benya/Messenger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

privacy/security: add PM privacy levels and improve session visibility
All checks were successful
CI / test (push) Successful in 24s
Details

Browse Source
This commit is contained in:
Alex
2026-03-08 14:26:19 +03:00
parent 528778238b
commit 76cc5e0f12
17 changed files with 229 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
app/auth/router.py
View File

@@ -23,6 +23,7 @@ from app.auth.service import (
disable_twofa,
enable_twofa,
get_current_user,
get_access_session_info,
get_email_sender,
get_request_metadata,
login_user,
@@ -37,6 +38,7 @@ from app.auth.service import (
reset_password,
setup_twofa,
verify_email,
oauth2_scheme,
)
from app.database.session import get_db
from app.email.service import EmailService
@@ -147,7 +149,10 @@ async def me(current_user: User = Depends(get_current_user)) -> AuthUserResponse
@router.get("/sessions", response_model=list[SessionRead])
async def list_sessions(current_user: User = Depends(get_current_user)) -> list[SessionRead]:
async def list_sessions(
current_user: User = Depends(get_current_user),
access_token: str = Depends(oauth2_scheme),
) -> list[SessionRead]:
sessions = await list_user_sessions(current_user.id)
out: list[SessionRead] = []
for item in sessions:
@@ -157,8 +162,23 @@ async def list_sessions(current_user: User = Depends(get_current_user)) -> list[
created_at=datetime.fromtimestamp(item.created_at, tz=timezone.utc),
ip_address=item.ip_address,
user_agent=item.user_agent,
current=False,
token_type="refresh",
)
)
access_session = get_access_session_info(access_token)
if access_session and all(item.jti != access_session[0] for item in out):
out.insert(
0,
SessionRead(
jti=access_session[0],
created_at=access_session[1],
ip_address=None,
user_agent="Current access token",
current=True,
token_type="access",
),
)
return out

5
app/auth/schemas.py
View File

@@ -1,7 +1,7 @@
from datetime import datetime
from pydantic import BaseModel, ConfigDict, EmailStr, Field
from app.users.schemas import GroupInvitePrivacyLevel, PrivacyLevel
from app.users.schemas import GroupInvitePrivacyLevel, PrivacyLevel, PrivateMessagesPrivacyLevel
class RegisterRequest(BaseModel):
@@ -60,6 +60,7 @@ class AuthUserResponse(BaseModel):
email_verified: bool
twofa_enabled: bool
allow_private_messages: bool = True
privacy_private_messages: PrivateMessagesPrivacyLevel = "everyone"
privacy_last_seen: PrivacyLevel = "everyone"
privacy_avatar: PrivacyLevel = "everyone"
privacy_group_invites: GroupInvitePrivacyLevel = "everyone"
@@ -72,6 +73,8 @@ class SessionRead(BaseModel):
created_at: datetime
ip_address: str | None = None
user_agent: str | None = None
current: bool = False
token_type: str = "refresh"
class TwoFactorSetupRead(BaseModel):

14
app/auth/service.py
View File

@@ -244,6 +244,20 @@ def get_request_metadata(request: Request) -> tuple[str | None, str | None]:
return ip_address, user_agent
def get_access_session_info(token: str) -> tuple[str, datetime] | None:
try:
payload = decode_token(token)
except ValueError:
return None
if payload.get("type") != "access":
return None
jti = payload.get("jti")
if not isinstance(jti, str) or not jti:
return None
issued_at = _token_issued_at(payload) or datetime.now(timezone.utc)
return jti, issued_at
async def setup_twofa(db: AsyncSession, user: User) -> tuple[str, str]:
if user.twofa_enabled and user.twofa_secret:
secret = user.twofa_secret

3
app/chats/service.py
View File

@@ -29,6 +29,7 @@ from app.messages.repository import (
)
from app.realtime.presence import get_users_online_map
from app.users.repository import get_user_by_id, has_block_relation_between_users, is_user_in_contacts
from app.users.service import can_user_receive_private_messages
async def _can_view_last_seen(*, db: AsyncSession, target_user, viewer_user_id: int) -> bool:
@@ -177,7 +178,7 @@ async def create_chat_for_user(db: AsyncSession, *, creator_id: int, payload: Ch
)
if payload.type == ChatType.PRIVATE:
target_user = await get_user_by_id(db, member_ids[0])
if target_user and not target_user.allow_private_messages:
if target_user and not await can_user_receive_private_messages(db, target_user=target_user, actor_user_id=creator_id):
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail="User does not accept private messages",

4
app/messages/service.py
View File

@@ -23,7 +23,7 @@ from app.messages.schemas import (
)
from app.notifications.service import dispatch_message_notifications
from app.users.repository import has_block_relation_between_users
from app.users.service import get_user_by_id
from app.users.service import can_user_receive_private_messages, get_user_by_id
async def create_chat_message(db: AsyncSession, *, sender_id: int, payload: MessageCreateRequest) -> Message:
@@ -42,7 +42,7 @@ async def create_chat_message(db: AsyncSession, *, sender_id: int, payload: Mess
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Cannot send message due to block settings")
if counterpart_id:
counterpart = await get_user_by_id(db, counterpart_id)
if counterpart and not counterpart.allow_private_messages:
if counterpart and not await can_user_receive_private_messages(db, target_user=counterpart, actor_user_id=sender_id):
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User does not accept private messages")
if payload.reply_to_message_id is not None:
reply_to = await repository.get_message_by_id(db, payload.reply_to_message_id)

