feat: add password form

tobynguyen27 · tobynguyen27 · commit 50435840cad4 · 2026-02-23T14:31:13.000+07:00
diff --git a/apps/backend/src/main/kotlin/org/tobynguyen/solitar/exception/UrlException.kt b/apps/backend/src/main/kotlin/org/tobynguyen/solitar/exception/UrlException.kt
@@ -7,3 +7,5 @@ class UrlExpiredException(override val message: String) : RuntimeException(messa
 class UrlDisabledException(override val message: String) : RuntimeException(message)
 
 class UrlShortCodeConflictedException(override val message: String) : RuntimeException(message)
+
+class UrlProtectedException(override val message: String) : RuntimeException(message)
diff --git a/apps/backend/src/main/kotlin/org/tobynguyen/solitar/exception/UrlExceptionHandler.kt b/apps/backend/src/main/kotlin/org/tobynguyen/solitar/exception/UrlExceptionHandler.kt
@@ -35,6 +35,10 @@ class UrlExceptionHandler : ResponseEntityExceptionHandler() {
         return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(problemDetail)
     }
 
+    @ExceptionHandler(UrlProtectedException::class)
+    fun onUrlProtected(e: UrlProtectedException) =
+        ProblemDetail.forStatusAndDetail(HttpStatus.UNAUTHORIZED, e.message)
+
     @ExceptionHandler(UrlNotFoundException::class)
     fun onUrlNotFound(e: UrlNotFoundException) =
         ProblemDetail.forStatusAndDetail(HttpStatus.NOT_FOUND, e.message)
diff --git a/apps/backend/src/main/kotlin/org/tobynguyen/solitar/service/UrlService.kt b/apps/backend/src/main/kotlin/org/tobynguyen/solitar/service/UrlService.kt
@@ -8,6 +8,7 @@ import org.sqids.Sqids
 import org.tobynguyen.solitar.exception.UrlDisabledException
 import org.tobynguyen.solitar.exception.UrlExpiredException
 import org.tobynguyen.solitar.exception.UrlNotFoundException
+import org.tobynguyen.solitar.exception.UrlProtectedException
 import org.tobynguyen.solitar.exception.UrlShortCodeConflictedException
 import org.tobynguyen.solitar.mapper.toResponseDto
 import org.tobynguyen.solitar.model.dto.UrlCreateDto
@@ -43,7 +44,7 @@ class UrlService(
             UrlForwardResponseDto(urlEntity.toResponseDto().originalUrl)
         } else {
             if (password == null)
-                throw UrlDisabledException("Please provide a valid password to unlock this URL.")
+                throw UrlProtectedException("Please provide a valid password to unlock this URL.")
 
             if (argon2Encoder.matches(password, urlEntity.password)) {
                 UrlForwardResponseDto(urlEntity.toResponseDto().originalUrl)
diff --git a/apps/frontend/src/app/components/SecureWarning.vue b/apps/frontend/src/app/components/SecureWarning.vue
@@ -0,0 +1,62 @@
+<script setup lang="ts">
+const { url } = defineProps<{ url: string }>();
+
+const forceHttps = () => {
+	const secureUrl = url.replace(/^http:/, "https:");
+	navigateTo(secureUrl, { external: true });
+};
+
+const acceptRisk = () => {
+	navigateTo(url, { external: true });
+};
+</script>
+
+<template>
+	<div class="flex flex-col justify-center items-center gap-5">
+		<UIcon name="i-tabler-alert-triangle" class="size-12 text-warning" />
+		<UPageCard class="max-w-lg" :reverse="false">
+			<template #title>
+				<p>Insecure Connection Warning</p>
+			</template>
+
+			<template #description>
+				<div class="flex flex-col gap-3">
+					<p>
+						The link you're about to visit does
+						<span class="font-bold">not use HTTPS</span>, which means your connection is
+						<span class="font-bold">not encrypted</span>. Your data could be intercepted
+						by third parties.
+					</p>
+					<UCard>
+						<template #header>
+							<p class="text-warning">{{ url }}</p>
+						</template>
+					</UCard>
+					<ULink
+						class="text-left"
+						to="https://www.cloudflare.com/learning/ssl/why-is-http-not-secure/"
+						:external="true"
+						target="_blank"
+						>What is HTTPS and why is it important?</ULink
+					>
+				</div>
+			</template>
+
+			<template #footer>
+				<div class="flex flex-row gap-3">
+					<UButton
+						label="Enforce HTTPS"
+						icon="i-tabler-lock"
+						@click="forceHttps"
+						class="hover:cursor-pointer" />
+					<UButton
+						label="Accept Risk & Continue"
+						variant="ghost"
+						color="error"
+						@click="acceptRisk"
+						class="hover:cursor-pointer" />
+				</div>
+			</template>
+		</UPageCard>
+	</div>
+</template>
diff --git a/apps/frontend/src/app/pages/[shortCode].vue b/apps/frontend/src/app/pages/[shortCode].vue
@@ -10,13 +10,22 @@ const shortCode = route.params.shortCode!.toString();
 const { data, error } = await useAsyncData(() => urlRepository.getLongUrl({ shortCode }));
 
