Home Explore Help
Register Sign In
root
/
HeyPuter
mirror of https://github.com/HeyPuter/puter.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: b78c83a4ab
Branches Tags
HeyPuter
/
packages
/
backend
/
src
/
structured
/
sequence
/
share.js

share.js 21 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584 
  1. const APIError = require("../../api/APIError");
    2. 

  2. const { Sequence } = require("../../codex/Sequence");
    3. 

  3. const config = require("../../config");
    4. 

  4. const { WorkList } = require("../../util/workutil");
    5. 

  5. 

  6. const validator = require('validator');
    7. 

  7. const { get_user, get_app } = require("../../helpers");
    8. 

  8. const { PermissionUtil } = require("../../services/auth/PermissionService");
    9. 

  9. const FSNodeParam = require("../../api/filesystem/FSNodeParam");
    10. 

  10. const { TYPE_DIRECTORY } = require("../../filesystem/FSNodeContext");
    11. 

  11. const { UsernameNotifSelector } = require("../../services/NotificationService");
    12. 

  12. const { quot } = require("../../util/strutil");
    13. 

  13. 

  14. /*
    15. 

  15.     This code is optimized for editors supporting folding.
    16. 

  16.     Fold at Level 2 to conveniently browse sequence steps.
    17. 

  17.     Fold at Level 3 after opening an inner-sequence.
    18. 

  18.     
    19. 

  19.     If you're using VSCode {
    20. 

  20.         typically "Ctrl+K, Ctrl+2" or "⌘K, ⌘2";
    21. 

  21.         to revert "Ctrl+K, Ctrl+J" or "⌘K, ⌘J";
    22. 

  22.         https://stackoverflow.com/questions/30067767
    23. 

  23.     }
    24. 

  24. */
    25. 

  25. 

  26. 

  27. module.exports = new Sequence([
    28. 

  28.     function validate_mode (a) {
    29. 

  29.         const req = a.get('req');
    30. 

  30.         const mode = req.body.mode;
    31. 

  31.         
    32. 

  32.         if ( mode === 'strict' ) {
    33. 

  33.             a.set('strict_mode', true);
    34. 

  34.             return;
    35. 

  35.         }
    36. 

  36.         if ( ! mode || mode === 'best-effort' ) {
    37. 

  37.             a.set('strict_mode', false);
    38. 

  38.             return;
    39. 

  39.         }
    40. 

  40.         throw APIError.create('field_invalid', null, {
    41. 

  41.             key: 'mode',
    42. 

  42.             expected: '`strict`, `best-effort`, or undefined',
    43. 

  43.         });
    44. 

  44.     },
    45. 

  45.     function validate_recipients (a) {
    46. 

  46.         const req = a.get('req');
    47. 

  47.         let recipients = req.body.recipients;
    48. 

  48. 

  49.         // A string can be adapted to an array of one string
    50. 

  50.         if ( typeof recipients === 'string' ) {
    51. 

  51.             recipients = [recipients];
    52. 

  52.         }
    53. 

  53.         // Must be an array
    54. 

  54.         if ( ! Array.isArray(recipients) ) {
    55. 

  55.             throw APIError.create('field_invalid', null, {
    56. 

  56.                 key: 'recipients',
    57. 

  57.                 expected: 'array or string',
    58. 

  58.                 got: typeof recipients,
    59. 

  59.             })
    60. 

  60.         }
    61. 

  61.         // At least one recipient
    62. 

  62.         if ( recipients.length < 1 ) {
    63. 

  63.             throw APIError.create('field_invalid', null, {
    64. 

  64.                 key: 'recipients',
    65. 

  65.                 expected: 'at least one',
    66. 

  66.                 got: 'none',
    67. 

  67.             });
    68. 

  68.         }
    69. 

  69.         a.set('req_recipients', recipients);
    70. 

  70.     },
    71. 

  71.     function validate_shares (a) {
    72. 

  72.         const req = a.get('req');
    73. 

  73.         let shares = req.body.shares;
    74. 

  74. 

  75.         if ( ! Array.isArray(shares) ) {
    76. 

  76.             shares = [shares];
    77. 

