hash emails in db

Tony Qiu · Tony Qiu · commit be812ca6beb9 · 2025-10-13T01:26:39.000-04:00
diff --git a/backend/apps/newsletter/migrations/0002_auto_20251013_0521.py b/backend/apps/newsletter/migrations/0002_auto_20251013_0521.py
@@ -0,0 +1,54 @@
+# Generated by Django 4.2.7 on 2025-10-13 05:21
+
+import hashlib
+from django.db import migrations, models
+
+
+def hash_existing_emails(apps, schema_editor):
+    """Hash existing email addresses in the database"""
+    NewsletterSubscriber = apps.get_model('newsletter', 'NewsletterSubscriber')
+    
+    for subscriber in NewsletterSubscriber.objects.all():
+        if hasattr(subscriber, 'email') and subscriber.email:
+            # Hash the existing email
+            email_hash = hashlib.sha256(subscriber.email.lower().strip().encode('utf-8')).hexdigest()
+            subscriber.email_hash = email_hash
+            subscriber.save()
+
+
+def reverse_hash_emails(apps, schema_editor):
+    """This is not reversible - we can't unhash emails"""
+    pass
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("newsletter", "0001_initial"),
+    ]
+
+    operations = [
+        # Add the new email_hash field
+        migrations.AddField(
+            model_name='newslettersubscriber',
+            name='email_hash',
+            field=models.CharField(default='', max_length=128, help_text='SHA-256 hash of the email'),
+            preserve_default=False,
+        ),
+        
+        # Hash existing emails
+        migrations.RunPython(hash_existing_emails, reverse_hash_emails),
+        
+        # Make email_hash unique
+        migrations.AlterField(
+            model_name='newslettersubscriber',
+            name='email_hash',
+            field=models.CharField(max_length=128, unique=True, help_text='SHA-256 hash of the email'),
+        ),
+        
+        # Remove the old email field
+        migrations.RemoveField(
+            model_name='newslettersubscriber',
+            name='email',
+        ),
+    ]
diff --git a/backend/apps/newsletter/models.py b/backend/apps/newsletter/models.py
@@ -1,10 +1,12 @@
+import hashlib
 import uuid
 
+from django.contrib.auth.hashers import make_password, check_password
 from django.db import models
 
 
 class NewsletterSubscriber(models.Model):
-    email = models.EmailField(unique=True)
+    email_hash = models.CharField(max_length=128, unique=True, help_text="SHA-256 hash of the email")
     subscribed_at = models.DateTimeField(auto_now_add=True)
     is_active = models.BooleanField(default=True)
     unsubscribe_token = models.UUIDField(
@@ -23,4 +25,28 @@ class Meta:
         ordering = ["-subscribed_at"]
 
     def __str__(self):
-        return self.email
+        return f"NewsletterSubscriber({self.email_hash[:8]}...)"
+
+    @staticmethod
+    def hash_email(email):
+        """Create a SHA-256 hash of the email address"""
+        return hashlib.sha256(email.lower().strip().encode('utf-8')).hexdigest()
+
+    @classmethod
+    def get_by_email(cls, email):
+        """Get subscriber by email address (using hash lookup)"""
+        email_hash = cls.hash_email(email)
+        try:
+            return cls.objects.get(email_hash=email_hash)
+        except cls.DoesNotExist:
+            return None
+
+    @classmethod
+    def create_subscriber(cls, email):
+        """Create a new subscriber with hashed email"""
+        email_hash = cls.hash_email(email)
+        return cls.objects.create(email_hash=email_hash, is_active=True)
+
+    def get_email_display(self):
+        """Return a masked version of the email for display purposes"""
+        return f"***@{self.email_hash[:4]}..."
diff --git a/backend/apps/newsletter/views.py b/backend/apps/newsletter/views.py
@@ -31,43 +31,42 @@ def newsletter_subscribe(request):
         )
 
     try:
-        # Check if already subscribed
-        subscriber, created = NewsletterSubscriber.objects.get_or_create(
-            email=email.lower().strip(),
-            defaults={"is_active": True},
-        )
+        subscriber = NewsletterSubscriber.get_by_email(email)
+        created = False
 
-        if not created:
+        if subscriber:
             if subscriber.is_active:
                 return Response(
                     {"message": "You're already subscribed to our newsletter!"},
                     status=status.HTTP_200_OK,
                 )
             else:
-                # Reactivate subscription
                 subscriber.is_active = True
                 subscriber.save()
+        else:
+            subscriber = NewsletterSubscriber.create_subscriber(email)
+            created = True
 
         # Send welcome email with mock events
         from services.email_service import email_service
 
         email_sent = email_service.send_welcome_email(
-            subscriber.email, str(subscriber.unsubscribe_token)
+            email, str(subscriber.unsubscribe_token)   
         )
 
         if email_sent:
             return Response(
                 {
                     "message": "Successfully subscribed! Check your email for upcoming events.",
-                    "email": subscriber.email,
+                    "email": email,  
                 },
                 status=status.HTTP_201_CREATED if created else status.HTTP_200_OK,
             )
         else:
             return Response(
                 {
                     "message": "Subscribed successfully, but email could not be sent. Please check back later.",
-                    "email": subscriber.email,
+                    "email": email,  
                 },
                 status=status.HTTP_201_CREATED if created else status.HTTP_200_OK,
             )
@@ -91,7 +90,7 @@ def newsletter_unsubscribe(request, token):
             return Response(
                 {
                     "already_unsubscribed": not subscriber.is_active,
-                    "email": subscriber.email,
+                    "email": subscriber.get_email_display(),   
                     "message": "Already unsubscribed"
                     if not subscriber.is_active
                     else "Ready to unsubscribe",
@@ -119,7 +118,7 @@ def newsletter_unsubscribe(request, token):
         return Response(
             {
                 "message": "Successfully unsubscribed from the newsletter.",
-                "email": subscriber.email,
+                "email": subscriber.get_email_display(),  
                 "unsubscribed_at": subscriber.unsubscribed_at,
             }
         )