 if (error.value) {
-	const e = error.value.data as { error: string; message: string };
-
-	throw createError({
-		statusCode: error.value?.status || 500,
-		statusMessage: e.error || "Internal Server Error",
-		message: e.message || "Failed to resolve short URL",
-	});
+	if (error.value.status == 401) {
+		await navigateTo({
+			path: "/unlock",
+			query: {
+				c: shortCode,
+			},
+		});
+	} else {
+		const e = error.value.data as { title: string; detail: string };
+
+		throw createError({
+			statusCode: error.value?.status || 500,
+			statusMessage: e.title || "Internal Server Error",
+			message: e.detail || "Failed to resolve short URL",
+		});
+	}
 }
 
 const originalUrl = data.value as string;
@@ -29,65 +38,10 @@ if (isSecure) {
 		redirectCode: 302,
 	});
 }
-
-const forceHttps = () => {
-	const secureUrl = originalUrl.replace(/^http:/, "https:");
-	navigateTo(secureUrl, { external: true });
-};
-
-const acceptRisk = () => {
-	navigateTo(originalUrl, { external: true });
-};
 </script>
 
 <template>
 	<div class="w-full h-screen grid place-items-center" v-if="!isSecure">
-		<div class="flex flex-col justify-center items-center gap-5">
-			<UIcon name="i-tabler-alert-triangle" class="size-12 text-warning" />
-			<UPageCard class="max-w-lg" :reverse="false">
-				<template #title>
-					<p>Insecure Connection Warning</p>
-				</template>
-
-				<template #description>
-					<div class="flex flex-col gap-3">
-						<p>
-							The link you're about to visit does
-							<span class="font-bold">not use HTTPS</span>, which means your
-							connection is <span class="font-bold">not encrypted</span>. Your data
-							could be intercepted by third parties.
-						</p>
-						<UCard>
-							<template #header>
-								<p class="text-warning">{{ originalUrl }}</p>
-							</template>
-						</UCard>
-						<ULink
-							class="text-left"
-							to="https://www.cloudflare.com/learning/ssl/why-is-http-not-secure/"
-							:external="true"
-							target="_blank"
-							>What is HTTPS and why is it important?</ULink
-						>
-					</div>
-				</template>
-
-				<template #footer>
-					<div class="flex flex-row gap-3">
-						<UButton
-							label="Enforce HTTPS"
-							icon="i-tabler-lock"
-							@click="forceHttps"
-							class="hover:cursor-pointer" />
-						<UButton
-							label="Accept Risk & Continue"
-							variant="ghost"
-							color="error"
-							@click="acceptRisk"
-							class="hover:cursor-pointer" />
-					</div>
-				</template>
-			</UPageCard>
-		</div>
+		<SecureWarning :url="originalUrl" />
 	</div>
 </template>
diff --git a/apps/frontend/src/app/pages/unlock.vue b/apps/frontend/src/app/pages/unlock.vue
@@ -0,0 +1,91 @@
+<script setup lang="ts">
+import type { FormSubmitEvent } from "@nuxt/ui";
+import { type } from "arktype";
+
+const route = useRoute();
+
+const shortCode = route.query.c!.toString();
+
+if (!shortCode) {
+	await navigateTo("/");
+}
+
+const { $api } = useNuxtApp();
+const urlRepository = repository($api);
+const toast = useToast();
+
+const schema = type({
+	password: "3 <= string <= 255",
+});
+
+type Schema = typeof schema.infer;
+
+const state = ref<Schema>({
+	password: "",
+});
+
+async function onSubmit(event: FormSubmitEvent<Schema>) {
+	event.preventDefault();
+
+	const password = event.data.password;
+
+	try {
+		const originalUrl = await urlRepository.getLongUrl({ shortCode, password });
+
+		await navigateTo(originalUrl, {
+			external: true,
+			redirectCode: 302,
+		});
+	} catch (error: any) {
+		const e = error.data as { title: string; detail: string };
+
+		toast.add({
+			title: e.title,
+			description: e.detail,
+			color: "error",
+		});
+	}
+}
+</script>
+
+<template>
+	<div class="grid place-items-center h-screen">
+		<div class="flex flex-col justify-center items-center gap-5">
+			<UIcon name="i-carbon:locked" class="size-12 text-warning" />
+			<UForm :schema="schema" :state="state" class="space-y-4" @submit="onSubmit">
+				<UPageCard class="max-w-lg" :reverse="false">
+					<template #title>
+						<p>Protected by password</p>
+					</template>
+
+					<template #description>
+						<div class="flex flex-col gap-3">
+							<p>
+								This link has been protected by a password, please enter the
+								password to unlock it
+							</p>
+							<UFormField name="password" label="Password">
+								<UInput
+									type="password"
+									v-model="state.password"
+									class="w-full"
+									size="xl" />
+							</UFormField>
+						</div>
+					</template>
+
+					<template #footer>
+						<div class="flex flex-row gap-3">
+							<UButton
+								label="Unlock"
+								icon="i-carbon:unlocked"
+								type="submit"
+								class="hover:cursor-pointer"
+								color="success" />
+						</div>
+					</template>
+				</UPageCard>
+			</UForm>
+		</div>
+	</div>
+</template>
