feat: add emoji reaction support for files

- Implement `ReactionService` to manage file reactions in the database. - Add `POST /d/{boxID}/f/{fileID}/react` endpoint to handle user reactions. - Add `GET /emoji/{pack}/{file}` endpoint to serve custom emoji assets. - Support loading custom emoji packs dynamically from the data directory. - Update README with instructions on configuring emoji reaction packs.
2026-06-02 11:30:33 +03:00
parent 1ab5021667
commit f628b489af
13 changed files with 976 additions and 5 deletions
--- a/backend/libs/handlers/app.go
+++ b/backend/libs/handlers/app.go
@@ -16,12 +16,13 @@ type App struct {
 	uploadService   *services.UploadService
 	authService     *services.AuthService
 	settingsService *services.SettingsService
+	reactionService *services.ReactionService
 	banService      *services.BanService
 	rateLimiter     *rateLimiter
 	uploadGroups    *uploadGrouper
 }

-func NewApp(cfg config.Config, logger *slog.Logger, renderer *web.Renderer, uploadService *services.UploadService, authService *services.AuthService, settingsService *services.SettingsService, banService *services.BanService) *App {
+func NewApp(cfg config.Config, logger *slog.Logger, renderer *web.Renderer, uploadService *services.UploadService, authService *services.AuthService, settingsService *services.SettingsService, reactionService *services.ReactionService, banService *services.BanService) *App {
 	return &App{
 		cfg:             cfg,
 		logger:          logger,
@@ -29,6 +30,7 @@ func NewApp(cfg config.Config, logger *slog.Logger, renderer *web.Renderer, uplo
 		uploadService:   uploadService,
 		authService:     authService,
 		settingsService: settingsService,
+		reactionService: reactionService,
 		banService:      banService,
 		rateLimiter:     newRateLimiter(),
 		uploadGroups:    newUploadGrouper(),
@@ -121,6 +123,7 @@ func (a *App) RegisterRoutes(mux *http.ServeMux) {
 	mux.HandleFunc("GET /d/{boxID}/manage/{token}/delete", a.ManageDeleteBox)
 	mux.HandleFunc("POST /d/{boxID}/unlock", a.UnlockBox)
 	mux.HandleFunc("GET /d/{boxID}/zip", a.DownloadZip)
+	mux.HandleFunc("POST /d/{boxID}/f/{fileID}/react", a.ReactToFile)
 	mux.HandleFunc("GET /d/{boxID}/f/{fileID}", a.DownloadFile)
 	mux.HandleFunc("GET /d/{boxID}/f/{fileID}/download", a.DownloadFileContent)
 	mux.HandleFunc("GET /d/{boxID}/thumb/{fileID}", a.Thumbnail)
@@ -132,5 +135,6 @@ func (a *App) RegisterRoutes(mux *http.ServeMux) {
 	mux.HandleFunc("GET /api/v1/schemas/upload-request.json", a.UploadRequestSchema)
 	mux.HandleFunc("GET /api/v1/schemas/upload-response.json", a.UploadResponseSchema)
 	mux.HandleFunc("POST /api/v1/upload", a.Upload)
+	mux.HandleFunc("GET /emoji/{pack}/{file}", a.EmojiAsset)
 	mux.Handle("GET /static/", a.Static())
 }
--- a/backend/libs/handlers/download.go
+++ b/backend/libs/handlers/download.go
@@ -2,12 +2,15 @@ package handlers

 import (
 	"bytes"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"os"
 	"path/filepath"
+	"sort"
 	"strings"
 	"time"

@@ -26,6 +29,7 @@ type downloadPageData struct {
 	DownloadCount int
 	MaxDownloads  int
 	ExpiresLabel  string
+	EmojiTabs     []emojiTabView
 }

 type boxView struct {
@@ -41,6 +45,28 @@ type fileView struct {
 	URL          string
 	DownloadURL  string
 	ThumbnailURL string
+	ReactURL     string
+	Reactions    []reactionView
+	Reacted      bool
+}
+
+type reactionView struct {
+	EmojiID string `json:"emojiId"`
+	URL     string `json:"url"`
+	Label   string `json:"label"`
+	Count   int    `json:"count"`
+}
+
+type emojiTabView struct {
+	ID     string
+	Label  string
+	Emojis []emojiOptionView
+}
+
+type emojiOptionView struct {
+	ID    string `json:"id"`
+	URL   string `json:"url"`
+	Label string `json:"label"`
 }

 type previewPageData struct {
@@ -70,13 +96,22 @@ func (a *App) DownloadPage(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	locked := a.uploadService.IsProtected(box) && !a.isBoxUnlocked(r, box)
+	visitorID := a.reactionVisitorID(w, r)
+	reactionsByFile, reactedByFile, err := a.reactionService.SummaryForBox(box.ID, visitorID)
+	if err != nil {
+		a.logger.Warn("failed to load file reactions", withRequestLogAttrs(r, "source", "reactions", "severity", "warn", "code", 4300, "box_id", box.ID, "error", err.Error())...)
+	}

