Release v2.1: GDPR, passkeys, session management, admin redesign

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-07 02:43:57 +03:00
parent d4f0eaa7d9
commit 0a51001791
32 changed files with 1529 additions and 193 deletions
@@ -0,0 +1,85 @@
+from datetime import datetime, timezone
+
+from flask import Blueprint, jsonify, make_response, render_template, request, session
+
+from app import db
+from app.models import Folder, Photo
+bp = Blueprint("legal", __name__, url_prefix="/legal")
+
+
+@bp.route("/privacy")
+def privacy():
+    return render_template("legal/privacy.html")
+
+
+@bp.route("/cookies")
+def cookies():
+    return render_template("legal/cookies.html")
+
+
+@bp.route("/gdpr")
+def gdpr():
+    return render_template("legal/gdpr.html")
+
+
+@bp.route("/cookie-consent", methods=["POST"])
+def cookie_consent():
+    data = request.get_json(silent=True) or {}
+    essential = bool(data.get("essential", True))
+    analytics = bool(data.get("analytics", False))
+
+    session["cookie_consent"] = {
+        "essential": essential,
+        "analytics": analytics,
+        "accepted_at": datetime.now(timezone.utc).isoformat(),
+    }
+
+    from flask_login import current_user
+
+    if current_user.is_authenticated:
+        current_user.cookie_analytics = analytics
+        if not current_user.gdpr_accepted_at:
+            current_user.gdpr_accepted_at = datetime.now(timezone.utc)
+        db.session.commit()
+
+    response = make_response(jsonify({"ok": True}))
+    response.set_cookie(
+        "photohost_consent",
+        f"1:{int(analytics)}",
+        max_age=60 * 60 * 24 * 365,
+        samesite="Lax",
+    )
+    return response
+
+
+def export_user_data(user):
+    photos = Photo.query.filter_by(user_id=user.id).all()
+    folders = Folder.query.filter_by(owner_id=user.id).all()
+    return {
+        "user": {
+            "username": user.username,
+            "email": user.email,
+            "created_at": user.created_at.isoformat(),
+            "gdpr_accepted_at": user.gdpr_accepted_at.isoformat()
+            if user.gdpr_accepted_at
+            else None,
+        },
+        "photos": [
+            {
+                "original_name": p.original_name,
+                "url": p.url,
+                "file_size": p.file_size,
+                "created_at": p.created_at.isoformat(),
+            }
+            for p in photos
+        ],
+        "folders": [
+            {
+                "name": f.name,
+                "photo_count": f.photo_count,
+                "created_at": f.created_at.isoformat(),
+            }
+            for f in folders
+        ],
+        "exported_at": datetime.now(timezone.utc).isoformat(),
+    }