🎉 Add backend code for share token handling.

2025-05-18 15:26:10 +02:00 · 2020-04-07 14:20:29 +02:00 · 2020-04-07 14:20:29 +02:00 · 4105692dee
commit 4105692dee
parent 9492fe188d
6 changed files with 304 additions and 157 deletions
--- a/backend/src/uxbox/services/mutations/pages.clj
+++ b/backend/src/uxbox/services/mutations/pages.clj
@ -106,6 +106,42 @@



+;; --- Mutation: Generate Share Token
+
+(declare assign-page-share-token)
+
+(s/def ::generate-page-share-token
+  (s/keys :req-un [::id]))
+
+(sm/defmutation ::generate-page-share-token
+  [{:keys [id] :as params}]
+  (let [token (-> (sodi.prng/random-bytes 16)
+                  (sodi.util/bytes->b64s))]
+    (db/with-atomic [conn db/pool]
+      (assign-page-share-token conn id token))))
+
+(def ^:private sql:update-page-share-token
+  "update page set share_token = $2 where id = $1")
+
+(defn- assign-page-share-token
+  [conn id token]
+  (-> (db/query-one conn [sql:update-page-share-token id token])
+      (p/then (fn [_] {:id id :share-token token}))))
+
+
+
+;; --- Mutation: Clear Share Token
+
+(s/def ::clear-page-share-token
+  (s/keys :req-un [::id]))
+
+(sm/defmutation ::clear-page-share-token
+  [{:keys [id] :as params}]
+  (db/with-atomic [conn db/pool]
+    (assign-page-share-token conn id nil)))
+
+
+
 ;; --- Mutation: Update Page

 ;; A generic, Changes based (granular) page update method.
--- a/backend/src/uxbox/services/queries/viewer.clj
+++ b/backend/src/uxbox/services/queries/viewer.clj
@ -44,49 +44,24 @@
  [conn id]
  (db/query-one conn [sql:project id]))

-(s/def ::viewer-bundle-by-page-id
-  (s/keys :req-un [::profile-id ::page-id]))
+(s/def ::share-token ::us/string)
+(s/def ::viewer-bundle
+  (s/keys :req-un [::page-id]
+          :opt-un [::profile-id ::share-token]))

-(sq/defquery ::viewer-bundle-by-page-id
-  [{:keys [profile-id page-id]}]
+(sq/defquery ::viewer-bundle
+  [{:keys [profile-id page-id share-token] :as params}]
  (db/with-atomic [conn db/pool]
    (p/let [page (pages/retrieve-page conn page-id)
            file (files/retrieve-file conn (:file-id page))
            images (files/retrieve-file-images conn page)
            project (retrieve-project conn (:project-id file))]
-      (files/check-edition-permissions! conn profile-id (:file-id page))
+      (if (string? share-token)
+        (when (not= share-token (:share-token page))
+          (ex/raise :type :validation
+                    :code :not-authorized))
+        (files/check-edition-permissions! conn profile-id (:file-id page)))
      {:page page
       :file file
       :images images
       :project project})))
-
-
-;; --- Query: Viewer Bundle (By Share ID)
-
-(declare retrieve-page-by-share-id)
-
-(s/def ::viewer-bundle-by-share-id
-  (s/keys :req-un [::share-id]
-          :opt-un [::profile-id]))
-
-(sq/defquery ::viewer-bundle-by-share-id
-  [{:keys [share-id]}]
-  (db/with-atomic [conn db/pool]
-    (p/let [page (retrieve-page-by-share-id conn share-id)
-            file (files/retrieve-file conn (:file-id page))
-            images (files/retrieve-file-images conn page)
-            project (retrieve-project conn (:project-id file))]
-      {:page page
-       :file file
-       :images images
-       :project project})))
-
-(def ^:private sql:page-by-share-id
-  "select p.* from page as p where share_id=$1")
-
-(defn- retrieve-page-by-share-id
-  [conn share-id]
-  (-> (db/query-one conn [sql:page-by-share-id share-id])
-      (p/then' su/raise-not-found-if-nil)
-      (p/then' pages/decode-row)))
-