  77.         }
    78. 

  78.         
    79. 

  79.         // At least one share
    80. 

  80.         if ( shares.length < 1 ) {
    81. 

  81.             throw APIError.create('field_invalid', null, {
    82. 

  82.                 key: 'shares',
    83. 

  83.                 expected: 'at least one',
    84. 

  84.                 got: 'none',
    85. 

  85.             });
    86. 

  86.         }
    87. 

  87.         
    88. 

  88.         a.set('req_shares', shares);
    89. 

  89.     },
    90. 

  90.     function initialize_result_object (a) {
    91. 

  91.         a.set('result', {
    92. 

  92.             $: 'api:share',
    93. 

  93.             $version: 'v0.0.0',
    94. 

  94.             status: null,
    95. 

  95.             recipients:
    96. 

  96.                 Array(a.get('req_recipients').length).fill(null),
    97. 

  97.             shares:
    98. 

  98.                 Array(a.get('req_shares').length).fill(null),
    99. 

  99.             serialize () {
    100. 

  100.                 const result = this;
    101. 

  101.                 for ( let i=0 ; i < result.recipients.length ; i++ ) {
    102. 

  102.                     if ( ! result.recipients[i] ) continue;
    103. 

  103.                     if ( result.recipients[i] instanceof APIError ) {
    104. 

  104.                         result.status = 'mixed';
    105. 

  105.                         result.recipients[i] = result.recipients[i].serialize();
    106. 

  106.                     }
    107. 

  107.                 }
    108. 

  108.                 for ( let i=0 ; i < result.shares.length ; i++ ) {
    109. 

  109.                     if ( ! result.shares[i] ) continue;
    110. 

  110.                     if ( result.shares[i] instanceof APIError ) {
    111. 

  111.                         result.status = 'mixed';
    112. 

  112.                         result.shares[i] = result.shares[i].serialize();
    113. 

  113.                     }
    114. 

  114.                 }
    115. 

  115.                 delete result.serialize;
    116. 

  116.                 return result;
    117. 

  117.             }
    118. 

  118.         });
    119. 

  119.     },
    120. 

  120.     function initialize_worklists (a) {
    121. 

  121.         const recipients_work = new WorkList();
    122. 

  122.         const shares_work = new WorkList();
    123. 

  123.         
    124. 

  124.         const { req_recipients, req_shares } = a.values();
    125. 

  125.         
    126. 

  126.         // track: common operations on multiple items
    127. 

  127.         
    128. 

  128.         for ( let i=0 ; i < req_recipients.length ; i++ ) {
    129. 

  129.             const value = req_recipients[i];
    130. 

  130.             recipients_work.push({ i, value });
    131. 

  131.         }
    132. 

  132.         
    133. 

  133.         for ( let i=0 ; i < req_shares.length ; i++ ) {
    134. 

  134.             const value = req_shares[i];
    135. 

  135.             shares_work.push({ i, value });
    136. 

  136.         }
    137. 

  137.         
    138. 

  138.         recipients_work.lockin();
    139. 

  139.         shares_work.lockin();
    140. 

  140.         
    141. 

  141.         a.values({ recipients_work, shares_work });
    142. 

  142.     },
    143. 

  143.     new Sequence({ name: 'process recipients',
    144. 

  144.         after_each (a) {
    145. 

  145.             const { recipients_work } = a.values();
    146. 

  146.             recipients_work.clear_invalid();
    147. 

  147.         }
    148. 

  148.     }, [
    149. 

  149.         function valid_username_or_email (a) {
    150. 

  150.             const { result, recipients_work } = a.values();
    151. 

  151.             for ( const item of recipients_work.list() ) {
    152. 

  152.                 const { value, i } = item;
    153. 

  153.                 
    154. 

  154.                 if ( typeof value !== 'string' ) {
    155. 

  155.                     item.invalid = true;
    156. 

  156.                     result.recipients[i] =
    157. 

  157.                         APIError.create('invalid_username_or_email', null, {
    158. 

  158.                             value,
    159. 

  159.                         });
    160. 

  160.                     continue;
    161. 

