gdpr audit implemented, email log, vollmachten, pdf delete cancel data privacy and vollmachten, removed message no id card in engergy car, and other contracts that are not telecom contracts, added insert counter for engery

2026-03-21 11:59:53 +01:00
parent 89cf92eaf5
commit f2876f877e
1491 changed files with 265550 additions and 1292 deletions
@@ -0,0 +1,32 @@
+import { Router } from 'express';
+import { authenticate, requirePermission } from '../middleware/auth.js';
+import * as auditLogController from '../controllers/auditLog.controller.js';
+
+const router = Router();
+
+// Alle Routen erfordern Authentifizierung
+router.use(authenticate);
+
+// Audit-Logs abrufen
+router.get('/', requirePermission('audit:read'), auditLogController.getAuditLogs);
+
+// Einzelnes Audit-Log abrufen
+router.get('/:id', requirePermission('audit:read'), auditLogController.getAuditLogById);
+
+// Audit-Logs für einen Kunden (DSGVO)
+router.get('/customer/:customerId', requirePermission('audit:read'), auditLogController.getAuditLogsByCustomer);
+
+// Audit-Logs exportieren
+router.get('/export', requirePermission('audit:export'), auditLogController.exportAuditLogs);
+
+// Hash-Ketten-Integrität prüfen
+router.post('/verify', requirePermission('audit:admin'), auditLogController.verifyIntegrity);
+
+// Retention-Policies
+router.get('/retention-policies', requirePermission('audit:admin'), auditLogController.getRetentionPolicies);
+router.put('/retention-policies/:id', requirePermission('audit:admin'), auditLogController.updateRetentionPolicy);
+
+// Retention-Cleanup manuell ausführen
+router.post('/cleanup', requirePermission('audit:admin'), auditLogController.runRetentionCleanup);
+
+export default router;
@@ -0,0 +1,11 @@
+import { Router } from 'express';
+import * as controller from '../controllers/consent-public.controller.js';
+
+const router = Router();
+
+// Öffentliche Routes - KEINE Authentifizierung erforderlich
+router.get('/:hash', controller.getConsentPage);
+router.post('/:hash/grant', controller.grantAllConsents);
+router.get('/:hash/pdf', controller.getConsentPdf);
+
+export default router;
@@ -0,0 +1,13 @@
+import { Router } from 'express';
+import { authenticate, requirePermission } from '../middleware/auth.js';
+import * as emailLogController from '../controllers/emailLog.controller.js';
+
+const router = Router();
+
+router.use(authenticate);
+
+router.get('/', requirePermission('gdpr:admin'), emailLogController.getEmailLogs);
+router.get('/stats', requirePermission('gdpr:admin'), emailLogController.getEmailLogStats);
+router.get('/:id', requirePermission('gdpr:admin'), emailLogController.getEmailLogDetail);
+
+export default router;
@@ -0,0 +1,84 @@
+import { Router } from 'express';
+import multer from 'multer';
+import path from 'path';
+import fs from 'fs';
+import { authenticate, requirePermission } from '../middleware/auth.js';
+import * as gdprController from '../controllers/gdpr.controller.js';
+
+const router = Router();
+
+// Multer für Vollmacht-Uploads
+const uploadsDir = path.join(process.cwd(), 'uploads', 'authorizations');
+if (!fs.existsSync(uploadsDir)) {
+  fs.mkdirSync(uploadsDir, { recursive: true });
+}
+const authUpload = multer({
+  storage: multer.diskStorage({
+    destination: (_req, _file, cb) => cb(null, uploadsDir),
+    filename: (_req, file, cb) => {
+      const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1e9);
+      cb(null, `vollmacht-${uniqueSuffix}${path.extname(file.originalname)}`);
+    },
+  }),
+  fileFilter: (_req, file, cb) => {
+    if (file.mimetype === 'application/pdf') {
+      cb(null, true);
+    } else {
+      cb(new Error('Nur PDF-Dateien sind erlaubt'));
+    }
+  },
+  limits: { fileSize: 10 * 1024 * 1024 },
+});
+
+// Alle Routen erfordern Authentifizierung
+router.use(authenticate);
+
+// Dashboard-Statistiken
+router.get('/dashboard', requirePermission('gdpr:admin'), gdprController.getDashboardStats);
+
+// Kundendaten exportieren (DSGVO Art. 15)
+router.get('/customer/:customerId/export', requirePermission('gdpr:export'), gdprController.exportCustomerData);
