Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Package 4 Rechtliche Texte — DB-Persistenz fuer Legal Documents, Einwilligungen und Cookie Banner
All checks were successful
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-ai-compliance (push) Successful in 46s
Details
CI / test-python-backend-compliance (push) Successful in 32s
Details
CI / test-python-document-crawler (push) Successful in 22s
Details
CI / test-python-dsms-gateway (push) Successful in 17s
Details

Browse Source 
- Migration 007: compliance_legal_documents, _versions, _approvals (Approval-Workflow)
- Migration 008: compliance_einwilligungen_catalog, _company, _cookies, _consents
- Backend: legal_document_routes.py (11 Endpoints + draft→review→approved→published Workflow)
- Backend: einwilligungen_routes.py (10 Endpoints inkl. Stats, Pagination, Revoke)
- Frontend: /api/admin/consent/[[...path]] Catch-All-Proxy fuer Legal Documents
- Frontend: catalog/consent/cookie-banner routes von In-Memory auf DB-Proxy umgestellt
- Frontend: einwilligungen/page.tsx + cookie-banner/page.tsx laden jetzt via API (kein Mock)
- Tests: 44/44 pass (test_legal_document_routes.py + test_einwilligungen_routes.py)
- Deploy-Scripts: apply_legal_docs_migration.sh + apply_einwilligungen_migration.sh

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
2026-03-03 08:25:13 +01:00
parent 799668e472
commit 113ecdfa77
17 changed files with 2501 additions and 664 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
admin-compliance/app/api/admin/consent/[[...path]]/route.ts Normal file
View File

@@ -0,0 +1,113 @@
/**
* Admin Consent API Proxy - Catch-all route
* Proxies all /api/admin/consent/* requests to backend-compliance
*
* Maps: /api/admin/consent/<path> → backend-compliance:8002/api/compliance/legal-documents/<path>
*/
import { NextRequest, NextResponse } from 'next/server'
const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
async function proxyRequest(
request: NextRequest,
pathSegments: string[] | undefined,
method: string
) {
const pathStr = pathSegments?.join('/') || ''
const searchParams = request.nextUrl.searchParams.toString()
const basePath = `${BACKEND_URL}/api/compliance/legal-documents`
const url = pathStr
? `${basePath}/${pathStr}${searchParams ? `?${searchParams}` : ''}`
: `${basePath}${searchParams ? `?${searchParams}` : ''}`
try {
const headers: HeadersInit = {
'Content-Type': 'application/json',
}
const headerNames = ['authorization', 'x-namespace-id', 'x-tenant-slug']
for (const name of headerNames) {
const value = request.headers.get(name)
if (value) {
headers[name] = value
}
}
const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
const clientUserId = request.headers.get('x-user-id')
const clientTenantId = request.headers.get('x-tenant-id')
headers['X-User-ID'] = (clientUserId && uuidRegex.test(clientUserId)) ? clientUserId : '00000000-0000-0000-0000-000000000001'
headers['X-Tenant-ID'] = (clientTenantId && uuidRegex.test(clientTenantId)) ? clientTenantId : (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
const fetchOptions: RequestInit = {
method,
headers,
signal: AbortSignal.timeout(60000),
}
if (method === 'POST' || method === 'PUT') {
const body = await request.text()
if (body) {
fetchOptions.body = body
}
}
const response = await fetch(url, fetchOptions)
if (!response.ok) {
const errorText = await response.text()
let errorJson
try {
errorJson = JSON.parse(errorText)
} catch {
errorJson = { error: errorText }
}
return NextResponse.json(
{ error: `Backend Error: ${response.status}`, ...errorJson },
{ status: response.status }
)
}
const data = await response.json()
return NextResponse.json(data)
} catch (error) {
console.error('Admin Consent API proxy error:', error)
return NextResponse.json(
{ error: 'Verbindung zum Compliance Backend fehlgeschlagen' },
{ status: 503 }
)
}
}
export async function GET(
request: NextRequest,
{ params }: { params: Promise<{ path?: string[] }> }
) {
const { path } = await params
return proxyRequest(request, path, 'GET')
}
export async function POST(
request: NextRequest,
{ params }: { params: Promise<{ path?: string[] }> }
) {
const { path } = await params
return proxyRequest(request, path, 'POST')
}
export async function PUT(
request: NextRequest,
{ params }: { params: Promise<{ path?: string[] }> }
) {
const { path } = await params
return proxyRequest(request, path, 'PUT')
}
export async function DELETE(
request: NextRequest,
{ params }: { params: Promise<{ path?: string[] }> }
) {
const { path } = await params
return proxyRequest(request, path, 'DELETE')
}

324
admin-compliance/app/api/sdk/v1/einwilligungen/catalog/route.ts
View File

@@ -1,255 +1,181 @@
/**
* API Route: Datenpunktkatalog
*
* GET - Katalog abrufen (inkl. kundenspezifischer Datenpunkte)
* POST - Katalog speichern/aktualisieren
* Proxies to backend-compliance for DB persistence.
