feat: public page sharing (#1012)

* Share - WIP * - public attachment links - WIP * WIP * WIP * Share - WIP * WIP * WIP * include userRole in space object * WIP * Server render shared page meta tags * disable user select * Close Navbar on outside click on mobile * update shared page spaceId * WIP * fix * close sidebar on click * close sidebar * defaults * update copy * Store share key in lowercase * refactor page breadcrumbs * Change copy * add link ref * open link button * add meta og:title * add twitter tags * WIP * make shares/info endpoint public * fix * * add /p/ segment to share urls * minore fixes * change mobile breadcrumb icon
2026-05-17 23:14:07 +08:00 · 2025-04-22 20:37:32 +01:00
parent 3e8824435d
commit 6c422011ac
66 changed files with 3331 additions and 512 deletions
@@ -0,0 +1,171 @@
+import {
+  BadRequestException,
+  Body,
+  Controller,
+  ForbiddenException,
+  HttpCode,
+  HttpStatus,
+  NotFoundException,
+  Post,
+  UseGuards,
+} from '@nestjs/common';
+import { AuthUser } from '../../common/decorators/auth-user.decorator';
+import { User, Workspace } from '@docmost/db/types/entity.types';
+import {
+  SpaceCaslAction,
+  SpaceCaslSubject,
+} from '../casl/interfaces/space-ability.type';
+import { AuthWorkspace } from '../../common/decorators/auth-workspace.decorator';
+import SpaceAbilityFactory from '../casl/abilities/space-ability.factory';
+import { ShareService } from './share.service';
+import {
+  CreateShareDto,
+  ShareIdDto,
+  ShareInfoDto,
+  SharePageIdDto,
+  UpdateShareDto,
+} from './dto/share.dto';
+import { PageRepo } from '@docmost/db/repos/page/page.repo';
+import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
+import { Public } from '../../common/decorators/public.decorator';
+import { ShareRepo } from '@docmost/db/repos/share/share.repo';
+import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
+
+@UseGuards(JwtAuthGuard)
+@Controller('shares')
+export class ShareController {
+  constructor(
+    private readonly shareService: ShareService,
+    private readonly spaceAbility: SpaceAbilityFactory,
+    private readonly shareRepo: ShareRepo,
+    private readonly pageRepo: PageRepo,
+  ) {}
+
+  @HttpCode(HttpStatus.OK)
+  @Post('/')
+  async getShares(
+    @AuthUser() user: User,
+    @Body() pagination: PaginationOptions,
+  ) {
+    return this.shareRepo.getShares(user.id, pagination);
+  }
+
+  @Public()
+  @HttpCode(HttpStatus.OK)
+  @Post('/page-info')
+  async getSharedPageInfo(
+    @Body() dto: ShareInfoDto,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    if (!dto.pageId && !dto.shareId) {
+      throw new BadRequestException();
+    }
+
+    return this.shareService.getSharedPage(dto, workspace.id);
+  }
+
+  @Public()
+  @HttpCode(HttpStatus.OK)
+  @Post('/info')
+  async getShare(@Body() dto: ShareIdDto) {
+    const share = await this.shareRepo.findById(dto.shareId, {
+      includeSharedPage: true,
+    });
+
+    if (!share) {
+      throw new NotFoundException('Share not found');
+    }
+
+    return share;
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('/for-page')
+  async getShareForPage(
+    @Body() dto: SharePageIdDto,
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    const page = await this.pageRepo.findById(dto.pageId);
+    if (!page) {
+      throw new NotFoundException('Shared page not found');
+    }
+
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Read, SpaceCaslSubject.Share)) {
+      throw new ForbiddenException();
+    }
+
+    return this.shareService.getShareForPage(page.id, workspace.id);
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('create')
+  async create(
+    @Body() createShareDto: CreateShareDto,
+    @AuthUser() user: User,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    const page = await this.pageRepo.findById(createShareDto.pageId);
+
+    if (!page || workspace.id !== page.workspaceId) {
+      throw new NotFoundException('Page not found');
+    }
+
+    const ability = await this.spaceAbility.createForUser(user, page.spaceId);
+    if (ability.cannot(SpaceCaslAction.Create, SpaceCaslSubject.Share)) {
+      throw new ForbiddenException();
+    }
+
+    return this.shareService.createShare({
+      page,
+      authUserId: user.id,
+      workspaceId: workspace.id,
+      createShareDto,
+    });
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('update')
+  async update(@Body() updateShareDto: UpdateShareDto, @AuthUser() user: User) {
+    const share = await this.shareRepo.findById(updateShareDto.shareId);
+
+    if (!share) {
+      throw new NotFoundException('Share not found');
+    }
+
+    const ability = await this.spaceAbility.createForUser(user, share.spaceId);
+    if (ability.cannot(SpaceCaslAction.Edit, SpaceCaslSubject.Share)) {
+      throw new ForbiddenException();
+    }
+
+    return this.shareService.updateShare(share.id, updateShareDto);
+  }
+
+  @HttpCode(HttpStatus.OK)
+  @Post('delete')
+  async delete(@Body() shareIdDto: ShareIdDto, @AuthUser() user: User) {
+    const share = await this.shareRepo.findById(shareIdDto.shareId);
+
+    if (!share) {
+      throw new NotFoundException('Share not found');
+    }
+
+    const ability = await this.spaceAbility.createForUser(user, share.spaceId);
+    if (ability.cannot(SpaceCaslAction.Manage, SpaceCaslSubject.Share)) {
+      throw new ForbiddenException();
+    }
+
+    await this.shareRepo.deleteShare(share.id);
+  }
+
+  @Public()
+  @HttpCode(HttpStatus.OK)
+  @Post('/tree')
+  async getSharePageTree(
+    @Body() dto: ShareIdDto,
+    @AuthWorkspace() workspace: Workspace,
+  ) {
+    return this.shareService.getShareTree(dto.shareId, workspace.id);
+  }
+}