acf3df9e9d
Lets an unauthenticated viewer of a published share ask an AI scoped strictly to that share's page tree. The authenticated agent is untouched; the security boundary is the tool scope (no identity), and nothing is persisted. Server: - workspace toggle settings.ai.publicShareAssistant (default off) + optional settings.ai.provider.publicShareChatModel (cheap model id; reuses the chat driver/baseUrl/key). getChatModel(workspaceId, override) substitutes only the model id, falling back to chatModel. - POST /api/shares/ai/stream (@Public, SSE). Guardrail funnel, each failing before streaming: toggle off -> 404; share missing/wrong-workspace/sharing off -> 404; pageId not in share tree -> 404; provider unconfigured -> 503; per-IP (5/min) and per-workspace (300/h, IP-independent) rate limits -> 429. Uniform 404s never confirm a private page's existence. - forShare read-only in-process toolset: searchSharePages (existing shareId FTS branch, no spaceId/userId), getSharePage (getShareForPage gate + share.id check, content via the public sanitizer), listSharePages. No write/ comment/history/cross-space/external-MCP tools. - Locked share system prompt + immutable safety block; stepCountIs(5). - /shares/page-info exposes an aiAssistant flag (gated behind isSharingAllowed). Client: an ephemeral, text-only Ask-AI widget on the public shared page, shown only when the flag is set; useChat -> /api/shares/ai/stream, credentials omit. Admin toggle + model field in Settings -> AI. Also adds a jest moduleNameMapper for src/-rooted imports (fixes pre-existing unresolvable specs; additive). Implements docs/public-share-assistant-plan.md. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
291 lines
8.0 KiB
TypeScript
291 lines
8.0 KiB
TypeScript
import {
|
|
BadRequestException,
|
|
Body,
|
|
Controller,
|
|
ForbiddenException,
|
|
HttpCode,
|
|
HttpStatus,
|
|
Inject,
|
|
NotFoundException,
|
|
Post,
|
|
UseGuards,
|
|
} from '@nestjs/common';
|
|
import { AuthUser } from '../../common/decorators/auth-user.decorator';
|
|
import { User, Workspace } from '@docmost/db/types/entity.types';
|
|
import { AuthWorkspace } from '../../common/decorators/auth-workspace.decorator';
|
|
import { ShareService } from './share.service';
|
|
import {
|
|
CreateShareDto,
|
|
ShareIdDto,
|
|
ShareInfoDto,
|
|
SharePageIdDto,
|
|
UpdateShareDto,
|
|
} from './dto/share.dto';
|
|
import { ShareTransclusionLookupDto } from './dto/share-transclusion-lookup.dto';
|
|
import { PageRepo } from '@docmost/db/repos/page/page.repo';
|
|
import { PagePermissionRepo } from '@docmost/db/repos/page/page-permission.repo';
|
|
import { PageAccessService } from '../page/page-access/page-access.service';
|
|
import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
|
|
import { Public } from '../../common/decorators/public.decorator';
|
|
import { ShareRepo } from '@docmost/db/repos/share/share.repo';
|
|
import { PaginationOptions } from '@docmost/db/pagination/pagination-options';
|
|
import { LicenseCheckService } from '../../integrations/environment/license-check.service';
|
|
import { AuditEvent, AuditResource } from '../../common/events/audit-events';
|
|
import {
|
|
AUDIT_SERVICE,
|
|
IAuditService,
|
|
} from '../../integrations/audit/audit.service';
|
|
import { AiSettingsService } from '../../integrations/ai/ai-settings.service';
|
|
|
|
@UseGuards(JwtAuthGuard)
|
|
