fix(files): address PR review — public CSV OOM, content cache, share FK, soft-delete filter, download anchor

Author: TheodoreSpeaks

apps/sim/app/api/files/public/[token]/content/route.ts

@@ -50,7 +50,14 @@ export const GET = withRouteHandler(
 
       logger.info('Public shared file served', { token, key: file.key, size: buffer.length })
 
-      return createFileResponse({ buffer, contentType, filename: file.originalName })
+      // Revalidate every request: a shared file can be unshared, edited, or deleted,
+      // so the fixed token URL must never serve stale bytes from a long-lived cache.
+      return createFileResponse({
+        buffer,
+        contentType,
+        filename: file.originalName,
+        cacheControl: 'private, no-cache, must-revalidate',
+      })
     } catch (error) {
       logger.error('Error serving public shared file:', error)
       if (error instanceof FileNotFoundError) {

apps/sim/app/f/[token]/public-file-view.tsx

@@ -101,7 +101,9 @@ export function PublicFileView({
             const anchor = document.createElement('a')
             anchor.href = contentUrl
             anchor.download = name
+            document.body.appendChild(anchor)
             anchor.click()
+            anchor.remove()
           }}
         >
           Download

apps/sim/app/workspace/[workspaceId]/files/components/file-viewer/file-viewer.tsx

@@ -108,6 +108,12 @@ export function FileViewer({
 
   if (category === 'text-editable') {
     if (readOnly) {
+      // ReadOnlyTextPreview loads the whole file as text; a large CSV would OOM the
+      // browser. CsvTablePreview's streamed fallback is workspace-only, so on the
+      // read-only public path a large CSV is download-only.
+      if (isCsvStreamOnly(file)) {
+        return <UnsupportedPreview file={file} />
+      }
       return <ReadOnlyTextPreview file={file} workspaceId={workspaceId} />
     }
     // A large CSV can't be loaded whole into the editor (the browser OOMs on the full text).

apps/sim/lib/public-shares/share-manager.ts

@@ -2,7 +2,7 @@ import { db } from '@sim/db'
 import { publicShare, user, workspace, workspaceFiles } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { generateId, generateShortId } from '@sim/utils/id'
-import { and, eq, inArray } from 'drizzle-orm'
+import { and, eq, inArray, isNull } from 'drizzle-orm'
 import type { z } from 'zod'
 import type { ShareRecord, shareResourceTypeSchema } from '@/lib/api/contracts/public-shares'
 import { getBaseUrl } from '@/lib/core/utils/urls'
@@ -136,13 +136,13 @@ export async function resolveActiveShareByToken(token: string): Promise<Resolved
       and(
         eq(publicShare.token, token),
         eq(publicShare.isActive, true),
-        eq(publicShare.resourceType, 'file')
+        eq(publicShare.resourceType, 'file'),
+        isNull(workspaceFiles.deletedAt)
       )
     )
     .limit(1)
 
   if (!row) return null
-  if (row.file.deletedAt) return null
 
   return {
     share: row.share,

packages/db/migrations/0242_public_share.sql

@@ -3,15 +3,15 @@ CREATE TABLE "public_share" (
 	"resource_type" text NOT NULL,
 	"resource_id" text NOT NULL,
 	"workspace_id" text NOT NULL,
-	"created_by" text NOT NULL,
+	"created_by" text,
 	"token" text NOT NULL,
 	"is_active" boolean DEFAULT true NOT NULL,
 	"created_at" timestamp DEFAULT now() NOT NULL,
 	"updated_at" timestamp DEFAULT now() NOT NULL
 );
 --> statement-breakpoint
 ALTER TABLE "public_share" ADD CONSTRAINT "public_share_workspace_id_workspace_id_fk" FOREIGN KEY ("workspace_id") REFERENCES "public"."workspace"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
-ALTER TABLE "public_share" ADD CONSTRAINT "public_share_created_by_user_id_fk" FOREIGN KEY ("created_by") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "public_share" ADD CONSTRAINT "public_share_created_by_user_id_fk" FOREIGN KEY ("created_by") REFERENCES "public"."user"("id") ON DELETE set null ON UPDATE no action;--> statement-breakpoint
 CREATE UNIQUE INDEX "public_share_token_unique" ON "public_share" USING btree ("token");--> statement-breakpoint
 CREATE UNIQUE INDEX "public_share_resource_unique" ON "public_share" USING btree ("resource_type","resource_id");--> statement-breakpoint
 CREATE INDEX "public_share_resource_id_idx" ON "public_share" USING btree ("resource_id");--> statement-breakpoint

packages/db/migrations/meta/0242_snapshot.json

@@ -1,5 +1,5 @@
 {
-  "id": "a99c0c8d-17cb-4153-8888-409e9af9c167",
+  "id": "78b8f3d4-c24c-4303-89ec-8ae29d2ea5c8",
   "prevId": "f7a9fd28-8bd2-4421-a048-a0a768fc8475",
   "version": "7",
   "dialect": "postgresql",
@@ -9990,7 +9990,7 @@
           "name": "created_by",
           "type": "text",
           "primaryKey": false,
-          "notNull": true
+          "notNull": false
         },
         "token": {
           "name": "token",
@@ -10104,7 +10104,7 @@
           "tableTo": "user",
           "columnsFrom": ["created_by"],
           "columnsTo": ["id"],
-          "onDelete": "cascade",
+          "onDelete": "set null",
           "onUpdate": "no action"
         }
       },

packages/db/migrations/meta/_journal.json

@@ -1692,7 +1692,7 @@
     {
       "idx": 242,
       "version": "7",
-      "when": 1781816705434,
+      "when": 1781818772450,
       "tag": "0242_public_share",
       "breakpoints": true
     }

packages/db/schema.ts

@@ -1403,9 +1403,9 @@ export const publicShare = pgTable(
     workspaceId: text('workspace_id')
       .notNull()
       .references(() => workspace.id, { onDelete: 'cascade' }),
-    createdBy: text('created_by')
-      .notNull()
-      .references(() => user.id, { onDelete: 'cascade' }),
+    // SET NULL (not CASCADE) so a share — and its public link — outlives the user
+    // who created it; the file still belongs to the workspace.
+    createdBy: text('created_by').references(() => user.id, { onDelete: 'set null' }),
     token: text('token').notNull(),
     isActive: boolean('is_active').notNull().default(true),
     createdAt: timestamp('created_at').notNull().defaultNow(),