1
app/users/models.py
View File

@@ -24,6 +24,7 @@ class User(Base):
bio: Mapped[str | None] = mapped_column(String(500), nullable=True)
email_verified: Mapped[bool] = mapped_column(Boolean, default=False, nullable=False, index=True)
allow_private_messages: Mapped[bool] = mapped_column(Boolean, default=True, nullable=False, server_default="true")
privacy_private_messages: Mapped[str] = mapped_column(String(16), nullable=False, default="everyone", server_default="everyone")
privacy_last_seen: Mapped[str] = mapped_column(String(16), nullable=False, default="everyone", server_default="everyone")
privacy_avatar: Mapped[str] = mapped_column(String(16), nullable=False, default="everyone", server_default="everyone")
privacy_group_invites: Mapped[str] = mapped_column(String(16), nullable=False, default="everyone", server_default="everyone")

1
app/users/router.py
View File

@@ -67,6 +67,7 @@ async def update_profile(
bio=payload.bio,
avatar_url=payload.avatar_url,
allow_private_messages=payload.allow_private_messages,
privacy_private_messages=payload.privacy_private_messages,
privacy_last_seen=payload.privacy_last_seen,
privacy_avatar=payload.privacy_avatar,
privacy_group_invites=payload.privacy_group_invites,

3
app/users/schemas.py
View File

@@ -6,6 +6,7 @@ from typing import Literal
PrivacyLevel = Literal["everyone", "contacts", "nobody"]
GroupInvitePrivacyLevel = Literal["everyone", "contacts"]
PrivateMessagesPrivacyLevel = Literal["everyone", "contacts", "nobody"]
class UserBase(BaseModel):
@@ -26,6 +27,7 @@ class UserRead(UserBase):
bio: str | None = None
email_verified: bool
allow_private_messages: bool
privacy_private_messages: PrivateMessagesPrivacyLevel = "everyone"
privacy_last_seen: PrivacyLevel = "everyone"
privacy_avatar: PrivacyLevel = "everyone"
privacy_group_invites: GroupInvitePrivacyLevel = "everyone"
@@ -40,6 +42,7 @@ class UserProfileUpdate(BaseModel):
bio: str | None = Field(default=None, max_length=500)
avatar_url: str | None = Field(default=None, max_length=512)
allow_private_messages: bool | None = None
privacy_private_messages: PrivateMessagesPrivacyLevel | None = None
privacy_last_seen: PrivacyLevel | None = None
privacy_avatar: PrivacyLevel | None = None
privacy_group_invites: GroupInvitePrivacyLevel | None = None

19
app/users/service.py
View File

@@ -42,6 +42,7 @@ async def update_user_profile(
bio: str | None = None,
avatar_url: str | None = None,
allow_private_messages: bool | None = None,
privacy_private_messages: str | None = None,
privacy_last_seen: str | None = None,
privacy_avatar: str | None = None,
privacy_group_invites: str | None = None,
@@ -56,6 +57,11 @@ async def update_user_profile(
user.avatar_url = avatar_url
if allow_private_messages is not None:
user.allow_private_messages = allow_private_messages
if privacy_private_messages is None:
user.privacy_private_messages = "everyone" if allow_private_messages else "nobody"
if privacy_private_messages is not None:
user.privacy_private_messages = privacy_private_messages
user.allow_private_messages = privacy_private_messages != "nobody"
if privacy_last_seen is not None:
user.privacy_last_seen = privacy_last_seen
if privacy_avatar is not None:
@@ -127,12 +133,25 @@ async def can_invite_user_to_groups(db: AsyncSession, *, target_user: User, acto
return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=actor_user_id)
async def can_user_receive_private_messages(db: AsyncSession, *, target_user: User, actor_user_id: int) -> bool:
if target_user.id == actor_user_id:
return True
policy = target_user.privacy_private_messages or ("everyone" if target_user.allow_private_messages else "nobody")
if policy == "everyone":
return True
if policy == "nobody":
return False
return await repository.is_user_in_contacts(db, owner_user_id=target_user.id, candidate_user_id=actor_user_id)
async def serialize_user_for_viewer(db: AsyncSession, *, target_user: User, viewer_user_id: int) -> UserRead:
payload = UserRead.model_validate(target_user).model_dump()
payload["allow_private_messages"] = bool(target_user.privacy_private_messages != "nobody")
if not await can_view_user_avatar(db, target_user=target_user, viewer_user_id=viewer_user_id):
payload["avatar_url"] = None
if target_user.id != viewer_user_id:
payload["allow_private_messages"] = True
payload["privacy_private_messages"] = "everyone"
payload["privacy_last_seen"] = "everyone"
payload["privacy_avatar"] = "everyone"
payload["privacy_group_invites"] = "everyone"