93 lines
4.8 KiB
TypeScript
93 lines
4.8 KiB
TypeScript
import { Router } from 'express';
|
|
import multer from 'multer';
|
|
import path from 'path';
|
|
import fs from 'fs';
|
|
import { authenticate, requirePermission } from '../middleware/auth.js';
|
|
import * as gdprController from '../controllers/gdpr.controller.js';
|
|
|
|
const router = Router();
|
|
|
|
// Multer für Vollmacht-Uploads
|
|
const uploadsDir = path.join(process.cwd(), 'uploads', 'authorizations');
|
|
if (!fs.existsSync(uploadsDir)) {
|
|
fs.mkdirSync(uploadsDir, { recursive: true });
|
|
}
|
|
const authUpload = multer({
|
|
storage: multer.diskStorage({
|
|
destination: (_req, _file, cb) => cb(null, uploadsDir),
|
|
filename: (_req, file, cb) => {
|
|
const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1e9);
|
|
cb(null, `vollmacht-${uniqueSuffix}${path.extname(file.originalname)}`);
|
|
},
|
|
}),
|
|
fileFilter: (_req, file, cb) => {
|
|
if (file.mimetype === 'application/pdf') {
|
|
cb(null, true);
|
|
} else {
|
|
cb(new Error('Nur PDF-Dateien sind erlaubt'));
|
|
}
|
|
},
|
|
limits: { fileSize: 10 * 1024 * 1024 },
|
|
});
|
|
|
|
// Alle Routen erfordern Authentifizierung
|
|
router.use(authenticate);
|
|
|
|
// Dashboard-Statistiken
|
|
router.get('/dashboard', requirePermission('gdpr:admin'), gdprController.getDashboardStats);
|
|
|
|
// Kundendaten exportieren (DSGVO Art. 15)
|
|
router.get('/customer/:customerId/export', requirePermission('gdpr:export'), gdprController.exportCustomerData);
|
|
|
|
// Löschanfragen
|
|
router.get('/deletions', requirePermission('gdpr:admin'), gdprController.getDeletionRequests);
|
|
router.get('/deletions/:id', requirePermission('gdpr:admin'), gdprController.getDeletionRequest);
|
|
router.post('/deletions', requirePermission('gdpr:delete'), gdprController.createDeletionRequest);
|
|
router.put('/deletions/:id/process', requirePermission('gdpr:admin'), gdprController.processDeletionRequest);
|
|
|
|
// Einwilligungen (Consents)
|
|
router.get('/customer/:customerId/consent-status', requirePermission('customers:read'), gdprController.checkConsentStatus);
|
|
router.get('/customer/:customerId/consents', requirePermission('customers:read'), gdprController.getCustomerConsents);
|
|
// Consent-Update: Nur authenticate (Check im Controller - nur Portal-User erlaubt)
|
|
router.put('/customer/:customerId/consents/:consentType', gdprController.updateCustomerConsent);
|
|
router.get('/consents/overview', requirePermission('gdpr:admin'), gdprController.getConsentOverview);
|
|
|
|
// Datenschutzerklärung (Editor)
|
|
router.get('/privacy-policy', requirePermission('gdpr:admin'), gdprController.getPrivacyPolicy);
|
|
router.put('/privacy-policy', requirePermission('gdpr:admin'), gdprController.updatePrivacyPolicy);
|
|
|
|
// Vollmacht-Vorlage (Editor)
|
|
router.get('/authorization-template', requirePermission('gdpr:admin'), gdprController.getAuthorizationTemplate);
|
|
router.put('/authorization-template', requirePermission('gdpr:admin'), gdprController.updateAuthorizationTemplate);
|
|
|
|
// Impressum (Editor + Portal-Anzeige)
|
|
router.get('/imprint', gdprController.getImprint);
|
|
router.put('/imprint', requirePermission('gdpr:admin'), gdprController.updateImprint);
|
|
|
|
// Website-Datenschutzerklärung (Editor + Portal-Anzeige)
|
|
router.get('/website-privacy-policy', gdprController.getWebsitePrivacyPolicy);
|
|
router.put('/website-privacy-policy', requirePermission('gdpr:admin'), gdprController.updateWebsitePrivacyPolicy);
|
|
|
|
// Consent-Link senden
|
|
router.post('/customer/:customerId/send-consent-link', requirePermission('customers:update'), gdprController.sendConsentLink);
|
|
|
|
// Portal: Eigene Datenschutzseite (nur authenticate, Check im Controller)
|
|
router.get('/my-privacy', gdprController.getMyPrivacy);
|
|
router.get('/my-privacy/pdf', gdprController.getMyPrivacyPdf);
|
|
router.get('/my-consent-status', gdprController.getMyConsentStatus);
|
|
|
|
// Vollmachten (Admin)
|
|
router.get('/customer/:customerId/authorizations', requirePermission('customers:read'), gdprController.getAuthorizations);
|
|
router.post('/customer/:customerId/authorizations/:representativeId/send', requirePermission('customers:update'), gdprController.sendAuthorizationRequest);
|
|
router.post('/customer/:customerId/authorizations/:representativeId/grant', requirePermission('customers:update'), gdprController.grantAuthorization);
|
|
router.post('/customer/:customerId/authorizations/:representativeId/withdraw', requirePermission('customers:update'), gdprController.withdrawAuthorization);
|
|
router.post('/customer/:customerId/authorizations/:representativeId/upload', requirePermission('customers:update'), authUpload.single('document'), gdprController.uploadAuthorizationDocument);
|
|
router.delete('/customer/:customerId/authorizations/:representativeId/document', requirePermission('customers:update'), gdprController.deleteAuthorizationDocument);
|
|
|
|
// Portal: Vollmachten
|
|
router.get('/my-authorizations', gdprController.getMyAuthorizations);
|
|
router.put('/my-authorizations/:representativeId', gdprController.toggleMyAuthorization);
|
|
router.get('/my-authorization-status', gdprController.getMyAuthorizationStatus);
|
|
|
|
export default router;
|