feat: restrict vault letter content access until unlock date

2026-05-04 08:56:52 +00:00 · 2026-04-17 13:05:03 +05:30
parent c9bb4799ce
commit f124efd8c1
4 changed files with 86 additions and 0 deletions
@@ -1,3 +1,5 @@
+from datetime import UTC, datetime, timedelta
+
 from rest_framework import serializers

 from letters.models import Letter, LetterImage
@@ -34,6 +36,16 @@ class LetterSerializer(serializers.ModelSerializer):
        ]
        read_only_fields = ["created_at", "updated_at"]

+    def to_representation(self, instance):
+        fields = super().to_representation(instance)
+        if fields["type"] == Letter.Type.VAULT and fields["status"] == Letter.Status.SEALED:
+            unlock_datetime = datetime.fromisoformat(fields["unlock_at"]).replace(tzinfo=UTC)
+            if unlock_datetime - datetime.now(tz=UTC) > timedelta(seconds=0):
+                fields["encrypted_content"] = None
+                fields["images"] = None
+                fields["encrypted_dek"] = None
+        return fields
+
    def validate(self, data):
        """
        Validates the requirmnt of DEK when encrypted content and metadata are stored.