (this.password) {
+    if (this.password && this.password.length >= this.passwordMinLength) {
       this.linksService.linkAuthentication(this.uuid, this.password).subscribe(() => (this.password = ''))
     }
   }

frontend/src/app/applications/links/components/public/public-link-error.component.html

@@ -10,13 +10,14 @@
       <img alt="" height="40" [src]="logoUrl">
     </a>
   </div>
-  <fa-icon class="text-white" [icon]="icons.faExclamationCircle" size="4x"></fa-icon>
-  <div class="error-code mt-2" style="font-size: 24px" l10nTranslate>Link error</div>
+  <div class="d-flex flex-column align-items-center" style="margin-top: 1.2rem; margin-bottom: .6rem">
+    <fa-icon class="text-white" [icon]="icons.faExclamationCircle" size="5x"></fa-icon>
+  </div>
+  <div class="error-code" l10nTranslate>Link error</div>
   <div class="error-text">
     <span class="hr"></span>
-    <br>
-    <span l10nTranslate>{{ error }}</span>
-    <br>
-    <br>
+    <div>
+    <span class="solve" l10nTranslate>{{ error }}</span>
+    </div>
   </div>
 </div>

frontend/src/app/applications/links/components/public/public-link.component.html

@@ -11,13 +11,29 @@
     </a>
   </div>
   <div class="d-flex flex-column align-content-center">
-    <div (click)="followLink()" class="resource d-flex flex-column align-items-center mt-3 mx-auto cursor-pointer">
-      @if (mimeUrl) {
-        <img [src]="mimeUrl" alt="" height="96" class="no-select-pointer" (error)="fallBackMimeUrl()">
-      } @else {
-        <fa-icon [icon]="icons.SPACES" class="circle-primary-icon" [fixedWidth]="false" style="min-width: 128px; min-height: 128px; font-size: 64px"></fa-icon>
+    <div class="d-flex flex-column align-items-center mt-3 mb-1 mx-auto cursor-pointer">
+      <div (click)="followLink()" class="resource">
+        <div class="mime">
+          @if (file?.mimeUrl) {
+            <img [src]="file.mimeUrl" alt="" height="96" class="no-select-pointer" (error)="fallBackMimeUrl()">
+          } @else {
+            <fa-icon [icon]="icons.SPACES" class="circle-primary-icon" [fixedWidth]="false" style="width: 96px; height: 96px; font-size: 48px"></fa-icon>
+          }
+        </div>
+        <span class="error-code">{{ link.share?.name || link.space?.name }}</span>
+      </div>
+      @if (file?.isDir === false) {
+        <div class="mt-3 mb-2 fs-lg">
+          @if (file?.isViewable) {
+            <button (click)="openLink()" class="btn btn-lg btn-outline-light me-2" l10nTranslate>
+              <fa-icon [icon]="fileCanBeModified && file.isEditable ? icons.faPen : icons.faEye"></fa-icon>
+            </button>
+          }
+          <button (click)="downloadLink()" class="btn btn-lg btn-outline-light">
+            <fa-icon [icon]="icons.faDownload"></fa-icon>
+          </button>
+        </div>
       }
-      <span class="error-code">{{ link.share?.name || link.space?.name }}</span>
     </div>
   </div>
   <div class="error-text no-select">