Hide sensitive info mode (#1170)

src/cryptoadvance/specter/managers/config_manager.py

@@ -61,6 +61,7 @@ def __init__(self, data_folder, config={}):
             "validate_merkle_proofs": False,
             "fee_estimator": "mempool",
             "fee_estimator_custom_url": "",
+            "hide_sensitive_info": False,
             # TODO: remove
             "bitcoind": False,
         }
@@ -235,6 +236,15 @@ def update_price_check_setting(self, price_check_bool, user):
         # else:
         #    self.price_checker.stop()
 
+    def update_hide_sensitive_info(self, hide_sensitive_info_bool, user):
+        if isinstance(user, str):
+            raise Exception("Please pass a real user, not a string-user")
+        if user.is_admin:
+            self.data["hide_sensitive_info"] = hide_sensitive_info_bool
+            self._save()
+        else:
+            user.set_hide_sensitive_info(hide_sensitive_info_bool)
+
     def update_price_provider(self, price_provider, user):
         if isinstance(user, str):
             raise Exception("Please pass a real user, not a string-user")

src/cryptoadvance/specter/server_endpoints/controller.py

@@ -238,6 +238,21 @@ def get_scantxoutset_status():
     }
 
 
+@app.route("/toggle_hide_sensitive_info/", methods=["POST"])
+@login_required
+def toggle_hide_sensitive_info():
+    try:
+        app.specter.update_hide_sensitive_info(
+            not app.specter.hide_sensitive_info, current_user
+        )
+        return {"success": True}
+    except Exception as e:
+        app.logger.warning(
+            "Failed to update sensitive info display settings. Exception: {}".format(e)
+        )
+    return {"success": False}
+
+
 @app.route("/bitcoin.pdf")
 @login_required
 def get_whitepaper():

src/cryptoadvance/specter/server_endpoints/filters.py

@@ -51,6 +51,8 @@ def feerate(context, value):
 @contextfilter
 @filters_bp.app_template_filter("btcunitamount")
 def btcunitamount(context, value):
+    if app.specter.hide_sensitive_info:
+        return "#########"
     if value < 0:
         return "Confidential"
     if app.specter.unit != "sat":
@@ -62,6 +64,8 @@ def btcunitamount(context, value):
 @contextfilter
 @filters_bp.app_template_filter("altunit")
 def altunit(context, value):
+    if app.specter.hide_sensitive_info:
+        return "########"
     if value < 0:
         return "-"
     if app.specter.price_check and (app.specter.alt_rate and app.specter.alt_symbol):

src/cryptoadvance/specter/specter.py

@@ -425,6 +425,10 @@ def update_hwi_bridge_url(self, url, user):
     def update_unit(self, unit, user):
         self.config_manager.update_unit(unit, user)
 
+    # mark
+    def update_hide_sensitive_info(self, hide_sensitive_info_bool, user):
+        self.config_manager.update_hide_sensitive_info(hide_sensitive_info_bool, user)
+
     # mark
     def update_price_check_setting(self, price_check_bool, user):
         self.config_manager.update_price_check_setting(price_check_bool, user)
@@ -624,6 +628,10 @@ def otp_manager(self):
             self._otp_manager = OtpManager(self.data_folder)
         return self._otp_manager
 
+    @property
+    def hide_sensitive_info(self):
+        return self.user_config.get("hide_sensitive_info", False)
+
     def requests_session(self, force_tor=False):
         requests_session = requests.Session()
         if self.only_tor or force_tor:

src/cryptoadvance/specter/templates/base.jinja

@@ -28,6 +28,9 @@
 			{% if current_user.is_authenticated and not hwi_bridge %}
 				<div class="row" id="status-bar" style="border-radius: 0 0 0 15px; position: absolute; right: 0; color: #ddd; background-color: #323e50;">
 					{% include "components/price_bar.jinja" %}
+					<a class="settings-bar-btn" onclick="toggleHideSensitiveInfo()" style="padding: 0px 12px; cursor: pointer;" title="{{ 'Hide sensitive info' if not specter.hide_sensitive_info else 'Show sensitive info' }}">
+						<img src="{{ url_for('static', filename='img/hidden.svg' if specter.hide_sensitive_info else 'img/visible.svg') }}" style="width: 30px;" class="svg-white"/>
+					</a>
 					<a class="settings-bar-btn" href="{{ url_for('settings_endpoint.settings') }}" style="padding: 0px 7px;">
 						<img src="{{ url_for('static', filename='img/gear.svg') }}" style="width: 44px;" class="svg-white"/>
 					</a>
@@ -217,6 +220,40 @@
 		</main>
 	</div>
 	<script type="text/javascript" src="{{ url_for('static', filename='helpers.js') }}"></script>
+	<script>
+		async function toggleHideSensitiveInfo(showPrice) {
+            if (showPrice) {
+                showNotification('Hiding sensitive info...', 0)
+            } else {
+                showNotification('Showing sensitive info...', 0)
+            }
+            let url = `{{ url_for('toggle_hide_sensitive_info') }}`;
+            var formData = new FormData();
+			formData.append('csrf_token', '{{ csrf_token() }}');
+            try {
+                const response = await fetch(
+                    url,
+                    {
+                        method: 'POST',
+                        body: formData
+                    }
+                );
+                if(response.status != 200){
+                    showError(await response.text());
+                    return;
+                }
+                const jsonResponse = await response.json();
+                if (jsonResponse.success) {
+                    location.reload();
+                    return
+                };
+                showError('Failed to toggle sensitive info mode...')
+            } catch(e) {
+                console.log("Caught error: ", e);
+                showError(e);
+            }
+        }
+	</script>
 	{% block scripts %}
 	{% endblock %}
 	</body>

