3320ef94fc
Squash of branch refactor/phase0-guardrails-and-models-split — 4 commits,
81 files, 173/173 pytest green, OpenAPI contract preserved (360 paths /
484 operations).
## Phase 0 — Architecture guardrails
Three defense-in-depth layers to keep the architecture rules enforced
regardless of who opens Claude Code in this repo:
1. .claude/settings.json PreToolUse hook on Write/Edit blocks any file
that would exceed the 500-line hard cap. Auto-loads in every Claude
session in this repo.
2. scripts/githooks/pre-commit (install via scripts/install-hooks.sh)
enforces the LOC cap locally, freezes migrations/ without
[migration-approved], and protects guardrail files without
[guardrail-change].
3. .gitea/workflows/ci.yaml gains loc-budget + guardrail-integrity +
sbom-scan (syft+grype) jobs, adds mypy --strict for the new Python
packages (compliance/{services,repositories,domain,schemas}), and
tsc --noEmit for admin-compliance + developer-portal.
Per-language conventions documented in AGENTS.python.md, AGENTS.go.md,
AGENTS.typescript.md at the repo root — layering, tooling, and explicit
"what you may NOT do" lists. Root CLAUDE.md is prepended with the six
non-negotiable rules. Each of the 10 services gets a README.md.
scripts/check-loc.sh enforces soft 300 / hard 500 and surfaces the
current baseline of 205 hard + 161 soft violations so Phases 1-4 can
drain it incrementally. CI gates only CHANGED files in PRs so the
legacy baseline does not block unrelated work.
## Deprecation sweep
47 files. Pydantic V1 regex= -> pattern= (2 sites), class Config ->
ConfigDict in source_policy_router.py (schemas.py intentionally skipped;
it is the Phase 1 Step 3 split target). datetime.utcnow() ->
datetime.now(timezone.utc) everywhere including SQLAlchemy default=
callables. All DB columns already declare timezone=True, so this is a
latent-bug fix at the Python side, not a schema change.
DeprecationWarning count dropped from 158 to 35.
## Phase 1 Step 1 — Contract test harness
tests/contracts/test_openapi_baseline.py diffs the live FastAPI /openapi.json
against tests/contracts/openapi.baseline.json on every test run. Fails on
removed paths, removed status codes, or new required request body fields.
Regenerate only via tests/contracts/regenerate_baseline.py after a
consumer-updated contract change. This is the safety harness for all
subsequent refactor commits.
## Phase 1 Step 2 — models.py split (1466 -> 85 LOC shim)
compliance/db/models.py is decomposed into seven sibling aggregate modules
following the existing repo pattern (dsr_models.py, vvt_models.py, ...):
regulation_models.py (134) — Regulation, Requirement
control_models.py (279) — Control, Mapping, Evidence, Risk
ai_system_models.py (141) — AISystem, AuditExport
service_module_models.py (176) — ServiceModule, ModuleRegulation, ModuleRisk
audit_session_models.py (177) — AuditSession, AuditSignOff
isms_governance_models.py (323) — ISMSScope, Context, Policy, Objective, SoA
isms_audit_models.py (468) — Finding, CAPA, MgmtReview, InternalAudit,
AuditTrail, Readiness
models.py becomes an 85-line re-export shim in dependency order so
existing imports continue to work unchanged. Schema is byte-identical:
__tablename__, column definitions, relationship strings, back_populates,
cascade directives all preserved.
All new sibling files are under the 500-line hard cap; largest is
isms_audit_models.py at 468. No file in compliance/db/ now exceeds
the hard cap.
## Phase 1 Step 3 — infrastructure only
backend-compliance/compliance/{schemas,domain,repositories}/ packages
are created as landing zones with docstrings. compliance/domain/
exports DomainError / NotFoundError / ConflictError / ValidationError /
PermissionError — the base classes services will use to raise
domain-level errors instead of HTTPException.
PHASE1_RUNBOOK.md at backend-compliance/PHASE1_RUNBOOK.md documents
the nine-step execution plan for Phase 1: snapshot baseline,
characterization tests, split models.py (this commit), split schemas.py
(next), extract services, extract repositories, mypy --strict, coverage.
