Add DELETE /share-links endpoint

Liam Lloyd-Tucker · Liam Lloyd-Tucker · commit b64cb1761e2b · 2025-03-05T11:29:24.000-08:00
Users should be able to delete a share link. This commit ends an
endpoint that does so.
diff --git a/packages/api/src/share_link/controller.test.ts b/packages/api/src/share_link/controller.test.ts
@@ -593,6 +593,7 @@ describe("GET /share-links", () => {
   });
 
   afterEach(async () => {
+    jest.restoreAllMocks();
     await clearDatabase();
   });
 
@@ -697,3 +698,94 @@ describe("GET /share-links", () => {
     await agent.get("/api/v2/share-links?shareLinkIds[]=1000").expect(500);
   });
 });
+
+describe("DELETE /share-links", () => {
+  const agent = request(app);
+
+  beforeEach(async () => {
+    (verifyUserAuthentication as jest.Mock).mockImplementation(
+      (req: Request, _, next: NextFunction) => {
+        (
+          req.body as {
+            emailFromAuthToken: string;
+            userSubjectFromAuthToken: string;
+          }
+        ).emailFromAuthToken = "test@permanent.org";
+        (
+          req.body as {
+            emailFromAuthToken: string;
+            userSubjectFromAuthToken: string;
+          }
+        ).userSubjectFromAuthToken = "ceca5477-3f9c-4d0a-a7b8-04d5e5adac32";
+        next();
+      }
+    );
+
+    await loadFixtures();
+  });
+
+  afterEach(async () => {
+    await clearDatabase();
+  });
+
+  test("should return 204 for a valid request", async () => {
+    await agent.delete("/api/v2/share-links/1000").expect(204);
+  });
+
+  test("should return 401 if the caller is unauthenticated", async () => {
+    (verifyUserAuthentication as jest.Mock).mockImplementation(
+      (__: Request, _, next: NextFunction) => {
+        next(new createError.Unauthorized("Invalid token"));
+      }
+    );
+    await agent.delete("/api/v2/share-links/1000").expect(401);
+  });
+
+  test("should return 400 if header values are missing", async () => {
+    (verifyUserAuthentication as jest.Mock).mockImplementation(
+      (__: Request, _, next: NextFunction) => {
+        next();
+      }
+    );
+    await agent.delete("/api/v2/share-links/1000").expect(400);
+  });
+
+  test("should delete the share link", async () => {
+    await agent.delete("/api/v2/share-links/1000").expect(204);
+    const shareLinks = await agent
+      .get("/api/v2/share-links?shareLinkIds[]=1000")
+      .expect(200);
+    expect((shareLinks.body as { items: ShareLink[] }).items.length).toEqual(0);
+  });
+
+  test("should return 404 if the share link doesn't exist", async () => {
+    await agent.delete("/api/v2/share-links/1000").expect(204);
+    await agent.delete("/api/v2/share-links/1000").expect(404);
+  });
+
+  test("should return 404 if the caller doesn't have access to the share link", async () => {
+    (verifyUserAuthentication as jest.Mock).mockImplementation(
+      (req: Request, _, next: NextFunction) => {
+        (
+          req.body as {
+            emailFromAuthToken: string;
+            userSubjectFromAuthToken: string;
+          }
+        ).emailFromAuthToken = "test+1@permanent.org";
+        (
+          req.body as {
+            emailFromAuthToken: string;
+            userSubjectFromAuthToken: string;
+          }
+        ).userSubjectFromAuthToken = "ceca5477-3f9c-4d0a-a7b8-04d5e5adac32";
+        next();
+      }
+    );
+    await agent.delete("/api/v2/share-links/1000").expect(404);
+  });
+
+  test("should return 500 if the database call fails", async () => {
+    jest.spyOn(db, "sql").mockRejectedValue(new Error("Test error"));
+    await agent.delete("/api/v2/share-links/1000").expect(500);
+  });
+});
diff --git a/packages/api/src/share_link/controller.ts b/packages/api/src/share_link/controller.ts
@@ -73,3 +73,24 @@ shareLinkController.get(
     }
   }
 );
+
+shareLinkController.delete(
+  "/:shareLinkId",
+  verifyUserAuthentication,
+  async (req: Request, res: Response, next: NextFunction) => {
+    try {
+      validateBodyFromAuthentication(req.body);
+      await shareLinkService.deleteShareLink(
+        req.body.emailFromAuthToken,
+        req.params["shareLinkId"] ?? ""
+      );
+      res.sendStatus(204);
+    } catch (err) {
+      if (isValidationError(err)) {
+        res.status(400).json({ error: err });
+        return;
+      }
+      next(err);
+    }
+  }
+);
diff --git a/packages/api/src/share_link/queries/delete_share_link.sql b/packages/api/src/share_link/queries/delete_share_link.sql
@@ -0,0 +1,9 @@
+DELETE FROM
+shareby_url
+USING
+  account
+WHERE
+  account.accountid = shareby_url.byaccountid
+  AND account.primaryemail = :email
+  AND shareby_urlid = :shareLinkId
+RETURNING shareby_urlid AS "id";
diff --git a/packages/api/src/share_link/service.ts b/packages/api/src/share_link/service.ts
@@ -185,8 +185,26 @@ const getShareLinks = async (
   return shareLinks.rows;
 };
 
+const deleteShareLink = async (
+  email: string,
+  shareLinkId: string
+): Promise<void> => {
+  const response = await db
+    .sql<{ id: string }>("share_link.queries.delete_share_link", {
+      email,
+      shareLinkId,
+    })
+    .catch((err) => {
+      logger.error(err);
+      throw new Error("Failed to delete share link");
+    });
+  if (response.rows.length === 0)
+    throw new createError.NotFound("Share link not found");
+};
+
 export const shareLinkService = {
   createShareLink,
   updateShareLink,
   getShareLinks,
+  deleteShareLink,
 };
