scidsg · micahflee · Sep 6, 2024 · Aug 28, 2024 · Aug 29, 2024 · Aug 29, 2024
diff --git a/hushline/model.py b/hushline/model.py
@@ -61,6 +61,10 @@ class User(Model):
     extra_field_value3: Mapped[Optional[str]]
     extra_field_label4: Mapped[Optional[str]]
     extra_field_value4: Mapped[Optional[str]]
+    extra_field_verified1 = db.Column(db.Boolean, default=False)
+    extra_field_verified2 = db.Column(db.Boolean, default=False)
+    extra_field_verified3 = db.Column(db.Boolean, default=False)
+    extra_field_verified4 = db.Column(db.Boolean, default=False)
 
     @property
     def password_hash(self) -> str:

diff --git a/hushline/routes.py b/hushline/routes.py
@@ -124,6 +124,30 @@ def profile(username: str) -> Response | str:
         math_problem = f"{num1} + {num2} ="
         session["math_answer"] = str(num1 + num2)  # Store the answer in session as a string
 
+        # Prepare extra fields and verification status
+        extra_fields = [
+            {
+                "label": user.extra_field_label1,
+                "value": user.extra_field_value1,
+                "verified": user.extra_field_verified1,
+            },
+            {
+                "label": user.extra_field_label2,
+                "value": user.extra_field_value2,
+                "verified": user.extra_field_verified2,
+            },
+            {
+                "label": user.extra_field_label3,
+                "value": user.extra_field_value3,
+                "verified": user.extra_field_verified3,
+            },
+            {
+                "label": user.extra_field_label4,
+                "value": user.extra_field_value4,
+                "verified": user.extra_field_verified4,
+            },
+        ]
+
         return render_template(
             "profile.html",
             form=form,
@@ -135,6 +159,7 @@ def profile(username: str) -> Response | str:
             is_personal_server=app.config["IS_PERSONAL_SERVER"],
             require_pgp=app.config["REQUIRE_PGP"],
             math_problem=math_problem,
+            extra_fields=extra_fields,  # Pass extra fields to template
         )
 
     @app.route("/to/<username>", methods=["POST"])

diff --git a/hushline/settings.py b/hushline/settings.py
@@ -224,57 +224,55 @@ def index() -> str | Response:
         directory_visibility_form = DirectoryVisibilityForm()
         profile_form = ProfileForm()
 
-        # Check if the bio update form was submitted
-        if (
-            request.method == "POST"
-            and "update_bio" in request.form
-            and profile_form.validate_on_submit()
-        ):
-            user.bio = request.form["bio"]
-            user.extra_field_label1 = profile_form.extra_field_label1.data.strip()
-            user.extra_field_value1 = profile_form.extra_field_value1.data.strip()
-            user.extra_field_label2 = profile_form.extra_field_label2.data.strip()
-            user.extra_field_value2 = profile_form.extra_field_value2.data.strip()
-            user.extra_field_label3 = profile_form.extra_field_label3.data.strip()
-            user.extra_field_value3 = profile_form.extra_field_value3.data.strip()
-            user.extra_field_label4 = profile_form.extra_field_label4.data.strip()
-            user.extra_field_value4 = profile_form.extra_field_value4.data.strip()
-            db.session.commit()
-            flash("👍 Bio updated successfully.")
-            return redirect(url_for("settings.index"))
+        # Handle form submissions
+        if request.method == "POST":
+            # Update bio and custom fields
+            if "update_bio" in request.form and profile_form.validate_on_submit():
+                user.bio = request.form["bio"].strip()
+                user.extra_field_label1 = profile_form.extra_field_label1.data.strip()
+                user.extra_field_value1 = profile_form.extra_field_value1.data.strip()
+                user.extra_field_label2 = profile_form.extra_field_label2.data.strip()
+                user.extra_field_value2 = profile_form.extra_field_value2.data.strip()
+                user.extra_field_label3 = profile_form.extra_field_label3.data.strip()
+                user.extra_field_value3 = profile_form.extra_field_value3.data.strip()
+                user.extra_field_label4 = profile_form.extra_field_label4.data.strip()
+                user.extra_field_value4 = profile_form.extra_field_value4.data.strip()
+
+                # Trigger the rel=me verification for each URL field
+                for i in range(1, 5):
+                    url_to_verify = getattr(user, f"extra_field_value{i}", "").strip()
+                    if url_to_verify:
+                        try:
+                            response = requests.get(url_to_verify, timeout=5)
+                            response.raise_for_status()
+                            profile_url = f"https://tips.hushline.app/to/{user.primary_username}"
+                            if re.search(
+                                rf'<a[^>]+href="{re.escape(profile_url)}"[^>]*rel="me"[^>]*>',
+                                response.text,
+                            ):
+                                setattr(user, f"extra_field_verified{i}", True)
+                            else:
+                                setattr(user, f"extra_field_verified{i}", False)
+                        except requests.exceptions.RequestException as e:
+                            current_app.logger.error(f"Error fetching URL for field {i}: {e}")
+                            setattr(user, f"extra_field_verified{i}", False)
 