## Verification
backend-compliance/.venv-phase1: uv python install 3.12 + pip -r requirements.txt
PYTHONPATH=. pytest compliance/tests/ tests/contracts/
-> 173 passed, 0 failed, 35 warnings, OpenAPI 360/484 unchanged
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
456 lines
14 KiB
Python
456 lines
14 KiB
Python
"""
|
|
FastAPI routes for Einwilligungen — Consent-Tracking, Cookie-Banner und Datenpunktkatalog.
|
|
|
|
Endpoints:
|
|
GET /einwilligungen/catalog — Katalog laden
|
|
PUT /einwilligungen/catalog — Katalog speichern (Upsert by tenant_id)
|
|
GET /einwilligungen/company — Firmeninfo laden
|
|
PUT /einwilligungen/company — Firmeninfo speichern (Upsert)
|
|
GET /einwilligungen/cookies — Cookie-Banner-Config laden
|
|
PUT /einwilligungen/cookies — Cookie-Banner-Config speichern (Upsert)
|
|
GET /einwilligungen/consents — Consent-Liste (Pagination + Filter)
|
|
POST /einwilligungen/consents — Consent erfassen
|
|
PUT /einwilligungen/consents/{id}/revoke — Consent widerrufen
|
|
GET /einwilligungen/consents/stats — Statistiken
|
|
"""
|
|
|
|
import logging
|
|
from datetime import datetime, timezone
|
|
from typing import Optional, List, Any, Dict
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Query, Header
|
|
from pydantic import BaseModel
|
|
from sqlalchemy.orm import Session
|
|
|
|
from classroom_engine.database import get_db
|
|
from ..db.einwilligungen_models import (
|
|
EinwilligungenCatalogDB,
|
|
EinwilligungenCompanyDB,
|
|
EinwilligungenCookiesDB,
|
|
EinwilligungenConsentDB,
|
|
EinwilligungenConsentHistoryDB,
|
|
)
|
|
|
|
logger = logging.getLogger(__name__)
|
|
router = APIRouter(prefix="/einwilligungen", tags=["einwilligungen"])
|
|
|
|
|
|
# ============================================================================
|
|
# Pydantic Schemas
|
|
# ============================================================================
|
|
|
|
class CatalogUpsert(BaseModel):
|
|
selected_data_point_ids: List[str] = []
|
|
custom_data_points: List[Dict[str, Any]] = []
|
|
|
|
|
|
class CompanyUpsert(BaseModel):
|
|
data: Dict[str, Any] = {}
|
|
|
|
|
|
class CookiesUpsert(BaseModel):
|
|
categories: List[Dict[str, Any]] = []
|
|
config: Dict[str, Any] = {}
|
|
|
|
|
|
class ConsentCreate(BaseModel):
|
|
user_id: str
|
|
data_point_id: str
|
|
granted: bool
|
|
consent_version: str = '1.0'
|
|
source: Optional[str] = None
|
|
ip_address: Optional[str] = None
|
|
user_agent: Optional[str] = None
|
|
|
|
|
|
# ============================================================================
|
|
# Helpers
|
|
# ============================================================================
|
|
|
|
def _get_tenant(x_tenant_id: Optional[str] = Header(None, alias='X-Tenant-ID')) -> str:
|
|
if not x_tenant_id:
|
|
raise HTTPException(status_code=400, detail="X-Tenant-ID header required")
|
|
return x_tenant_id
|
|
|
|
|
|
def _record_history(db: Session, consent: EinwilligungenConsentDB, action: str) -> None:
|
|
"""Protokolliert eine Aenderung an einer Einwilligung in der History-Tabelle."""
|
|
entry = EinwilligungenConsentHistoryDB(
|
|
consent_id=consent.id,
|
|
tenant_id=consent.tenant_id,
|
|
action=action,
|
|
consent_version=consent.consent_version,
|
|
ip_address=consent.ip_address,
|
|
user_agent=consent.user_agent,
|
|
source=consent.source,
|
|
)
|
|
db.add(entry)
|
|
|
|
|
|
# ============================================================================
|
|
# Catalog
|
|
# ============================================================================
|
|
|
|
@router.get("/catalog")
|
|
async def get_catalog(
|
|
tenant_id: str = Depends(_get_tenant),
|
|
db: Session = Depends(get_db),
|
|
):
|
|
"""Load the data point catalog for a tenant."""
