Hacker-Software/opencrm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
7c18343a95b7eb08e663e44f28b1f2595d03a433
opencrm/backend/src/routes/gdpr.routes.ts
T
duffyduck 7c18343a95 Bugfixes: Adresse-Modal + Upload-Limit auf 25 MB 
1. AddressModal: Straße-Feld ließ sich nicht editieren. setFormData
   wurde im Render-Body aufgerufen, wenn formData.street !==
   address.street → Reset bei jedem Tastendruck. In useEffect mit
   [address?.id]-Dependency umgezogen.

2. Multer-Limit von 10 MB auf 25 MB in upload.routes.ts,
   gdpr.routes.ts, contract.routes.ts. Zwei Handy-Fotos zu PDF
   kratzten am alten Limit. FileUpload-Hinweistext angepasst.
2026-06-03 16:37:09 +02:00

97 lines
5.1 KiB
TypeScript
Raw Blame History

import { Router } from 'express';
import multer from 'multer';
import path from 'path';
import fs from 'fs';
import { authenticate, requirePermission } from '../middleware/auth.js';
import { requireSafeUploadedPdf } from '../middleware/pdfUploadSafety.js';
import * as gdprController from '../controllers/gdpr.controller.js';
const router = Router();
// Multer für Vollmacht-Uploads
const uploadsDir = path.join(process.cwd(), 'uploads', 'authorizations');
if (!fs.existsSync(uploadsDir)) {
fs.mkdirSync(uploadsDir, { recursive: true });
}
const authUpload = multer({
storage: multer.diskStorage({
destination: (_req, _file, cb) => cb(null, uploadsDir),
filename: (_req, file, cb) => {
const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1e9);
cb(null, `vollmacht-${uniqueSuffix}${path.extname(file.originalname)}`);
},
}),
fileFilter: (_req, file, cb) => {
if (file.mimetype === 'application/pdf') {
cb(null, true);
} else {
cb(new Error('Nur PDF-Dateien sind erlaubt'));
}
},
limits: { fileSize: 25 * 1024 * 1024 },
});
// Alle Routen erfordern Authentifizierung
router.use(authenticate);
// Dashboard-Statistiken
router.get('/dashboard', requirePermission('gdpr:admin'), gdprController.getDashboardStats);
// Kundendaten exportieren (DSGVO Art. 15)
router.get('/customer/:customerId/export', requirePermission('gdpr:export'), gdprController.exportCustomerData);
// Löschanfragen
router.get('/deletions', requirePermission('gdpr:admin'), gdprController.getDeletionRequests);
router.get('/deletions/:id', requirePermission('gdpr:admin'), gdprController.getDeletionRequest);
router.post('/deletions', requirePermission('gdpr:delete'), gdprController.createDeletionRequest);
router.put('/deletions/:id/process', requirePermission('gdpr:admin'), gdprController.processDeletionRequest);
// Einwilligungen (Consents)
router.get('/customer/:customerId/consent-status', requirePermission('customers:read'), gdprController.checkConsentStatus);
router.get('/customer/:customerId/consents', requirePermission('customers:read'), gdprController.getCustomerConsents);
// Consent-Update: Nur authenticate (Check im Controller - nur Portal-User erlaubt)
router.put('/customer/:customerId/consents/:consentType', gdprController.updateCustomerConsent);
router.get('/consents/overview', requirePermission('gdpr:admin'), gdprController.getConsentOverview);
// Datenschutzerklärung (Editor)
router.get('/privacy-policy', requirePermission('gdpr:admin'), gdprController.getPrivacyPolicy);
router.put('/privacy-policy', requirePermission('gdpr:admin'), gdprController.updatePrivacyPolicy);
// Vollmacht-Vorlage (Editor)
router.get('/authorization-template', requirePermission('gdpr:admin'), gdprController.getAuthorizationTemplate);
router.put('/authorization-template', requirePermission('gdpr:admin'), gdprController.updateAuthorizationTemplate);
// Impressum (Editor + Portal-Anzeige)
router.get('/imprint', gdprController.getImprint);
router.put('/imprint', requirePermission('gdpr:admin'), gdprController.updateImprint);
// Website-Datenschutzerklärung (Editor + Portal-Anzeige)
router.get('/website-privacy-policy', gdprController.getWebsitePrivacyPolicy);
router.put('/website-privacy-policy', requirePermission('gdpr:admin'), gdprController.updateWebsitePrivacyPolicy);
// Consent-Link senden
router.post('/customer/:customerId/send-consent-link', requirePermission('customers:update'), gdprController.sendConsentLink);
// Unterschreibbare Datenschutzerklärung als PDF (Papierform)
router.get('/customer/:customerId/privacy-pdf', requirePermission('customers:read'), gdprController.getSignablePrivacyPdf);
// Portal: Eigene Datenschutzseite (nur authenticate, Check im Controller)
router.get('/my-privacy', gdprController.getMyPrivacy);
router.get('/my-privacy/pdf', gdprController.getMyPrivacyPdf);
router.get('/my-consent-status', gdprController.getMyConsentStatus);
// Vollmachten (Admin)
router.get('/customer/:customerId/authorizations', requirePermission('customers:read'), gdprController.getAuthorizations);
router.post('/customer/:customerId/authorizations/:representativeId/send', requirePermission('customers:update'), gdprController.sendAuthorizationRequest);
router.post('/customer/:customerId/authorizations/:representativeId/grant', requirePermission('customers:update'), gdprController.grantAuthorization);
router.post('/customer/:customerId/authorizations/:representativeId/withdraw', requirePermission('customers:update'), gdprController.withdrawAuthorization);
router.post('/customer/:customerId/authorizations/:representativeId/upload', requirePermission('customers:update'), authUpload.single('document'), requireSafeUploadedPdf, gdprController.uploadAuthorizationDocument);
router.delete('/customer/:customerId/authorizations/:representativeId/document', requirePermission('customers:update'), gdprController.deleteAuthorizationDocument);
// Portal: Vollmachten
router.get('/my-authorizations', gdprController.getMyAuthorizations);
router.put('/my-authorizations/:representativeId', gdprController.toggleMyAuthorization);
router.get('/my-authorization-status', gdprController.getMyAuthorizationStatus);
export default router;
Reference in New Issue View Git Blame Copy Permalink