+
+// Löschanfragen
+router.get('/deletions', requirePermission('gdpr:admin'), gdprController.getDeletionRequests);
+router.get('/deletions/:id', requirePermission('gdpr:admin'), gdprController.getDeletionRequest);
+router.post('/deletions', requirePermission('gdpr:delete'), gdprController.createDeletionRequest);
+router.put('/deletions/:id/process', requirePermission('gdpr:admin'), gdprController.processDeletionRequest);
+
+// Einwilligungen (Consents)
+router.get('/customer/:customerId/consent-status', requirePermission('customers:read'), gdprController.checkConsentStatus);
+router.get('/customer/:customerId/consents', requirePermission('customers:read'), gdprController.getCustomerConsents);
+// Consent-Update: Nur authenticate (Check im Controller - nur Portal-User erlaubt)
+router.put('/customer/:customerId/consents/:consentType', gdprController.updateCustomerConsent);
+router.get('/consents/overview', requirePermission('gdpr:admin'), gdprController.getConsentOverview);
+
+// Datenschutzerklärung (Editor)
+router.get('/privacy-policy', requirePermission('gdpr:admin'), gdprController.getPrivacyPolicy);
+router.put('/privacy-policy', requirePermission('gdpr:admin'), gdprController.updatePrivacyPolicy);
+
+// Vollmacht-Vorlage (Editor)
+router.get('/authorization-template', requirePermission('gdpr:admin'), gdprController.getAuthorizationTemplate);
+router.put('/authorization-template', requirePermission('gdpr:admin'), gdprController.updateAuthorizationTemplate);
+
+// Consent-Link senden
+router.post('/customer/:customerId/send-consent-link', requirePermission('customers:update'), gdprController.sendConsentLink);
+
+// Portal: Eigene Datenschutzseite (nur authenticate, Check im Controller)
+router.get('/my-privacy', gdprController.getMyPrivacy);
+router.get('/my-privacy/pdf', gdprController.getMyPrivacyPdf);
+router.get('/my-consent-status', gdprController.getMyConsentStatus);
+
+// Vollmachten (Admin)
+router.get('/customer/:customerId/authorizations', requirePermission('customers:read'), gdprController.getAuthorizations);
+router.post('/customer/:customerId/authorizations/:representativeId/send', requirePermission('customers:update'), gdprController.sendAuthorizationRequest);
+router.post('/customer/:customerId/authorizations/:representativeId/grant', requirePermission('customers:update'), gdprController.grantAuthorization);
+router.post('/customer/:customerId/authorizations/:representativeId/withdraw', requirePermission('customers:update'), gdprController.withdrawAuthorization);
+router.post('/customer/:customerId/authorizations/:representativeId/upload', requirePermission('customers:update'), authUpload.single('document'), gdprController.uploadAuthorizationDocument);
+router.delete('/customer/:customerId/authorizations/:representativeId/document', requirePermission('customers:update'), gdprController.deleteAuthorizationDocument);
+
+// Portal: Vollmachten
+router.get('/my-authorizations', gdprController.getMyAuthorizations);
+router.put('/my-authorizations/:representativeId', gdprController.toggleMyAuthorization);
+router.get('/my-authorization-status', gdprController.getMyAuthorizationStatus);
+
+export default router;
@@ -13,4 +13,13 @@ router.post('/:meterId/readings', authenticate, requirePermission('customers:upd
 router.put('/:meterId/readings/:readingId', authenticate, requirePermission('customers:update'), customerController.updateMeterReading);
 router.delete('/:meterId/readings/:readingId', authenticate, requirePermission('customers:delete'), customerController.deleteMeterReading);

+// Status-Update (Zählerstand als übertragen markieren)
+router.patch('/:meterId/readings/:readingId/transfer', authenticate, requirePermission('customers:update'), customerController.markReadingTransferred);
+
+// Portal: Zählerstand melden (Kunde)
+router.post('/:meterId/readings/report', authenticate, customerController.reportMeterReading);
+
+// Portal: Eigene Zähler laden
+router.get('/my-meters', authenticate, customerController.getMyMeters);
+
 export default router;