* GET - Katalog abrufen
* POST - Katalog speichern (forward as PUT to backend)
* PUT - Katalog-Einzeloperationen (add/update/delete)
*/
import { NextRequest, NextResponse } from 'next/server'
import {
DataPointCatalog,
CompanyInfo,
CookieBannerConfig,
DataPoint,
} from '@/lib/sdk/einwilligungen/types'
import { createDefaultCatalog, PREDEFINED_DATA_POINTS } from '@/lib/sdk/einwilligungen/catalog/loader'
// In-Memory Storage (in Produktion: Datenbank)
const catalogStorage = new Map<string, {
catalog: DataPointCatalog
companyInfo: CompanyInfo | null
cookieBannerConfig: CookieBannerConfig | null
}>()
const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
function getHeaders(request: NextRequest): HeadersInit {
const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
const clientTenantId = request.headers.get('x-tenant-id') || request.headers.get('X-Tenant-ID')
const tenantId = (clientTenantId && uuidRegex.test(clientTenantId))
? clientTenantId
: (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
return {
'Content-Type': 'application/json',
'X-Tenant-ID': tenantId,
}
}
/**
* GET /api/sdk/v1/einwilligungen/catalog
*
* Laedt den Datenpunktkatalog fuer einen Tenant
*/
export async function GET(request: NextRequest) {
try {
const tenantId = request.headers.get('X-Tenant-ID')
const headers = getHeaders(request)
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/catalog`,
{ method: 'GET', headers, signal: AbortSignal.timeout(30000) }
)
if (!tenantId) {
return NextResponse.json(
{ error: 'Tenant ID required' },
{ status: 400 }
)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
// Hole gespeicherte Daten oder erstelle Default
let stored = catalogStorage.get(tenantId)
if (!stored) {
// Erstelle Default-Katalog
const defaultCatalog = createDefaultCatalog(tenantId)
stored = {
catalog: defaultCatalog,
companyInfo: null,
cookieBannerConfig: null,
}
catalogStorage.set(tenantId, stored)
}
return NextResponse.json({
catalog: stored.catalog,
companyInfo: stored.companyInfo,
cookieBannerConfig: stored.cookieBannerConfig,
})
const data = await response.json()
return NextResponse.json(data)
} catch (error) {
console.error('Error loading catalog:', error)
return NextResponse.json(
{ error: 'Failed to load catalog' },
{ status: 500 }
)
return NextResponse.json({ error: 'Failed to load catalog' }, { status: 500 })
}
}
/**
* POST /api/sdk/v1/einwilligungen/catalog
*
* Speichert den Datenpunktkatalog fuer einen Tenant
* Saves catalog via PUT to backend
*/
export async function POST(request: NextRequest) {
try {
const tenantId = request.headers.get('X-Tenant-ID')
if (!tenantId) {
return NextResponse.json(
{ error: 'Tenant ID required' },
{ status: 400 }
)
}
const headers = getHeaders(request)
const body = await request.json()
const { catalog, companyInfo, cookieBannerConfig } = body
if (!catalog) {
return NextResponse.json(
{ error: 'Catalog data required' },
{ status: 400 }
)
// Extract catalog data for backend format
const { catalog, companyInfo } = body
const backendPayload: Record<string, unknown> = {
selected_data_point_ids: catalog?.dataPoints
?.filter((dp: { isActive?: boolean }) => dp.isActive)
?.map((dp: { id: string }) => dp.id) || [],
custom_data_points: catalog?.customDataPoints || [],
}
// Validiere den Katalog
if (!catalog.tenantId || catalog.tenantId !== tenantId) {
return NextResponse.json(
{ error: 'Tenant ID mismatch' },
{ status: 400 }
)
const catalogResponse = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/catalog`,
{
method: 'PUT',
headers,
body: JSON.stringify(backendPayload),
signal: AbortSignal.timeout(30000),
}
)
if (!catalogResponse.ok) {
const errorText = await catalogResponse.text()
return NextResponse.json({ error: errorText }, { status: catalogResponse.status })
}
// Aktualisiere den Katalog
const updatedCatalog: DataPointCatalog = {
...catalog,
updatedAt: new Date(),
// Save company info if provided
if (companyInfo) {
await fetch(`${BACKEND_URL}/api/compliance/einwilligungen/company`, {
method: 'PUT',
headers,
body: JSON.stringify({ data: companyInfo }),
signal: AbortSignal.timeout(30000),
})
}
// Speichere
catalogStorage.set(tenantId, {
catalog: updatedCatalog,
companyInfo: companyInfo || null,
cookieBannerConfig: cookieBannerConfig || null,
})
return NextResponse.json({
success: true,
catalog: updatedCatalog,
})
const result = await catalogResponse.json()
return NextResponse.json({ success: true, catalog: result })
} catch (error) {
console.error('Error saving catalog:', error)
return NextResponse.json(
{ error: 'Failed to save catalog' },
{ status: 500 }
)
return NextResponse.json({ error: 'Failed to save catalog' }, { status: 500 })
}
}
/**
* POST /api/sdk/v1/einwilligungen/catalog/customize
*
* Fuegt einen kundenspezifischen Datenpunkt hinzu
