import { NextRequest, NextResponse } from 'next/server' import { auth } from '@/auth' import { prisma } from '@/lib/prisma' import { createHash } from 'crypto' /** * POST /api/user/ai-consent * Explicit AI Processing Consent — Logs explicit user consent for compliance. * Optionally syncs consent state to UserAISettings if remember=true. * * Body: { consent: boolean, remember: boolean } */ export async function POST(req: NextRequest) { try { const session = await auth() if (!session?.user?.id) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const userId = session.user.id let body: { consent?: boolean; remember?: boolean } = {} try { body = await req.json() } catch { return NextResponse.json({ error: 'Invalid request body' }, { status: 400 }) } const consent = body.consent ?? false const remember = body.remember ?? false // Get IP address and User-Agent const ip = req.headers.get('x-forwarded-for') || '127.0.0.1' const userAgent = req.headers.get('user-agent') || 'unknown' // Hash/Anonymize IP address for strict GDPR compliance const anonymizedIp = ip ? createHash('sha256').update(ip).digest('hex') : null let auditOk = true try { await prisma.aiConsentLog.create({ data: { userId, consent, ipAddress: anonymizedIp, userAgent, }, }) } catch (auditError) { auditOk = false console.error('[POST /api/user/ai-consent] audit log failed:', auditError) } if (remember) { try { await prisma.userAISettings.upsert({ where: { userId }, create: { userId, aiProcessingConsent: consent, }, update: { aiProcessingConsent: consent, }, }) } catch (settingsError) { console.error('[POST /api/user/ai-consent] settings upsert failed:', settingsError) return NextResponse.json({ error: 'settings_update_failed' }, { status: 500 }) } } if (!auditOk) { return NextResponse.json({ success: true, auditLogged: false, warning: 'audit_log_failed', }) } return NextResponse.json({ success: true, auditLogged: true }) } catch (error) { console.error('[POST /api/user/ai-consent] failed:', error) return NextResponse.json({ error: 'Internal Server Error' }, { status: 500 }) } }