Add drawing share links/grants, API base path support, and DX improvements#64
Add drawing share links/grants, API base path support, and DX improvements#64tototomate123 wants to merge 62 commits intoZimengXiong:pre-releasefrom
Conversation
Bumps [diff](https://github.com/kpdecker/jsdiff) from 5.2.0 to 5.2.2. - [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md) - [Commits](kpdecker/jsdiff@v5.2.0...v5.2.2) --- updated-dependencies: - dependency-name: diff dependency-version: 5.2.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash-es dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Security fixes: 1. Drawings cache now includes userId in cache key to prevent data leakage between users making identical queries. 2. Socket.io connections now require JWT authentication when auth is enabled. 3. Socket.io join-room verifies drawing ownership before allowing access. 4. Frontend passes auth token when connecting to Socket.io. Co-authored-by: ZimengXiong <83783148+ZimengXiong@users.noreply.github.com>
Co-authored-by: ZimengXiong <83783148+ZimengXiong@users.noreply.github.com>
… style Co-authored-by: ZimengXiong <83783148+ZimengXiong@users.noreply.github.com>
ZimengXiong
force-pushed
the
pre-release
branch
from
344a31f to
b2d3164
Compare
|
thanks for your effort, @tototomate123, what does this implement? the description is not too clear (most are not about the sharing part), sharing of drawings via links? are they scoped? asking because #56 is now merged with multi-user authentication and scoped sharing. |
|
This PR bundled a few things, but the main feature was share-link based scoped access on top of auth: DrawingShareLink/DrawingShareGrant, viewer/editor links per drawing, token redemption into per-user grants, role enforcement in API + socket, and a "Shared with me" flow in the UI. So links are scoped (drawing + role) and still require login; not public anonymous links. It also included some collaboration/realtime hardening (role-aware socket permissions + sync reliability improvements), plus infra/DX changes (API_BASE_PATH, socket path alignment, x- share-token CORS header, migration fallback, logging/IP utility, minor cleanup). That said, I'm not fully sure how valuable all of this is now after #56 merged. I originally started this because prerelease v0.4.6 wasn't really ready for multi-user + collaboration yet, so this was meant to close that gap. If useful, you can try it and evaluate how it behaves with the current merged system, but I agree some parts may now be less necessary. |
|
Yeah sure, I'll take a look at them, thanks for your effort! Sorry I had a lot of the work done locally and didn't keep the Github in sync. |
This pull request introduces significant backend enhancements, most notably adding database support for drawing sharing via share links and grants, improving API routing flexibility, and increasing robustness in environment configuration and error logging. It also includes various code quality and developer experience improvements.
Database and Sharing Features:
DrawingShareLinkandDrawingShareGrantto the Prisma schema and created corresponding migration scripts, enabling per-drawing share links and granular sharing permissions. [1] [2] [3]UserandDrawingmodels to support the new sharing relationships. [1] [2]API Routing and Configuration:
API_BASE_PATHenvironment variable and related parsing logic, allowing the backend API to be served under a configurable base path (e.g.,/api). Updated CORS, socket, health check, and route registrations to respect this path. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]Developer Experience and Robustness:
pnpm execifnpxis unavailable, increasing reliability in different development environments. [1] [2]Security and Utilities:
x-share-tokenheader, supporting new sharing features.Minor and Documentation Updates:
README.md.These changes collectively lay the groundwork for advanced sharing capabilities, improve backend flexibility, and enhance developer and user experience.
I am working on this on gitea (thats the reason for that README edit, can be removed for this repo obv), and thought i'd port back my changes to you. If you don't need them / think this goes into the wrong direction just close this PR, but i thought it might be helpful :)