  161.                 }
    162. 

  162. 

  163.                 if ( value.match(config.username_regex) ) {
    164. 

  164.                     item.type = 'username';
    165. 

  165.                     continue;
    166. 

  166.                 }
    167. 

  167.                 if ( validator.isEmail(value) ) {
    168. 

  168.                     item.type = 'email';
    169. 

  169.                     continue;
    170. 

  170.                 }
    171. 

  171.                 
    172. 

  172.                 item.invalid = true;
    173. 

  173.                 result.recipients[i] =
    174. 

  174.                     APIError.create('invalid_username_or_email', null, {
    175. 

  175.                         value,
    176. 

  176.                     });
    177. 

  177.             }
    178. 

  178.         },
    179. 

  179.         async function check_existing_users_for_email_shares (a) {
    180. 

  180.             const { recipients_work } = a.values();
    181. 

  181.             for ( const recipient_item of recipients_work.list() ) {
    182. 

  182.                 if ( recipient_item.type !== 'email' ) continue;
    183. 

  183.                 const user = await get_user({
    184. 

  184.                     email: recipient_item.value,
    185. 

  185.                 });
    186. 

  186.                 if ( ! user ) continue;
    187. 

  187.                 recipient_item.type = 'username';
    188. 

  188.                 recipient_item.value = user.username;
    189. 

  189.             }
    190. 

  190.         },
    191. 

  191.         async function check_username_specified_users_exist (a) {
    192. 

  192.             const { result, recipients_work } = a.values();
    193. 

  193.             for ( const item of recipients_work.list() ) {
    194. 

  194.                 if ( item.type !== 'username' ) continue;
    195. 

  195. 

  196.                 const user = await get_user({ username: item.value });
    197. 

  197.                 if ( ! user ) {
    198. 

  198.                     item.invalid = true;
    199. 

  199.                     result.recipients[item.i] =
    200. 

  200.                         APIError.create('user_does_not_exist', null, {
    201. 

  201.                             username: item.value,
    202. 

  202.                         });
    203. 

  203.                     continue;
    204. 

  204.                 }
    205. 

  205.                 item.user = user;
    206. 

  206.             }
    207. 

  207.         }
    208. 

  208.     ]),
    209. 

  209.     new Sequence({ name: 'process shares',
    210. 

  210.         beforeEach (a) {
    211. 

  211.             const { shares_work } = a.values();
    212. 

  212.             shares_work.clear_invalid();
    213. 

  213.         }
    214. 

  214.     }, [
    215. 

  215.         function validate_share_types (a) {
    216. 

  216.             const { result, shares_work } = a.values();
    217. 

  217.             
    218. 

  218.             const lib_typeTagged = a.iget('services').get('lib-type-tagged');
    219. 

  219.             
    220. 

  220.             for ( const item of shares_work.list() ) {
    221. 

  221.                 const { i } = item;
    222. 

  222.                 let { value } = item;
    223. 

  223.                 
    224. 

  224.                 const thing = lib_typeTagged.process(value);
    225. 

  225.                 if ( thing.$ === 'error' ) {
    226. 

  226.                     item.invalid = true;
    227. 

  227.                     result.shares[i] =
    228. 

  228.                         APIError.create('format_error', null, {
    229. 

  229.                             message: thing.message
    230. 

  230.                         });
    231. 

  231.                     continue;
    232. 

  232.                 }
    233. 

  233.                 
    234. 

  234.                 const allowed_things = ['fs-share', 'app-share'];
    235. 

  235.                 if ( ! allowed_things.includes(thing.$) ) {
    236. 

  236.                     item.invalid = true;
    237. 

  237.                     result.shares[i] =
    238. 

  238.                         APIError.create('disallowed_thing', null, {
    239. 

  239.                             thing: thing.$,
    240. 

  240.                             accepted: allowed_things,
    241. 

  241.                         });
    242. 

  242.                     continue;
    243. 

  243.                 }
    244. 

  244.                 
    245. 

  245.                 item.thing = thing;
    246. 

  246.             }
    247. 

  247.         },
    248. 

  248.         function create_file_share_intents (a) {
    249. 

