letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
d62822c284e1a3c3b4049412ad03df9e9e7b609c
pn-new-crm/src/lib/db/schema/gdpr.ts

57 lines
2.2 KiB
TypeScript
Raw Normal View History

feat(gdpr): staff-triggered client-data export bundle (Article 15) Adds a full GDPR Article 15 (right of access) workflow. Staff trigger an export from the client detail; a BullMQ worker assembles every row keyed to that client (profile, contacts, addresses, notes, tags, yachts, company memberships, interests, reservations, invoices, documents, last 500 audit events) into JSON + a self-contained HTML report, ZIPs them, uploads to MinIO, and optionally emails the client a 7-day signed download link. - New table gdpr_exports tracks lifecycle (pending → building → ready → sent / failed) with a 30-day cleanup target - Bundle builder (gdpr-bundle-builder.ts) — pure read-side, tenant- scoped, with HTML escaping to block injection from rogue field values - Worker hook in export queue dispatches on job name 'gdpr-export' - New audit actions: 'request_gdpr_export', 'send_gdpr_export' - API: POST/GET /api/v1/clients/:id/gdpr-export (admin-gated, exports rate-limit, Article-15 audit on POST); GET /:exportId returns a fresh signed URL - UI: <GdprExportButton> dialog on client detail header — admin-only, shows recent exports, supports email-to-client + override recipient, polls every 5s while open - Validation: refuses email-to-client when no primary email + no override (rather than silently dropping the send) Tests: 778/778 vitest (was 771) — +7 covering builder happy path, HTML escaping, tenant isolation, empty client, request-flow validation, and audit / queue interaction. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-28 20:06:31 +02:00
/**
* GDPR client-data export tracking.
*
* Each row is one export request. The actual bundle (a ZIP holding
* `client.json` + `client.html` and a copy of every attached file)
* lives in MinIO; we keep the storage key here plus the lifecycle
* markers needed for audit + the "download history" UI.
*/
import { pgTable, text, timestamp, integer, index } from 'drizzle-orm/pg-core';
import { ports } from './ports';
import { clients } from './clients';
import { user } from './users';
export const gdprExports = pgTable(
'gdpr_exports',
{
id: text('id')
.primaryKey()
.$defaultFn(() => crypto.randomUUID()),
portId: text('port_id')
.notNull()
.references(() => ports.id, { onDelete: 'cascade' }),
clientId: text('client_id')
.notNull()
.references(() => clients.id, { onDelete: 'cascade' }),
/** Staff member who requested the export. */
requestedBy: text('requested_by')
.notNull()
.references(() => user.id, { onDelete: 'restrict' }),
/** 'pending' | 'building' | 'ready' | 'sent' | 'failed' */
status: text('status').notNull().default('pending'),
/** MinIO path under the configured bucket — null until the worker uploads. */
storageKey: text('storage_key'),
sizeBytes: integer('size_bytes'),
/** When status='failed', the truncated error message. */
error: text('error'),
/** Email recipient if the bundle was emailed (typically the client's primary). */
sentTo: text('sent_to'),
createdAt: timestamp('created_at', { withTimezone: true }).notNull().defaultNow(),
readyAt: timestamp('ready_at', { withTimezone: true }),
sentAt: timestamp('sent_at', { withTimezone: true }),
/** Cleanup target — bundles are removed from MinIO after this. */
expiresAt: timestamp('expires_at', { withTimezone: true }),
},
(table) => [
index('idx_gdpr_exports_client').on(table.clientId),
index('idx_gdpr_exports_port_created').on(table.portId, table.createdAt),
],
);
export type GdprExport = typeof gdprExports.$inferSelect;
export type NewGdprExport = typeof gdprExports.$inferInsert;
export type GdprExportStatus = 'pending' | 'building' | 'ready' | 'sent' | 'failed';
Reference in New Issue Copy Permalink