feat(upload): Add consent validation and storage to batch upload

- Parse consent data from request body (workshopConsent, socialMediaConsents) - Validate workshop consent is required (400 error if missing) - Use createGroupWithConsent() instead of createGroup() - Pass consent data to repository for database storage - Maintains backward compatibility with existing upload flow - GDPR-compliant: no upload without explicit workshop consent
2025-11-09 21:04:50 +01:00 · 2025-11-09 21:04:50 +01:00 · 6ba7f7bd33
commit 6ba7f7bd33
parent 2f86158821
1 changed files with 18 additions and 4 deletions
--- a/backend/src/routes/batchUpload.js
+++ b/backend/src/routes/batchUpload.js
@ -24,13 +24,24 @@ router.post(endpoints.UPLOAD_BATCH, async (req, res) => {
        // Metadaten aus dem Request body
        let metadata = {};
        let descriptions = [];
+        let consents = {};
        try {
            metadata = req.body.metadata ? JSON.parse(req.body.metadata) : {};
            descriptions = req.body.descriptions ? JSON.parse(req.body.descriptions) : [];
+            consents = req.body.consents ? JSON.parse(req.body.consents) : {};
        } catch (e) {
-            console.error('Error parsing metadata/descriptions:', e);
+            console.error('Error parsing metadata/descriptions/consents:', e);
            metadata = { description: req.body.description || "" };
            descriptions = [];
+            consents = {};
+        }
+
+        // Validiere Workshop Consent (Pflichtfeld)
+        if (!consents.workshopConsent) {
+            return res.status(400).json({
+                error: 'Workshop consent required',
+                message: 'Die Zustimmung zur Anzeige in der Werkstatt ist erforderlich'
+            });
        }

        // Erstelle neue Upload-Gruppe mit erweiterten Metadaten
@ -100,8 +111,8 @@ router.post(endpoints.UPLOAD_BATCH, async (req, res) => {
            console.error('Preview generation failed:', err);
        });

-        // Speichere Gruppe in SQLite
-        await groupRepository.createGroup({
+        // Speichere Gruppe mit Consents in SQLite
+        await groupRepository.createGroupWithConsent({
            groupId: group.groupId,
            year: group.year,
            title: group.title,
@ -130,7 +141,10 @@ router.post(endpoints.UPLOAD_BATCH, async (req, res) => {
                    imageDescription: imageDescription ? imageDescription.slice(0, 200) : null
                };
            })
-        });
+        }, 
+        consents.workshopConsent,
+        consents.socialMediaConsents || []
+        );

        console.log(`Successfully saved group ${group.groupId} with ${files.length} images to database`);