feat(gdpr): show deletion token once, allow delete via recovery token

JohnMcLear · JohnMcLear · commit b4de452c74ab · 2026-04-19T11:08:55.000+01:00
diff --git a/src/static/js/pad.ts b/src/static/js/pad.ts
@@ -176,6 +176,38 @@ const getParams = () => {
 
 const getUrlVars = () => new URL(window.location.href).searchParams;
 
+// Surfaces the one-time pad deletion token when the server sends it in
+// clientVars (creator session, first CLIENT_READY). The token is cleared from
+// clientVars on acknowledgement so it is not re-exposed to later code paths.
+const showDeletionTokenModalIfPresent = () => {
+  const token: string | null = (window as any).clientVars?.padDeletionToken;
+  if (!token) return;
+  const $modal = $('#deletiontoken-modal');
+  const $input = $('#deletiontoken-value');
+  const $copy = $('#deletiontoken-copy');
+  const $ack = $('#deletiontoken-ack');
+  if ($modal.length === 0) return;
+
+  $input.val(token);
+  $modal.prop('hidden', false).addClass('popup-show');
+
+  $copy.off('click.gdpr').on('click.gdpr', async () => {
+    try {
+      await navigator.clipboard.writeText(token);
+    } catch (_e) {
+      ($input[0] as HTMLInputElement).select();
+      document.execCommand('copy');
+    }
+    $copy.text(html10n.get('pad.deletionToken.copied'));
+  });
+
+  $ack.off('click.gdpr').on('click.gdpr', () => {
+    $input.val('');
+    $modal.prop('hidden', true).removeClass('popup-show');
+    (window as any).clientVars.padDeletionToken = null;
+  });
+};
+
 const sendClientReady = (isReconnect) => {
   let padId = document.location.pathname.substring(document.location.pathname.lastIndexOf('/') + 1);
   // unescape necessary due to Safari and Opera interpretation of spaces
@@ -497,6 +529,8 @@ const pad = {
         skinVariants.updateSkinVariantsClasses(['super-dark-editor', 'dark-background', 'super-dark-toolbar']);
       }
 
+      showDeletionTokenModalIfPresent();
+
       hooks.aCallAll('postAceInit', {ace: padeditor.ace, clientVars, pad});
     };
 
diff --git a/src/static/js/pad_editor.ts b/src/static/js/pad_editor.ts
@@ -86,6 +86,33 @@ const padeditor = (() => {
         pad.changeViewOption('padFontFamily', $('#viewfontmenu').val());
       });
 
+      // delete pad using a recovery token (second device / no creator cookie)
+      $('#delete-pad-token-submit').on('click', () => {
+        const token = String($('#delete-pad-token-input').val() || '').trim();
+        if (!token) return;
+        if (!window.confirm(html10n.get('pad.delete.confirm'))) return;
+
+        let handled = false;
+        pad.socket.on('message', (data: any) => {
+          if (data && data.disconnect === 'deleted') {
+            handled = true;
+            window.location.href = '/';
+          }
+        });
+        pad.socket.on('shout', (data: any) => {
+          handled = true;
+          const msg = data?.data?.payload?.message?.message;
+          if (msg) window.alert(msg);
+        });
+        pad.collabClient.sendMessage({
+          type: 'PAD_DELETE',
+          data: {padId: pad.getPadId(), deletionToken: token},
+        });
+        setTimeout(() => {
+          if (!handled) window.location.href = '/';
+        }, 5000);
+      });
+
       // delete pad
       $('#delete-pad').on('click', () => {
         if (window.confirm(html10n.get('pad.delete.confirm'))) {
