from datetime import datetime, timezone from flask import Blueprint, jsonify, make_response, render_template, request, session from app import db from app.models import Folder, Photo bp = Blueprint("legal", __name__, url_prefix="/legal") @bp.route("/privacy") def privacy(): return render_template("legal/privacy.html") @bp.route("/cookies") def cookies(): return render_template("legal/cookies.html") @bp.route("/gdpr") def gdpr(): return render_template("legal/gdpr.html") @bp.route("/cookie-consent", methods=["POST"]) def cookie_consent(): data = request.get_json(silent=True) or {} essential = bool(data.get("essential", True)) analytics = bool(data.get("analytics", False)) session["cookie_consent"] = { "essential": essential, "analytics": analytics, "accepted_at": datetime.now(timezone.utc).isoformat(), } from flask_login import current_user if current_user.is_authenticated: current_user.cookie_analytics = analytics if not current_user.gdpr_accepted_at: current_user.gdpr_accepted_at = datetime.now(timezone.utc) db.session.commit() response = make_response(jsonify({"ok": True})) response.set_cookie( "photohost_consent", f"1:{int(analytics)}", max_age=60 * 60 * 24 * 365, samesite="Lax", ) return response def export_user_data(user): photos = Photo.query.filter_by(user_id=user.id).all() folders = Folder.query.filter_by(owner_id=user.id).all() return { "user": { "username": user.username, "email": user.email, "created_at": user.created_at.isoformat(), "gdpr_accepted_at": user.gdpr_accepted_at.isoformat() if user.gdpr_accepted_at else None, }, "photos": [ { "original_name": p.original_name, "url": p.url, "file_size": p.file_size, "created_at": p.created_at.isoformat(), } for p in photos ], "folders": [ { "name": f.name, "photo_count": f.photo_count, "created_at": f.created_at.isoformat(), } for f in folders ], "exported_at": datetime.now(timezone.utc).isoformat(), }