* PUT /api/sdk/v1/einwilligungen/catalog
* Katalog-Einzeloperationen (add/update/delete custom data points)
*/
export async function PUT(request: NextRequest) {
try {
const tenantId = request.headers.get('X-Tenant-ID')
if (!tenantId) {
return NextResponse.json(
{ error: 'Tenant ID required' },
{ status: 400 }
)
}
const headers = getHeaders(request)
const body = await request.json()
const { action, dataPoint, dataPointId } = body
const { action, dataPoint, dataPointId, selectedIds, customDataPoints } = body
let stored = catalogStorage.get(tenantId)
if (!stored) {
const defaultCatalog = createDefaultCatalog(tenantId)
stored = {
catalog: defaultCatalog,
companyInfo: null,
cookieBannerConfig: null,
}
// For bulk updates (selectedIds + customDataPoints), use upsert
if (selectedIds !== undefined || customDataPoints !== undefined) {
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/catalog`,
{
method: 'PUT',
headers,
body: JSON.stringify({
selected_data_point_ids: selectedIds || [],
custom_data_points: customDataPoints || [],
}),
signal: AbortSignal.timeout(30000),
}
)
const data = await response.json()
return NextResponse.json({ success: true, ...data })
}
// For individual add/update/delete, fetch current state and modify
const currentResponse = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/catalog`,
{ method: 'GET', headers, signal: AbortSignal.timeout(30000) }
)
const current = await currentResponse.json()
const currentCustom: unknown[] = current.custom_data_points || []
const currentSelected: string[] = current.selected_data_point_ids || []
let updatedCustom = [...currentCustom]
let updatedSelected = [...currentSelected]
switch (action) {
case 'add': {
if (!dataPoint) {
return NextResponse.json(
{ error: 'Data point required' },
{ status: 400 }
case 'add':
if (dataPoint) {
updatedCustom.push({ ...dataPoint, id: `custom-${Date.now()}`, isCustom: true })
}
break
case 'update':
if (dataPointId && dataPoint) {
updatedCustom = updatedCustom.map((dp: unknown) =>
(dp as { id: string }).id === dataPointId ? { ...(dp as object), ...dataPoint } : dp
)
}
// Generiere eindeutige ID
const newDataPoint: DataPoint = {
...dataPoint,
id: `custom-${tenantId}-${Date.now()}`,
isCustom: true,
break
case 'delete':
if (dataPointId) {
updatedCustom = updatedCustom.filter((dp: unknown) => (dp as { id: string }).id !== dataPointId)
updatedSelected = updatedSelected.filter((id) => id !== dataPointId)
}
stored.catalog.customDataPoints.push(newDataPoint)
stored.catalog.updatedAt = new Date()
catalogStorage.set(tenantId, stored)
return NextResponse.json({
success: true,
dataPoint: newDataPoint,
})
}
case 'update': {
if (!dataPointId || !dataPoint) {
return NextResponse.json(
{ error: 'Data point ID and data required' },
{ status: 400 }
)
}
// Pruefe ob es ein kundenspezifischer Datenpunkt ist
const customIndex = stored.catalog.customDataPoints.findIndex(
(dp) => dp.id === dataPointId
)
if (customIndex !== -1) {
stored.catalog.customDataPoints[customIndex] = {
...stored.catalog.customDataPoints[customIndex],
...dataPoint,
}
} else {
// Vordefinierter Datenpunkt - nur isActive aendern
const predefinedIndex = stored.catalog.dataPoints.findIndex(
(dp) => dp.id === dataPointId
)
if (predefinedIndex !== -1 && 'isActive' in dataPoint) {
stored.catalog.dataPoints[predefinedIndex] = {
...stored.catalog.dataPoints[predefinedIndex],
isActive: dataPoint.isActive,
}
}
}
stored.catalog.updatedAt = new Date()
catalogStorage.set(tenantId, stored)
return NextResponse.json({
success: true,
})
}
case 'delete': {
if (!dataPointId) {
return NextResponse.json(
{ error: 'Data point ID required' },
{ status: 400 }
)
}
stored.catalog.customDataPoints = stored.catalog.customDataPoints.filter(
(dp) => dp.id !== dataPointId
)
stored.catalog.updatedAt = new Date()
catalogStorage.set(tenantId, stored)
return NextResponse.json({
success: true,
})
}
default:
return NextResponse.json(
{ error: 'Invalid action' },
{ status: 400 }
)
break
}
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/catalog`,
{
method: 'PUT',
headers,
body: JSON.stringify({
selected_data_point_ids: updatedSelected,
custom_data_points: updatedCustom,
}),
signal: AbortSignal.timeout(30000),
}
)
const data = await response.json()
return NextResponse.json({ success: true, ...data })
} catch (error) {
console.error('Error customizing catalog:', error)
return NextResponse.json(
{ error: 'Failed to customize catalog' },
{ status: 500 }
)
return NextResponse.json({ error: 'Failed to customize catalog' }, { status: 500 })
}
}

398
admin-compliance/app/api/sdk/v1/einwilligungen/consent/route.ts
View File

@@ -1,51 +1,38 @@
/**
* API Route: Consent Management
*
* Proxies to backend-compliance for DB persistence.