 	files := make([]fileView, 0, len(box.Files))
 	if !(locked && box.Obfuscate) {
 		for _, file := range box.Files {
-			files = append(files, a.fileView(box, file))
+			files = append(files, a.fileViewWithReactions(box, file, reactionsByFile[file.ID], reactedByFile[file.ID]))
 		}
 	}
+	emojiTabs, err := a.emojiTabs()
+	if err != nil {
+		a.logger.Warn("failed to load emoji tabs", withRequestLogAttrs(r, "source", "reactions", "severity", "warn", "code", 4301, "box_id", box.ID, "error", err.Error())...)
+	}

 	expiresLabel := boxExpiryLabel(box.ExpiresAt, "Jan 2, 2006 15:04 MST")
 	title := "Shared files on Warpbox"
@@ -99,6 +134,7 @@ func (a *App) DownloadPage(w http.ResponseWriter, r *http.Request) {
 			DownloadCount: box.DownloadCount,
 			MaxDownloads:  box.MaxDownloads,
 			ExpiresLabel:  expiresLabel,
+			EmojiTabs:     emojiTabs,
 		},
 	})
 	a.logger.Info("download page viewed", withRequestLogAttrs(r, "source", "download", "severity", "user_activity", "code", 2003, "box_id", box.ID, "locked", locked)...)
@@ -310,6 +346,10 @@ func (a *App) DownloadZip(w http.ResponseWriter, r *http.Request) {
 }

 func (a *App) fileView(box services.Box, file services.File) fileView {
+	return a.fileViewWithReactions(box, file, nil, false)
+}
+
+func (a *App) fileViewWithReactions(box services.Box, file services.File, reactions []services.ReactionSummary, reacted bool) fileView {
 	return fileView{
 		ID:           file.ID,
 		Name:         file.Name,
@@ -319,9 +359,171 @@ func (a *App) fileView(box services.Box, file services.File) fileView {
 		URL:          fmt.Sprintf("/d/%s/f/%s", box.ID, file.ID),
 		DownloadURL:  fmt.Sprintf("/d/%s/f/%s/download", box.ID, file.ID),
 		ThumbnailURL: fmt.Sprintf("/d/%s/thumb/%s", box.ID, file.ID),
+		ReactURL:     fmt.Sprintf("/d/%s/f/%s/react", box.ID, file.ID),
+		Reactions:    a.reactionViews(reactions),
+		Reacted:      reacted,
 	}
 }

