Skip to content

Add backend API and realtime support for document creation and sharing.#34

Merged
santhoshh-kumar merged 10 commits into
mainfrom
feat/doc-create-share
Mar 31, 2026
Merged

Add backend API and realtime support for document creation and sharing.#34
santhoshh-kumar merged 10 commits into
mainfrom
feat/doc-create-share

Conversation

@santhoshh-kumar
Copy link
Copy Markdown
Collaborator

@santhoshh-kumar santhoshh-kumar commented Mar 31, 2026
edited
Loading

This pull request implements a document management system featuring CRUD operations, soft-delete with a trash retention policy, and a collaborator-based sharing model.

  • Establishes the core persistence model for documents and collaborators. ( this is simple right now and the table don't include icon column and the frontend is not going to support adding icon for documents yet).
  • This also allows safe bulk import from local to server when a new user registers an account. On logging in, we will ask whether they want their local docs to be in their account.
  • We will only allow documents to be moved to trash and then it will be auto deleted in 30 days or else can be manually deleted or restored.
  • All listing endpoints are paginated and frontend will be having 7 documents in the sidebar and upon clicking "show all documents", they would be getting to view all the document with infinite scroll + pagination.
  • It would support complete realtime sharing and collaboration between users. The working would be similar to Google Docs. A user can be added by email to be a viewer, commenter, or editor. General access link allows anyone on the link to be anything or we can set is as "restricted" to only allow added people.
  • Public document reads will be rate-limited per ip.
  • The access level sync will be realtime updated per 5000 ms.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request implements a document management system featuring CRUD operations, soft-delete with a trash retention policy, and a collaborator-based sharing model. It introduces Document and DocumentCollaborator entities, their respective services and controllers, and a scheduled task for purging expired documents. Additionally, the realtime server is updated to enforce JWT-based authentication and access checks. Feedback focuses on eliminating redundant timestamp logic, specifically manual assignments in the service layer and database triggers that duplicate Hibernate's automatic timestamp management.

Comment thread api/src/main/java/com/nextdocs/api/document/service/DocumentSharingService.java Outdated
Comment thread api/src/main/resources/db/migration/V2__create_documents_table.sql Outdated
@santhoshh-kumar
api/document: Add document schema, entities, and repositories.
cde3460 
Establishes the core persistence model for documents and collaborators.
Adds migrations for base documents, source-local-id idempotency, trash metadata,
and sharing tables. Introduces entity and repository layers with indexes
optimized for listing, lookup, and purge flows.
@santhoshh-kumar
api/document: Add DTO contracts, pagination response, and sharing val…
9c664bb 
…idation.

Introduces request/response DTOs for document CRUD, bulk import,
collaborator management, and sharing settings. Adds a generic paged response
wrapper for consistent list endpoint payloads and cross-field validation for
general-access/link-access combinations.
@santhoshh-kumar
api/document: Wire document properties and scheduling configuration.
de402bb 
Registers document properties and scheduled execution support in application
bootstrap. Adds configurable trash retention and purge cron settings with
environment overrides for runtime flexibility.
@santhoshh-kumar
api/document: Implement DocumentService with trash purge and bulk imp…
9eb2850 
…ort.

Implements document create/list/get/update/delete, restore, and
permanent-delete flows. Adds bulk import with source-local-id upsert semantics
and retention-based trash purge handling, with service-level tests.
@santhoshh-kumar
api/document: Add DocumentController endpoints for CRUD, trash, and b…
e0f0608 
…ulk import.

Adds controller endpoints for document CRUD, public fetch, trash listing,
restore, and bulk import workflows. Uses consistent API envelopes and paged
responses, and includes controller tests for auth and primary success paths.
@santhoshh-kumar
api/document: Implement DocumentSharingService collaborator and acces…
693d043 
…s logic.

Implements collaborator add/update/remove and owner-controlled sharing
operations. Computes effective access across owner, collaborator, and
general-link permissions, with service tests for precedence and constraints.
@santhoshh-kumar
api/document: Add DocumentSharingController collaboration endpoints.
0689ac4 
Adds sharing endpoints for collaborators, sharing settings,
shared-with-me listing, and access checks. Wires validation and consistent API
envelopes, and adds controller tests for success and auth enforcement.
@santhoshh-kumar
api/security: Permit and rate-limit public document read endpoints.
91f7d32 
Updates security rules to allow controlled public document reads on the
public route. Extends rate limiting to include public reads with scoped keys
and adds filter tests for acceptance, rejection, and path edge cases.
@santhoshh-kumar
realtime/auth: Enforce token-based access checks on websocket connect.
508fa2f 
Adds websocket authentication by validating room access against the API
before connection setup. Introduces periodic access revalidation, fetch timeout
handling, and config/test updates for authenticated connection scenarios.
@santhoshh-kumar
realtime/yjs: Enforce access-level sync rules and realtime metadata f…
a6897c0 
…ields.

Adds per-connection access-level state and blocks disallowed sync/awareness
messages for restricted users. Adds access update signaling and tests for blocked
writes, allowed sync behavior, and permission upgrades.
@santhoshh-kumar santhoshh-kumar merged commit 7391bf2 into main Mar 31, 2026
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@santhoshh-kumar