* POST - Consent erfassen
* GET - Consent-Status abrufen
* GET - Consent-Status und Statistiken abrufen
* PUT - Batch-Update von Consents
*/
import { NextRequest, NextResponse } from 'next/server'
import {
ConsentEntry,
ConsentStatistics,
DataPointCategory,
LegalBasis,
} from '@/lib/sdk/einwilligungen/types'
import { PREDEFINED_DATA_POINTS } from '@/lib/sdk/einwilligungen/catalog/loader'
// In-Memory Storage fuer Consents
const consentStorage = new Map<string, ConsentEntry[]>() // tenantId -> consents
const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
// Hilfsfunktion: Generiere eindeutige ID
function generateId(): string {
return `consent-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`
function getHeaders(request: NextRequest): HeadersInit {
const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
const clientTenantId = request.headers.get('x-tenant-id') || request.headers.get('X-Tenant-ID')
const tenantId = (clientTenantId && uuidRegex.test(clientTenantId))
? clientTenantId
: (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
return {
'Content-Type': 'application/json',
'X-Tenant-ID': tenantId,
}
}
/**
* POST /api/sdk/v1/einwilligungen/consent
*
* Erfasst eine neue Einwilligung
*
* Body:
* - userId: string - Benutzer-ID
* - dataPointId: string - ID des Datenpunkts
* - granted: boolean - Einwilligung erteilt?
* - consentVersion?: string - Version der Einwilligung
*/
export async function POST(request: NextRequest) {
try {
const tenantId = request.headers.get('X-Tenant-ID')
if (!tenantId) {
return NextResponse.json(
{ error: 'Tenant ID required' },
{ status: 400 }
)
}
const headers = getHeaders(request)
const body = await request.json()
const { userId, dataPointId, granted, consentVersion = '1.0.0' } = body
const { userId, dataPointId, granted, consentVersion = '1.0.0', source } = body
if (!userId || !dataPointId || typeof granted !== 'boolean') {
return NextResponse.json(
@@ -54,316 +41,159 @@ export async function POST(request: NextRequest) {
)
}
// Hole IP und User-Agent
const ipAddress = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || null
const userAgent = request.headers.get('user-agent') || null
// Erstelle Consent-Eintrag
const consent: ConsentEntry = {
id: generateId(),
userId,
dataPointId,
granted,
grantedAt: new Date(),
revokedAt: undefined,
ipAddress: ipAddress || undefined,
userAgent: userAgent || undefined,
consentVersion,
}
// Hole bestehende Consents
const tenantConsents = consentStorage.get(tenantId) || []
// Pruefe auf bestehende Einwilligung fuer diesen Datenpunkt
const existingIndex = tenantConsents.findIndex(
(c) => c.userId === userId && c.dataPointId === dataPointId && !c.revokedAt
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents`,
{
method: 'POST',
headers,
body: JSON.stringify({
user_id: userId,
data_point_id: dataPointId,
granted,
consent_version: consentVersion,
source: source || null,
ip_address: ipAddress,
user_agent: userAgent,
}),
signal: AbortSignal.timeout(30000),
}
)
if (existingIndex !== -1) {
if (!granted) {
// Widerruf: Setze revokedAt
tenantConsents[existingIndex].revokedAt = new Date()
}
// Bei granted=true: Keine Aenderung noetig, Consent existiert bereits
} else if (granted) {
// Neuer Consent
tenantConsents.push(consent)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
consentStorage.set(tenantId, tenantConsents)
const data = await response.json()
return NextResponse.json({
success: true,
consent: {
id: consent.id,
dataPointId: consent.dataPointId,
granted: consent.granted,
grantedAt: consent.grantedAt,
id: data.id,
dataPointId: data.data_point_id,
granted: data.granted,
grantedAt: data.granted_at,
},
})
} catch (error) {
console.error('Error recording consent:', error)
return NextResponse.json(
{ error: 'Failed to record consent' },
{ status: 500 }
)
return NextResponse.json({ error: 'Failed to record consent' }, { status: 500 })
}
}
/**
* GET /api/sdk/v1/einwilligungen/consent
*
* Ruft Consent-Status und Statistiken ab
*
* Query Parameters:
* - userId?: string - Fuer spezifischen Benutzer
* - stats?: boolean - Statistiken inkludieren
*/
export async function GET(request: NextRequest) {
try {
const tenantId = request.headers.get('X-Tenant-ID')
if (!tenantId) {
return NextResponse.json(
{ error: 'Tenant ID required' },
{ status: 400 }
)
}
const headers = getHeaders(request)
const { searchParams } = new URL(request.url)
const userId = searchParams.get('userId')
const includeStats = searchParams.get('stats') === 'true'
const tenantConsents = consentStorage.get(tenantId) || []
