hotfix public shares

LucHeart · LucHeart · commit 8f0cabc5bb39 · 2026-02-27T16:50:20.000+01:00
diff --git a/API/Controller/Shares/Links/AddShocker.cs b/API/Controller/Shares/Links/AddShocker.cs
@@ -24,7 +24,7 @@ public sealed partial class ShareLinksController
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status409Conflict, MediaTypeNames.Application.ProblemJson)] // ShockerAlreadyInPublicShare
     public async Task<IActionResult> AddShocker([FromRoute] Guid publicShareId, [FromRoute] Guid shockerId)
     {
-        var exists = await _db.PublicShares.AnyAsync(x => x.OwnerId == CurrentUser.Id && x.Id == publicShareId);
+        var exists = await _db.PublicShares.AnyAsync(x => x.OwnerId == CurrentUser.Id && x.Id == publicShareId && (x.ExpiresAt == null || x.ExpiresAt > DateTime.UtcNow));
         if (!exists) return Problem(PublicShareError.PublicShareNotFound);
 
         var ownShocker =
diff --git a/API/Controller/Shares/Links/CreatePublicShare.cs b/API/Controller/Shares/Links/CreatePublicShare.cs
@@ -1,6 +1,7 @@
 ﻿using System.Net.Mime;
 using Microsoft.AspNetCore.Mvc;
 using OpenShock.API.Models.Requests;
+using OpenShock.Common.Errors;
 using OpenShock.Common.Models;
 using OpenShock.Common.OpenShockDb;
 
@@ -17,6 +18,12 @@ public sealed partial class ShareLinksController
     [ProducesResponseType<LegacyDataResponse<Guid>>(StatusCodes.Status200OK,  MediaTypeNames.Application.Json)]
     public async Task<IActionResult> CreatePublicShare([FromBody] PublicShareCreate body)
     {
+        // Expiry date in the past is not allowed, but null (no expiry) is allowed
+        if (body.ExpiresOn <= DateTime.UtcNow)
+        {
+            return Problem(PublicShareError.PublicShareExpiryDateInPast);
+        }
+        
         var entity = new PublicShare
         {
             Id = Guid.CreateVersion7(),
diff --git a/API/Controller/Shares/Links/DeletePublicShare.cs b/API/Controller/Shares/Links/DeletePublicShare.cs
@@ -22,7 +22,7 @@ public sealed partial class ShareLinksController
     public async Task<IActionResult> DeletePublicShare([FromRoute] Guid publicShareId)
     {
         var result = await _db.PublicShares
-            .Where(x => x.Id == publicShareId)
+            .Where(x => x.Id == publicShareId && (x.ExpiresAt == null || x.ExpiresAt > DateTime.UtcNow))
             .WhereIsUserOrPrivileged(x => x.Owner, CurrentUser)
             .ExecuteDeleteAsync();
 
diff --git a/API/Controller/Shares/Links/EditShocker.cs b/API/Controller/Shares/Links/EditShocker.cs
@@ -24,7 +24,7 @@ public sealed partial class ShareLinksController
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status404NotFound, MediaTypeNames.Application.ProblemJson)] // PublicShareNotFound, ShockerNotInPublicShare
     public async Task<IActionResult> EditShocker([FromRoute] Guid publicShareId, [FromRoute] Guid shockerId, [FromBody] PublicShareEditShocker body)
     {
-        var exists = await _db.PublicShares.AnyAsync(x => x.OwnerId == CurrentUser.Id && x.Id == publicShareId);
+        var exists = await _db.PublicShares.AnyAsync(x => x.OwnerId == CurrentUser.Id && x.Id == publicShareId && (x.ExpiresAt == null || x.ExpiresAt > DateTime.UtcNow));
         if (!exists) return Problem(PublicShareError.PublicShareNotFound);
 
         var shocker =
diff --git a/API/Controller/Shares/Links/List.cs b/API/Controller/Shares/Links/List.cs
@@ -17,7 +17,7 @@ public sealed partial class ShareLinksController
     public IActionResult List()
     {
         var ownPublicShares = _db.PublicShares
-            .Where(x => x.OwnerId == CurrentUser.Id && x.ExpiresAt > DateTime.UtcNow)
+            .Where(x => x.OwnerId == CurrentUser.Id && (x.ExpiresAt == null || x.ExpiresAt > DateTime.UtcNow))
             .Select(x => OwnPublicShareResponse.GetFromEf(x))
             .AsAsyncEnumerable();
 
diff --git a/API/Controller/Shares/Links/PauseShocker.cs b/API/Controller/Shares/Links/PauseShocker.cs
@@ -26,7 +26,7 @@ public sealed partial class ShareLinksController
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status404NotFound, MediaTypeNames.Application.ProblemJson)] // PublicShareNotFound, ShockerNotInPublicShare
     public async Task<IActionResult> PauseShocker([FromRoute] Guid publicShareId, [FromRoute] Guid shockerId, [FromBody] PauseRequest body)
     {
-        var exists = await _db.PublicShares.AnyAsync(x => x.OwnerId == CurrentUser.Id && x.Id == publicShareId);
+        var exists = await _db.PublicShares.AnyAsync(x => x.OwnerId == CurrentUser.Id && x.Id == publicShareId && (x.ExpiresAt == null || x.ExpiresAt > DateTime.UtcNow));
         if (!exists) return Problem(PublicShareError.PublicShareNotFound);
 
