phase 14

backend/app/boards/schemas.py

@@ -106,3 +106,49 @@ class GroupResponse(BaseModel):
     member_count: int = Field(default=0, description="Number of images in group")
     created_at: datetime
     updated_at: datetime
+
+
+class ShareLinkCreate(BaseModel):
+    """Schema for creating a new share link."""
+
+    permission_level: str = Field(..., pattern=r"^(view-only|view-comment)$", description="Permission level")
+    expires_at: datetime | None = Field(None, description="Optional expiration datetime")
+
+
+class ShareLinkResponse(BaseModel):
+    """Response schema for share link."""
+
+    model_config = ConfigDict(from_attributes=True)
+
+    id: UUID
+    board_id: UUID
+    token: str
+    permission_level: str
+    created_at: datetime
+    expires_at: datetime | None = None
+    last_accessed_at: datetime | None = None
+    access_count: int = 0
+    is_revoked: bool = False
+
+
+class CommentCreate(BaseModel):
+    """Schema for creating a new comment."""
+
+    author_name: str = Field(..., min_length=1, max_length=100, description="Commenter name")
+    content: str = Field(..., min_length=1, max_length=5000, description="Comment text")
+    position: dict | None = Field(None, description="Optional canvas position {x, y}")
+
+
+class CommentResponse(BaseModel):
+    """Response schema for comment."""
+
+    model_config = ConfigDict(from_attributes=True)
+
+    id: UUID
+    board_id: UUID
+    share_link_id: UUID | None = None
+    author_name: str
+    content: str
+    position: dict | None = None
+    created_at: datetime
+    is_deleted: bool = False

backend/app/boards/sharing.py

@@ -0,0 +1,84 @@
+"""Board sharing functionality."""
+
+import secrets
+import string
+from datetime import datetime
+
+from sqlalchemy.orm import Session
+
+from app.database.models.share_link import ShareLink
+
+
+def generate_secure_token(length: int = 64) -> str:
+    """
+    Generate a cryptographically secure random token for share links.
+
+    Args:
+        length: Length of the token (default 64 characters)
+
+    Returns:
+        URL-safe random string
+    """
+    # Use URL-safe characters (alphanumeric + - and _)
+    alphabet = string.ascii_letters + string.digits + "-_"
+    return "".join(secrets.choice(alphabet) for _ in range(length))
+
+
+def validate_share_link_token(token: str, db: Session) -> ShareLink | None:
+    """
+    Validate a share link token and return the share link if valid.
+
+    A share link is valid if:
+    - Token exists
+    - Not revoked
+    - Not expired (if expires_at is set)
+
+    Args:
+        token: The share link token
+        db: Database session
+
+    Returns:
+        ShareLink if valid, None otherwise
+    """
+    share_link = (
+        db.query(ShareLink)
+        .filter(
+            ShareLink.token == token,
+            ShareLink.is_revoked == False,  # noqa: E712
+        )
+        .first()
+    )
+
+    if share_link is None:
+        return None
+
+    # Check expiration
+    if share_link.expires_at and share_link.expires_at < datetime.utcnow():
+        return None
+
+    # Update access tracking
+    share_link.access_count += 1
+    share_link.last_accessed_at = datetime.utcnow()
+    db.commit()
+
+    return share_link
+
+
+def check_permission(share_link: ShareLink, required_permission: str) -> bool:
+    """
+    Check if a share link has the required permission level.
+
+    Args:
+        share_link: The share link to check
+        required_permission: Required permission level ('view-only' or 'view-comment')
+
+    Returns:
+        True if permission granted, False otherwise
+    """
+    if required_permission == "view-only":
+        # Both view-only and view-comment can view
+        return share_link.permission_level in ("view-only", "view-comment")
+    elif required_permission == "view-comment":
+        # Only view-comment can comment
+        return share_link.permission_level == "view-comment"
+    return False