if (userId) {
// Spezifischer Benutzer
const userConsents = tenantConsents.filter((c) => c.userId === userId)
// Gruppiere nach Datenpunkt
const consentMap: Record<string, { granted: boolean; grantedAt: Date; revokedAt?: Date }> = {}
for (const consent of userConsents) {
consentMap[consent.dataPointId] = {
granted: consent.granted && !consent.revokedAt,
grantedAt: consent.grantedAt,
revokedAt: consent.revokedAt,
}
}
return NextResponse.json({
userId,
consents: consentMap,
totalConsents: Object.keys(consentMap).length,
activeConsents: Object.values(consentMap).filter((c) => c.granted).length,
})
}
// Statistiken fuer alle Consents
if (includeStats) {
const stats = calculateStatistics(tenantConsents)
return NextResponse.json({
statistics: stats,
recentConsents: tenantConsents
.sort((a, b) => new Date(b.grantedAt).getTime() - new Date(a.grantedAt).getTime())
.slice(0, 10)
.map((c) => ({
id: c.id,
userId: c.userId.substring(0, 8) + '...', // Anonymisiert
dataPointId: c.dataPointId,
granted: c.granted,
grantedAt: c.grantedAt,
})),
})
const statsResponse = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents/stats`,
{ method: 'GET', headers, signal: AbortSignal.timeout(30000) }
)
if (!statsResponse.ok) {
return NextResponse.json({ error: 'Failed to fetch stats' }, { status: statsResponse.status })
}
const stats = await statsResponse.json()
return NextResponse.json({ statistics: stats })
}
// Standard: Alle Consents (anonymisiert)
// Fetch consents with optional user filter
const queryParams = new URLSearchParams()
if (userId) queryParams.set('user_id', userId)
queryParams.set('limit', '50')
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents?${queryParams.toString()}`,
{ method: 'GET', headers, signal: AbortSignal.timeout(30000) }
)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
const data = await response.json()
return NextResponse.json({
totalConsents: tenantConsents.length,
activeConsents: tenantConsents.filter((c) => c.granted && !c.revokedAt).length,
revokedConsents: tenantConsents.filter((c) => c.revokedAt).length,
totalConsents: data.total || 0,
activeConsents: (data.consents || []).filter((c: { granted: boolean; revoked_at: string | null }) => c.granted && !c.revoked_at).length,
revokedConsents: (data.consents || []).filter((c: { revoked_at: string | null }) => c.revoked_at).length,
consents: data.consents || [],
})
} catch (error) {
console.error('Error fetching consents:', error)
return NextResponse.json(
{ error: 'Failed to fetch consents' },
{ status: 500 }
)
return NextResponse.json({ error: 'Failed to fetch consents' }, { status: 500 })
}
}
/**
* PUT /api/sdk/v1/einwilligungen/consent
*
* Batch-Update von Consents (z.B. Cookie-Banner)
* Batch-Update oder Revoke einzelner Consents
*/
export async function PUT(request: NextRequest) {
try {
const tenantId = request.headers.get('X-Tenant-ID')
if (!tenantId) {
return NextResponse.json(
{ error: 'Tenant ID required' },
{ status: 400 }
)
}
const headers = getHeaders(request)
const body = await request.json()
const { userId, consents, consentVersion = '1.0.0' } = body
const { consentId, action } = body
if (!userId || !consents || typeof consents !== 'object') {
return NextResponse.json(
{ error: 'userId and consents object required' },
{ status: 400 }
// Single consent revoke
if (consentId && action === 'revoke') {
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents/${consentId}/revoke`,
{ method: 'PUT', headers, body: '{}', signal: AbortSignal.timeout(30000) }
)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
const data = await response.json()
return NextResponse.json({ success: true, ...data })
}
const ipAddress = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || null
// Batch update: { userId, consents: { dataPointId: boolean } }
const { userId, consents, consentVersion = '1.0.0' } = body
if (!userId || !consents) {
return NextResponse.json({ error: 'userId and consents required' }, { status: 400 })
}
const ipAddress = request.headers.get('x-forwarded-for') || null
const userAgent = request.headers.get('user-agent') || null
const results = []
const tenantConsents = consentStorage.get(tenantId) || []
const now = new Date()
// Verarbeite jeden Consent
for (const [dataPointId, granted] of Object.entries(consents)) {
if (typeof granted !== 'boolean') continue
const existingIndex = tenantConsents.findIndex(
(c) => c.userId === userId && c.dataPointId === dataPointId && !c.revokedAt
)
if (existingIndex !== -1) {
const existing = tenantConsents[existingIndex]
