OSINT/legal/views.py

"""
Views for legal app.
"""
from django.shortcuts import render
from django.views.generic import TemplateView, CreateView, DetailView
from django.contrib.auth.mixins import LoginRequiredMixin
from django.urls import reverse_lazy
from django.http import JsonResponse
from django.views.decorators.http import require_http_methods
from .models import DataRequest, ConsentRecord
from .forms import DataRequestForm


class PrivacyPolicyView(TemplateView):
    """Privacy policy page."""
    template_name = 'legal/privacy_policy.html'


class TermsOfServiceView(TemplateView):
    """Terms of service page."""
    template_name = 'legal/terms_of_service.html'


class DataRequestView(LoginRequiredMixin, CreateView):
    """GDPR data request form."""
    model = DataRequest
    form_class = DataRequestForm
    template_name = 'legal/data_request.html'
    success_url = reverse_lazy('legal:data_request_detail')
    
    def form_valid(self, form):
        form.instance.user = self.request.user
        return super().form_valid(form)
    
    def get_success_url(self):
        return reverse_lazy('legal:data_request_detail', kwargs={'pk': self.object.pk})


class DataRequestDetailView(LoginRequiredMixin, DetailView):
    """View data request status."""
    model = DataRequest
    template_name = 'legal/data_request_detail.html'
    context_object_name = 'data_request'
    
    def get_queryset(self):
        return DataRequest.objects.filter(user=self.request.user)


@require_http_methods(["POST"])
def cookie_consent_view(request):
    """
    Handle cookie consent submission.
    Stores consent in database and sets a cookie.
    """
    import json
    from django.utils import timezone
    
    try:
        data = json.loads(request.body)
        consent_given = data.get('consent', False)
        
        # Get client IP
        x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
        if x_forwarded_for:
            ip_address = x_forwarded_for.split(',')[0]
        else:
            ip_address = request.META.get('REMOTE_ADDR')
        
        # Create consent record
        ConsentRecord.objects.create(
            user=request.user if request.user.is_authenticated else None,
            consent_type='cookies',
            consent_given=consent_given,
            ip_address=ip_address,
            user_agent=request.META.get('HTTP_USER_AGENT', ''),
            version='1.0'
        )
        
        # Create response
        response = JsonResponse({
            'success': True,
            'message': 'Cookie consent recorded successfully'
        })
        
        # Set cookie (expires in 1 year)
        if consent_given:
            response.set_cookie(
                'cookie_consent',
                'accepted',
                max_age=31536000,  # 1 year in seconds
                httponly=False,
                samesite='Lax',
                secure=request.is_secure()
            )
        else:
            response.set_cookie(
                'cookie_consent',
                'declined',
                max_age=31536000,
                httponly=False,
                samesite='Lax',
                secure=request.is_secure()
            )
        
        return response
    
    except Exception as e:
        return JsonResponse({
            'success': False,
            'message': str(e)
        }, status=400)