src/cryptoadvance/specter/templates/includes/address-row.html

@@ -66,19 +66,21 @@
             this.btcUnit = this.getAttribute('data-btc-unit');
             this.price = this.getAttribute('data-price');
             this.symbol = this.getAttribute('data-symbol');
+            this.hideSensitiveInfo = this.getAttribute('data-hide-sensitive-info') == 'true';
 
             this.index.innerText = `#${this.addressData.index}`;
-            this.address.innerText = this.addressData.address;
-            this.address.onclick = () => {
-                showAddressData(this.amountText.innerText, this.amountPrice.innerText, this.addressData, this.wallet);
+            this.address.innerText = this.hideSensitiveInfo ? '###########################' : this.addressData.address;
+            if (!this.hideSensitiveInfo) {
+                this.address.onclick = () => {
+                    showAddressData(this.amountText.innerText, this.amountPrice.innerText, this.addressData, this.wallet);
+                }
             }
 
-            this.label.innerHTML =
-                `<address-label data-address="${this.addressData.address}" ${this.addressData.label ? `data-label="${this.addressData.label}"` : ''} data-wallet="${this.wallet}"></address-label>`;
+            this.label.innerHTML = this.hideSensitiveInfo ? '############' : `<address-label data-address="${this.addressData.address}" ${this.addressData.label ? `data-label="${this.addressData.label}"` : ''} data-wallet="${this.wallet}"></address-label>`;
 
-            this.used.innerText = `${this.addressData.used ? 'Yes' : 'No'}`;
+            this.used.innerText = this.hideSensitiveInfo ? '###' : `${this.addressData.used ? 'Yes' : 'No'}`;
 
-            this.utxo.innerText = this.addressData.utxo;
+            this.utxo.innerText = this.hideSensitiveInfo ? '###' : this.addressData.utxo;
 
             this.amount = parseFloat(this.addressData.amount.toFixed(8));
 
@@ -117,7 +119,7 @@
                 }
             }
 
-            if (!this.price || !this.symbol) {
+            if (!this.price || !this.symbol || this.hideSensitiveInfo) {
                 this.amountPrice.innerText = '';
                 this.amountPrice.classList.add('hidden');
             } else {
@@ -133,7 +135,7 @@
                 this.amount = parseInt(this.amount * 1e8);
             }
 
-            this.amountText.innerText = `${numberWithCommas(this.amount.toString())}`;
+            this.amountText.innerText = this.hideSensitiveInfo ? '########' : `${numberWithCommas(this.amount.toString())}`;
 
             if (this.addressData.used > 0) {
                 this.el.classList.add('unconfirmed');

src/cryptoadvance/specter/templates/includes/addresses-table.html

@@ -358,7 +358,7 @@ <h1>Export addresses to CSV</h1>
         }
 
         static get observedAttributes() {
-            return ['type', 'wallet', 'btc-unit', 'price', 'symbol'];
+            return ['type', 'wallet', 'btc-unit', 'price', 'symbol', 'hide-sensitive-info'];
         }
 
         /**
@@ -367,6 +367,7 @@ <h1>Export addresses to CSV</h1>
          * - price: BTC price for price calculations
          * - symbol: Currency symbol for price calculations
          * - type: Addresses list type to load. Either "receive" or "change"
+         * - hide-sensitive-info: Mask user sensitive info. Either "true" or "false"
          * - wallet: The wallet alias
         */
         attributeChangedCallback(attrName, oldValue, newValue) {
@@ -376,13 +377,15 @@ <h1>Export addresses to CSV</h1>
                 this.wallet != this.getAttribute('wallet') ||
                 this.btcUnit != this.getAttribute('btc-unit') ||
                 this.price != this.getAttribute('price') ||
-                this.symbol != this.getAttribute('symbol')
+                this.symbol != this.getAttribute('symbol') ||
+                this.hideSensitiveInfo != this.getAttribute('hide-sensitive-info')
             ) {
                 this.listType = this.getAttribute('type');
                 this.wallet = this.getAttribute('wallet');
                 this.btcUnit = this.getAttribute('btc-unit');
                 this.price = this.getAttribute('price');
                 this.symbol = this.getAttribute('symbol');
+                this.hideSensitiveInfo = this.getAttribute('hide-sensitive-info') == 'true';
 
