alee/fieldwitness
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5c74a5f4aa
fieldwitness/frontends/web/blueprints/keys.py
Aaron D. Lee 51c9b0a99a Fix 14 bugs and add features from power-user security audit 
Critical fixes:
- Fix admin_delete_user missing current_user_id argument (TypeError on every delete)
- Fix self-signed cert OOM: bytes(2130706433) → IPv4Address("127.0.0.1")
- Add @login_required to attestation routes (attest, log); verify stays public
- Add auth guards to fieldkit (@admin_required on killswitch) and keys blueprints
- Fix cleanup_temp_files NameError in generate() route

Security hardening:
- Unify temp storage to ~/.soosef/temp/ so killswitch purge covers web uploads
- Replace Path.unlink() with secure deletion (shred fallback) in temp_storage
- Add structured audit log (audit.jsonl) for admin, key, and killswitch actions

New features:
- Dead man's switch background enforcement thread in serve + check-deadman CLI
- Key rotation: soosef keys rotate-identity/rotate-channel with archiving
- Batch attestation: soosef attest batch <dir> with progress and error handling
- Geofence CLI: set/check/clear commands with config persistence
- USB CLI: snapshot/check commands against device whitelist
- Verification receipt download (/verify/receipt JSON endpoint + UI button)
- IdentityInfo.created_at populated from sidecar meta.json (mtime fallback)

Data layer:
- ChainStore.get() now O(1) via byte-offset index built during state rebuild
- Add federation module (chain, models, serialization, entropy)

Includes 45+ new tests across chain, deadman, key rotation, killswitch, and
serialization modules.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 17:06:33 -04:00

81 lines
2.3 KiB
Python
Raw Blame History

"""
Key management blueprint — unified view of all key material.
"""
from flask import Blueprint, flash, redirect, render_template, request, url_for
from auth import get_username, login_required
from soosef.audit import log_action
bp = Blueprint("keys", __name__, url_prefix="/keys")
@bp.route("/")
@login_required
def index():
"""Key management dashboard."""
from soosef.keystore import KeystoreManager
ks = KeystoreManager()
return render_template("fieldkit/keys.html", keystore=ks.status())
@bp.route("/channel/generate", methods=["POST"])
@login_required
def generate_channel():
"""Generate a new channel key."""
from soosef.keystore import KeystoreManager
ks = KeystoreManager()
try:
key = ks.generate_channel_key()
log_action(
actor=get_username(),
action="key.channel.generate",
target=f"channel:{key[:8]}",
outcome="success",
source="web",
)
flash(f"Channel key generated: {key[:8]}...", "success")
except Exception as exc:
log_action(
actor=get_username(),
action="key.channel.generate",
target="channel",
outcome="failure",
source="web",
detail=str(exc),
)
flash(f"Channel key generation failed: {exc}", "error")
return redirect(url_for("keys.index"))
@bp.route("/identity/generate", methods=["POST"])
@login_required
def generate_identity():
"""Generate a new Ed25519 identity."""
from soosef.keystore import KeystoreManager
ks = KeystoreManager()
try:
info = ks.generate_identity()
log_action(
actor=get_username(),
action="key.identity.generate",
target=f"identity:{info.fingerprint[:16]}",
outcome="success",
source="web",
)
flash(f"Identity generated: {info.fingerprint[:16]}...", "success")
except Exception as exc:
log_action(
actor=get_username(),
action="key.identity.generate",
target="identity",
outcome="failure",
source="web",
detail=str(exc),
)
flash(f"Identity generation failed: {exc}", "error")
return redirect(url_for("keys.index"))
Reference in New Issue View Git Blame Copy Permalink