@Controller('shares')
|
|
export class ShareController {
|
|
constructor(
|
|
private readonly shareService: ShareService,
|
|
private readonly shareRepo: ShareRepo,
|
|
private readonly pageRepo: PageRepo,
|
|
private readonly pagePermissionRepo: PagePermissionRepo,
|
|
private readonly pageAccessService: PageAccessService,
|
|
private readonly licenseCheckService: LicenseCheckService,
|
|
private readonly aiSettings: AiSettingsService,
|
|
@Inject(AUDIT_SERVICE) private readonly auditService: IAuditService,
|
|
) {}
|
|
|
|
@HttpCode(HttpStatus.OK)
|
|
@Post('/')
|
|
async getShares(
|
|
@AuthUser() user: User,
|
|
@Body() pagination: PaginationOptions,
|
|
) {
|
|
return this.shareRepo.getShares(user.id, pagination);
|
|
}
|
|
|
|
@Public()
|
|
@HttpCode(HttpStatus.OK)
|
|
@Post('/page-info')
|
|
async getSharedPageInfo(
|
|
@Body() dto: ShareInfoDto,
|
|
@AuthWorkspace() workspace: Workspace,
|
|
) {
|
|
if (!dto.pageId && !dto.shareId) {
|
|
throw new BadRequestException();
|
|
}
|
|
|
|
const shareData = await this.shareService.getSharedPage(dto, workspace.id);
|
|
|
|
const sharingAllowed = await this.shareService.isSharingAllowed(
|
|
workspace.id,
|
|
shareData.share.spaceId,
|
|
);
|
|
if (!sharingAllowed) {
|
|
throw new NotFoundException('Shared page not found');
|
|
}
|
|
|
|
// Surface whether the anonymous public-share AI assistant is enabled, so the
|
|
// client only renders the "Ask AI" widget when the workspace allows it.
|
|
const aiAssistant = await this.aiSettings.isPublicShareAssistantEnabled(
|
|
workspace.id,
|
|
);
|
|
|
|
return {
|
|
...shareData,
|
|
aiAssistant,
|
|
features: this.licenseCheckService.resolveFeatures(
|
|
workspace.licenseKey,
|
|
workspace.plan,
|
|
),
|
|
};
|
|
}
|
|
|
|
@Public()
|
|
@HttpCode(HttpStatus.OK)
|
|
@Post('/info')
|
|
async getShare(@Body() dto: ShareIdDto) {
|
|
const share = await this.shareRepo.findById(dto.shareId, {
|
|
includeSharedPage: true,
|
|
});
|
|
|
|
if (!share) {
|
|
throw new NotFoundException('Share not found');
|
|
}
|
|
|
|
const sharingAllowed = await this.shareService.isSharingAllowed(
|
|
share.workspaceId,
|
|
share.spaceId,
|
|
);
|
|
if (!sharingAllowed) {
|
|
throw new NotFoundException('Share not found');
|
|
}
|
|
|
|
return share;
|
|
}
|
|
|
|
@Public()
|
|
@HttpCode(HttpStatus.OK)
|
|
@Post('/transclusion/lookup')
|
|
async transclusionLookup(
|
|
@Body() dto: ShareTransclusionLookupDto,
|
|
@AuthWorkspace() workspace: Workspace,
|
|
) {
|
|
return this.shareService.lookupTransclusionForShare(
|
|
dto.shareId,
|
|
dto.references,
|
|
workspace.id,
|
|
);
|
|
}
|
|
|
|
@HttpCode(HttpStatus.OK)
|
|
@Post('/for-page')
|
|
async getShareForPage(
|
|
@Body() dto: SharePageIdDto,
|
|
@AuthUser() user: User,
|
|
@AuthWorkspace() workspace: Workspace,
|
|
) {
|
|
const page = await this.pageRepo.findById(dto.pageId);
|
|
if (!page) {
|
|
throw new NotFoundException('Shared page not found');
|
|
}
|
|
|
|
await this.pageAccessService.validateCanView(page, user);
|
|
|
|
return this.shareService.getShareForPage(page.id, workspace.id);
|
|
}
|
|
|
|
@HttpCode(HttpStatus.OK)
|
|
@Post('create')
|
|
async create(
|
|
@Body() createShareDto: CreateShareDto,
|
|
@AuthUser() user: User,
|
|
@AuthWorkspace() workspace: Workspace,
|
|
) {
|
|
const page = await this.pageRepo.findById(createShareDto.pageId);
|
|
|
|
if (!page || workspace.id !== page.workspaceId) {
