From 43b26a306adb73cb46a904d2e012db2fd8fc2fd7 Mon Sep 17 00:00:00 2001
From: David Florness <david@florness.com>
Date: Sat, 1 May 2021 20:41:20 -0400
Subject: [PATCH] Redact all events (except Sum) we sent once the election is
 over

In case tallyard has terrible cryptography, this will protect most people who
are casually using the software.
---
 cmd/tallyard/main.go |  2 +-
 election/voter.go    | 44 +++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/cmd/tallyard/main.go b/cmd/tallyard/main.go
index 4ad9307..a643fea 100644
--- a/cmd/tallyard/main.go
+++ b/cmd/tallyard/main.go
@@ -143,7 +143,7 @@ func main() {
 
 	el.PrintResults()
 
-	el.Finish()
+	el.Finish(client)
 }
 
 var electionFilter = &mautrix.Filter{
diff --git a/election/voter.go b/election/voter.go
index f44b5a7..abd0717 100644
--- a/election/voter.go
+++ b/election/voter.go
@@ -470,10 +470,52 @@ func (el *Election) SendSum(client *mautrix.Client, eventStore *EventStore) erro
 	return nil
 }
 
-func (el *Election) Finish() {
+func (el *Election) Finish(client *mautrix.Client) {
 	el.Lock()
 	defer el.Save()
 	defer el.Unlock()
+
+	if el.LocalVoter == nil {
+		return
+	}
+
+	reqRedact := mautrix.ReqRedact{
+		Reason: "election has concluded",
+	}
+
+	// redact the create/start events if we sent them
+	if el.CreateEvt.Sender == el.LocalVoter.JoinEvt.Sender {
+		_, err := client.RedactEvent(el.RoomID, el.CreateEvt.ID, reqRedact)
+		if err != nil {
+			panic(err)
+		}
+		// if we sent the create event, we necessarily sent the start event
+		_, err = client.RedactEvent(el.RoomID, *el.StartID, reqRedact)
+		if err != nil {
+			panic(err)
+		}
+	}
+
+	// redact our join event
+	_, err := client.RedactEvent(el.RoomID, el.LocalVoter.JoinEvt.ID, reqRedact)
+	if err != nil {
+		panic(err)
+	}
+
+	// redact our keys event
+	_, err = client.RedactEvent(el.RoomID, *el.LocalVoter.KeysID, reqRedact)
+	if err != nil {
+		panic(err)
+	}
+
+	// redact our evals event
+	_, err = client.RedactEvent(el.RoomID, *el.LocalVoter.EvalsID, reqRedact)
+	if err != nil {
+		panic(err)
+	}
+
+	// we don't redact the sum event since others may still be using it
+
 	// the election is over; throw away the keys!
 	el.LocalVoter = nil
 }
-- 
2.38.4