Ajoute la base organisable par carnet (schéma, champs partagés, valeurs par note) avec activation guidée, tableau éditable, kanban et suppression de colonnes. Corrige le multiselect en vue tableau et enrichit sidebar, grille et i18n FR/EN. Inclut aussi les améliorations flashcards SM-2, l'audit consentement IA et la robustesse du serveur MCP (config, validation, rate-limit, métriques). Co-authored-by: Cursor <cursoragent@cursor.com>
86 lines
2.4 KiB
TypeScript
86 lines
2.4 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { auth } from '@/auth'
|
|
import { prisma } from '@/lib/prisma'
|
|
import { createHash } from 'crypto'
|
|
|
|
/**
|
|
* POST /api/user/ai-consent
|
|
* Explicit AI Processing Consent — Logs explicit user consent for compliance.
|
|
* Optionally syncs consent state to UserAISettings if remember=true.
|
|
*
|
|
* Body: { consent: boolean, remember: boolean }
|
|
*/
|
|
export async function POST(req: NextRequest) {
|
|
try {
|
|
const session = await auth()
|
|
if (!session?.user?.id) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
|
|
const userId = session.user.id
|
|
|
|
let body: { consent?: boolean; remember?: boolean } = {}
|
|
try {
|
|
body = await req.json()
|
|
} catch {
|
|
return NextResponse.json({ error: 'Invalid request body' }, { status: 400 })
|
|
}
|
|
|
|
const consent = body.consent ?? false
|
|
const remember = body.remember ?? false
|
|
|
|
// Get IP address and User-Agent
|
|
const ip = req.headers.get('x-forwarded-for') || '127.0.0.1'
|
|
const userAgent = req.headers.get('user-agent') || 'unknown'
|
|
|
|
// Hash/Anonymize IP address for strict GDPR compliance
|
|
const anonymizedIp = ip ? createHash('sha256').update(ip).digest('hex') : null
|
|
|
|
let auditOk = true
|
|
try {
|
|
await prisma.aiConsentLog.create({
|
|
data: {
|
|
userId,
|
|
consent,
|
|
ipAddress: anonymizedIp,
|
|
userAgent,
|
|
},
|
|
})
|
|
} catch (auditError) {
|
|
auditOk = false
|
|
console.error('[POST /api/user/ai-consent] audit log failed:', auditError)
|
|
}
|
|
|
|
if (remember) {
|
|
try {
|
|
await prisma.userAISettings.upsert({
|
|
where: { userId },
|
|
create: {
|
|
userId,
|
|
aiProcessingConsent: consent,
|
|
},
|
|
update: {
|
|
aiProcessingConsent: consent,
|
|
},
|
|
})
|
|
} catch (settingsError) {
|
|
console.error('[POST /api/user/ai-consent] settings upsert failed:', settingsError)
|
|
return NextResponse.json({ error: 'settings_update_failed' }, { status: 500 })
|
|
}
|
|
}
|
|
|
|
if (!auditOk) {
|
|
return NextResponse.json({
|
|
success: true,
|
|
auditLogged: false,
|
|
warning: 'audit_log_failed',
|
|
})
|
|
}
|
|
|
|
return NextResponse.json({ success: true, auditLogged: true })
|
|
} catch (error) {
|
|
console.error('[POST /api/user/ai-consent] failed:', error)
|
|
return NextResponse.json({ error: 'Internal Server Error' }, { status: 500 })
|
|
}
|
|
}
|