deletion: admin can delete his own pdf

share action create admin key stored on server side and localstorage if adminKey found on localStorage, display a small trash icon if clicked, send an ajax request, verify the key, and delete both localstorage and files on the server
2026-03-14 13:55:44 +01:00 · 2025-07-09 19:05:47 +02:00 · 2025-07-09 19:05:47 +02:00 · 09bbb7b9cd
commit 09bbb7b9cd
parent e48cbf9663
4 changed files with 62 additions and 2 deletions
--- a/app.php
+++ b/app.php
@ -292,12 +292,37 @@ $f3->route('POST /share',
        }

        \Flash::instance()->setKey('openModal', 'shareinformations');
+        \Flash::instance()->setKey("adminKey", $pdfSignature->createAdminKey());

        $f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature/'.$hash.(($symmetricKey) ? '#'.$symmetricKey : null));
    }

 );

+$f3->route('GET @signature_deletion: /signature/@hash/delete/@key', function ($f3) {
+    $sharingFolder = $f3->get('PDF_STORAGE_PATH');
+    $baseHash = $sharingFolder.$f3->get('PARAMS.hash');
+
+    if (is_dir($baseHash) === false) {
+        $f3->error(403);
+    }
+
+    if (is_file($baseHash.'.admin') === false || is_readable($baseHash.'.admin') === false) {
+        $f3->error(403);
+    }
+
+    if (file_get_contents($baseHash.'.admin') !== $f3->get('PARAMS.key')) {
+        $f3->error(403);
+    }
+
+    GPGCryptography::hardUnlink($baseHash.'/.lock');
+    GPGCryptography::hardUnlink($baseHash);
+    unlink($baseHash.'.admin');
+    unlink($baseHash.'.expire');
+
+    $f3->reroute($f3->get('REVERSE_PROXY_URL').'/signature');
+});
+
 $f3->route('GET /signature/@hash/pdf',
    function($f3) {
        $f3->set('activeTab', 'sign');
--- a/lib/GPGCryptography.class.php
+++ b/lib/GPGCryptography.class.php
@ -90,8 +90,7 @@ class GPGCryptography
        return preg_replace('/[^0-9a-zA-Z]*/', '', $key);
    }

-    public static function createSymmetricKey() {
-            $length = 15;
+    public static function createSymmetricKey($length = 15) {
            $keySpace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
            $pieces = [];
            $max = mb_strlen($keySpace, '8bit') - 1;
--- a/lib/PDFSignature.class.php
+++ b/lib/PDFSignature.class.php
@ -30,6 +30,14 @@ class PDFSignature
        }
    }

+    public function createAdminKey()
+    {
+        $link = $this->gpg->createSymmetricKey(20);
+        file_put_contents($this->pathHash.'.admin', $link);
+
+        return $link;
+    }
+
    public function verifyEncryption() {
        if(!$this->isEncrypted()) {

--- a/templates/signature.html.php
+++ b/templates/signature.html.php
@ -317,6 +317,34 @@
    pdfHash = "<?php echo $hash ?>";
    <?php endif; ?>

+    <?php if(Flash::instance()->hasKey('adminKey')): ?>
+        localStorage.setItem(pdfHash+'.adminKey', '<?php echo Flash::instance()->getKey('adminKey') ?>')
+    <?php endif; ?>
+
+    const adminKey = localStorage.getItem(pdfHash+'.adminKey')
+    if (adminKey) {
+        const icon = document.createElement('i')
+        icon.classList.add('float-end', 'bi', 'bi-trash3')
+        icon.style.cursor = 'pointer'
+        document.getElementById('text_document_name').appendChild(icon)
+
+        icon.addEventListener('click', async function () {
+            if (confirm("Êtes vous sûr de vouloir supprimer ce PDF ainsi que les signatures associées ?")) {
+                try {
+                    const response = await fetch('/signature/'+pdfHash+'/delete/'+adminKey);
+                    if (!response.ok) {
+                        throw new Error(`Response status: ${response.status}`);
+                    }
+
+                    localStorage.removeItem(pdfHash+'.adminKey')
+                    window.location.replace('/signature')
+                } catch (error) {
+                    console.error(error.message);
+                }
+            }
+        })
+    }
+
    var trad = <?php echo json_encode([
        'Text to modify' => _('Text to modify')
    ]); ?>;