-        if request.method == "POST" and (
-            directory_visibility_form.validate_on_submit()
-            and "update_directory_visibility" in request.form
-        ):
-            user.show_in_directory = directory_visibility_form.show_in_directory.data
-            db.session.commit()
-            flash("👍 Directory visibility updated successfully.")
-            return redirect(url_for("settings.index"))
+                db.session.commit()
 
-        # Additional admin-specific data initialization
-        user_count = two_fa_count = pgp_key_count = two_fa_percentage = pgp_key_percentage = None
-        all_users = []
+                # Display flash message after successful update
+                flash("👍 Bio and fields updated successfully.")
+                return redirect(url_for("settings.index"))
 
-        # Check if user is admin and add admin-specific data
-        if user.is_admin:
-            user_count = db.session.scalar(db.func.count(User.id))
-            two_fa_count = db.session.scalar(
-                db.select(db.func.count(User.id).filter(User._totp_secret.isnot(None)))
-            )
-            pgp_key_count = db.session.scalar(
-                db.select(
-                    db.func.count(User.id)
-                    .filter(User._pgp_key.isnot(None))
-                    .filter(User._pgp_key != "")
-                )
-            )
-            two_fa_percentage = (two_fa_count / user_count * 100) if user_count else 0
-            pgp_key_percentage = (pgp_key_count / user_count * 100) if user_count else 0
-            all_users = list(db.session.scalars(db.select(User)).all())  # Fetch all users for admin
+            # Update directory visibility
+            if (
+                "update_directory_visibility" in request.form
+                and directory_visibility_form.validate_on_submit()
+            ):
+                user.show_in_directory = directory_visibility_form.show_in_directory.data
+                db.session.commit()
+                flash("👍 Directory visibility updated successfully.")
+                return redirect(url_for("settings.index"))
 
-        # Handle form submissions
-        if request.method == "POST":
             # Handle Display Name Form Submission
             if "update_display_name" in request.form and display_name_form.validate_on_submit():
                 user.update_display_name(display_name_form.display_name.data.strip())
@@ -305,26 +303,26 @@ def index() -> str | Response:
                     )
                 return redirect(url_for(".index"))
 
-            # Check if user is admin and add admin-specific data
-            is_admin = user.is_admin
-            if is_admin:
-                user_count = db.session.scalar(db.func.count(User.id))
-                two_fa_count = db.session.scalar(
-                    db.select(db.func.count(User.id).filter(User._totp_secret.isnot(None)))
-                )
-                pgp_key_count = db.session.scalar(
-                    db.select(
-                        db.func.count(User.id)
-                        .filter(User._pgp_key.isnot(None))
-                        .filter(User._pgp_key != "")
-                    )
+        # Additional admin-specific data initialization
+        user_count = two_fa_count = pgp_key_count = two_fa_percentage = pgp_key_percentage = None
+        all_users = []
+
+        # Check if user is admin and add admin-specific data
+        if user.is_admin:
+            user_count = db.session.scalar(db.func.count(User.id))
+            two_fa_count = db.session.scalar(
+                db.select(db.func.count(User.id).filter(User._totp_secret.isnot(None)))
+            )
+            pgp_key_count = db.session.scalar(
+                db.select(
+                    db.func.count(User.id)
+                    .filter(User._pgp_key.isnot(None))
+                    .filter(User._pgp_key != "")
                 )
-                two_fa_percentage = (two_fa_count / user_count * 100) if user_count else 0
-                pgp_key_percentage = (pgp_key_count / user_count * 100) if user_count else 0
-            else:
-                user_count = two_fa_count = pgp_key_count = two_fa_percentage = (
-                    pgp_key_percentage
-                ) = None
+            )
+            two_fa_percentage = (two_fa_count / user_count * 100) if user_count else 0
+            pgp_key_percentage = (pgp_key_count / user_count * 100) if user_count else 0
+            all_users = list(db.session.scalars(db.select(User)).all())  # Fetch all users for admin
 
