Allow secrets to be encrypted for other members

TheLab-ms · Feb 8, 2024 · e0a1d99 · e0a1d99
1 parent 8444df5
commit e0a1d99
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 9 deletions.
diff --git a/internal/server/events.go b/internal/server/events.go
@@ -26,7 +26,6 @@ func (s *Server) newListEventsHandler() http.HandlerFunc {
 		var expanded []*eventPublic
 		for _, event := range events {
 			// Support a magic location string to designate members only events
-			// membersOnly := event.Metadata.Location == "TheLab (Members Only)"
 			membersOnly := strings.Contains(strings.ToLower(event.Name), "(member event)")
 
 			if event.Recurrence == nil {

diff --git a/internal/server/secrets.go b/internal/server/secrets.go
@@ -42,7 +42,7 @@ func (s *Server) newSecretIndexHandler() http.HandlerFunc {
 			return
 		}
 
-		if !isLeadership {
+		if (p.Recipient == nil && !isLeadership) || (p.Recipient != nil && *p.Recipient != userID) {
 			p.Value = "" // just in case the template somehow leaks the value
 			w.Header().Add("Content-Type", "text/html")
 			s.Templates.ExecuteTemplate(w, "secret-unauth.html", p)
@@ -65,13 +65,15 @@ func (s *Server) newSecretEncryptionHandler() http.HandlerFunc {
 			Description:     r.FormValue("desc"),
 			Value:           r.FormValue("value"),
 		}
+		if recip := r.FormValue("recip"); recip != "" {
+			p.Recipient = &recip
+		}
 		js, err := json.Marshal(p)
 		if err != nil {
 			panic(err) // unlikely
 		}
 
 		ciphertext := &bytes.Buffer{}
-
 		cmd := exec.CommandContext(r.Context(), "age", "--encrypt", "-r", s.Env.AgePublicKey)
 		cmd.Stderr = os.Stderr
 		cmd.Stdout = ciphertext
@@ -91,8 +93,9 @@ func (s *Server) newSecretEncryptionHandler() http.HandlerFunc {
 }
 
 type secretPayload struct {
-	EncryptedByUser string `json:"eb"`
-	EncryptedAt     int64  `json:"ea"` // seconds since unix epoch utc
-	Description     string `json:"d"`
-	Value           string `json:"v"`
+	EncryptedByUser string  `json:"eb"`
+	EncryptedAt     int64   `json:"ea"` // seconds since unix epoch utc
+	Description     string  `json:"d"`
+	Recipient       *string `json:"r"`
+	Value           string  `json:"v"`
 }
diff --git a/templates/secret-index.html b/templates/secret-index.html
@@ -1,5 +1,6 @@
 <p>
-    This page encrypts sensitive values like passwords such that they can only be decrypted by TheLab leadership.
+    This page encrypts sensitive values like passwords such that they can be shared with other members or leadership.
+    If no recipiant email is given the secret will be readable by leadership.
 </p>
 
 <br>
@@ -11,5 +12,8 @@
     <label for="value">Secret:</label><br>
     <textarea id="value" name="value" rows="5" cols="40"></textarea><br>
 
+    <label for="email">Recipiant Email (optional):</label><br>
+    <input type="text" id="email" name="recip" /><br><br>
+
     <input type="submit" value="Submit">
 </form>
diff --git a/templates/secret-unauth.html b/templates/secret-unauth.html
@@ -6,5 +6,5 @@
 </p>
 
 <p>
-    The value is not visible to you because you are not in TheLab leadership.
+    The value is not visible to you.
 </p>
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,5 +6,5 @@ @@
     </p>
     <p>
-        The value is not visible to you because you are not in TheLab leadership.
+        The value is not visible to you.
     </p>