                 if (!this.listType) {
                     return
@@ -462,6 +465,7 @@ <h1>Export addresses to CSV</h1>
                             data-price="${self.price ? self.price : 0}"
                             data-symbol="${self.symbol ? self.symbol : ''}"
                             data-address='${JSON.stringify(addr).replace(/[\(]/g, "&lpar;").replace(/[\)]/g, "&rpar;").replace(/[\/]/g, "&sol;").replace(/[\']/g, "&apos;")}'
+                            data-hide-sensitive-info="${self.hideSensitiveInfo}"
                             data-wallet="${self.wallet}"> 
                         </<address-row>`);
 

src/cryptoadvance/specter/templates/includes/tx-row.html

@@ -68,6 +68,7 @@
             this.price = this.getAttribute('data-price');
             this.symbol = this.getAttribute('data-symbol');
             this.mode = this.getAttribute('data-mode');
+            this.hideSensitiveInfo = this.getAttribute('data-hide-sensitive-info') == 'true';
 
             // Set category image
             this.category.src = getCategoryImg(this.tx.category, this.tx.confirmations > 0);
@@ -82,15 +83,17 @@
 
 
             // Set txid
-            this.txid.innerText = this.tx.txid;
-            this.txid.onclick = () => {
-                showTxData(
-                    this.btcUnit,
-                    this.price,
-                    this.symbol,
-                    this.tx.txid,
-                    this.wallet
-                );
+            this.txid.innerText = this.hideSensitiveInfo ? '############################################' : this.tx.txid;
+            if (!this.hideSensitiveInfo) {
+                this.txid.onclick = () => {
+                    showTxData(
+                        this.btcUnit,
+                        this.price,
+                        this.symbol,
+                        this.tx.txid,
+                        this.wallet
+                    );
+                }
             }
 
             if (window.innerWidth < 690) {
@@ -107,9 +110,9 @@
 
             // Set address-label
             if (Array.isArray(this.tx.address)) {
-                this.address.innerText = `${this.tx.address.length} Recipients`;
+                this.address.innerText = this.hideSensitiveInfo ? '#########' : `${this.tx.address.length} Recipients`;
             } else {
-                this.address.innerHTML = `<address-label data-address="${this.tx.address}" ${this.tx.label ? `data-label="${this.tx.label}"` : ''} data-wallet="${this.wallet ? this.wallet : this.tx.wallet_alias}"></address-label>`
+                this.address.innerHTML = this.hideSensitiveInfo ? '#########' : `<address-label data-address="${this.tx.address}" ${this.tx.label ? `data-label="${this.tx.label}"` : ''} data-wallet="${this.wallet ? this.wallet : this.tx.wallet_alias}"></address-label>`
             }
 
             // Set amount
@@ -119,7 +122,7 @@
                 this.amount = parseFloat(this.tx.amount.toFixed(8));
             }
 
-            if (!this.price || !this.symbol) {
+            if (!this.price || !this.symbol || this.hideSensitiveInfo) {
                 this.amountPrice.innerText = '';
                 this.amountPrice.classList.add('hidden');
             } else {
@@ -135,14 +138,14 @@
                 this.amount = parseInt(this.amount * 1e8);
             }
 
-            this.amountText.innerText = `${numberWithCommas(this.amount.toString())}`;
+            this.amountText.innerText = this.hideSensitiveInfo ? '#########' : `${numberWithCommas(this.amount.toString())}`;
 
             // Set confirmations
             if (this.tx.confirmations > 0) {
-                this.confirmations.innerHTML = `${this.tx.confirmations}<span class="optional"> Confirmations</span>`;
+                this.confirmations.innerHTML = this.hideSensitiveInfo ? '########' : `${this.tx.confirmations}<span class="optional"> Confirmations</span>`;
             } else {
                 this.el.classList.add('unconfirmed');
-                this.confirmations.innerHTML = `Unconfirmed`;
+                this.confirmations.innerHTML = this.hideSensitiveInfo ? '########' : `Unconfirmed`;
             }
 
             if ((this.tx.category == "send" || this.tx.category == "selftransfer") && this.tx["bip125-replaceable"] == "yes") {
@@ -192,7 +195,7 @@ <h1>Speed up the Transaction</h1>
             }
 
