Benjamin Bönisch
8f21650d74
CI / detect-changes (push) Successful in 16s
CI / branch-name (push) Has been skipped
CI / guardrail-integrity (push) Has been skipped
CI / secret-scan (push) Has been skipped
CI / dep-audit (push) Has been skipped
CI / sbom-scan (push) Has been skipped
CI / build-sha-integrity (push) Successful in 15s
CI / validate-canonical-controls (push) Successful in 13s
CI / loc-budget (push) Successful in 25s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / nodejs-build (push) Successful in 3m9s
CI / test-go (push) Has been skipped
CI / iace-gt-coverage (push) Has been skipped
CI / test-python-backend (push) Successful in 31s
CI / test-python-document-crawler (push) Has been skipped
CI / test-python-dsms-gateway (push) Has been skipped
- /sdk/dokumente: Kundensicht nur auf veroeffentlichte Rechtsdokumente (Ansehen + Download); Proxy mit Allow-List nur /public — Templates/Drafts/ Generator bleiben unerreichbar. - /sdk/cra-meldewesen: CRA Art. 14 Meldewesen (24h/72h/14d-Kaskade) mit Fristen-Tracking + ENISA-SRP-Export-Entwurf (kein Live-API). Backend: cra_meldewesen (pure, getestet) + cra_incident_store (schema-neutral ueber compliance_cra_documents) + /api/v1/cra/incidents (additiv, contract-safe). - Screening (Self-Scan) aus dem Frontend genommen: Flow-Stepper-Eintrag ausgeblendet (visibleWhen), Dashboard-Kachel + Import-Button entfernt. Repo-Scanning laeuft extern im Compliance-Scanner; Backend-Router bleibt vorerst gemountet (Contract-Stabilitaet). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
41 lines
1.5 KiB
TypeScript
41 lines
1.5 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
|
|
// Customer-facing proxy to the legal-documents API. The customer "Dokumente"
|
|
// page only ever reads PUBLISHED documents (GET /public). Templates, drafts and
|
|
// the generator stay behind the internal API and are never proxied here.
|
|
const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
|
|
|
|
function tenantHeader(request: NextRequest): string {
|
|
return request.headers.get('x-tenant-id') || '00000000-0000-0000-0000-000000000001'
|
|
}
|
|
|
|
export async function GET(
|
|
request: NextRequest,
|
|
{ params }: { params: Promise<{ path?: string[] }> },
|
|
) {
|
|
const { path = [] } = await params
|
|
const sub = path.join('/')
|
|
// Hard allow-list: customers may only read the public (published) views.
|
|
if (sub !== 'public' && !sub.startsWith('public/')) {
|
|
return NextResponse.json({ error: 'Not found' }, { status: 404 })
|
|
}
|
|
const { searchParams } = new URL(request.url)
|
|
const qs = searchParams.toString()
|
|
try {
|
|
const resp = await fetch(
|
|
`${BACKEND_URL}/api/compliance/legal-documents/${sub}${qs ? `?${qs}` : ''}`,
|
|
{ headers: { 'X-Tenant-ID': tenantHeader(request) } },
|
|
)
|
|
const body = await resp.text()
|
|
return new NextResponse(body, {
|
|
status: resp.status,
|
|
headers: { 'Content-Type': resp.headers.get('Content-Type') || 'application/json' },
|
|
})
|
|
} catch (err) {
|
|
return NextResponse.json(
|
|
{ error: 'Backend unreachable', details: String(err) },
|
|
{ status: 502 },
|
|
)
|
|
}
|
|
}
|