         var shocker =
diff --git a/API/Controller/Shares/Links/RemoveShocker.cs b/API/Controller/Shares/Links/RemoveShocker.cs
@@ -24,7 +24,7 @@ public sealed partial class ShareLinksController
     public async Task<IActionResult> RemoveShocker([FromRoute] Guid publicShareId, [FromRoute] Guid shockerId)
     {
         var exists = await _db.PublicShares
-            .Where(x => x.Id == publicShareId)
+            .Where(x => x.Id == publicShareId && (x.ExpiresAt == null || x.ExpiresAt > DateTime.UtcNow))
             .WhereIsUserOrPrivileged(x => x.Owner, CurrentUser)
             .AnyAsync();
         if (!exists)
diff --git a/Common/Errors/PublicShareError.cs b/Common/Errors/PublicShareError.cs
@@ -12,4 +12,7 @@ public static class PublicShareError
     
     // Remove shocker errors
     public static OpenShockProblem ShockerNotInPublicShare => new("ShareLink.ShockerNotInShareLink", "Shocker does not exist in public share", HttpStatusCode.NotFound);
+    
+    // Create share errors
+    public static OpenShockProblem PublicShareExpiryDateInPast => new("ShareLink.ExpiryDateInPast", "Expiry date cannot be in the past", HttpStatusCode.BadRequest);
 }

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ public sealed partial class ShareLinksController`
`24`	`24`	`[ProducesResponseType<OpenShockProblem>(StatusCodes.Status409Conflict, MediaTypeNames.Application.ProblemJson)] // ShockerAlreadyInPublicShare`
`25`	`25`	`public async Task<IActionResult> AddShocker([FromRoute] Guid publicShareId, [FromRoute] Guid shockerId)`
`26`	`26`	`{`
`27`		`- var exists = await _db.PublicShares.AnyAsync(x => x.OwnerId == CurrentUser.Id && x.Id == publicShareId);`
	`27`	`+ var exists = await _db.PublicShares.AnyAsync(x => x.OwnerId == CurrentUser.Id && x.Id == publicShareId && (x.ExpiresAt == null \|\| x.ExpiresAt > DateTime.UtcNow));`
`28`	`28`	`if (!exists) return Problem(PublicShareError.PublicShareNotFound);`
`29`	`29`
`30`	`30`	`var ownShocker =`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ public sealed partial class ShareLinksController`
`22`	`22`	`public async Task<IActionResult> DeletePublicShare([FromRoute] Guid publicShareId)`
`23`	`23`	`{`
`24`	`24`	`var result = await _db.PublicShares`
`25`		`- .Where(x => x.Id == publicShareId)`
	`25`	`+ .Where(x => x.Id == publicShareId && (x.ExpiresAt == null \|\| x.ExpiresAt > DateTime.UtcNow))`
`26`	`26`	`.WhereIsUserOrPrivileged(x => x.Owner, CurrentUser)`
`27`	`27`	`.ExecuteDeleteAsync();`
`28`	`28`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ public sealed partial class ShareLinksController`
`17`	`17`	`public IActionResult List()`
`18`	`18`	`{`
`19`	`19`	`var ownPublicShares = _db.PublicShares`
`20`		`- .Where(x => x.OwnerId == CurrentUser.Id && x.ExpiresAt > DateTime.UtcNow)`
	`20`	`+ .Where(x => x.OwnerId == CurrentUser.Id && (x.ExpiresAt == null \|\| x.ExpiresAt > DateTime.UtcNow))`
`21`	`21`	`.Select(x => OwnPublicShareResponse.GetFromEf(x))`
`22`	`22`	`.AsAsyncEnumerable();`
`23`	`23`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ public sealed partial class ShareLinksController`
`26`	`26`	`[ProducesResponseType<OpenShockProblem>(StatusCodes.Status404NotFound, MediaTypeNames.Application.ProblemJson)] // PublicShareNotFound, ShockerNotInPublicShare`
`27`	`27`	`public async Task<IActionResult> PauseShocker([FromRoute] Guid publicShareId, [FromRoute] Guid shockerId, [FromBody] PauseRequest body)`
`28`	`28`	`{`
`29`		`- var exists = await _db.PublicShares.AnyAsync(x => x.OwnerId == CurrentUser.Id && x.Id == publicShareId);`
	`29`	`+ var exists = await _db.PublicShares.AnyAsync(x => x.OwnerId == CurrentUser.Id && x.Id == publicShareId && (x.ExpiresAt == null \|\| x.ExpiresAt > DateTime.UtcNow));`
`30`	`30`	`if (!exists) return Problem(PublicShareError.PublicShareNotFound);`
`31`	`31`
`32`	`32`	`var shocker =`
Original file line number	Diff line number	Diff line change
`@@ -12,4 +12,7 @@ public static class PublicShareError`
`12`	`12`
`13`	`13`	`// Remove shocker errors`
`14`	`14`	`public static OpenShockProblem ShockerNotInPublicShare => new("ShareLink.ShockerNotInShareLink", "Shocker does not exist in public share", HttpStatusCode.NotFound);`
	`15`	`+`
	`16`	`+ // Create share errors`
	`17`	`+ public static OpenShockProblem PublicShareExpiryDateInPast => new("ShareLink.ExpiryDateInPast", "Expiry date cannot be in the past", HttpStatusCode.BadRequest);`
`15`	`18`	`}`