+func (a *App) ReactToFile(w http.ResponseWriter, r *http.Request) {
+	box, file, ok := a.loadFileForRequest(w, r)
+	if !ok {
+		return
+	}
+	if a.uploadService.IsProtected(box) && !a.isBoxUnlocked(r, box) {
+		http.Error(w, "password required", http.StatusUnauthorized)
+		return
+	}
+
+	if err := r.ParseForm(); err != nil {
+		http.Error(w, "invalid reaction", http.StatusBadRequest)
+		return
+	}
+	emojiID := strings.TrimSpace(r.FormValue("emoji_id"))
+	if !a.validEmojiID(emojiID) {
+		http.Error(w, "unknown emoji", http.StatusBadRequest)
+		return
+	}
+
+	visitorID := a.reactionVisitorID(w, r)
+	reactions, err := a.reactionService.Add(box.ID, file.ID, visitorID, emojiID)
+	if errors.Is(err, os.ErrExist) {
+		writeJSON(w, http.StatusConflict, map[string]any{"error": "already reacted"})
+		return
+	}
+	if err != nil {
+		a.logger.Warn("file reaction failed", withRequestLogAttrs(r, "source", "reactions", "severity", "warn", "code", 4302, "box_id", box.ID, "file_id", file.ID, "error", err.Error())...)
+		http.Error(w, "could not save reaction", http.StatusInternalServerError)
+		return
+	}
+
+	a.logger.Info("file reaction added", withRequestLogAttrs(r, "source", "reactions", "severity", "user_activity", "code", 2301, "box_id", box.ID, "file_id", file.ID, "emoji_id", emojiID)...)
+	writeJSON(w, http.StatusCreated, map[string]any{
+		"reactions": a.reactionViews(reactions),
+		"reacted":   true,
+	})
+}
+
+func (a *App) reactionViews(reactions []services.ReactionSummary) []reactionView {
+	views := make([]reactionView, 0, len(reactions))
+	for _, reaction := range reactions {
+		views = append(views, reactionView{
+			EmojiID: reaction.EmojiID,
+			URL:     emojiURL(reaction.EmojiID),
+			Label:   emojiLabel(reaction.EmojiID),
+			Count:   reaction.Count,
+		})
+	}
+	return views
+}
+
+func (a *App) emojiTabs() ([]emojiTabView, error) {
+	root := a.emojiRoot()
+	entries, err := os.ReadDir(root)
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			return nil, nil
+		}
+		return nil, err
+	}
+	tabs := make([]emojiTabView, 0, len(entries))
+	for _, entry := range entries {
+		if !entry.IsDir() {
+			continue
+		}
+		tabID := entry.Name()
+		files, err := os.ReadDir(filepath.Join(root, tabID))
+		if err != nil {
+			return nil, err
+		}
+		tab := emojiTabView{ID: tabID, Label: emojiTabLabel(tabID)}
+		for _, file := range files {
+			if file.IsDir() || !isEmojiFile(file.Name()) {
+				continue
+			}
+			emojiID := tabID + "/" + file.Name()
+			tab.Emojis = append(tab.Emojis, emojiOptionView{
+				ID:    emojiID,
+				URL:   emojiURL(emojiID),
+				Label: emojiLabel(emojiID),
+			})
+		}
+		sort.Slice(tab.Emojis, func(i, j int) bool { return tab.Emojis[i].ID < tab.Emojis[j].ID })
+		if len(tab.Emojis) > 0 {
+			tabs = append(tabs, tab)
+		}
+	}
+	sort.Slice(tabs, func(i, j int) bool { return tabs[i].ID < tabs[j].ID })
+	return tabs, nil
+}
+
+func (a *App) validEmojiID(id string) bool {
+	id = strings.TrimSpace(id)
+	if id == "" || strings.Contains(id, "\\") || strings.Contains(id, "..") || strings.HasPrefix(id, "/") {
+		return false
+	}
+	parts := strings.Split(id, "/")
+	if len(parts) != 2 || parts[0] == "" || parts[1] == "" || !isEmojiFile(parts[1]) {
+		return false
+	}
+	info, err := os.Stat(filepath.Join(a.emojiRoot(), parts[0], parts[1]))
+	return err == nil && !info.IsDir()
+}
+
+func (a *App) emojiRoot() string {
+	return filepath.Join(a.cfg.DataDir, "emoji")
+}
+
+func (a *App) reactionVisitorID(w http.ResponseWriter, r *http.Request) string {
+	const cookieName = "warpbox_reactor"
+	if cookie, err := r.Cookie(cookieName); err == nil && strings.TrimSpace(cookie.Value) != "" {
+		return cookie.Value
+	}
+	visitorID := services.RandomPublicToken(32)
+	http.SetCookie(w, &http.Cookie{
+		Name:     cookieName,
+		Value:    visitorID,
+		Path:     "/",
+		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
+		Secure:   r.TLS != nil,
+		Expires:  time.Now().AddDate(1, 0, 0),
+	})
+	return visitorID
+}
+
+func isEmojiFile(name string) bool {
+	ext := strings.ToLower(filepath.Ext(name))
+	return ext == ".svg" || ext == ".webp" || ext == ".png" || ext == ".jpg" || ext == ".jpeg" || ext == ".gif"
+}
+
+func emojiTabLabel(id string) string {
+	label := strings.NewReplacer("-", " ", "_", " ").Replace(id)
+	if label == "" {
+		return "Emoji"
+	}
+	return strings.ToUpper(label[:1]) + label[1:]
+}
+
+func emojiLabel(id string) string {
+	base := strings.TrimSuffix(filepath.Base(id), filepath.Ext(id))
+	return strings.ReplaceAll(base, "-", " ")
+}
+
+func emojiURL(id string) string {
+	parts := strings.Split(id, "/")
+	if len(parts) != 2 {
+		return ""
+	}
+	return "/emoji/" + url.PathEscape(parts[0]) + "/" + url.PathEscape(parts[1])
+}
+
+func writeJSON(w http.ResponseWriter, status int, value any) {
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+	w.WriteHeader(status)
+	_ = json.NewEncoder(w).Encode(value)
+}
+
 func (a *App) isBoxUnlocked(r *http.Request, box services.Box) bool {
 	if !a.uploadService.IsProtected(box) {
 		return true
--- a/backend/libs/handlers/static.go
+++ b/backend/libs/handlers/static.go
@@ -2,6 +2,7 @@ package handlers

 import (
 	"net/http"
+	"os"
 	"path/filepath"
 	"strings"
 )
@@ -15,6 +16,24 @@ func (a *App) Static() http.Handler {
 	})
 }