  249.             const { result, shares_work } = a.values();
    250. 

  250.             for ( const item of shares_work.list() ) {
    251. 

  251.                 const { thing } = item;
    252. 

  252.                 if ( thing.$ !== 'fs-share' ) continue;
    253. 

  253. 

  254.                 item.type = 'fs';
    255. 

  255.                 const errors = [];
    256. 

  256.                 if ( ! thing.path ) {
    257. 

  257.                     errors.push('`path` is required');
    258. 

  258.                 }
    259. 

  259.                 let access = thing.access;
    260. 

  260.                 if ( access ) {
    261. 

  261.                     if ( ! ['read','write'].includes(access) ) {
    262. 

  262.                         errors.push('`access` should be `read` or `write`');
    263. 

  263.                     }
    264. 

  264.                 } else access = 'read';
    265. 

  265. 

  266.                 if ( errors.length ) {
    267. 

  267.                     item.invalid = true;
    268. 

  268.                     result.shares[item.i] =
    269. 

  269.                         APIError.create('field_errors', null, {
    270. 

  270.                             key: `shares[${item.i}]`,
    271. 

  271.                             errors
    272. 

  272.                         });
    273. 

  273.                     continue;
    274. 

  274.                 }
    275. 

  275.                 
    276. 

  276.                 item.path = thing.path;
    277. 

  277.                 item.share_intent = {
    278. 

  278.                     $: 'share-intent:file',
    279. 

  279.                     permissions: [PermissionUtil.join('fs', thing.path, access)],
    280. 

  280.                 };
    281. 

  281.             }
    282. 

  282.         },
    283. 

  283.         function create_app_share_intents (a) {
    284. 

  284.             const { result, shares_work } = a.values();
    285. 

  285.             for ( const item of shares_work.list() ) {
    286. 

  286.                 const { thing } = item;
    287. 

  287.                 if ( thing.$ !== 'app-share' ) continue;
    288. 

  288. 

  289.                 item.type = 'app';
    290. 

  290.                 const errors = [];
    291. 

  291.                 if ( ! thing.uid && ! thing.name ) {
    292. 

  292.                     errors.push('`uid` or `name` is required');
    293. 

  293.                 }
    294. 

  294. 

  295.                 if ( errors.length ) {
    296. 

  296.                     item.invalid = true;
    297. 

  297.                     result.shares[item.i] =
    298. 

  298.                         APIError.create('field_errors', null, {
    299. 

  299.                             key: `shares[${item.i}]`,
    300. 

  300.                             errors
    301. 

  301.                         });
    302. 

  302.                     continue;
    303. 

  303.                 }
    304. 

  304.                 
    305. 

  305.                 const app_selector = thing.uid
    306. 

  306.                     ? `uid#${thing.uid}` : thing.name;
    307. 

  307.                 
    308. 

  308.                 item.share_intent = {
    309. 

  309.                     $: 'share-intent:app',
    310. 

  310.                     permissions: [
    311. 

  311.                         PermissionUtil.join('app', app_selector, 'access')
    312. 

  312.                     ]
    313. 

  313.                 }
    314. 

  314.                 continue;
    315. 

  315.             }
    316. 

  316.         },
    317. 

  317.         async function fetch_nodes_for_file_shares (a) {
    318. 

  318.             const { req, result, shares_work } = a.values();
    319. 

  319.             for ( const item of shares_work.list() ) {
    320. 

  320.                 if ( item.type !== 'fs' ) continue;
    321. 

  321.                 const node = await (new FSNodeParam('path')).consolidate({
    322. 

  322.                     req, getParam: () => item.path
    323. 

  323.                 });
    324. 

  324.                 
    325. 

  325.                 if ( ! await node.exists() ) {
    326. 

  326.                     item.invalid = true;
    327. 

  327.                     result.shares[item.i] = APIError.create('subject_does_not_exist', {
    328. 

  328.                         path: item.path,
    329. 

  329.                     })
    330. 

  330.                     continue;
    331. 

  331.                 }
    332. 

  332.                 
    333. 

  333.                 item.node = node;
    334. 

