Skip to content

Commit cd06c99

Browse files
ybizeulybizeul
committed
Implement option to show or hide other shares
1 parent f469547 commit cd06c99

File tree

7 files changed

+412
-332
lines changed

7 files changed

+412
-332
lines changed

README.md

+9
Original file line numberDiff line numberDiff line change
@@ -75,9 +75,18 @@ be used to configure storage backend and authentication.
7575
Sample configuration file :
7676

7777
```
78+
# Web site name for the title bar
7879
Title: Hupload
80+
81+
# By default shares will be created for upload only
7982
default_exposure: upload
83+
84+
# By default, shares will be available for 7 days
8085
default_validity_days: 7
86+
87+
# Registered users will only see their own shares
88+
hide_other_shares: false
89+
8190
auth:
8291
type: file
8392
options:

hupload/handlers.go

+25-2
Original file line numberDiff line numberDiff line change
@@ -85,18 +85,31 @@ func (h *Hupload) patchShare(w http.ResponseWriter, r *http.Request) {
8585
// We ignore unmarshalling of JSON body as it is optional.
8686
_ = json.NewDecoder(r.Body).Decode(&options)
8787

88-
result, err := h.Config.Storage.UpdateShare(r.Context(), r.PathValue("share"), options)
88+
share, err := h.Config.Storage.GetShare(r.Context(), r.PathValue("share"))
8989
if err != nil {
9090
slog.Error("patchShare", slog.String("error", err.Error()))
9191
switch {
9292
case errors.Is(err, storage.ErrInvalidShareName):
9393
writeError(w, http.StatusBadRequest, "invalid share name")
9494
return
9595
case errors.Is(err, storage.ErrShareNotFound):
96-
writeError(w, http.StatusNotFound, "share does not exists")
96+
writeError(w, http.StatusNotFound, "share not found")
97+
return
98+
}
99+
writeError(w, http.StatusInternalServerError, err.Error())
100+
return
101+
}
102+
103+
if h.Config.Values.HideOtherShares {
104+
if share.Owner != user {
105+
writeError(w, http.StatusForbidden, "unauthorized")
97106
return
98107
}
108+
}
99109

110+
result, err := h.Config.Storage.UpdateShare(r.Context(), share.Name, options)
111+
if err != nil {
112+
slog.Error("patchShare", slog.String("error", err.Error()))
100113
writeError(w, http.StatusInternalServerError, err.Error())
101114
return
102115
}
@@ -222,6 +235,16 @@ func (h *Hupload) getShares(w http.ResponseWriter, r *http.Request) {
222235
}
223236
user, _ := auth.AuthForRequest(r)
224237

238+
if h.Config.Values.HideOtherShares {
239+
tmpShares := []storage.Share{}
240+
for s := range shares {
241+
if shares[s].Owner == user {
242+
tmpShares = append(tmpShares, shares[s])
243+
}
244+
}
245+
shares = tmpShares
246+
}
247+
225248
if user == "" {
226249
writeSuccessJSON(w, storage.PublicShares(shares))
227250
} else {

0 commit comments

Comments
 (0)