fotohost/app/legal.py

from datetime import datetime, timezone

from flask import Blueprint, jsonify, make_response, render_template, request, session

from app import db
from app.models import Folder, Photo
bp = Blueprint("legal", __name__, url_prefix="/legal")


@bp.route("/privacy")
def privacy():
    return render_template("legal/privacy.html")


@bp.route("/cookies")
def cookies():
    return render_template("legal/cookies.html")


@bp.route("/gdpr")
def gdpr():
    return render_template("legal/gdpr.html")


@bp.route("/cookie-consent", methods=["POST"])
def cookie_consent():
    data = request.get_json(silent=True) or {}
    essential = bool(data.get("essential", True))
    analytics = bool(data.get("analytics", False))

    session["cookie_consent"] = {
        "essential": essential,
        "analytics": analytics,
        "accepted_at": datetime.now(timezone.utc).isoformat(),
    }

    from flask_login import current_user

    if current_user.is_authenticated:
        current_user.cookie_analytics = analytics
        if not current_user.gdpr_accepted_at:
            current_user.gdpr_accepted_at = datetime.now(timezone.utc)
        db.session.commit()

    response = make_response(jsonify({"ok": True}))
    response.set_cookie(
        "photohost_consent",
        f"1:{int(analytics)}",
        max_age=60 * 60 * 24 * 365,
        samesite="Lax",
    )
    return response


def export_user_data(user):
    photos = Photo.query.filter_by(user_id=user.id).all()
    folders = Folder.query.filter_by(owner_id=user.id).all()
    return {
        "user": {
            "username": user.username,
            "email": user.email,
            "created_at": user.created_at.isoformat(),
            "gdpr_accepted_at": user.gdpr_accepted_at.isoformat()
            if user.gdpr_accepted_at
            else None,
        },
        "photos": [
            {
                "original_name": p.original_name,
                "url": p.url,
                "file_size": p.file_size,
                "created_at": p.created_at.isoformat(),
            }
            for p in photos
        ],
        "folders": [
            {
                "name": f.name,
                "photo_count": f.photo_count,
                "created_at": f.created_at.isoformat(),
            }
            for f in folders
        ],
        "exported_at": datetime.now(timezone.utc).isoformat(),
    }