From db9c807289eeb2fadc411d805dc3bde6def23623 Mon Sep 17 00:00:00 2001
From: "R. Miles McCain" <development-machine@sendmiles.email>
Date: Sat, 23 Jan 2021 23:13:44 -0500
Subject: [PATCH] Add optional more aggressive salting (fixes #95)

---
 TEMPLATE.env              | 9 ++++++++-
 shynet/analytics/tasks.py | 5 ++++-
 shynet/shynet/settings.py | 3 +++
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/TEMPLATE.env b/TEMPLATE.env
index 7a620bb..d40ebb7 100644
--- a/TEMPLATE.env
+++ b/TEMPLATE.env
@@ -75,4 +75,11 @@ SHOW_SHYNET_VERSION=True
 SHOW_THIRD_PARTY_ICONS=True
 
 # Should Shynet block collection of IP addresses globally?
-BLOCK_ALL_IPS=False
\ No newline at end of file
+BLOCK_ALL_IPS=False
+
+# Should Shynet include the date and site ID when hashing users?
+# This will prevent any possibility of cross-site tracking provided
+# that IP collection is also disabled, and external keys (primary
+# keys) aren't supplied. It will also prevent sessions from spanning
+# one day to another.
+AGGRESSIVE_HASH_SALTING=True
\ No newline at end of file
diff --git a/shynet/analytics/tasks.py b/shynet/analytics/tasks.py
index 27f7c3f..8f6a1e3 100644
--- a/shynet/analytics/tasks.py
+++ b/shynet/analytics/tasks.py
@@ -1,5 +1,4 @@
 import ipaddress
-import json
 import logging
 from hashlib import sha256
 
@@ -9,6 +8,7 @@ from celery import shared_task
 from django.conf import settings
 from django.core.cache import cache
 from django.db.models import Q
+from django.utils import timezone
 
 from core.models import Service
 
@@ -78,6 +78,9 @@ def ingress_request(
         association_id_hash = sha256()
         association_id_hash.update(str(ip).encode("utf-8"))
         association_id_hash.update(str(user_agent).encode("utf-8"))
+        if settings.AGGRESSIVE_HASH_SALTING:
+            association_id_hash.update(str(service.pk).encode("utf-8"))
+            association_id_hash.update(str(timezone.now().date().isoformat()).encode("utf-8"))
         session_cache_path = (
             f"session_association_{service.pk}_{association_id_hash.hexdigest()}"
         )
diff --git a/shynet/shynet/settings.py b/shynet/shynet/settings.py
index c467e9c..5a14fc2 100644
--- a/shynet/shynet/settings.py
+++ b/shynet/shynet/settings.py
@@ -324,3 +324,6 @@ SHOW_THIRD_PARTY_ICONS = os.getenv("SHOW_THIRD_PARTY_ICONS", "True") == "True"
 
 # Should Shynet never collect any IP?
 BLOCK_ALL_IPS = os.getenv("BLOCK_ALL_IPS", "False") == "True"
+
+# Include date and service ID in salt?
+AGGRESSIVE_HASH_SALTING = os.getenv("AGGRESSIVE_HASH_SALTING", "False") == True
\ No newline at end of file