feat(notes): liens internes, onglet Réseau, living blocks et consentement IA
Rend les liens entre notes visibles et persistants (sync NoteLink au save, auto-save, graphe réseau rafraîchi), ajoute living blocks, Memory Echo, recherche globale, consentement IA explicite et consolide les prototypes design en architectural-grid. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
68
memento-note/app/api/user/ai-consent/route.ts
Normal file
68
memento-note/app/api/user/ai-consent/route.ts
Normal file
@@ -0,0 +1,68 @@
|
||||
import { NextRequest, NextResponse } from 'next/server'
|
||||
import { auth } from '@/auth'
|
||||
import { prisma } from '@/lib/prisma'
|
||||
import { createHash } from 'crypto'
|
||||
|
||||
/**
|
||||
* POST /api/user/ai-consent
|
||||
* Explicit AI Processing Consent — Logs explicit user consent for compliance.
|
||||
* Optionally syncs consent state to UserAISettings if remember=true.
|
||||
*
|
||||
* Body: { consent: boolean, remember: boolean }
|
||||
*/
|
||||
export async function POST(req: NextRequest) {
|
||||
try {
|
||||
const session = await auth()
|
||||
if (!session?.user?.id) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
}
|
||||
|
||||
const userId = session.user.id
|
||||
|
||||
let body: { consent?: boolean; remember?: boolean } = {}
|
||||
try {
|
||||
body = await req.json()
|
||||
} catch {
|
||||
return NextResponse.json({ error: 'Invalid request body' }, { status: 400 })
|
||||
}
|
||||
|
||||
const consent = body.consent ?? false
|
||||
const remember = body.remember ?? false
|
||||
|
||||
// Get IP address and User-Agent
|
||||
const ip = req.headers.get('x-forwarded-for') || '127.0.0.1'
|
||||
const userAgent = req.headers.get('user-agent') || 'unknown'
|
||||
|
||||
// Hash/Anonymize IP address for strict GDPR compliance
|
||||
const anonymizedIp = ip ? createHash('sha256').update(ip).digest('hex') : null
|
||||
|
||||
// Create persistent audit log of this consent decision
|
||||
await prisma.aiConsentLog.create({
|
||||
data: {
|
||||
userId,
|
||||
consent,
|
||||
ipAddress: anonymizedIp,
|
||||
userAgent,
|
||||
},
|
||||
})
|
||||
|
||||
// If remember is requested, persist state in UserAISettings
|
||||
if (remember) {
|
||||
await prisma.userAISettings.upsert({
|
||||
where: { userId },
|
||||
create: {
|
||||
userId,
|
||||
aiProcessingConsent: consent,
|
||||
},
|
||||
update: {
|
||||
aiProcessingConsent: consent,
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
return NextResponse.json({ success: true })
|
||||
} catch (error) {
|
||||
console.error('[POST /api/user/ai-consent] failed:', error)
|
||||
return NextResponse.json({ error: 'Internal Server Error' }, { status: 500 })
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user