From 43a0c7fce4ba95b7e256cb93f8e70b56bd9604b6 Mon Sep 17 00:00:00 2001
From: kolaente <k@knt.li>
Date: Thu, 29 Aug 2019 21:18:21 +0200
Subject: [PATCH] Added setting to disable/enable link sharing

---
 config.yml.sample                |  2 ++
 docs/content/doc/setup/config.md |  2 ++
 pkg/config/config.go             | 18 ++++++++--------
 pkg/routes/routes.go             | 35 +++++++++++++++++---------------
 4 files changed, 33 insertions(+), 24 deletions(-)

diff --git a/config.yml.sample b/config.yml.sample
index 245e45f6d..722d9a78d 100644
--- a/config.yml.sample
+++ b/config.yml.sample
@@ -18,6 +18,8 @@ service:
   enablemetrics: false
   # Enable the caldav endpoint, see the docs for more details
   enablecaldav: true
+  # Enable sharing of lists via a link
+  enablelinksharing: true
 
 database:
   # Database type to use. Supported types are mysql and sqlite.
diff --git a/docs/content/doc/setup/config.md b/docs/content/doc/setup/config.md
index 1644408f8..406dca818 100644
--- a/docs/content/doc/setup/config.md
+++ b/docs/content/doc/setup/config.md
@@ -61,6 +61,8 @@ service:
   enablemetrics: false
   # Enable the caldav endpoint, see the docs for more details
   enablecaldav: true
+  # Enable sharing of lists via a link
+  enablelinksharing: true
 
 database:
   # Database type to use. Supported types are mysql and sqlite.
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 7ceb82c12..e98f3d102 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -33,14 +33,15 @@ type Key string
 
 // These constants hold all config value keys
 const (
-	ServiceJWTSecret     Key = `service.JWTSecret`
-	ServiceInterface     Key = `service.interface`
-	ServiceFrontendurl   Key = `service.frontendurl`
-	ServiceEnableCaldav  Key = `service.enablecaldav`
-	ServiceRootpath      Key = `service.rootpath`
-	ServicePageCount     Key = `service.pagecount`
-	ServiceEnableMetrics Key = `service.enablemetrics`
-	ServiceMotd          Key = `service.motd`
+	ServiceJWTSecret         Key = `service.JWTSecret`
+	ServiceInterface         Key = `service.interface`
+	ServiceFrontendurl       Key = `service.frontendurl`
+	ServiceEnableCaldav      Key = `service.enablecaldav`
+	ServiceRootpath          Key = `service.rootpath`
+	ServicePageCount         Key = `service.pagecount`
+	ServiceEnableMetrics     Key = `service.enablemetrics`
+	ServiceMotd              Key = `service.motd`
+	ServiceEnableLinkSharing Key = `service.enablelinksharing`
 
 	DatabaseType                  Key = `database.type`
 	DatabaseHost                  Key = `database.host`
@@ -146,6 +147,7 @@ func InitConfig() {
 	ServicePageCount.setDefault(50)
 	ServiceEnableMetrics.setDefault(false)
 	ServiceMotd.setDefault("")
+	ServiceEnableLinkSharing.setDefault(true)
 
 	// Database
 	DatabaseType.setDefault("sqlite")
diff --git a/pkg/routes/routes.go b/pkg/routes/routes.go
index ef82bb6b6..a72168393 100644
--- a/pkg/routes/routes.go
+++ b/pkg/routes/routes.go
@@ -69,11 +69,11 @@ func (cv *CustomValidator) Validate(i interface{}) error {
 		}
 
 		httperr := models.ValidationHTTPError{
-			web.HTTPError{
+			HTTPError: web.HTTPError{
 				Code:    models.ErrCodeInvalidData,
 				Message: "Invalid Data",
 			},
-			errs,
+			InvalidFields: errs,
 		}
 
 		return httperr
@@ -110,16 +110,15 @@ func NewEcho() *echo.Echo {
 	// Handler config
 	handler.SetAuthProvider(&web.Auths{
 		AuthObject: func(c echo.Context) (web.Auth, error) {
-			// TODO: make a switch to determine if this is a user or a link share
 			jwtinf := c.Get("user").(*jwt.Token)
 			claims := jwtinf.Claims.(jwt.MapClaims)
 			typ := int(claims["type"].(float64))
-			switch typ {
-			case apiv1.AuthTypeUser:
-				return models.GetUserFromClaims(claims)
-			case apiv1.AuthTypeLinkShare:
+			if typ == apiv1.AuthTypeLinkShare && config.ServiceEnableLinkSharing.GetBool() {
 				return models.GetLinkShareFromClaims(claims)
 			}
+			if typ == apiv1.AuthTypeUser {
+				return models.GetUserFromClaims(claims)
+			}
 			return nil, echo.NewHTTPError(http.StatusBadRequest, models.Message{Message: "Invalid JWT token."})
 		},
 	})
@@ -178,7 +177,9 @@ func registerAPIRoutes(a *echo.Group) {
 	a.GET("/info", apiv1.Info)
 
 	// Link share auth
-	a.POST("/shares/:share/auth", apiv1.AuthenticateLinkShare)
+	if config.ServiceEnableLinkSharing.GetBool() {
+		a.POST("/shares/:share/auth", apiv1.AuthenticateLinkShare)
+	}
 
 	// ===== Routes with Authetication =====
 	// Authetification
@@ -209,15 +210,17 @@ func registerAPIRoutes(a *echo.Group) {
 	a.PUT("/namespaces/:namespace/lists", listHandler.CreateWeb)
 	a.GET("/lists/:list/listusers", apiv1.ListUsersForList)
 
-	listSharingHandler := &handler.WebHandler{
-		EmptyStruct: func() handler.CObject {
-			return &models.LinkSharing{}
-		},
+	if config.ServiceEnableLinkSharing.GetBool() {
+		listSharingHandler := &handler.WebHandler{
+			EmptyStruct: func() handler.CObject {
+				return &models.LinkSharing{}
+			},
+		}
+		a.PUT("/lists/:list/shares", listSharingHandler.CreateWeb)
+		a.GET("/lists/:list/shares", listSharingHandler.ReadAllWeb)
+		a.GET("/lists/:list/shares/:share", listSharingHandler.ReadOneWeb)
+		a.DELETE("/lists/:list/shares/:share", listSharingHandler.DeleteWeb)
 	}
-	a.PUT("/lists/:list/shares", listSharingHandler.CreateWeb)
-	a.GET("/lists/:list/shares", listSharingHandler.ReadAllWeb)
-	a.GET("/lists/:list/shares/:share", listSharingHandler.ReadOneWeb)
-	a.DELETE("/lists/:list/shares/:share", listSharingHandler.DeleteWeb)
 
 	taskHandler := &handler.WebHandler{
 		EmptyStruct: func() handler.CObject {