chore: send shared vault owner context when creating a shared vault file valet token (#2435)

* chore: send shared vault owner context when creating a shared vault file valet token

* chore: remove unused shared vault upload bytes limit

packages/api/src/Domain/Http/HttpRequestOptions.ts

@@ -0,0 +1,4 @@
+export interface HttpRequestOptions {
+  authentication?: string
+  headers?: Record<string, string>[]
+}

packages/api/src/Domain/Http/HttpService.ts

@@ -16,6 +16,7 @@ import { Paths } from '../Server/Auth/Paths'
 import { SessionRefreshResponseBody } from '../Response/Auth/SessionRefreshResponseBody'
 import { FetchRequestHandler } from './FetchRequestHandler'
 import { RequestHandlerInterface } from './RequestHandlerInterface'
+import { HttpRequestOptions } from './HttpRequestOptions'
 
 export class HttpService implements HttpServiceInterface {
   private session?: Session | LegacySession
@@ -76,7 +77,7 @@ export class HttpService implements HttpServiceInterface {
     }
   }
 
-  async get<T>(path: string, params?: HttpRequestParams, authentication?: string): Promise<HttpResponse<T>> {
+  async get<T>(path: string, params?: HttpRequestParams, options?: HttpRequestOptions): Promise<HttpResponse<T>> {
     if (!this.host) {
       throw new Error('Attempting to make network request before host is set')
     }
@@ -85,7 +86,7 @@ export class HttpService implements HttpServiceInterface {
       url: joinPaths(this.host, path),
       params,
       verb: HttpVerb.Get,
-      authentication: authentication ?? this.getSessionAccessToken(),
+      authentication: options?.authentication ?? this.getSessionAccessToken(),
     })
   }
 
@@ -98,7 +99,7 @@ export class HttpService implements HttpServiceInterface {
     })
   }
 
-  async post<T>(path: string, params?: HttpRequestParams, authentication?: string): Promise<HttpResponse<T>> {
+  async post<T>(path: string, params?: HttpRequestParams, options?: HttpRequestOptions): Promise<HttpResponse<T>> {
     if (!this.host) {
       throw new Error('Attempting to make network request before host is set')
     }
@@ -107,34 +108,35 @@ export class HttpService implements HttpServiceInterface {
       url: joinPaths(this.host, path),
       params,
       verb: HttpVerb.Post,
-      authentication: authentication ?? this.getSessionAccessToken(),
+      authentication: options?.authentication ?? this.getSessionAccessToken(),
+      customHeaders: options?.headers,
     })
   }
 
-  async put<T>(path: string, params?: HttpRequestParams, authentication?: string): Promise<HttpResponse<T>> {
+  async put<T>(path: string, params?: HttpRequestParams, options?: HttpRequestOptions): Promise<HttpResponse<T>> {
     return this.runHttp({
       url: joinPaths(this.host, path),
       params,
       verb: HttpVerb.Put,
-      authentication: authentication ?? this.getSessionAccessToken(),
+      authentication: options?.authentication ?? this.getSessionAccessToken(),
     })
   }
 
-  async patch<T>(path: string, params: HttpRequestParams, authentication?: string): Promise<HttpResponse<T>> {
+  async patch<T>(path: string, params: HttpRequestParams, options?: HttpRequestOptions): Promise<HttpResponse<T>> {
     return this.runHttp({
       url: joinPaths(this.host, path),
       params,
       verb: HttpVerb.Patch,
-      authentication: authentication ?? this.getSessionAccessToken(),
+      authentication: options?.authentication ?? this.getSessionAccessToken(),
     })
   }
 
-  async delete<T>(path: string, params?: HttpRequestParams, authentication?: string): Promise<HttpResponse<T>> {
+  async delete<T>(path: string, params?: HttpRequestParams, options?: HttpRequestOptions): Promise<HttpResponse<T>> {
     return this.runHttp({
       url: joinPaths(this.host, path),
       params,
       verb: HttpVerb.Delete,
-      authentication: authentication ?? this.getSessionAccessToken(),
+      authentication: options?.authentication ?? this.getSessionAccessToken(),
     })
   }
 

packages/api/src/Domain/Http/HttpServiceInterface.ts

@@ -1,16 +1,18 @@
 import { LegacySession, Session } from '@standardnotes/domain-core'
 import { HttpRequest, HttpRequestParams, HttpResponse, HttpResponseMeta } from '@standardnotes/responses'
 