|
|
throw new NotFoundException('Page not found');
|
|
}
|
|
|
|
// User must be able to edit the page to create a share
|
|
//TODO: i dont think this is neccessary if we prevent restricted pages from getting shared
|
|
// rather, use space level permission and workspace/space level sharing restriction
|
|
await this.pageAccessService.validateCanEdit(page, user);
|
|
|
|
// Prevent sharing restricted pages
|
|
const isRestricted = await this.pagePermissionRepo.hasRestrictedAncestor(
|
|
page.id,
|
|
);
|
|
if (isRestricted) {
|
|
throw new BadRequestException('Cannot share a restricted page');
|
|
}
|
|
|
|
const sharingAllowed = await this.shareService.isSharingAllowed(
|
|
workspace.id,
|
|
page.spaceId,
|
|
);
|
|
if (!sharingAllowed) {
|
|
throw new ForbiddenException('Public sharing is disabled');
|
|
}
|
|
|
|
const share = await this.shareService.createShare({
|
|
page,
|
|
authUserId: user.id,
|
|
workspaceId: workspace.id,
|
|
createShareDto,
|
|
});
|
|
|
|
this.auditService.log({
|
|
event: AuditEvent.SHARE_CREATED,
|
|
resourceType: AuditResource.SHARE,
|
|
resourceId: share.id,
|
|
spaceId: page.spaceId,
|
|
metadata: {
|
|
pageId: page.id,
|
|
spaceId: page.spaceId,
|
|
},
|
|
});
|
|
|
|
return share;
|
|
}
|
|
|
|
@HttpCode(HttpStatus.OK)
|
|
@Post('update')
|
|
async update(@Body() updateShareDto: UpdateShareDto, @AuthUser() user: User) {
|
|
const share = await this.shareRepo.findById(updateShareDto.shareId);
|
|
|
|
if (!share) {
|
|
throw new NotFoundException('Share not found');
|
|
}
|
|
|
|
const page = await this.pageRepo.findById(share.pageId);
|
|
if (!page) {
|
|
throw new NotFoundException('Page not found');
|
|
}
|
|
|
|
// User must be able to edit the page to update its share
|
|
await this.pageAccessService.validateCanEdit(page, user);
|
|
|
|
return this.shareService.updateShare(share.id, updateShareDto);
|
|
}
|
|
|
|
@HttpCode(HttpStatus.OK)
|
|
@Post('delete')
|
|
async delete(@Body() shareIdDto: ShareIdDto, @AuthUser() user: User) {
|
|
const share = await this.shareRepo.findById(shareIdDto.shareId);
|
|
|
|
if (!share) {
|
|
throw new NotFoundException('Share not found');
|
|
}
|
|
|
|
const page = await this.pageRepo.findById(share.pageId);
|
|
if (!page) {
|
|
throw new NotFoundException('Page not found');
|
|
}
|
|
|
|
// User must be able to edit the page to delete its share
|
|
await this.pageAccessService.validateCanEdit(page, user);
|
|
|
|
await this.shareRepo.deleteShare(share.id);
|
|
|
|
this.auditService.log({
|
|
event: AuditEvent.SHARE_DELETED,
|
|
resourceType: AuditResource.SHARE,
|
|
resourceId: share.id,
|
|
spaceId: share.spaceId,
|
|
changes: {
|
|
before: {
|
|
pageId: share.pageId,
|
|
spaceId: share.spaceId,
|
|
},
|
|
},
|
|
});
|
|
}
|
|
|
|
@Public()
|
|
@HttpCode(HttpStatus.OK)
|
|
@Post('/tree')
|
|
async getSharePageTree(
|
|
@Body() dto: ShareIdDto,
|
|
@AuthWorkspace() workspace: Workspace,
|
|
) {
|
|
const treeData = await this.shareService.getShareTree(
|
|
dto.shareId,
|
|
workspace.id,
|
|
);
|
|
|
|
const sharingAllowed = await this.shareService.isSharingAllowed(
|
|
workspace.id,
|
|
treeData.share.spaceId,
|
|
);
|
|
if (!sharingAllowed) {
|
|
throw new NotFoundException('Share not found');
|
|
}
|
|
|
|
return {
|
|
...treeData,
|
|
features: this.licenseCheckService.resolveFeatures(
|
|
workspace.licenseKey,
|
|
workspace.plan,
|
|
),
|
|
};
|
|
}
|
|
}
|