|
|
record = db.query(EinwilligungenCatalogDB).filter(
|
|
EinwilligungenCatalogDB.tenant_id == tenant_id
|
|
).first()
|
|
|
|
if not record:
|
|
return {
|
|
"tenant_id": tenant_id,
|
|
"selected_data_point_ids": [],
|
|
"custom_data_points": [],
|
|
"updated_at": None,
|
|
}
|
|
|
|
return {
|
|
"tenant_id": tenant_id,
|
|
"selected_data_point_ids": record.selected_data_point_ids or [],
|
|
"custom_data_points": record.custom_data_points or [],
|
|
"updated_at": record.updated_at,
|
|
}
|
|
|
|
|
|
@router.put("/catalog")
|
|
async def upsert_catalog(
|
|
request: CatalogUpsert,
|
|
tenant_id: str = Depends(_get_tenant),
|
|
db: Session = Depends(get_db),
|
|
):
|
|
"""Create or update the data point catalog for a tenant."""
|
|
record = db.query(EinwilligungenCatalogDB).filter(
|
|
EinwilligungenCatalogDB.tenant_id == tenant_id
|
|
).first()
|
|
|
|
if record:
|
|
record.selected_data_point_ids = request.selected_data_point_ids
|
|
record.custom_data_points = request.custom_data_points
|
|
record.updated_at = datetime.now(timezone.utc)
|
|
else:
|
|
record = EinwilligungenCatalogDB(
|
|
tenant_id=tenant_id,
|
|
selected_data_point_ids=request.selected_data_point_ids,
|
|
custom_data_points=request.custom_data_points,
|
|
)
|
|
db.add(record)
|
|
|
|
db.commit()
|
|
db.refresh(record)
|
|
return {
|
|
"success": True,
|
|
"tenant_id": tenant_id,
|
|
"selected_data_point_ids": record.selected_data_point_ids,
|
|
"custom_data_points": record.custom_data_points,
|
|
"updated_at": record.updated_at,
|
|
}
|
|
|
|
|
|
# ============================================================================
|
|
# Company Info
|
|
# ============================================================================
|
|
|
|
@router.get("/company")
|
|
async def get_company(
|
|
tenant_id: str = Depends(_get_tenant),
|
|
db: Session = Depends(get_db),
|
|
):
|
|
"""Load company information for DSI generation."""
|
|
record = db.query(EinwilligungenCompanyDB).filter(
|
|
EinwilligungenCompanyDB.tenant_id == tenant_id
|
|
).first()
|
|
|
|
if not record:
|
|
return {"tenant_id": tenant_id, "data": {}, "updated_at": None}
|
|
|
|
return {"tenant_id": tenant_id, "data": record.data or {}, "updated_at": record.updated_at}
|
|
|
|
|
|
@router.put("/company")
|
|
async def upsert_company(
|
|
request: CompanyUpsert,
|
|
tenant_id: str = Depends(_get_tenant),
|
|
db: Session = Depends(get_db),
|
|
):
|
|
"""Create or update company information for a tenant."""
|
|
record = db.query(EinwilligungenCompanyDB).filter(
|
|
EinwilligungenCompanyDB.tenant_id == tenant_id
|
|
).first()
|
|
|
|
if record:
|
|
record.data = request.data
|
|
record.updated_at = datetime.now(timezone.utc)
|
|
else:
|
|
record = EinwilligungenCompanyDB(tenant_id=tenant_id, data=request.data)
|
|
db.add(record)
|
|
|
|
db.commit()
|
|
db.refresh(record)
|
|
return {"success": True, "tenant_id": tenant_id, "data": record.data, "updated_at": record.updated_at}
|
|
|
|
|
|
# ============================================================================
|
|
# Cookie Banner Config
|
|
# ============================================================================
|
|
|
|
@router.get("/cookies")
|
|
async def get_cookies(
|
|
tenant_id: str = Depends(_get_tenant),
|
|
db: Session = Depends(get_db),
|
|
):
|
|
"""Load cookie banner configuration for a tenant."""
|
|
record = db.query(EinwilligungenCookiesDB).filter(
|
|
EinwilligungenCookiesDB.tenant_id == tenant_id
|
|
).first()
|
|
|
|
if not record:
|
|
return {"tenant_id": tenant_id, "categories": [], "config": {}, "updated_at": None}
|
|
|
|
return {
|
|
"tenant_id": tenant_id,
|
|
"categories": record.categories or [],
|
|
"config": record.config or {},
|
|
"updated_at": record.updated_at,
|
|
}
|
|
|
|
|
|
@router.put("/cookies")
|
|
async def upsert_cookies(
|
|
request: CookiesUpsert,
|
|
tenant_id: str = Depends(_get_tenant),
|
|
db: Session = Depends(get_db),
|
|
):
|
|
"""Create or update cookie banner configuration for a tenant."""