  334.                 let email_path = item.path;
    335. 

  335.                 let is_dir = true;
    336. 

  336.                 if ( await node.get('type') !== TYPE_DIRECTORY ) {
    337. 

  337.                     is_dir = false;
    338. 

  338.                     // remove last component
    339. 

  339.                     email_path = email_path.slice(0, item.path.lastIndexOf('/')+1);
    340. 

  340.                 }
    341. 

  341. 

  342.                 if ( email_path.startsWith('/') ) email_path = email_path.slice(1);
    343. 

  343.                 const email_link = `${config.origin}/show/${email_path}`;
    344. 

  344.                 item.is_dir = is_dir;
    345. 

  345.                 item.email_link = email_link;
    346. 

  346.             }
    347. 

  347.         },
    348. 

  348.         async function fetch_apps_for_app_shares (a) {
    349. 

  349.             const { result, shares_work } = a.values();
    350. 

  350.             const db = a.iget('db');
    351. 

  351.             
    352. 

  352.             for ( const item of shares_work.list() ) {
    353. 

  353.                 if ( item.type !== 'app' ) continue;
    354. 

  354.                 const { thing } = item;
    355. 

  355. 

  356.                 const app = await get_app(thing.uid ?
    357. 

  357.                     { uid: thing.uid } : { name: thing.name });
    358. 

  358.                 if ( ! app ) {
    359. 

  359.                     item.invalid = true;
    360. 

  360.                     result.shares[item.i] =
    361. 

  361.                         // note: since we're reporting `entity_not_found`
    362. 

  362.                         // we will report the id as an entity-storage-compatible
    363. 

  363.                         // identifier.
    364. 

  364.                         APIError.create('entity_not_found', null, {
    365. 

  365.                             identifier: thing.uid
    366. 

  366.                                 ? { uid: thing.uid }
    367. 

  367.                                 : { id: { name: thing.name } }
    368. 

  368.                         });
    369. 

  369.                 }
    370. 

  370.                 
    371. 

  371.                 app.metadata = db.case({
    372. 

  372.                     mysql: () => app.metadata,
    373. 

  373.                     otherwise: () => JSON.parse(app.metadata ?? '{}')
    374. 

  374.                 })();
    375. 

  375.                 
    376. 

  376.                 item.app = app;
    377. 

  377.             }
    378. 

  378.         },
    379. 

  379.         async function add_subdomain_permissions (a) {
    380. 

  380.             const { shares_work } = a.values();
    381. 

  381.             const actor = a.get('actor');
    382. 

  382.             const db = a.iget('db');
    383. 

  383. 

  384.             for ( const item of shares_work.list() ) {
    385. 

  385.                 if ( item.type !== 'app' ) continue;
    386. 

  386.                 const [subdomain] = await db.read(
    387. 

  387.                     `SELECT * FROM subdomains WHERE associated_app_id = ? ` +
    388. 

  388.                     `AND user_id = ? LIMIT 1`,
    389. 

  389.                     [item.app.id, actor.type.user.id]
    390. 

  390.                 );
    391. 

  391.                 if ( ! subdomain ) continue;
    392. 

  392.                 
    393. 

  393.                 // The subdomain is also owned by this user, so we'll
    394. 

  394.                 // add a permission for that as well
    395. 

  395.                 
    396. 

  396.                 const site_selector = `uid#${subdomain.uuid}`;
    397. 

  397.                 item.share_intent.permissions.push(
    398. 

  398.                     PermissionUtil.join('site', site_selector, 'access')
    399. 

  399.                 )
    400. 

  400.             }
    401. 

  401.         },
    402. 

  402.         async function add_appdata_permissions (a) {
    403. 

  403.             const { result, shares_work } = a.values();
    404. 

  404.             for ( const item of shares_work.list() ) {
    405. 

  405.                 if ( item.type !== 'app' ) continue;
    406. 

  406.                 if ( ! item.app.metadata?.shared_appdata ) continue;
    407. 

  407.                 
    408. 

  408.                 const app_owner = await get_user({ id: item.app.owner_user_id });
    409. 

  409.                 
    410. 