if (existing.granted !== granted) {
if (!granted) {
// Widerruf
tenantConsents[existingIndex].revokedAt = now
} else {
// Neuer Consent nach Widerruf
tenantConsents.push({
id: generateId(),
userId,
dataPointId,
granted: true,
grantedAt: now,
ipAddress: ipAddress || undefined,
userAgent: userAgent || undefined,
consentVersion,
})
}
const resp = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents`,
{
method: 'POST',
headers,
body: JSON.stringify({
user_id: userId,
data_point_id: dataPointId,
granted,
consent_version: consentVersion,
ip_address: ipAddress,
user_agent: userAgent,
}),
signal: AbortSignal.timeout(30000),
}
} else if (granted) {
// Neuer Consent
tenantConsents.push({
id: generateId(),
userId,
dataPointId,
granted: true,
grantedAt: now,
ipAddress: ipAddress || undefined,
userAgent: userAgent || undefined,
consentVersion,
})
)
if (resp.ok) {
results.push(await resp.json())
}
}
consentStorage.set(tenantId, tenantConsents)
// Zaehle aktive Consents fuer diesen User
const activeConsents = tenantConsents.filter(
(c) => c.userId === userId && c.granted && !c.revokedAt
).length
return NextResponse.json({
success: true,
userId,
activeConsents,
updatedAt: now,
})
return NextResponse.json({ success: true, userId, updated: results.length })
} catch (error) {
console.error('Error updating consents:', error)
return NextResponse.json(
{ error: 'Failed to update consents' },
{ status: 500 }
)
}
}
/**
* Berechnet Consent-Statistiken
*/
function calculateStatistics(consents: ConsentEntry[]): ConsentStatistics {
const activeConsents = consents.filter((c) => c.granted && !c.revokedAt)
const revokedConsents = consents.filter((c) => c.revokedAt)
// Gruppiere nach Kategorie (18 Kategorien A-R)
const byCategory: Record<DataPointCategory, { total: number; active: number; revoked: number }> = {
MASTER_DATA: { total: 0, active: 0, revoked: 0 },
CONTACT_DATA: { total: 0, active: 0, revoked: 0 },
AUTHENTICATION: { total: 0, active: 0, revoked: 0 },
CONSENT: { total: 0, active: 0, revoked: 0 },
COMMUNICATION: { total: 0, active: 0, revoked: 0 },
PAYMENT: { total: 0, active: 0, revoked: 0 },
USAGE_DATA: { total: 0, active: 0, revoked: 0 },
LOCATION: { total: 0, active: 0, revoked: 0 },
DEVICE_DATA: { total: 0, active: 0, revoked: 0 },
MARKETING: { total: 0, active: 0, revoked: 0 },
ANALYTICS: { total: 0, active: 0, revoked: 0 },
SOCIAL_MEDIA: { total: 0, active: 0, revoked: 0 },
HEALTH_DATA: { total: 0, active: 0, revoked: 0 },
EMPLOYEE_DATA: { total: 0, active: 0, revoked: 0 },
CONTRACT_DATA: { total: 0, active: 0, revoked: 0 },
LOG_DATA: { total: 0, active: 0, revoked: 0 },
AI_DATA: { total: 0, active: 0, revoked: 0 },
SECURITY: { total: 0, active: 0, revoked: 0 },
}
for (const consent of consents) {
const dataPoint = PREDEFINED_DATA_POINTS.find((dp) => dp.id === consent.dataPointId)
if (dataPoint) {
byCategory[dataPoint.category].total++
if (consent.granted && !consent.revokedAt) {
byCategory[dataPoint.category].active++
}
if (consent.revokedAt) {
byCategory[dataPoint.category].revoked++
}
}
}
// Gruppiere nach Rechtsgrundlage (7 Rechtsgrundlagen)
const byLegalBasis: Record<LegalBasis, { total: number; active: number }> = {
CONTRACT: { total: 0, active: 0 },
CONSENT: { total: 0, active: 0 },
EXPLICIT_CONSENT: { total: 0, active: 0 },
LEGITIMATE_INTEREST: { total: 0, active: 0 },
LEGAL_OBLIGATION: { total: 0, active: 0 },
VITAL_INTERESTS: { total: 0, active: 0 },
PUBLIC_INTEREST: { total: 0, active: 0 },
}
for (const consent of consents) {
const dataPoint = PREDEFINED_DATA_POINTS.find((dp) => dp.id === consent.dataPointId)
if (dataPoint) {
byLegalBasis[dataPoint.legalBasis].total++
if (consent.granted && !consent.revokedAt) {
byLegalBasis[dataPoint.legalBasis].active++
}
}
}
// Berechne Conversion Rate (Unique Users mit mindestens einem Consent)
const uniqueUsers = new Set(consents.map((c) => c.userId))
const usersWithActiveConsent = new Set(activeConsents.map((c) => c.userId))
const conversionRate = uniqueUsers.size > 0
? (usersWithActiveConsent.size / uniqueUsers.size) * 100
: 0
return {
totalConsents: consents.length,
activeConsents: activeConsents.length,
revokedConsents: revokedConsents.length,
byCategory,
byLegalBasis,
conversionRate: Math.round(conversionRate * 10) / 10,
return NextResponse.json({ error: 'Failed to update consents' }, { status: 500 })
}
}

251
admin-compliance/app/api/sdk/v1/einwilligungen/cookie-banner/config/route.ts
View File

@@ -1,215 +1,160 @@
/**
* API Route: Cookie Banner Configuration
*
* Proxies to backend-compliance for DB persistence.
