From 09b2a88b4ec54bf6e2c4362403aefd1c26008f43 Mon Sep 17 00:00:00 2001
From: Steffen Jost <jost@tcs.ifi.lmu.de>
Date: Mon, 25 Jul 2022 12:31:37 +0200
Subject: [PATCH] chore(pdf): encrypt pdfs with password using external pdftk

---
 package.yaml       |  1 +
 shell.nix          |  2 +-
 src/Utils/Print.hs | 27 +++++++++++++++++++++++++++
 3 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/package.yaml b/package.yaml
index d1ceba468..72c349189 100644
--- a/package.yaml
+++ b/package.yaml
@@ -149,6 +149,7 @@ dependencies:
   - unidecode
   - pandoc
   - pandoc-types
+  - typed-process
   - insert-ordered-containers
   - servant
   - servant-server
diff --git a/shell.nix b/shell.nix
index f93171e9a..32d4f5397 100644
--- a/shell.nix
+++ b/shell.nix
@@ -74,7 +74,7 @@ in pkgs.mkShell {
   ++ (with pkgs;
       [ nodejs-14_x postgresql_12 openldap google-chrome exiftool memcached minio minio-client                        
         gup skopeo
-        busybox # for print services
+        # busybox # for print services, but interferes with build commands in develop-shell
         pdftk #pdftk just for testing pdf-passwords
         #texlive.combined.scheme-full # works
         #texlive.combined.scheme-medium
diff --git a/src/Utils/Print.hs b/src/Utils/Print.hs
index 2dfd77640..41f8709d5 100644
--- a/src/Utils/Print.hs
+++ b/src/Utils/Print.hs
@@ -14,6 +14,9 @@ import qualified Text.Pandoc         as P
 import qualified Text.Pandoc.PDF     as P
 import qualified Text.Pandoc.Builder as P
 
+import System.Exit
+import System.Process.Typed -- for calling pdftk for pdf encryption
+
 -- import Model.Types.Markup -- TODO-QSV: should this module be moved accordingly?
 
 {- Recall: 
@@ -246,3 +249,27 @@ sendLetter printJobName pdf printJobRecipient printJobSender printJobCourse prin
   return printJobFilename
 
 
+-----------
+-- pdftk --
+-----------
+--
+-- We use the external tool pdftk for PDF encryption like so
+--  > pdftk in.pdf output out.pdf user_pw tomatenmarmelade
+-- we can use stdin and std out like so
+--  > pdftk - output - user_pw tomatenmarmelade
+--
+
+encryptPDF :: MonadIO m => String -> LBS.ByteString -> m (Either LBS.ByteString LBS.ByteString)
+encryptPDF pw bs = exit2either <$> readProcess pc
+  where 
+    pc =  setStdin (byteStringInput bs) $
+          proc "pdftk"  ["-"                  -- read from stdin
+                        , "output", "-"       -- write to stdout
+                        , "user_pw", pw       -- encrypt pdf content
+                        , "dont_ask"          -- no interaction
+                        , "allow", "Printing" -- allow printing despite encryption
+                        ]
+
+    exit2either :: (ExitCode, a, b) -> Either b a
+    exit2either (ExitSuccess   , ok,   _) = Right ok 
+    exit2either (ExitFailure _ ,  _, err) = Left  err 
\ No newline at end of file