  410.                 const appdatadir =
    411. 

  411.                     `/${app_owner.username}/AppData/${item.app.uid}`;
    412. 

  412.                 const appdatadir_perm =
    413. 

  413.                     PermissionUtil.join('fs', appdatadir, 'write');
    414. 

  414. 

  415.                 item.share_intent.permissions.push(appdatadir_perm);
    416. 

  416.             }
    417. 

  417.         },
    418. 

  418.         function apply_success_status_to_shares (a) {
    419. 

  419.             const { result, shares_work } = a.values();
    420. 

  420.             for ( const item of shares_work.list() ) {
    421. 

  421.                 result.shares[item.i] =
    422. 

  422.                     {
    423. 

  423.                         $: 'api:status-report',
    424. 

  424.                         status: 'success',
    425. 

  425.                         fields: {
    426. 

  426.                             permission: item.permission,
    427. 

  427.                         }
    428. 

  428.                     };
    429. 

  429.             }
    430. 

  430.         },
    431. 

  431.     ]),
    432. 

  432.     function abort_on_error_if_mode_is_strict (a) {
    433. 

  433.         const strict_mode = a.get('strict_mode');
    434. 

  434.         if ( ! strict_mode ) return;
    435. 

  435.         
    436. 

  436.         const result = a.get('result');
    437. 

  437.         if (
    438. 

  438.             result.recipients.some(v => v !== null) ||
    439. 

  439.             result.shares.some(v => v !== null)
    440. 

  440.         ) {
    441. 

  441.             result.serialize();
    442. 

  442.             result.status = 'aborted';
    443. 

  443.             const res = a.get('res');
    444. 

  444.             res.status(218).send(result);
    445. 

  445.             a.stop();
    446. 

  446.         }
    447. 

  447.     },
    448. 

  448.     function early_return_on_dry_run (a) {
    449. 

  449.         if ( ! a.get('req').body.dry_run ) return;
    450. 

  450.             
    451. 

  451.         const { res, result, recipients_work } = a.values();
    452. 

  452.         for ( const item of recipients_work.list() ) {
    453. 

  453.             result.recipients[item.i] =
    454. 

  454.                 { $: 'api:status-report', status: 'success' };
    455. 

  455.         }
    456. 

  456.         
    457. 

  457.         result.serialize();
    458. 

  458.         result.status = 'success';
    459. 

  459.         result.dry_run = true;
    460. 

  460.         res.send(result);
    461. 

  461.         a.stop();
    462. 

  462.     },
    463. 

  463.     async function grant_permissions_to_existing_users (a) {
    464. 

  464.         const {
    465. 

  465.             req, result, recipients_work, shares_work
    466. 

  466.         } = a.values();
    467. 

  467.         
    468. 

  468.         const svc_permission = a.iget('services').get('permission');
    469. 

  469.         const svc_notification = a.iget('services').get('notification');
    470. 

  470.         
    471. 

  471.         const actor = a.get('actor');
    472. 

  472. 

  473.         for ( const recipient_item of recipients_work.list() ) {
    474. 

  474.             if ( recipient_item.type !== 'username' ) continue;
    475. 

  475.             
    476. 

  476.             const username = recipient_item.user.username;
    477. 

  477. 

  478.             for ( const share_item of shares_work.list() ) {
    479. 

  479.                 const permissions = share_item.share_intent.permissions;
    480. 

  480.                 for ( const perm of permissions ) {
    481. 

  481.                     await svc_permission.grant_user_user_permission(
    482. 

  482.                         actor,
    483. 

  483.                         username,
    484. 

  484.                         perm,
    485. 

  485.                     );
    486. 

  486.                 }
    487. 

  487.             }
    488. 

  488.         
    489. 

  489.             const files = []; {
    490. 

  490.                 for ( const item of shares_work.list() ) {
    491. 

  491.                     if ( item.type !== 'file' ) continue;
    492. 

  492.                     files.push(
    493. 

  493.                         await item.node.getSafeEntry(),
    494. 

  494.                     );
    495. 

  495.                 }
    496. 

  496.             }
    497. 

  497. 