* GET - Cookie Banner Konfiguration abrufen
* POST - Cookie Banner Konfiguration speichern
* PUT - Einzelne Kategorie aktualisieren
*/
import { NextRequest, NextResponse } from 'next/server'
import {
CookieBannerConfig,
CookieBannerStyling,
CookieBannerTexts,
DataPoint,
} from '@/lib/sdk/einwilligungen/types'
import {
generateCookieBannerConfig,
DEFAULT_COOKIE_BANNER_STYLING,
DEFAULT_COOKIE_BANNER_TEXTS,
} from '@/lib/sdk/einwilligungen/generator/cookie-banner'
import { PREDEFINED_DATA_POINTS } from '@/lib/sdk/einwilligungen/catalog/loader'
// In-Memory Storage fuer Cookie Banner Configs
const configStorage = new Map<string, CookieBannerConfig>()
const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
function getHeaders(request: NextRequest): HeadersInit {
const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
const clientTenantId = request.headers.get('x-tenant-id') || request.headers.get('X-Tenant-ID')
const tenantId = (clientTenantId && uuidRegex.test(clientTenantId))
? clientTenantId
: (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
return {
'Content-Type': 'application/json',
'X-Tenant-ID': tenantId,
}
}
/**
* GET /api/sdk/v1/einwilligungen/cookie-banner/config
*
* Laedt die Cookie Banner Konfiguration fuer einen Tenant
*/
export async function GET(request: NextRequest) {
try {
const tenantId = request.headers.get('X-Tenant-ID')
const headers = getHeaders(request)
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/cookies`,
{ method: 'GET', headers, signal: AbortSignal.timeout(30000) }
)
if (!tenantId) {
return NextResponse.json(
{ error: 'Tenant ID required' },
{ status: 400 }
)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
let config = configStorage.get(tenantId)
if (!config) {
// Generiere Default-Konfiguration
config = generateCookieBannerConfig(tenantId, PREDEFINED_DATA_POINTS)
configStorage.set(tenantId, config)
}
return NextResponse.json(config)
const data = await response.json()
// Return in the format the frontend expects (CookieBannerConfig-like)
return NextResponse.json({
categories: data.categories || [],
config: data.config || {},
updatedAt: data.updated_at,
})
} catch (error) {
console.error('Error loading cookie banner config:', error)
return NextResponse.json(
{ error: 'Failed to load cookie banner config' },
{ status: 500 }
)
return NextResponse.json({ error: 'Failed to load cookie banner config' }, { status: 500 })
}
}
/**
* POST /api/sdk/v1/einwilligungen/cookie-banner/config
*
* Speichert oder aktualisiert die Cookie Banner Konfiguration
*
* Body:
* - dataPointIds?: string[] - IDs der Datenpunkte (fuer Neuberechnung)
* - styling?: Partial<CookieBannerStyling> - Styling-Optionen
* - texts?: Partial<CookieBannerTexts> - Text-Optionen
* - customDataPoints?: DataPoint[] - Kundenspezifische Datenpunkte
*/
export async function POST(request: NextRequest) {
try {
const tenantId = request.headers.get('X-Tenant-ID')
if (!tenantId) {
return NextResponse.json(
{ error: 'Tenant ID required' },
{ status: 400 }
)
}
const headers = getHeaders(request)
const body = await request.json()
const {
dataPointIds,
styling,
texts,
customDataPoints = [],
} = body
const { categories, config, styling, texts } = body
// Hole bestehende Konfiguration oder erstelle neue
let config = configStorage.get(tenantId)
if (dataPointIds && Array.isArray(dataPointIds)) {
// Neu berechnen basierend auf Datenpunkten
const allDataPoints: DataPoint[] = [
...PREDEFINED_DATA_POINTS,
...customDataPoints,
]
const selectedDataPoints = dataPointIds
.map((id: string) => allDataPoints.find((dp) => dp.id === id))
.filter((dp): dp is DataPoint => dp !== undefined)
config = generateCookieBannerConfig(
tenantId,
selectedDataPoints,
texts,
styling
)
} else if (config) {
// Nur Styling/Texts aktualisieren
if (styling) {
config.styling = {
...config.styling,
...styling,
}
}
if (texts) {
config.texts = {
...config.texts,
...texts,
}
}
config.updatedAt = new Date()
} else {
