Skip to content

feat(public-share): harden read-only links β€” expiry, password, hard-revoke, rate-limit#258

Merged
parth0025 merged 1 commit into
stagingfrom
feat/sprint6-share-hardening
Jun 19, 2026
Merged

feat(public-share): harden read-only links β€” expiry, password, hard-revoke, rate-limit#258
parth0025 merged 1 commit into
stagingfrom
feat/sprint6-share-hardening

Conversation

@parth0025

Copy link
Copy Markdown
Collaborator

S6-02 β€” Public read-only share links: security hardening

Hardens the existing public-sharing feature to a real-world, secure baseline. All backward-compatible β€” legacy shares (16-byte tokens, no expiry/password) keep working.

Backend (Modules/PublicShares/)

  • Stronger tokens β€” new shares use 32-byte (64-hex) random tokens; the token pattern accepts both legacy 32-hex and new 64-hex.
  • Expiry β€” optional expiresAt; resolveShare returns 404 for expired links.
  • Password β€” optional bcrypt password; the public page renders a password gate (POST /share/:token unlock) and validates before showing the board. The hash is never returned (responses expose only hasPassword).
  • Hard revoke β€” DELETE /api/v2/public-shares/:id removes the share doc and its GLOBAL token-index row β†’ link dies immediately + permanently (vs the old soft enabled:false).
  • Rate-limiting β€” express-rate-limit on /share/:token (60/min) and the intake POST (10/min).

Frontend

  • PublicShareModal now offers expiry + password on create, shows a πŸ”’/expiry status row, and a Delete link (hard-revoke) button. + i18n keys.

Notes / scope

  • Tokens kept retrievable (re-displayable links are the real-world norm for read-only public shares; hashing/show-once would break "copy link anytime").
  • Sensitive-field stripping (only TaskKey/name/status/priority) and noindex were already present and retained.

Verified

  • 209 backend tests pass (added a legacy-token backward-compat test); modal + en.js compile.

πŸ€– Generated with Claude Code

…evoke, rate-limit

S6-02 hardening, all backward-compatible (legacy 16-byte/no-expiry/no-password shares keep working).

Backend: 32-byte tokens (legacy 32-hex still resolve); optional expiresAt (resolveShare 404s expired); optional bcrypt password gate on the public page (POST /share/:token unlock); hard revoke via DELETE /api/v2/public-shares/:id (removes the share + the global token-index row); express-rate-limit on /share/:token (60/min) and intake (10/min); passwordHash never returned (responses expose hasPassword).

Frontend: PublicShareModal exposes expiry + password on create, a lock/expiry status row, and a Delete-link button; + i18n keys.

Verified: 209 backend tests pass (added a legacy-token backward-compat test); SFC + en.js compile.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 19, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

βš™οΈ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 93e455ba-94a1-40bd-af89-104b2edaace1

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • πŸ” Trigger review
✨ Finishing Touches
πŸ§ͺ Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/sprint6-share-hardening

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❀️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@parth0025 parth0025 merged commit 42a80b3 into staging Jun 19, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant