~sircmpwn/meta.sr.ht

ref: 72548bd7545f78670878667674cc7645835a17bd meta.sr.ht/metasrht/blueprints/privacy.py -rw-r--r-- 2.0 KiB
72548bd7Drew DeVault API: Updates per core-go auth changes 1 year, 1 month ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
from flask import Blueprint, Response, render_template, request, redirect
from metasrht.audit import audit_log
from metasrht.email import send_email
from metasrht.types import User, PGPKey
from srht.config import cfg
from srht.database import db
from srht.oauth import current_user, loginrequired
from srht.validation import Validation

privacy = Blueprint('privacy', __name__)

site_key = cfg("mail", "pgp-pubkey", None)
site_key_id = cfg("mail", "pgp-key-id", None)

@privacy.route("/privacy")
@loginrequired
def privacy_GET():
    owner = {'name': cfg("sr.ht", "owner-name"),
             'email': cfg("sr.ht", "owner-email")}
    return render_template("privacy.html",
                           pgp_key_id=site_key_id, owner=owner)

@privacy.route("/privacy/pubkey")
def privacy_pubkey_GET():
    if site_key:
        with open(site_key, "r") as f:
            pubkey = f.read()
    else:
        pubkey = ''
    return Response(pubkey, mimetype="text/plain")

@privacy.route("/privacy", methods=["POST"])
@loginrequired
def privacy_POST():
    valid = Validation(request)

    key_id = valid.require("pgp-key")
    key_id = key_id if key_id != "null" else None
    key = None

    if key_id:
        key = PGPKey.query.get(int(key_id))
        valid.expect(key.user_id == current_user.id, "Invalid PGP key")

    if not valid.ok:
        return redirect("/privacy")

    user = User.query.get(current_user.id)
    user.pgp_key = key
    audit_log("changed pgp key",
            "Set default PGP key to {}".format(key.key_id if key else None))
    db.session.commit()

    return redirect("/privacy")

@privacy.route("/privacy/test-email", methods=["POST"])
@loginrequired
def privacy_testemail_POST():
    user = User.query.get(current_user.id)
    if user.pgp_key:
        send_email("test", user.email, "Test email",
                encrypt_key=user.pgp_key.key,
                site_key=site_key_id)
    else:
        send_email("test", user.email, "Test email", site_key=site_key_id)
    return redirect("/privacy")