Skip to content

Shared folders #834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tmpfs wants to merge 110 commits into
base: main
Choose a base branch
from
Open

Shared folders #834

tmpfs wants to merge 110 commits into from

Conversation

@tmpfs
Copy link
Collaborator

@tmpfs tmpfs commented Nov 29, 2025
edited
Loading

Considerations

  • Only the owner should be able to delete shared folders, other people can delete but it must just remove the join for the shared folder not the folder or it's contents on the remote server (but can delete the local content)
  • Deleting an account should delete recipients and pending folder invites
  • Test specs for write access and read-only access
  • Server-side API for creating and searching recipients and querying pending invites
  • When create_shared_folder() is called, automatically create folder invites for all other recipients.
  • Should the folder owner be notified when an invite is declined?
  • Allow the owner to remove a recipient's access to a shared folder which would remove from the join table?
  • Adding and removing recipients will require re-encrypting all the secrets in the folder which has implications for syncing (force update)!
  • Server websocket notifications to all recipients
  • Folder creation for shared folders assumes the folder is empty - how will this affect backups and importing from shared vaults???
  • Moving secrets to and from shared vaults, needs re-encryption and moving out of a shared vault should be disabled?
  • Re-invite a recipient/participant after they have decline an invite
  • Re-invite a recipient/participant after they have deleted the folder (perhaps accidentally)
  • Only allow export of shared folders to the owner account???
  • Websocket notifications for folder invites
  • Folder level operations such as rename, compaction etc must be restricted to the folder owner
  • Files with shared folders??????

Server Operations

  • Create shared folder (POST /api/v1/sharing/folder)
  • Upsert recipient information for account (PUT /api/v1/sharing/recipient)
  • Get my recipient record (GET /api/v1/sharing/recipient)
  • Search recipients using the FTS index (GET /api/v1/sharing/recipient/search)
  • Send folder invite (POST /api/v1/sharing/folder/invites)
  • Accept (or decline) folder invite (PUT /api/v1/sharing/folder/invites)
  • List my sent folder invites (GET /api/v1/sharing/folder/invites/sent)
  • List my received folder invites (GET /api/v1/sharing/folder/invites/inbox)

@tmpfs tmpfs self-assigned this Nov 29, 2025
tmpfs added 22 commits November 30, 2025 09:11
@tmpfs
Prepare stub test spec.
65e37b1
@tmpfs
Update migration.
ea3bcd0
@tmpfs
Update list_user_folders() to include shared folders.
05935b3
@tmpfs
Update SQL migration.
f5f011c
@tmpfs
Prepare FTS index for recipients.
8773c09
@tmpfs
Start sketching shared folder db entities.
38f31f7
@tmpfs
Remove indices.
e731f4a
@tmpfs
Add UNIQUE constraint.
8906f59
@tmpfs
Additional UNIQUE constraint.
20d1971
@tmpfs
Start removing doc_auto_cfg.
4749124 
Bump sos-database to check docs generation.
@tmpfs
Bump sos-vault.
aa070b8
@tmpfs
Replace doc_auto_cfg with doc_cfg, update dependencies.
9e31747 
The doc_auto_cfg docsrs attribute has been removed and usage
breaks the documentation builds on docs.rs so all usage has been removed
and replaced with doc_cfg.

This also allowed us to remove lots of build.rs files and the dependency
on rustc_version.
@tmpfs
Prepare for upsert of recipients.
ddd5e1c
@tmpfs
Panic if delete_folder() is called on a shared folder.
03071a8 
We will need to add a delete_shared_folder() function to handle the
special cases for deletion of a shared folder.
@tmpfs
Update all crates to 2024 edition.
ad291f6
@tmpfs
Fix some clippy warnings for sos-server.
3a2f682
@tmpfs
Fix clippy warnings for sos-account.
890acd8
@tmpfs
Fix clippy warnings.
c8afff3
@tmpfs
Add database entity test spec, fix SQL error.
a7e0930
@tmpfs
Improve shared folder database API.
79598a1
@tmpfs
Tweak timer for test spec.
2614d83
@tmpfs
Test updating recipient information.
6b5dda9
tmpfs added 30 commits December 5, 2025 08:46
@tmpfs
Add stub functions, move sharing types to module.
12c4f37
@tmpfs
Select folder Uuid identifier in folder invites.
6bb7d63
@tmpfs
Prepare higher level FolderInvite type.
8719905
@tmpfs
Prepare server storage to list folder invites.
6f925c7
@tmpfs
Prepare bindings to list folder invites.
2aba803
@tmpfs
Support listing folder invites.
d45576d
@tmpfs
Update signature for update_folder_invite().
23b22dd
@tmpfs
Update SQL query to join on folder identifier.
af4a0b0
@tmpfs
Prepare client code to update a folder invite.
7386790
@tmpfs
Initial logic for updating a folder invite.
7130c20
@tmpfs
Improve logic for accepting folder invites.
174854a 
Now we can pull down the folder events on the side of the participant
accepting the folder invite.
@tmpfs
Make test spec fail.
1d5d9f1 
After the folder participant has made changes to the folder the owner
syncs but is not seeing the secrets that the participant created.
@tmpfs
Prepare shared_folder_events on the server.
c5e3f9f
@tmpfs
Debugging shared folder sync problem.
fab664a
@tmpfs
Fix logic for creating shared folder event logs on the server.
1d6acc1
@tmpfs
Start work on the shared folders documenation.
1484399
@tmpfs
Update age library for patch release and update docs.
13c9d24
@tmpfs
Update tokio-rustls-acme dependency.
2424bc6
@tmpfs
Prepare bindings for recipient search.
35de439
@tmpfs
Prepare server handler for recipient search.
11a6169
@tmpfs
Update client to search for recipients.
d4e7fcd
@tmpfs
Update test spec to call search_recipients().
c99670d
@tmpfs
Update workflow trigger.
7c2b844
@tmpfs
Initial logic and test spec for deleting shared folders.
e8e033c
@tmpfs
Prepare for more information returned from shared folder deletion.
d2d538b
@tmpfs
Update test in delete_folder().
01f8c47 
So the not_authenticated test spec should continue to pass.
@tmpfs
Initial test spec for owner deletion of shared folder.
0bb0f09
@tmpfs
Ensure owner folder event log ref is removed on shared folder delete.
8b08d75
@tmpfs
Prepare participant shared folder deletion test spec, failing.
bc3ab5a
@tmpfs
Require account.row_id when deleting folders.
90d6fb2 
Fixes the issue with inadvertently deleting the shared folder when a
participant tries to delete a shared folder.

We also need to make the FolderEntity logic more robust so it always
requires an account.row_id but that will be a much bigger refactor.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@tmpfs tmpfs

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tmpfs