share api

src/Api/Controllers/SharesController.cs

@@ -0,0 +1,66 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Mvc;
+using Bit.Core.Repositories;
+using Microsoft.AspNetCore.Authorization;
+using Bit.Api.Models;
+using Bit.Core.Exceptions;
+using Bit.Core.Services;
+
+namespace Bit.Api.Controllers
+{
+    [Route("shares")]
+    [Authorize("Application")]
+    public class SharesController : Controller
+    {
+        private readonly IShareRepository _shareRepository;
+        private readonly IUserService _userService;
+
+        public SharesController(
+            IShareRepository shareRepository,
+            IUserService userService)
+        {
+            _shareRepository = shareRepository;
+            _userService = userService;
+        }
+
+        [HttpGet("{id}")]
+        public async Task<ShareResponseModel> Get(string id)
+        {
+            var userId = _userService.GetProperUserId(User).Value;
+            var share = await _shareRepository.GetByIdAsync(new Guid(id), userId);
+            if(share == null)
+            {
+                throw new NotFoundException();
+            }
+
+            return new ShareResponseModel(share);
+        }
+
+        [HttpPost("")]
+        public async Task<ShareResponseModel> Post([FromBody]ShareRequestModel model)
+        {
+            var share = model.ToShare(_userService.GetProperUserId(User).Value);
+            await _shareRepository.CreateAsync(share);
+
+            var response = new ShareResponseModel(share);
+            return response;
+        }
+
+        [HttpDelete("{id}")]
+        [HttpPost("{id}/delete")]
+        public async Task Delete(string id)
+        {
+            var share = await _shareRepository.GetByIdAsync(new Guid(id), _userService.GetProperUserId(User).Value);
+            if(share == null)
+            {
+                throw new NotFoundException();
+            }
+
+            // TODO: permission checks
+
+            await _shareRepository.DeleteAsync(share);
+        }
+    }
+}

src/Api/Models/Request/ShareRequestModel.cs

@@ -0,0 +1,35 @@
+using System;
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.Domains;
+using Newtonsoft.Json;
+
+namespace Bit.Api.Models
+{
+    public class ShareRequestModel
+    {
+        [Required]
+        [StringLength(36)]
+        public string UserId { get; set; }
+        [Required]
+        [StringLength(36)]
+        public string CipherId { get; set; }
+        public string Key { get; set; }
+
+        public Share ToShare(Guid sharerUserId)
+        {
+            return ToShare(new Share
+            {
+                SharerUserId = sharerUserId
+            });
+        }
+
+        public Share ToShare(Share existingShare)
+        {
+            existingShare.UserId = new Guid(UserId);
+            existingShare.CipherId = new Guid(CipherId);
+            existingShare.Key = Key;
+
+            return existingShare;
+        }
+    }
+}

src/Api/Models/Response/ShareResponseModel.cs

@@ -0,0 +1,36 @@
+using System;
+using Bit.Core.Domains;
+using System.Collections.Generic;
+using Newtonsoft.Json;
+
+namespace Bit.Api.Models
+{
+    public class ShareResponseModel : ResponseModel
+    {
+        public ShareResponseModel(Share share)
+            : base("share")
+        {
+            if(share == null)
+            {
+                throw new ArgumentNullException(nameof(share));
+            }
+
+            Id = share.Id.ToString();
+            UserId = share.UserId.ToString();
+            SharerUserId = share.SharerUserId.ToString();
+            CipherId = share.CipherId.ToString();
+            Key = Key;
+            Permissions = share.Permissions == null ? null :
+                JsonConvert.DeserializeObject<IEnumerable<Core.Enums.SharePermissionType>>(share.Permissions);
+            Status = share.Status;
+        }
+
+        public string Id { get; set; }
+        public string UserId { get; set; }
+        public string SharerUserId { get; set; }
+        public string CipherId { get; set; }
+        public string Key { get; set; }
+        public IEnumerable<Core.Enums.SharePermissionType> Permissions { get; set; }
+        public Core.Enums.ShareStatusType? Status { get; set; }
+    }
+}

src/Core/Domains/Share.cs

@@ -7,6 +7,7 @@ namespace Bit.Core.Domains
     {
         public Guid Id { get; set; }
         public Guid UserId { get; set; }
+        public Guid SharerUserId { get; set; }
         public Guid CipherId { get; set; }
         public string Key { get; set; }
         public string Permissions { get; set; }

src/Core/Repositories/IShareRepository.cs

@@ -1,9 +1,11 @@
 using System;
 using Bit.Core.Domains;
+using System.Threading.Tasks;
 
 namespace Bit.Core.Repositories
 {
     public interface IShareRepository : IRepository<Share, Guid>
     {
+        Task<Share> GetByIdAsync(Guid id, Guid userId);
     }
 }

src/Core/Repositories/SqlServer/ShareRepository.cs

@@ -1,5 +1,6 @@
 using System;
 using Bit.Core.Domains;
+using System.Threading.Tasks;
 
 namespace Bit.Core.Repositories.SqlServer
 {
@@ -12,5 +13,16 @@ namespace Bit.Core.Repositories.SqlServer
         public ShareRepository(string connectionString)
             : base(connectionString)
         { }
+
+        public async Task<Share> GetByIdAsync(Guid id, Guid userId)
+        {
+            var share = await GetByIdAsync(id);
+            if(share == null || (share.UserId != userId && share.SharerUserId != userId))
+            {
+                return null;
+            }
+
+            return share;
+        }
     }
 }

src/Sql/dbo/Stored Procedures/Share_Create.sql

@@ -1,6 +1,7 @@
 CREATE PROCEDURE [dbo].[Share_Create]
     @Id UNIQUEIDENTIFIER,
     @UserId UNIQUEIDENTIFIER,
+    @SharerUserId UNIQUEIDENTIFIER,
     @CipherId UNIQUEIDENTIFIER,
     @Key NVARCHAR(MAX),
     @Permissions NVARCHAR(MAX),
@@ -15,6 +16,7 @@ BEGIN
     (
         [Id],
         [UserId],
+        [SharerUserId],
         [CipherId],
         [Key],
         [Permissions],
@@ -26,6 +28,7 @@ BEGIN
     (
         @Id,
         @UserId,
+        @SharerUserId,
         @CipherId,
         @Key,
         @Permissions,

src/Sql/dbo/Stored Procedures/Share_Update.sql

@@ -1,6 +1,7 @@
 CREATE PROCEDURE [dbo].[Share_Update]
     @Id UNIQUEIDENTIFIER,
     @UserId UNIQUEIDENTIFIER,
+    @SharerUserId UNIQUEIDENTIFIER,
     @CipherId UNIQUEIDENTIFIER,
     @Key NVARCHAR(MAX),
     @Permissions NVARCHAR(MAX),
@@ -15,6 +16,7 @@ BEGIN
         [dbo].[Share]
     SET
         [UserId] = @UserId,
+        [SharerUserId] = @SharerUserId,
         [CipherId] = @CipherId,
         [Key] = @Key,
         [Permissions] = @Permissions,

src/Sql/dbo/Tables/Share.sql

@@ -1,6 +1,7 @@
 CREATE TABLE [dbo].[Share] (
     [Id]           UNIQUEIDENTIFIER NOT NULL,
     [UserId]       UNIQUEIDENTIFIER NOT NULL,
+    [SharerUserId] UNIQUEIDENTIFIER NOT NULL,
     [CipherId]     UNIQUEIDENTIFIER NOT NULL,
     [Key]          VARCHAR (MAX)    NULL,
     [Permissions]  VARCHAR (MAX)    NULL,
@@ -9,7 +10,8 @@
     [RevisionDate] DATETIME2 (7)    NOT NULL,
     CONSTRAINT [PK_Share] PRIMARY KEY CLUSTERED ([Id] ASC),
     CONSTRAINT [FK_Share_Cipher] FOREIGN KEY ([CipherId]) REFERENCES [dbo].[Cipher] ([Id]),
-    CONSTRAINT [FK_Share_User] FOREIGN KEY ([UserId]) REFERENCES [dbo].[User] ([Id])
+    CONSTRAINT [FK_Share_User] FOREIGN KEY ([UserId]) REFERENCES [dbo].[User] ([Id]),
+    CONSTRAINT [FK_Share_SharerUser] FOREIGN KEY ([SharerUserId]) REFERENCES [dbo].[User] ([Id])
 );