+import { HttpRequestOptions } from './HttpRequestOptions'
+
 export interface HttpServiceInterface {
   setHost(host: string): void
   getHost(): string
 
-  get<T>(path: string, params?: HttpRequestParams, authentication?: string): Promise<HttpResponse<T>>
+  get<T>(path: string, params?: HttpRequestParams, options?: HttpRequestOptions): Promise<HttpResponse<T>>
   getExternal<T>(url: string, params?: HttpRequestParams): Promise<HttpResponse<T>>
-  post<T>(path: string, params?: HttpRequestParams, authentication?: string): Promise<HttpResponse<T>>
+  post<T>(path: string, params?: HttpRequestParams, options?: HttpRequestOptions): Promise<HttpResponse<T>>
-  put<T>(path: string, params?: HttpRequestParams, authentication?: string): Promise<HttpResponse<T>>
+  put<T>(path: string, params?: HttpRequestParams, options?: HttpRequestOptions): Promise<HttpResponse<T>>
-  patch<T>(path: string, params: HttpRequestParams, authentication?: string): Promise<HttpResponse<T>>
+  patch<T>(path: string, params: HttpRequestParams, options?: HttpRequestOptions): Promise<HttpResponse<T>>
-  delete<T>(path: string, params?: HttpRequestParams, authentication?: string): Promise<HttpResponse<T>>
+  delete<T>(path: string, params?: HttpRequestParams, options?: HttpRequestOptions): Promise<HttpResponse<T>>
   runHttp<T>(httpRequest: HttpRequest): Promise<HttpResponse<T>>
 
   setSession(session: Session | LegacySession): void

packages/api/src/Domain/Http/index.ts

@@ -1,4 +1,5 @@
 export * from './HttpService'
 export * from './FetchRequestHandler'
+export * from './HttpRequestOptions'
 export * from './HttpServiceInterface'
 export * from './XMLHttpRequestState'

packages/api/src/Domain/Request/SharedVault/CreateSharedVaultValetTokenParams.ts

@@ -8,4 +8,5 @@ export type CreateSharedVaultValetTokenParams = {
   unencryptedFileSize?: number
   moveOperationType?: SharedVaultMoveType
   sharedVaultToSharedVaultMoveTargetUuid?: string
+  sharedVaultOwnerUuid?: string
 }

packages/api/src/Domain/Server/SharedVault/SharedVaultServer.ts

@@ -25,13 +25,23 @@ export class SharedVaultServer implements SharedVaultServerInterface {
   createSharedVaultFileValetToken(
     params: CreateSharedVaultValetTokenParams,
   ): Promise<HttpResponse<CreateSharedVaultValetTokenResponse>> {
-    return this.httpService.post(SharedVaultsPaths.createSharedVaultFileValetToken(params.sharedVaultUuid), {
+    let headers = undefined
-      file_uuid: params.fileUuid,
+    if (params.sharedVaultOwnerUuid) {
-      remote_identifier: params.remoteIdentifier,
+      headers = [{ 'x-shared-vault-owner-context': params.sharedVaultOwnerUuid }]
-      operation: params.operation,
+    }
-      unencrypted_file_size: params.unencryptedFileSize,
+    return this.httpService.post(
-      move_operation_type: params.moveOperationType,
+      SharedVaultsPaths.createSharedVaultFileValetToken(params.sharedVaultUuid),
-      shared_vault_to_shared_vault_move_target_uuid: params.sharedVaultToSharedVaultMoveTargetUuid,
+      {
-    })
+        file_uuid: params.fileUuid,
+        remote_identifier: params.remoteIdentifier,
+        operation: params.operation,
+        unencrypted_file_size: params.unencryptedFileSize,
+        move_operation_type: params.moveOperationType,
+        shared_vault_to_shared_vault_move_target_uuid: params.sharedVaultToSharedVaultMoveTargetUuid,
+      },
+      {
+        headers,
+      },
+    )
   }
 }

packages/responses/src/Domain/SharedVaults/SharedVaultServerHash.ts

@@ -2,7 +2,6 @@ export interface SharedVaultServerHash {
   uuid: string
   user_uuid: string
   file_upload_bytes_used: number
-  file_upload_bytes_limit: number
   created_at_timestamp: number
   updated_at_timestamp: number
 }