             // Set time
-            this.time.innerText = (new Date(this.tx.time * 1000)).toLocaleString()
+            this.time.innerText = this.hideSensitiveInfo ? '###########' : (new Date(this.tx.time * 1000)).toLocaleString()
 
             // Show blockhash
             if (this.showBlockhash) {
@@ -202,7 +205,7 @@ <h1>Speed up the Transaction</h1>
                     this.tx.validated_blockhash &&
                     this.tx.validated_blockhash == this.tx.blockhash
                 ) {
-                    this.blockhash.innerHTML = `
+                    this.blockhash.innerHTML = this.hideSensitiveInfo ? '############################################' : `
                     <explorer-link style="word-break: break-all;" data-type="block" data-value="${this.tx.blockhash}"></explorer-link><br>
                     `;
                 }

src/cryptoadvance/specter/templates/includes/tx-table.html

@@ -425,7 +425,7 @@ <h1>Export transactions to CSV</h1>
         }
 
         static get observedAttributes() {
-            return ['blockhash', 'btc-unit', 'price', 'symbol', 'type', 'wallet'];
+            return ['blockhash', 'btc-unit', 'price', 'symbol', 'type', 'hide-sensitive-info', 'wallet'];
         }
 
         /**
@@ -435,6 +435,7 @@ <h1>Export transactions to CSV</h1>
          * - price: BTC price for price calculations
          * - symbol: Currency symbol for price calculations
          * - type: Transactions list type to load. Either "txlist" or "utxo"
+         * - hide-sensitive-info: Mask user sensitive info. Either "true" or "false"
          * - wallet: The wallet alias (null to get all wallets combined)
         */
         attributeChangedCallback(attrName, oldValue, newValue) {
@@ -453,13 +454,15 @@ <h1>Export transactions to CSV</h1>
                 this.price != this.getAttribute('price') ||
                 this.symbol != this.getAttribute('symbol') ||
                 this.listType != this.getAttribute('type') ||
+                this.hideSensitiveInfo != this.getAttribute('hide-sensitive-info') ||
                 this.wallet != this.getAttribute('wallet')
             ) {
                 this.blockhash = this.getAttribute('blockhash');
                 this.btcUnit = this.getAttribute('btc-unit');
                 this.price = this.getAttribute('price');
                 this.symbol = this.getAttribute('symbol');
                 this.listType = this.getAttribute('type');
+                this.hideSensitiveInfo = this.getAttribute('hide-sensitive-info') == 'true';
                 this.wallet = this.getAttribute('wallet');
                 if (!this.listType) {
                     return
@@ -566,7 +569,8 @@ <h1>Export transactions to CSV</h1>
                             data-tx='${JSON.stringify(tx).replace(/[\(]/g, "&lpar;").replace(/[\)]/g, "&rpar;").replace(/[\/]/g, "&sol;").replace(/[\']/g, "&apos;")}'
                             data-wallet="${(self.wallet ? self.wallet : tx.wallet_alias)}"
                             data-show-blockhash="${showBlockhash}"
-                            data-mode="${self.getAttribute('type') + (self.wallet ? "" : "-overview")}">
+                            data-mode="${self.getAttribute('type') + (self.wallet ? "" : "-overview")}"
+                            data-hide-sensitive-info="${self.hideSensitiveInfo}">
                             </tx-row>
                         `)
                         self.tbody.append(txRow);

src/cryptoadvance/specter/templates/wallet/addresses/wallet_addresses.jinja

@@ -16,6 +16,7 @@
 			symbol="{{ specter.alt_symbol }}"
 			{% endif %}
 			btc-unit="{{ specter.unit }}"
+			hide-sensitive-info="{{ specter.hide_sensitive_info | lower }}"
 			type="receive"
 			wallet="{{ wallet.alias }}"></addr-table-table>
 	</div>

src/cryptoadvance/specter/templates/wallet/history/wallet_history.jinja

@@ -16,6 +16,7 @@
 		btc-unit="{{ specter.unit }}"
 		blockhash="{{ specter.config.validate_merkle_proofs | lower }}"
 		type="{{ tx_list_type }}"
+		hide-sensitive-info="{{ specter.hide_sensitive_info | lower }}"
 		wallet="{{ wallet.alias }}">
 		</tx-table>
 	</div>

src/cryptoadvance/specter/templates/wallet/wallets_overview.jinja

@@ -44,6 +44,7 @@
 		symbol="{{ specter.alt_symbol }}"
 		{% endif %}
 		btc-unit="{{ specter.unit }}"
+		hide-sensitive-info="{{ specter.hide_sensitive_info | lower }}"
 		type="txlist">
 		</tx-table>
     </div>