         # Prepopulate form fields
         email_forwarding_form.forwarding_enabled.data = user.email is not None
@@ -683,4 +681,26 @@ def delete_account() -> Response | str:
         flash("User not found. Please log in again.")
         return redirect(url_for("login"))
 
+    @bp.route("/verify-rel-me/<int:field_index>", methods=["POST"])
+    @authentication_required
+    def verify_rel_me(field_index: int) -> Response:
+        user_id = session.get("user_id")
+        if not user_id:
+            return redirect(url_for("login"))
+
+        user = db.session.get(User, user_id)
+        if not user:
+            flash("User not found.")
+            return redirect(url_for("login"))
+
+        url_to_verify = request.form.get(f"extra_field_value{field_index}", "").strip()
+        if not url_to_verify:
+            flash(f"No URL provided for field {field_index}.")
+            setattr(user, f"extra_field_verified{field_index}", False)
+            db.session.commit()
+            return redirect(url_for(".index"))
+
+        db.session.commit()
+        return redirect(url_for(".index"))
+
     return bp
diff --git a/hushline/static/css/style.css b/hushline/static/css/style.css
@@ -339,6 +339,10 @@
   #messageForm {
     border-top: var(--border);
   }
+
+  .icon.verifiedURL {
+    background-image: url("../img/app/icon-verified-lm.png");
+  }
 }
 
 /* Dark Mode */
@@ -637,6 +641,10 @@
   #messageForm {
     border-top: var(--border-dark);
   }
+
+  .icon.verifiedURL {
+    background-image: url("../img/app/icon-verified-dm.png");
+  }
 }
 
 body {
@@ -859,7 +867,7 @@ img.empty {
   max-width: 78vw;
   text-align: center;
   opacity: 0;
-  z-index: 10;
+  z-index: 12;
   animation:
     fadeInDown 0.5s ease forwards,
     fadeOutUp 0.5s ease 5s forwards;
@@ -1763,6 +1771,21 @@ input#captcha_answer {
   margin-bottom: 1rem;
 }
 
+.icon.verifiedURL {
+  width: 20px;
+  height: 20px;
+  display: flex;
+  background-size: contain;
+  position: absolute;
+  left: 0;
+  top: 0;
+}
+
+.extra-field-value .icon.verifiedURL + a,
+.extra-field-value .icon.verifiedURL + span {
+  padding-left: 1.5rem;
+}
+
 @media only screen and (max-width: 768px) {
   .container {
     min-width: initial;
@@ -1932,12 +1955,35 @@ button[name="update_directory_visibility"] {
 
 .input-pair {
   display: flex;
-  justify-content: space-between;
   gap: 1rem;
+  position: relative;
+  width: 100%;
+}
+
+.input-pair > div {
+  flex: 1;
+  position: relative;
 }
 
 .input-pair input {
+  flex: 1; /* Make all inputs take equal space */
   margin-bottom: 0;
+  box-sizing: border-box; /* Ensure padding is included in width calculation */
+}
+
+.input-pair input:has(+ .verifiedURL) {
+  padding-right: 2.125rem; /* Add padding only when the input has a verifiedURL next to it */
+}
+
+.input-pair div:last-child {
+  position: relative;
+}
+
+.input-pair input + .icon.verifiedURL {
+  position: absolute;
+  right: 0%;
+  top: 42px;
+  left: calc(100% - 20px - 8px);
 }
 
 .form-group-pairs + button {
@@ -1994,6 +2040,7 @@ p.bio + .extra-fields {
   white-space: nowrap;
   overflow: hidden;
   text-overflow: ellipsis;
+  position: relative;
 }
 
 .pgp-disabled-overlay {

diff --git a/hushline/static/img/app/icon-verified-dm.png b/hushline/static/img/app/icon-verified-dm.png
diff --git a/hushline/static/img/app/icon-verified-lm.png b/hushline/static/img/app/icon-verified-lm.png