+func (a *App) EmojiAsset(w http.ResponseWriter, r *http.Request) {
+	pack := strings.TrimSpace(r.PathValue("pack"))
+	file := strings.TrimSpace(r.PathValue("file"))
+	if pack == "" || file == "" || strings.Contains(pack, "/") || strings.Contains(pack, "\\") || strings.Contains(pack, "..") || strings.Contains(file, "/") || strings.Contains(file, "\\") || strings.Contains(file, "..") || !isEmojiFile(file) {
+		http.NotFound(w, r)
+		return
+	}
+
+	path := filepath.Join(a.emojiRoot(), pack, file)
+	info, err := os.Stat(path)
+	if err != nil || info.IsDir() {
+		http.NotFound(w, r)
+		return
+	}
+	setStaticCacheHeaders(w, r.URL.Path)
+	http.ServeFile(w, r, path)
+}
+
 func setStaticCacheHeaders(w http.ResponseWriter, path string) {
 	ext := strings.ToLower(filepath.Ext(path))

--- a/backend/libs/handlers/upload_stage3_test.go
+++ b/backend/libs/handlers/upload_stage3_test.go
@@ -46,6 +46,42 @@ func TestUploadJSONIncludesManageURLsAndAcceptsShareXField(t *testing.T) {
 	}
 }

+func TestFileReactionCanBeAddedOncePerVisitor(t *testing.T) {
+	app, cleanup := newTestApp(t)
+	defer cleanup()
+
+	payload := uploadThroughApp(t, app)
+	if len(payload.Files) != 1 {
+		t.Fatalf("uploaded files = %d", len(payload.Files))
+	}
+
+	request := httptest.NewRequest(http.MethodPost, "/d/"+payload.BoxID+"/f/"+payload.Files[0].ID+"/react", strings.NewReader("emoji_id=openmoji/1F600.svg"))
+	request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	request.SetPathValue("boxID", payload.BoxID)
+	request.SetPathValue("fileID", payload.Files[0].ID)
+	response := httptest.NewRecorder()
+	app.ReactToFile(response, request)
+	if response.Code != http.StatusCreated {
+		t.Fatalf("first reaction status = %d, body = %s", response.Code, response.Body.String())
+	}
+	if !strings.Contains(response.Body.String(), `"count":1`) {
+		t.Fatalf("reaction response missing count: %s", response.Body.String())
+	}
+
+	retry := httptest.NewRequest(http.MethodPost, "/d/"+payload.BoxID+"/f/"+payload.Files[0].ID+"/react", strings.NewReader("emoji_id=openmoji/1F600.svg"))
+	retry.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	retry.SetPathValue("boxID", payload.BoxID)
+	retry.SetPathValue("fileID", payload.Files[0].ID)
+	for _, cookie := range response.Result().Cookies() {
+		retry.AddCookie(cookie)
+	}
+	retryResponse := httptest.NewRecorder()
+	app.ReactToFile(retryResponse, retry)
+	if retryResponse.Code != http.StatusConflict {
+		t.Fatalf("second reaction status = %d, body = %s", retryResponse.Code, retryResponse.Body.String())
+	}
+}
+
 func TestUploadTextResponseReturnsOnlyBoxURL(t *testing.T) {
 	app, cleanup := newTestApp(t)
 	defer cleanup()
@@ -198,6 +234,14 @@ func newTestApp(t *testing.T) (*App, func()) {
 	if err != nil {
 		t.Fatalf("NewUploadService returned error: %v", err)
 	}
+	if err := os.MkdirAll(filepath.Join(cfg.DataDir, "emoji", "openmoji"), 0o755); err != nil {
+		service.Close()
+		t.Fatalf("create emoji test dir: %v", err)
+	}
+	if err := os.WriteFile(filepath.Join(cfg.DataDir, "emoji", "openmoji", "1F600.svg"), []byte(`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1 1"></svg>`), 0o644); err != nil {
+		service.Close()
+		t.Fatalf("write emoji test file: %v", err)
+	}
 	renderer, err := web.NewRenderer(cfg.TemplateDir, cfg.AppName, cfg.AppVersion, cfg.BaseURL)
 	if err != nil {
 		service.Close()
@@ -213,12 +257,17 @@ func newTestApp(t *testing.T) (*App, func()) {
 		service.Close()
 		t.Fatalf("NewSettingsService returned error: %v", err)
 	}
+	reactionService, err := services.NewReactionService(service.DB())
+	if err != nil {
+		service.Close()
+		t.Fatalf("NewReactionService returned error: %v", err)
+	}
 	banService, err := services.NewBanService(service.DB())
 	if err != nil {
 		service.Close()
 		t.Fatalf("NewBanService returned error: %v", err)
 	}
-	return NewApp(cfg, logger, renderer, service, authService, settingsService, banService), func() {
+	return NewApp(cfg, logger, renderer, service, authService, settingsService, reactionService, banService), func() {
 		if err := service.Close(); err != nil {
 			t.Fatalf("Close returned error: %v", err)
 		}