"""Hosted cookie management page. Serves a public HTML page at ``/c//cookies`` that lists all discovered cookies for a site, grouped by category, and lets the visitor review and change their consent preferences. Site owners link to this page from their footer (e.g. "Cookie preferences"). The page is self-contained — no external JS or CSS dependencies. It reads the ``_consentos_consent`` cookie to show the current state and writes it back when the visitor saves. """ from __future__ import annotations import uuid from fastapi import APIRouter, Depends, HTTPException, status from fastapi.responses import HTMLResponse from sqlalchemy import select from sqlalchemy.ext.asyncio import AsyncSession from src.db import get_db from src.models.cookie import Cookie, CookieCategory from src.models.site import Site from src.models.site_config import SiteConfig router = APIRouter(prefix="/c", tags=["hosted-pages"]) @router.get("/{site_id}/cookies", response_class=HTMLResponse) async def hosted_cookies_page( site_id: uuid.UUID, db: AsyncSession = Depends(get_db), ) -> str: """Public hosted cookie management page.""" # Load site site_result = await db.execute( select(Site).where(Site.id == site_id, Site.deleted_at.is_(None)) ) site = site_result.scalar_one_or_none() if site is None: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Site not found") # Load site config for branding config_result = await db.execute(select(SiteConfig).where(SiteConfig.site_id == site_id)) config = config_result.scalar_one_or_none() # Load categories cat_result = await db.execute(select(CookieCategory).order_by(CookieCategory.display_order)) categories = {cat.id: cat for cat in cat_result.scalars().all()} # Load cookies for this site cookie_result = await db.execute( select(Cookie).where(Cookie.site_id == site_id).order_by(Cookie.name) ) cookies = list(cookie_result.scalars().all()) # Group cookies by category grouped: dict[str, list[dict]] = {} for cat in categories.values(): grouped[cat.slug] = [] grouped["uncategorised"] = [] for cookie in cookies: cat = categories.get(cookie.category_id) if cookie.category_id else None slug = cat.slug if cat else "uncategorised" if slug not in grouped: grouped[slug] = [] grouped[slug].append( { "name": cookie.name, "domain": cookie.domain, "type": cookie.storage_type, "description": cookie.description or "", "vendor": cookie.vendor or "", } ) # Build the category sections HTML category_html = "" category_meta = [] for cat in categories.values(): items = grouped.get(cat.slug, []) is_necessary = cat.is_essential category_meta.append( { "slug": cat.slug, "name": cat.name, "locked": is_necessary, } ) category_html += _render_category_section( cat.name, cat.slug, cat.description or "", items, is_necessary, ) # Uncategorised if grouped.get("uncategorised"): category_html += _render_category_section( "Uncategorised", "uncategorised", "Cookies that have not yet been assigned to a category.", grouped["uncategorised"], False, ) privacy_url = config.privacy_policy_url if config else None expiry_days = config.consent_expiry_days if config else 365 return _render_page( site_name=site.display_name or site.domain, domain=site.domain, category_html=category_html, category_meta=category_meta, privacy_url=privacy_url, expiry_days=expiry_days, ) def _render_category_section( name: str, slug: str, description: str, cookies: list[dict], locked: bool, ) -> str: if locked: toggle = 'Always active' else: toggle = f'''
''' cookie_rows = "" if cookies: cookie_rows = ( '' ) cookie_rows += '' cookie_rows += '' cookie_rows += '' cookie_rows += '' cookie_rows += '' cookie_rows += "" for c in cookies: cookie_rows += '' cookie_rows += f'' cookie_rows += f'' cookie_rows += f'' cookie_rows += f'' cookie_rows += "" cookie_rows += "
NameDomainTypeDescription
{_esc(c["name"])}{_esc(c["domain"])}{_esc(c["type"])}{_esc(c["description"])}
" else: cookie_rows = ( '

No cookies in this category.

' ) return f"""

{_esc(name)}

{toggle}

{_esc(description)}

{cookie_rows}
""" def _render_page( *, site_name: str, domain: str, category_html: str, category_meta: list[dict], privacy_url: str | None, expiry_days: int, ) -> str: import json meta_json = json.dumps(category_meta) privacy_link = "" if privacy_url: privacy_link = f'

Read our privacy policy.

' return f""" Cookie Preferences — {_esc(site_name)}

Cookie Preferences

Manage your cookie preferences for {_esc(domain)}. You can change these settings at any time.

{category_html}

Your preferences have been saved.

{privacy_link}
""" def _esc(s: str) -> str: """Basic HTML escaping.""" return s.replace("&", "&").replace("<", "<").replace(">", ">").replace('"', """)