packages/services/src/Domain/Files/FileService.ts

@@ -107,6 +107,7 @@ export class FileService extends AbstractService implements FilesClientInterface
     unencryptedFileSizeForUpload?: number | undefined
     moveOperationType?: SharedVaultMoveType
     sharedVaultToSharedVaultMoveTargetUuid?: string
+    sharedVaultOwnerUuid?: string
   }): Promise<string | ClientDisplayableError> {
     if (params.operation !== ValetTokenOperation.Write && !params.fileUuidRequiredForExistingFiles) {
       throw new Error('File UUID is required for for non-write operations')
@@ -114,6 +115,7 @@ export class FileService extends AbstractService implements FilesClientInterface
 
     const valetTokenResponse = await this.sharedVault.createSharedVaultFileValetToken({
       sharedVaultUuid: params.sharedVaultUuid,
+      sharedVaultOwnerUuid: params.sharedVaultUuid,
       fileUuid: params.fileUuidRequiredForExistingFiles,
       remoteIdentifier: params.remoteIdentifier,
       operation: params.operation,
@@ -135,6 +137,7 @@ export class FileService extends AbstractService implements FilesClientInterface
   ): Promise<void | ClientDisplayableError> {
     const valetTokenResult = await this.createSharedVaultValetToken({
       sharedVaultUuid: file.shared_vault_uuid ? file.shared_vault_uuid : sharedVault.sharing.sharedVaultUuid,
+      sharedVaultOwnerUuid: sharedVault.sharing.ownerUserUuid,
       remoteIdentifier: file.remoteIdentifier,
       operation: ValetTokenOperation.Move,
       fileUuidRequiredForExistingFiles: file.uuid,
@@ -186,6 +189,7 @@ export class FileService extends AbstractService implements FilesClientInterface
       vault && vault.isSharedVaultListing()
         ? await this.createSharedVaultValetToken({
             sharedVaultUuid: vault.sharing.sharedVaultUuid,
+            sharedVaultOwnerUuid: vault.sharing.ownerUserUuid,
             remoteIdentifier,
             operation: ValetTokenOperation.Write,
             unencryptedFileSizeForUpload: sizeInBytes,

packages/services/src/Domain/SharedVaults/UseCase/SyncLocalVaultsWithRemoteSharedVaults.spec.ts

@@ -13,7 +13,6 @@ describe('SyncLocalVaultsWithRemoteSharedVaults', () => {
       uuid: '1-2-3',
       user_uuid: '2-3-4',
       file_upload_bytes_used: 123,
-      file_upload_bytes_limit: 10000000,
       created_at_timestamp: 123,
       updated_at_timestamp: 123,
     }] } })

packages/snjs/lib/Services/Api/ApiService.ts

@@ -318,7 +318,9 @@ export class LegacyApiService
   }
 
   signOut(): Promise<HttpResponse<SignOutResponse>> {
-    return this.httpService.post<SignOutResponse>(Paths.v1.signOut, undefined, this.getSessionAccessToken())
+    return this.httpService.post<SignOutResponse>(Paths.v1.signOut, undefined, {
+      authentication: this.getSessionAccessToken(),
+    })
   }
 
   async changeCredentials(parameters: {
@@ -344,7 +346,9 @@ export class LegacyApiService
       ...parameters.newKeyParams.getPortableValue(),
     })
 
-    const response = await this.httpService.put<ChangeCredentialsResponse>(path, params, this.getSessionAccessToken())
+    const response = await this.httpService.put<ChangeCredentialsResponse>(path, params, {
+      authentication: this.getSessionAccessToken(),
+    })
 
     this.changing = false
 
@@ -481,7 +485,11 @@ export class LegacyApiService
       return preprocessingError
     }
     const path = Paths.v1.sessions
-    const response = await this.httpService.get<SessionListResponse>(path, {}, this.getSessionAccessToken())
+    const response = await this.httpService.get<SessionListResponse>(
+      path,
+      {},
+      { authentication: this.getSessionAccessToken() },
+    )
 
     if (isErrorResponse(response)) {
       this.preprocessAuthenticatedErrorResponse(response)
@@ -502,7 +510,7 @@ export class LegacyApiService
     const response = await this.httpService.delete<SessionListResponse>(
       path,
       { uuid: sessionId },
-      this.getSessionAccessToken(),
+      { authentication: this.getSessionAccessToken() },
     )
 
     if (isErrorResponse(response)) {