|
|
record = db.query(EinwilligungenCookiesDB).filter(
|
|
EinwilligungenCookiesDB.tenant_id == tenant_id
|
|
).first()
|
|
|
|
if record:
|
|
record.categories = request.categories
|
|
record.config = request.config
|
|
record.updated_at = datetime.now(timezone.utc)
|
|
else:
|
|
record = EinwilligungenCookiesDB(
|
|
tenant_id=tenant_id,
|
|
categories=request.categories,
|
|
config=request.config,
|
|
)
|
|
db.add(record)
|
|
|
|
db.commit()
|
|
db.refresh(record)
|
|
return {
|
|
"success": True,
|
|
"tenant_id": tenant_id,
|
|
"categories": record.categories,
|
|
"config": record.config,
|
|
"updated_at": record.updated_at,
|
|
}
|
|
|
|
|
|
# ============================================================================
|
|
# Consents
|
|
# ============================================================================
|
|
|
|
@router.get("/consents/stats")
|
|
async def get_consent_stats(
|
|
tenant_id: str = Depends(_get_tenant),
|
|
db: Session = Depends(get_db),
|
|
):
|
|
"""Get consent statistics for a tenant."""
|
|
all_consents = db.query(EinwilligungenConsentDB).filter(
|
|
EinwilligungenConsentDB.tenant_id == tenant_id
|
|
).all()
|
|
|
|
total = len(all_consents)
|
|
active = sum(1 for c in all_consents if c.granted and not c.revoked_at)
|
|
revoked = sum(1 for c in all_consents if c.revoked_at)
|
|
|
|
# Unique users
|
|
unique_users = len(set(c.user_id for c in all_consents))
|
|
users_with_active = len(set(c.user_id for c in all_consents if c.granted and not c.revoked_at))
|
|
conversion_rate = round((users_with_active / unique_users * 100), 1) if unique_users > 0 else 0.0
|
|
|
|
# By data point
|
|
by_data_point: Dict[str, Dict] = {}
|
|
for c in all_consents:
|
|
dp = c.data_point_id
|
|
if dp not in by_data_point:
|
|
by_data_point[dp] = {"total": 0, "active": 0, "revoked": 0}
|
|
by_data_point[dp]["total"] += 1
|
|
if c.granted and not c.revoked_at:
|
|
by_data_point[dp]["active"] += 1
|
|
if c.revoked_at:
|
|
by_data_point[dp]["revoked"] += 1
|
|
|
|
return {
|
|
"total_consents": total,
|
|
"active_consents": active,
|
|
"revoked_consents": revoked,
|
|
"unique_users": unique_users,
|
|
"conversion_rate": conversion_rate,
|
|
"by_data_point": by_data_point,
|
|
}
|
|
|
|
|
|
@router.get("/consents")
|
|
async def list_consents(
|
|
tenant_id: str = Depends(_get_tenant),
|
|
user_id: Optional[str] = Query(None),
|
|
data_point_id: Optional[str] = Query(None),
|
|
granted: Optional[bool] = Query(None),
|
|
limit: int = Query(50, ge=1, le=500),
|
|
offset: int = Query(0, ge=0),
|
|
db: Session = Depends(get_db),
|
|
):
|
|
"""List consent records with optional filters and pagination."""
