Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ae008d7d25634cef7d4668d00a40a1caa1c10dd7
breakpilot-compliance/admin-compliance/app/api/sdk/v1/einwilligungen/consent/route.ts
Benjamin Admin 393eab6acd
All checks were successful
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-ai-compliance (push) Successful in 36s
Details
CI / test-python-backend-compliance (push) Successful in 31s
Details
CI / test-python-document-crawler (push) Successful in 23s
Details
CI / test-python-dsms-gateway (push) Successful in 18s
Details
feat: Package 4 Nachbesserungen — History-Tracking, Pagination, Frontend-Fixes 
Backend:
- Migration 009: compliance_einwilligungen_consent_history Tabelle
- EinwilligungenConsentHistoryDB Modell (consent_id, action, version, ip, ua, source)
- _record_history() Helper: automatisch bei POST /consents (granted) + PUT /revoke (revoked)
- GET /consents/{id}/history Endpoint (vor revoke platziert für korrektes Routing)
- GET /consents: history-Array pro Eintrag (inline Sub-Query)
- 5 neue Tests (TestConsentHistoryTracking) — 32/32 bestanden

Frontend:
- consent/route.ts: limit+offset aus Frontend-Request weitergeleitet, total-Feld ergänzt
- Neuer Proxy consent/[id]/history/route.ts für GET /consents/{id}/history
- page.tsx: globalStats state + loadStats() (Backend /consents/stats für globale Zahlen)
- page.tsx: Stats-Kacheln auf globalStats umgestellt (nicht mehr page-relativ)
- page.tsx: history-Mapper: created_at→timestamp, consent_version→version
- page.tsx: loadStats() bei Mount + nach Revoke

Dokumentation:
- Developer Portal: neue API-Docs-Seite /api/einwilligungen (Consent + Legal Docs + Cookie Banner)
- developer-portal/app/api/page.tsx: Consent Management Abschnitt
- MkDocs: History-Endpoint, Pagination-Abschnitt, History-Tracking Abschnitt
- Deploy-Skript: scripts/apply_consent_history_migration.sh

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-03 11:54:25 +01:00

204 lines
6.5 KiB
TypeScript
Raw Blame History

/**
* API Route: Consent Management
*
* Proxies to backend-compliance for DB persistence.
* POST - Consent erfassen
* GET - Consent-Status und Statistiken abrufen
* PUT - Batch-Update von Consents
*/
import { NextRequest, NextResponse } from 'next/server'
const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
function getHeaders(request: NextRequest): HeadersInit {
const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
const clientTenantId = request.headers.get('x-tenant-id') || request.headers.get('X-Tenant-ID')
const tenantId = (clientTenantId && uuidRegex.test(clientTenantId))
? clientTenantId
: (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
return {
'Content-Type': 'application/json',
'X-Tenant-ID': tenantId,
}
}
/**
* POST /api/sdk/v1/einwilligungen/consent
* Erfasst eine neue Einwilligung
*/
export async function POST(request: NextRequest) {
try {
const headers = getHeaders(request)
const body = await request.json()
const { userId, dataPointId, granted, consentVersion = '1.0.0', source } = body
if (!userId || !dataPointId || typeof granted !== 'boolean') {
return NextResponse.json(
{ error: 'userId, dataPointId, and granted required' },
{ status: 400 }
)
}
const ipAddress = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || null
const userAgent = request.headers.get('user-agent') || null
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents`,
{
method: 'POST',
headers,
body: JSON.stringify({
user_id: userId,
data_point_id: dataPointId,
granted,
consent_version: consentVersion,
source: source || null,
ip_address: ipAddress,
user_agent: userAgent,
}),
signal: AbortSignal.timeout(30000),
}
)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
const data = await response.json()
return NextResponse.json({
success: true,
consent: {
id: data.id,
dataPointId: data.data_point_id,
granted: data.granted,
grantedAt: data.granted_at,
},
})
} catch (error) {
console.error('Error recording consent:', error)
return NextResponse.json({ error: 'Failed to record consent' }, { status: 500 })
}
}
/**
* GET /api/sdk/v1/einwilligungen/consent
* Ruft Consent-Status und Statistiken ab
*/
export async function GET(request: NextRequest) {
try {
const headers = getHeaders(request)
const { searchParams } = new URL(request.url)
const userId = searchParams.get('userId')
const includeStats = searchParams.get('stats') === 'true'
if (includeStats) {
const statsResponse = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents/stats`,
{ method: 'GET', headers, signal: AbortSignal.timeout(30000) }
)
if (!statsResponse.ok) {
return NextResponse.json({ error: 'Failed to fetch stats' }, { status: statsResponse.status })
}
const stats = await statsResponse.json()
return NextResponse.json({ statistics: stats })
}
// Fetch consents — forward pagination params from frontend
const limit = searchParams.get('limit') || '50'
const offset = searchParams.get('offset') || '0'
const queryParams = new URLSearchParams()
if (userId) queryParams.set('user_id', userId)
queryParams.set('limit', limit)
queryParams.set('offset', offset)
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents?${queryParams.toString()}`,
{ method: 'GET', headers, signal: AbortSignal.timeout(30000) }
)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
const data = await response.json()
return NextResponse.json({
total: data.total || 0,
totalConsents: data.total || 0,
offset: data.offset || 0,
limit: data.limit || parseInt(limit),
consents: data.consents || [],
})
} catch (error) {
console.error('Error fetching consents:', error)
return NextResponse.json({ error: 'Failed to fetch consents' }, { status: 500 })
}
}
/**
* PUT /api/sdk/v1/einwilligungen/consent
* Batch-Update oder Revoke einzelner Consents
*/
export async function PUT(request: NextRequest) {
try {
const headers = getHeaders(request)
const body = await request.json()
const { consentId, action } = body
// Single consent revoke
if (consentId && action === 'revoke') {
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents/${consentId}/revoke`,
{ method: 'PUT', headers, body: '{}', signal: AbortSignal.timeout(30000) }
)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
const data = await response.json()
return NextResponse.json({ success: true, ...data })
}
// Batch update: { userId, consents: { dataPointId: boolean } }
const { userId, consents, consentVersion = '1.0.0' } = body
if (!userId || !consents) {
return NextResponse.json({ error: 'userId and consents required' }, { status: 400 })
}
const ipAddress = request.headers.get('x-forwarded-for') || null
const userAgent = request.headers.get('user-agent') || null
const results = []
for (const [dataPointId, granted] of Object.entries(consents)) {
if (typeof granted !== 'boolean') continue
const resp = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents`,
{
method: 'POST',
headers,
body: JSON.stringify({
user_id: userId,
data_point_id: dataPointId,
granted,
consent_version: consentVersion,
ip_address: ipAddress,
user_agent: userAgent,
}),
signal: AbortSignal.timeout(30000),
}
)
if (resp.ok) {
results.push(await resp.json())
}
}
return NextResponse.json({ success: true, userId, updated: results.length })
} catch (error) {
console.error('Error updating consents:', error)
return NextResponse.json({ error: 'Failed to update consents' }, { status: 500 })
}
}
Reference in New Issue View Git Blame Copy Permalink