Files
Momento/memento-note/app/api/user/ai-consent/route.ts
Antigravity 0784c94242
Some checks failed
CI / Lint, Test & Build (push) Failing after 57s
CI / Deploy production (on server) (push) Has been skipped
feat(notes): vues structurées tableau/kanban, flashcards et MCP robuste
Ajoute la base organisable par carnet (schéma, champs partagés, valeurs par note)
avec activation guidée, tableau éditable, kanban et suppression de colonnes.
Corrige le multiselect en vue tableau et enrichit sidebar, grille et i18n FR/EN.
Inclut aussi les améliorations flashcards SM-2, l'audit consentement IA et la
robustesse du serveur MCP (config, validation, rate-limit, métriques).

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-24 23:03:16 +00:00

86 lines
2.4 KiB
TypeScript

import { NextRequest, NextResponse } from 'next/server'
import { auth } from '@/auth'
import { prisma } from '@/lib/prisma'
import { createHash } from 'crypto'
/**
* POST /api/user/ai-consent
* Explicit AI Processing Consent — Logs explicit user consent for compliance.
* Optionally syncs consent state to UserAISettings if remember=true.
*
* Body: { consent: boolean, remember: boolean }
*/
export async function POST(req: NextRequest) {
try {
const session = await auth()
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const userId = session.user.id
let body: { consent?: boolean; remember?: boolean } = {}
try {
body = await req.json()
} catch {
return NextResponse.json({ error: 'Invalid request body' }, { status: 400 })
}
const consent = body.consent ?? false
const remember = body.remember ?? false
// Get IP address and User-Agent
const ip = req.headers.get('x-forwarded-for') || '127.0.0.1'
const userAgent = req.headers.get('user-agent') || 'unknown'
// Hash/Anonymize IP address for strict GDPR compliance
const anonymizedIp = ip ? createHash('sha256').update(ip).digest('hex') : null
let auditOk = true
try {
await prisma.aiConsentLog.create({
data: {
userId,
consent,
ipAddress: anonymizedIp,
userAgent,
},
})
} catch (auditError) {
auditOk = false
console.error('[POST /api/user/ai-consent] audit log failed:', auditError)
}
if (remember) {
try {
await prisma.userAISettings.upsert({
where: { userId },
create: {
userId,
aiProcessingConsent: consent,
},
update: {
aiProcessingConsent: consent,
},
})
} catch (settingsError) {
console.error('[POST /api/user/ai-consent] settings upsert failed:', settingsError)
return NextResponse.json({ error: 'settings_update_failed' }, { status: 500 })
}
}
if (!auditOk) {
return NextResponse.json({
success: true,
auditLogged: false,
warning: 'audit_log_failed',
})
}
return NextResponse.json({ success: true, auditLogged: true })
} catch (error) {
console.error('[POST /api/user/ai-consent] failed:', error)
return NextResponse.json({ error: 'Internal Server Error' }, { status: 500 })
}
}