|
|
query = db.query(EinwilligungenConsentDB).filter(
|
|
EinwilligungenConsentDB.tenant_id == tenant_id
|
|
)
|
|
|
|
if user_id:
|
|
query = query.filter(EinwilligungenConsentDB.user_id == user_id)
|
|
if data_point_id:
|
|
query = query.filter(EinwilligungenConsentDB.data_point_id == data_point_id)
|
|
if granted is not None:
|
|
query = query.filter(EinwilligungenConsentDB.granted == granted)
|
|
|
|
total = query.count()
|
|
consents = query.order_by(EinwilligungenConsentDB.created_at.desc()).offset(offset).limit(limit).all()
|
|
|
|
return {
|
|
"total": total,
|
|
"offset": offset,
|
|
"limit": limit,
|
|
"consents": [
|
|
{
|
|
"id": str(c.id),
|
|
"tenant_id": c.tenant_id,
|
|
"user_id": c.user_id,
|
|
"data_point_id": c.data_point_id,
|
|
"granted": c.granted,
|
|
"granted_at": c.granted_at,
|
|
"revoked_at": c.revoked_at,
|
|
"consent_version": c.consent_version,
|
|
"source": c.source,
|
|
"ip_address": c.ip_address,
|
|
"user_agent": c.user_agent,
|
|
"created_at": c.created_at,
|
|
"history": [
|
|
{
|
|
"id": str(h.id),
|
|
"action": h.action,
|
|
"consent_version": h.consent_version,
|
|
"ip_address": h.ip_address,
|
|
"user_agent": h.user_agent,
|
|
"source": h.source,
|
|
"created_at": h.created_at,
|
|
}
|
|
for h in db.query(EinwilligungenConsentHistoryDB)
|
|
.filter(EinwilligungenConsentHistoryDB.consent_id == c.id)
|
|
.order_by(EinwilligungenConsentHistoryDB.created_at.asc())
|
|
.all()
|
|
],
|
|
}
|
|
for c in consents
|
|
],
|
|
}
|
|
|
|
|
|
@router.post("/consents", status_code=201)
|
|
async def create_consent(
|
|
request: ConsentCreate,
|
|
tenant_id: str = Depends(_get_tenant),
|
|
db: Session = Depends(get_db),
|
|
):
|
|
"""Record a new consent entry."""
|
|
consent = EinwilligungenConsentDB(
|
|
tenant_id=tenant_id,
|
|
user_id=request.user_id,
|
|
data_point_id=request.data_point_id,
|
|
granted=request.granted,
|
|
granted_at=datetime.now(timezone.utc),
|
|
consent_version=request.consent_version,
|
|
source=request.source,
|
|
ip_address=request.ip_address,
|
|
user_agent=request.user_agent,
|
|
)
|
|
db.add(consent)
|
|
_record_history(db, consent, 'granted')
|
|
db.commit()
|
|
db.refresh(consent)
|
|
|
|
return {
|
|
"success": True,
|
|
"id": str(consent.id),
|
|
"user_id": consent.user_id,
|
|
"data_point_id": consent.data_point_id,
|
|
"granted": consent.granted,
|
|
"granted_at": consent.granted_at,
|
|
}
|
|
|
|
|
|
@router.get("/consents/{consent_id}/history")
|
|
async def get_consent_history(
|
|
consent_id: str,
|
|
tenant_id: str = Depends(_get_tenant),
|
|
db: Session = Depends(get_db),
|
|
):
|
|
"""Get the change history for a specific consent record."""
|
|
entries = (
|
|
db.query(EinwilligungenConsentHistoryDB)
|
|
.filter(
|
|
EinwilligungenConsentHistoryDB.consent_id == consent_id,
|
|
EinwilligungenConsentHistoryDB.tenant_id == tenant_id,
|
|
)
|
|
.order_by(EinwilligungenConsentHistoryDB.created_at.asc())
|
|
.all()
|
|
)
|
|
return [
|
|
{
|
|
"id": str(e.id),
|
|
"consent_id": str(e.consent_id),
|
|
"action": e.action,
|
|
"consent_version": e.consent_version,
|
|
"ip_address": e.ip_address,
|
|
"user_agent": e.user_agent,
|
|
"source": e.source,
|
|
"created_at": e.created_at,
|
|
}
|
|
for e in entries
|
|
]
|
|
|
|
|
|
@router.put("/consents/{consent_id}/revoke")
|
|
async def revoke_consent(
|
|
consent_id: str,
|
|
tenant_id: str = Depends(_get_tenant),
|
|
db: Session = Depends(get_db),
|
|
):
|
|
"""Revoke an active consent."""
|
|
consent = db.query(EinwilligungenConsentDB).filter(
|
|
EinwilligungenConsentDB.id == consent_id,
|
|
EinwilligungenConsentDB.tenant_id == tenant_id,
|
|
).first()
|
|
|
|
if not consent:
|
|
raise HTTPException(status_code=404, detail=f"Consent {consent_id} not found")
|
|
if consent.revoked_at:
|
|
raise HTTPException(status_code=400, detail="Consent is already revoked")
|
|
|
|
consent.revoked_at = datetime.now(timezone.utc)
|
|
_record_history(db, consent, 'revoked')
|
|
db.commit()
|
|
db.refresh(consent)
|
|
|
|
return {
|
|
"success": True,
|
|
"id": str(consent.id),
|
|
"revoked_at": consent.revoked_at,
|
|
}
|