Benjamin_Boenisch/breakpilot-compliance
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
f14d906f70a0cf726dbcc548e003c09d8a7c4b3d
breakpilot-compliance/admin-compliance/app/api/sdk/v1/einwilligungen/consent/route.ts
Benjamin Admin 113ecdfa77
All checks were successful
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-ai-compliance (push) Successful in 46s
Details
CI / test-python-backend-compliance (push) Successful in 32s
Details
CI / test-python-document-crawler (push) Successful in 22s
Details
CI / test-python-dsms-gateway (push) Successful in 17s
Details
feat: Package 4 Rechtliche Texte — DB-Persistenz fuer Legal Documents, Einwilligungen und Cookie Banner 
- Migration 007: compliance_legal_documents, _versions, _approvals (Approval-Workflow)
- Migration 008: compliance_einwilligungen_catalog, _company, _cookies, _consents
- Backend: legal_document_routes.py (11 Endpoints + draft→review→approved→published Workflow)
- Backend: einwilligungen_routes.py (10 Endpoints inkl. Stats, Pagination, Revoke)
- Frontend: /api/admin/consent/[[...path]] Catch-All-Proxy fuer Legal Documents
- Frontend: catalog/consent/cookie-banner routes von In-Memory auf DB-Proxy umgestellt
- Frontend: einwilligungen/page.tsx + cookie-banner/page.tsx laden jetzt via API (kein Mock)
- Tests: 44/44 pass (test_legal_document_routes.py + test_einwilligungen_routes.py)
- Deploy-Scripts: apply_legal_docs_migration.sh + apply_einwilligungen_migration.sh

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-03 08:25:13 +01:00

200 lines
6.5 KiB
TypeScript
Raw Blame History

/**
* API Route: Consent Management
*
* Proxies to backend-compliance for DB persistence.
* POST - Consent erfassen
* GET - Consent-Status und Statistiken abrufen
* PUT - Batch-Update von Consents
*/
import { NextRequest, NextResponse } from 'next/server'
const BACKEND_URL = process.env.BACKEND_URL || 'http://backend-compliance:8002'
function getHeaders(request: NextRequest): HeadersInit {
const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i
const clientTenantId = request.headers.get('x-tenant-id') || request.headers.get('X-Tenant-ID')
const tenantId = (clientTenantId && uuidRegex.test(clientTenantId))
? clientTenantId
: (process.env.DEFAULT_TENANT_ID || '9282a473-5c95-4b3a-bf78-0ecc0ec71d3e')
return {
'Content-Type': 'application/json',
'X-Tenant-ID': tenantId,
}
}
/**
* POST /api/sdk/v1/einwilligungen/consent
* Erfasst eine neue Einwilligung
*/
export async function POST(request: NextRequest) {
try {
const headers = getHeaders(request)
const body = await request.json()
const { userId, dataPointId, granted, consentVersion = '1.0.0', source } = body
if (!userId || !dataPointId || typeof granted !== 'boolean') {
return NextResponse.json(
{ error: 'userId, dataPointId, and granted required' },
{ status: 400 }
)
}
const ipAddress = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || null
const userAgent = request.headers.get('user-agent') || null
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents`,
{
method: 'POST',
headers,
body: JSON.stringify({
user_id: userId,
data_point_id: dataPointId,
granted,
consent_version: consentVersion,
source: source || null,
ip_address: ipAddress,
user_agent: userAgent,
}),
signal: AbortSignal.timeout(30000),
}
)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
const data = await response.json()
return NextResponse.json({
success: true,
consent: {
id: data.id,
dataPointId: data.data_point_id,
granted: data.granted,
grantedAt: data.granted_at,
},
})
} catch (error) {
console.error('Error recording consent:', error)
return NextResponse.json({ error: 'Failed to record consent' }, { status: 500 })
}
}
/**
* GET /api/sdk/v1/einwilligungen/consent
* Ruft Consent-Status und Statistiken ab
*/
export async function GET(request: NextRequest) {
try {
const headers = getHeaders(request)
const { searchParams } = new URL(request.url)
const userId = searchParams.get('userId')
const includeStats = searchParams.get('stats') === 'true'
if (includeStats) {
const statsResponse = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents/stats`,
{ method: 'GET', headers, signal: AbortSignal.timeout(30000) }
)
if (!statsResponse.ok) {
return NextResponse.json({ error: 'Failed to fetch stats' }, { status: statsResponse.status })
}
const stats = await statsResponse.json()
return NextResponse.json({ statistics: stats })
}
// Fetch consents with optional user filter
const queryParams = new URLSearchParams()
if (userId) queryParams.set('user_id', userId)
queryParams.set('limit', '50')
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents?${queryParams.toString()}`,
{ method: 'GET', headers, signal: AbortSignal.timeout(30000) }
)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
const data = await response.json()
return NextResponse.json({
totalConsents: data.total || 0,
activeConsents: (data.consents || []).filter((c: { granted: boolean; revoked_at: string | null }) => c.granted && !c.revoked_at).length,
revokedConsents: (data.consents || []).filter((c: { revoked_at: string | null }) => c.revoked_at).length,
consents: data.consents || [],
})
} catch (error) {
console.error('Error fetching consents:', error)
return NextResponse.json({ error: 'Failed to fetch consents' }, { status: 500 })
}
}
/**
* PUT /api/sdk/v1/einwilligungen/consent
* Batch-Update oder Revoke einzelner Consents
*/
export async function PUT(request: NextRequest) {
try {
const headers = getHeaders(request)
const body = await request.json()
const { consentId, action } = body
// Single consent revoke
if (consentId && action === 'revoke') {
const response = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents/${consentId}/revoke`,
{ method: 'PUT', headers, body: '{}', signal: AbortSignal.timeout(30000) }
)
if (!response.ok) {
const errorText = await response.text()
return NextResponse.json({ error: errorText }, { status: response.status })
}
const data = await response.json()
return NextResponse.json({ success: true, ...data })
}
// Batch update: { userId, consents: { dataPointId: boolean } }
const { userId, consents, consentVersion = '1.0.0' } = body
if (!userId || !consents) {
return NextResponse.json({ error: 'userId and consents required' }, { status: 400 })
}
const ipAddress = request.headers.get('x-forwarded-for') || null
const userAgent = request.headers.get('user-agent') || null
const results = []
for (const [dataPointId, granted] of Object.entries(consents)) {
if (typeof granted !== 'boolean') continue
const resp = await fetch(
`${BACKEND_URL}/api/compliance/einwilligungen/consents`,
{
method: 'POST',
headers,
body: JSON.stringify({
user_id: userId,
data_point_id: dataPointId,
granted,
consent_version: consentVersion,
ip_address: ipAddress,
user_agent: userAgent,
}),
signal: AbortSignal.timeout(30000),
}
)
if (resp.ok) {
results.push(await resp.json())
}
}
return NextResponse.json({ success: true, userId, updated: results.length })
} catch (error) {
console.error('Error updating consents:', error)
return NextResponse.json({ error: 'Failed to update consents' }, { status: 500 })
}
}
Reference in New Issue View Git Blame Copy Permalink