// Erstelle Default
config = generateCookieBannerConfig(
tenantId,
PREDEFINED_DATA_POINTS,
texts,
styling
)
const payload = {
categories: categories || [],
config: { ...(config || {}), styling: styling || {}, texts: texts || {} },
}
configStorage.set(tenantId, config)
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/cookies`,
{
method: 'PUT',
headers,
body: JSON.stringify(payload),
signal: AbortSignal.timeout(30000),
}
)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
const data = await response.json()
return NextResponse.json({
success: true,
config,
categories: data.categories || [],
config: data.config || {},
updatedAt: data.updated_at,
})
} catch (error) {
console.error('Error saving cookie banner config:', error)
return NextResponse.json(
{ error: 'Failed to save cookie banner config' },
{ status: 500 }
)
return NextResponse.json({ error: 'Failed to save cookie banner config' }, { status: 500 })
}
}
/**
* PUT /api/sdk/v1/einwilligungen/cookie-banner/config
*
* Aktualisiert einzelne Kategorien
*/
export async function PUT(request: NextRequest) {
try {
const tenantId = request.headers.get('X-Tenant-ID')
if (!tenantId) {
return NextResponse.json(
{ error: 'Tenant ID required' },
{ status: 400 }
)
}
const headers = getHeaders(request)
const body = await request.json()
const { categoryId, enabled } = body
const { categoryId, enabled, categories, config } = body
// If full categories array is provided, save it directly
if (categories !== undefined) {
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/cookies`,
{
method: 'PUT',
headers,
body: JSON.stringify({ categories, config: config || {} }),
signal: AbortSignal.timeout(30000),
}
)
const data = await response.json()
return NextResponse.json({ success: true, ...data })
}
// Single category toggle: fetch current, update, save back
if (!categoryId || typeof enabled !== 'boolean') {
return NextResponse.json(
{ error: 'categoryId and enabled required' },
{ status: 400 }
)
return NextResponse.json({ error: 'categoryId and enabled required' }, { status: 400 })
}
let config = configStorage.get(tenantId)
const currentResponse = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/cookies`,
{ method: 'GET', headers, signal: AbortSignal.timeout(30000) }
)
const current = await currentResponse.json()
if (!config) {
config = generateCookieBannerConfig(tenantId, PREDEFINED_DATA_POINTS)
}
const updatedCategories = (current.categories || []).map((cat: { id: string; isRequired?: boolean; defaultEnabled?: boolean }) => {
if (cat.id !== categoryId) return cat
if (cat.isRequired && !enabled) return cat // Essential cookies cannot be disabled
return { ...cat, defaultEnabled: enabled }
})
// Finde und aktualisiere die Kategorie
const categoryIndex = config.categories.findIndex((c) => c.id === categoryId)
if (categoryIndex === -1) {
return NextResponse.json(
{ error: 'Category not found' },
{ status: 404 }
)
}
// Essenzielle Cookies koennen nicht deaktiviert werden
if (config.categories[categoryIndex].isRequired && !enabled) {
return NextResponse.json(
{ error: 'Essential cookies cannot be disabled' },
{ status: 400 }
)
}
config.categories[categoryIndex].defaultEnabled = enabled
config.updatedAt = new Date()
configStorage.set(tenantId, config)
const saveResponse = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/cookies`,
{
method: 'PUT',
headers,
body: JSON.stringify({ categories: updatedCategories, config: current.config || {} }),
signal: AbortSignal.timeout(30000),
}
)
const data = await saveResponse.json()
return NextResponse.json({
success: true,
category: config.categories[categoryIndex],
category: updatedCategories.find((c: { id: string }) => c.id === categoryId),
...data,
})
} catch (error) {
console.error('Error updating cookie category:', error)
return NextResponse.json(
{ error: 'Failed to update cookie category' },
{ status: 500 }
)
return NextResponse.json({ error: 'Failed to update cookie category' }, { status: 500 })
}
}