feat: allow to password protect shares (#1252)

This changes allows to password protect shares. It works by: * Allowing to optionally pass a password when creating a share * If set, the password + salt that is configured via a new flag will be hashed via bcrypt and the hash stored together with the rest of the share * Additionally, a random 96 byte long token gets generated and stored as part of the share * When the backend retrieves an unauthenticated request for a share that has authentication configured, it will return a http 401 * The frontend detects this and will show a login prompt * The actual download links are protected via an url arg that contains the previously generated token. This allows us to avoid buffering the download in the browser and allows pasting the link without breaking it
2025-11-26 14:25:26 +08:00 · 2021-03-02 06:00:18 -05:00
parent 977ec33918
commit d8f415f8ab
22 changed files with 340 additions and 41 deletions
--- a/frontend/src/components/prompts/Share.vue
+++ b/frontend/src/components/prompts/Share.vue
@@ -1,14 +1,11 @@
 <template>
-  <div class="card floating" id="share">
+  <div class="card floating share__promt__card" id="share">
    <div class="card-title">
      <h2>{{ $t('buttons.share') }}</h2>
    </div>

    <div class="card-content">
      <ul>
-        <li v-if="!hasPermanent">
-          <a @click="getPermalink" :aria-label="$t('buttons.permalink')">{{ $t('buttons.permalink') }}</a>
-        </li>

        <li v-for="link in links" :key="link.hash">
          <a :href="buildLink(link.hash)" target="_blank">
@@ -27,6 +24,13 @@
            :title="$t('buttons.copyToClipboard')"><i class="material-icons">content_paste</i></button>
        </li>

+        <li v-if="!hasPermanent">
+          <div>
+            <input type="password" :placeholder="$t('prompts.optionalPassword')" v-model="passwordPermalink">
+            <a @click="getPermalink" :aria-label="$t('buttons.permalink')">{{ $t('buttons.permalink') }}</a>
+          </div>
+        </li>
+
        <li>
          <input v-focus
            type="number"
@@ -40,6 +44,7 @@
            <option value="hours">{{ $t('time.hours') }}</option>
            <option value="days">{{ $t('time.days') }}</option>
          </select>
+          <input type="password" :placeholder="$t('prompts.optionalPassword')" v-model="password">
          <button class="action"
            @click="submit"
            :aria-label="$t('buttons.create')"
@@ -72,7 +77,9 @@ export default {
      unit: 'hours',
      hasPermanent: false,
      links: [],
-      clip: null
+      clip: null,
+      password: '',
+      passwordPermalink: ''
    }
  },
  computed: {
@@ -121,7 +128,7 @@ export default {
      if (!this.time) return

      try {
-        const res = await api.create(this.url, this.time, this.unit)
+        const res = await api.create(this.url, this.password, this.time, this.unit)
        this.links.push(res)
        this.sort()
      } catch (e) {
@@ -130,7 +137,7 @@ export default {
    },
    getPermalink: async function () {
      try {
-        const res = await api.create(this.url)
+        const res = await api.create(this.url, this.passwordPermalink)
        this.links.push(res)
        this.sort()
        this.hasPermanent = true