From 6ba7f7bd33fb1229e612aeb5c90f2d8cba41c625 Mon Sep 17 00:00:00 2001 From: "matthias.lotz" Date: Sun, 9 Nov 2025 21:04:50 +0100 Subject: [PATCH] feat(upload): Add consent validation and storage to batch upload - Parse consent data from request body (workshopConsent, socialMediaConsents) - Validate workshop consent is required (400 error if missing) - Use createGroupWithConsent() instead of createGroup() - Pass consent data to repository for database storage - Maintains backward compatibility with existing upload flow - GDPR-compliant: no upload without explicit workshop consent --- backend/src/routes/batchUpload.js | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/backend/src/routes/batchUpload.js b/backend/src/routes/batchUpload.js index 5b15e75..c511c31 100644 --- a/backend/src/routes/batchUpload.js +++ b/backend/src/routes/batchUpload.js @@ -24,13 +24,24 @@ router.post(endpoints.UPLOAD_BATCH, async (req, res) => { // Metadaten aus dem Request body let metadata = {}; let descriptions = []; + let consents = {}; try { metadata = req.body.metadata ? JSON.parse(req.body.metadata) : {}; descriptions = req.body.descriptions ? JSON.parse(req.body.descriptions) : []; + consents = req.body.consents ? JSON.parse(req.body.consents) : {}; } catch (e) { - console.error('Error parsing metadata/descriptions:', e); + console.error('Error parsing metadata/descriptions/consents:', e); metadata = { description: req.body.description || "" }; descriptions = []; + consents = {}; + } + + // Validiere Workshop Consent (Pflichtfeld) + if (!consents.workshopConsent) { + return res.status(400).json({ + error: 'Workshop consent required', + message: 'Die Zustimmung zur Anzeige in der Werkstatt ist erforderlich' + }); } // Erstelle neue Upload-Gruppe mit erweiterten Metadaten @@ -100,8 +111,8 @@ router.post(endpoints.UPLOAD_BATCH, async (req, res) => { console.error('Preview generation failed:', err); }); - // Speichere Gruppe in SQLite - await groupRepository.createGroup({ + // Speichere Gruppe mit Consents in SQLite + await groupRepository.createGroupWithConsent({ groupId: group.groupId, year: group.year, title: group.title, @@ -130,7 +141,10 @@ router.post(endpoints.UPLOAD_BATCH, async (req, res) => { imageDescription: imageDescription ? imageDescription.slice(0, 200) : null }; }) - }); + }, + consents.workshopConsent, + consents.socialMediaConsents || [] + ); console.log(`Successfully saved group ${group.groupId} with ${files.length} images to database`);