Fix 14 bugs and add features from power-user security audit

Critical fixes: - Fix admin_delete_user missing current_user_id argument (TypeError on every delete) - Fix self-signed cert OOM: bytes(2130706433) → IPv4Address("127.0.0.1") - Add @login_required to attestation routes (attest, log); verify stays public - Add auth guards to fieldkit (@admin_required on killswitch) and keys blueprints - Fix cleanup_temp_files NameError in generate() route Security hardening: - Unify temp storage to ~/.soosef/temp/ so killswitch purge covers web uploads - Replace Path.unlink() with secure deletion (shred fallback) in temp_storage - Add structured audit log (audit.jsonl) for admin, key, and killswitch actions New features: - Dead man's switch background enforcement thread in serve + check-deadman CLI - Key rotation: soosef keys rotate-identity/rotate-channel with archiving - Batch attestation: soosef attest batch <dir> with progress and error handling - Geofence CLI: set/check/clear commands with config persistence - USB CLI: snapshot/check commands against device whitelist - Verification receipt download (/verify/receipt JSON endpoint + UI button) - IdentityInfo.created_at populated from sidecar meta.json (mtime fallback) Data layer: - ChainStore.get() now O(1) via byte-offset index built during state rebuild - Add federation module (chain, models, serialization, entropy) Includes 45+ new tests across chain, deadman, key rotation, killswitch, and serialization modules. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 17:06:33 -04:00
parent fb2e036e66
commit 51c9b0a99a
28 changed files with 3749 additions and 168 deletions
--- a/frontends/web/templates/attest/verify_result.html
+++ b/frontends/web/templates/attest/verify_result.html
@@ -95,12 +95,35 @@
        </div>
        {% endfor %}

+        {% if found %}
+        <div class="card bg-dark border-secondary mt-4">
+            <div class="card-header">
+                <h6 class="mb-0">Download Verification Receipt</h6>
+            </div>
+            <div class="card-body">
+                <p class="text-muted small mb-3">
+                    Generate a signed JSON receipt for legal or archival use.
+                    Re-upload the same image to produce the downloadable file.
+                </p>
+                <form action="/verify/receipt" method="post" enctype="multipart/form-data">
+                    <div class="mb-3">
+                        <input class="form-control form-control-sm bg-dark text-light border-secondary"
+                               type="file" name="image" accept="image/*" required>
+                    </div>
+                    <button type="submit" class="btn btn-outline-warning btn-sm">
+                        Download Receipt (.json)
+                    </button>
+                </form>
+            </div>
+        </div>
+        {% endif %}
+
        <div class="d-grid gap-2 mt-4">
            <a href="/verify" class="btn btn-outline-info">
-                <i class="bi bi-search me-2"></i>Verify Another Image
+                Verify Another Image
            </a>
            <a href="/attest/log" class="btn btn-outline-secondary">
-                <i class="bi bi-journal-text me-2"></i>View Attestation Log
+                View Attestation Log
            </a>
        </div>
    </div>