diff --git a/src/handlers/fileshdr/handlers.go b/src/handlers/fileshdr/handlers.go
index ee664aa..006fe40 100644
--- a/src/handlers/fileshdr/handlers.go
+++ b/src/handlers/fileshdr/handlers.go
@@ -929,7 +929,21 @@ func (h *FileHandlers) AddSharing(c *gin.Context) {
 		return
 	}
 
-	err := h.deps.FileInfos().AddSharing(req.SharingPath)
+	if req.SharingPath == "" || req.SharingPath == "/" {
+		c.JSON(q.ErrResp(c, 403, errors.New("forbidden")))
+		return
+	}
+
+	info, err := h.deps.FS().Stat(req.SharingPath)
+	if err != nil {
+		c.JSON(q.ErrResp(c, 500, err))
+		return
+	} else if !info.IsDir() {
+		c.JSON(q.ErrResp(c, 400, errors.New("can not sharing a file")))
+		return
+	}
+
+	err = h.deps.FileInfos().AddSharing(req.SharingPath)
 	if err != nil {
 		c.JSON(q.ErrResp(c, 500, err))
 		return
diff --git a/src/server/server_files_test.go b/src/server/server_files_test.go
index 8a3656b..631e640 100644
--- a/src/server/server_files_test.go
+++ b/src/server/server_files_test.go
@@ -441,6 +441,21 @@ func TestFileHandlers(t *testing.T) {
 				} else if res.StatusCode != 200 {
 					t.Fatal(res.StatusCode)
 				}
+
+				res, _, errs = cl.AddSharing(filePath)
+				if res.StatusCode != 400 {
+					t.Fatal(res.StatusCode)
+				}
+
+				res, _, errs = cl.AddSharing(filepath.Join(filePath, "not_exist"))
+				if res.StatusCode != 500 {
+					t.Fatal(res.StatusCode)
+				}
+			}
+
+			res, _, errs := cl.AddSharing("/")
+			if res.StatusCode != 403 {
+				t.Fatal(res.StatusCode)
 			}
 
 			// check listSharings
diff --git a/src/server/testdata/test_quickshare.db b/src/server/testdata/test_quickshare.db
index daa1c82..a7377bf 100644
Binary files a/src/server/testdata/test_quickshare.db and b/src/server/testdata/test_quickshare.db differ