  498.             const apps = []; {
    499. 

  499.                 for ( const item of shares_work.list() ) {
    500. 

  500.                     if ( item.type !== 'app' ) continue;
    501. 

  501.                     // TODO: is there a general way to create a
    502. 

  502.                     //       client-safe app right now without
    503. 

  503.                     //       going through entity storage?
    504. 

  504.                     // track: manual safe object
    505. 

  505.                     apps.push(item.name
    506. 

  506.                         ? item.name : await get_app({
    507. 

  507.                             uid: item.uid,
    508. 

  508.                         }));
    509. 

  509.                 }
    510. 

  510.             }
    511. 

  511.             
    512. 

  512.             svc_notification.notify(UsernameNotifSelector(username), {
    513. 

  513.                 source: 'sharing',
    514. 

  514.                 icon: 'shared.svg',
    515. 

  515.                 title: 'Files were shared with you!',
    516. 

  516.                 template: 'file-shared-with-you',
    517. 

  517.                 fields: {
    518. 

  518.                     username: actor.type.user.username,
    519. 

  519.                     files,
    520. 

  520.                 },
    521. 

  521.                 text: `The user ${quot(req.user.username)} shared ` +
    522. 

  522.                     `${files.length} ` +
    523. 

  523.                     (files.length === 1 ? 'file' : 'files') + ' ' +
    524. 

  524.                     'with you.',
    525. 

  525.             });
    526. 

  526.             
    527. 

  527.             result.recipients[recipient_item.i] =
    528. 

  528.                 { $: 'api:status-report', status: 'success' };
    529. 

  529.         }
    530. 

  530.     },
    531. 

  531.     async function email_the_email_recipients (a) {
    532. 

  532.         const { actor, recipients_work, shares_work } = a.values();
    533. 

  533.         
    534. 

  534.         const svc_share = a.iget('services').get('share');
    535. 

  535.         const svc_token = a.iget('services').get('token');
    536. 

  536.         const svc_email = a.iget('services').get('token');
    537. 

  537.         
    538. 

  538.         for ( const recipient_item of recipients_work.list() ) {
    539. 

  539.             if ( recipient_item.type !== 'email' ) continue;
    540. 

  540.             
    541. 

  541.             const email = recipient_item.value;
    542. 

  542.             
    543. 

  543.             // data that gets stored in the `data` column of the share
    544. 

  544.             const data = {
    545. 

  545.                 $: 'internal:share',
    546. 

  546.                 $v: 'v0.0.0',
    547. 

  547.                 permissions: [],
    548. 

  548.             };
    549. 

  549.             
    550. 

  550.             for ( const share_item of shares_work.list() ) {
    551. 

  551.                 const permissions = share_item.share_intent.permissions;
    552. 

  552.                 data.permissions.push(...permissions);
    553. 

  553.             }
    554. 

  554.             
    555. 

  555.             // track: scoping iife
    556. 

  556.             const share_token = await (async () => {
    557. 

  557.                 const share_uid = await svc_share.create_share({
    558. 

  558.                     issuer: actor,
    559. 

  559.                     email,
    560. 

  560.                     data,
    561. 

  561.                 });
    562. 

  562.                 return svc_token.sign('share', {
    563. 

  563.                     $: 'token:share',
    564. 

  564.                     $v: '0.0.0',
    565. 

  565.                     uid: share_uid,
    566. 

  566.                 }, {
    567. 

  567.                     expiresIn: '14d'
    568. 

  568.                 });
    569. 

  569.             })();
    570. 

  570.             
    571. 

  571.             const email_link =
    572. 

  572.                 `${config.origin}?share_token=${share_token}`;
    573. 

  573.             
    574. 

  574.             await svc_email.send_email({ email }, 'share_by_email', {
    575. 

  575.                 link: email_link,
    576. 

  576.             });
    577. 

  577.         }
    578. 

  578.     },
    579. 

  579.     function send_result (a) {
    580. 

  580.         const { res, result } = a.values();
    581. 

  581.         result.serialize();
    582. 

  582.         res.send(result);
    583. 

  583.     }
    584. 

  584. ]);
    585.