✅ Phase 1 Complete (Nov 9-10, 2025):
- GDPR-compliant consent management fully implemented
- Mandatory workshop display consent + optional social media consents
- Consent badges, filtering, and CSV/JSON export in moderation panel
- Automatic migration system fixed (inline comments handling)
- GDPR compliance validated: 72 production groups with display_in_workshop = 0
- All features tested and production-ready
Documentation Updates:
- FEATURE_PLAN-social-media.md: All Phase 1 tasks marked complete
- README.md: Added consent system to features, updated database schema, new API endpoints
- README.dev.md: Complete developer guide with debugging, testing, and troubleshooting
Technical Achievements:
- 12 commits over 2 days (faster than 4-5 day estimate)
- Zero GDPR violations (retroactive consent fix validated)
- Zero breaking changes to existing functionality
Ready for Code Review and Production Deployment
- Fixed SQL statement parsing to remove both line and inline comments
- Prevents incomplete SQL statements from inline comments
- Migration 005 and 006 now apply correctly via automatic migration system
- Tested with production data: All 72 groups have display_in_workshop = 0 (GDPR compliant)
Problem: Moderation filter returned 0 groups because:
1. groupFormatter.formatGroupDetail() didn't include display_in_workshop field
2. Platform filters incorrectly required workshop consent
Solution:
- Add display_in_workshop and consent_timestamp to formatGroupDetail()
- Remove workshop requirement from platform filters
- Add default filter to show only groups with workshop consent
- Fix workshop-only filter to check for consented social media
Filter logic:
- 'Alle Gruppen': Only groups WITH workshop consent
- 'Nur Werkstatt': Groups with workshop BUT WITHOUT social media
- Platform filters: Groups with that platform consent (independent of workshop)
Problem: Filtered groups were missing preview images because
getGroupsByConsentStatus() only returned group metadata without images.
Solution: Load all groups with getAllGroupsWithModerationInfo() first
(includes images), add consent data, then filter in-memory based on
query parameters. This ensures preview images are always included.
- Update consent.js routes to use /api prefix
- Add /api/social-media location to dev/prod nginx configs
- Fix route registration for proper API access
- Parse consent data from request body (workshopConsent, socialMediaConsents)
- Validate workshop consent is required (400 error if missing)
- Use createGroupWithConsent() instead of createGroup()
- Pass consent data to repository for database storage
- Maintains backward compatibility with existing upload flow
- GDPR-compliant: no upload without explicit workshop consent
- Create consent.js with comprehensive API endpoints:
- GET /api/social-media/platforms - list active platforms
- POST /api/groups/:groupId/consents - save/update group consents
- GET /api/groups/:groupId/consents - retrieve group consent data
- GET /api/admin/groups/by-consent - filter groups by consent status
- GET /api/admin/consents/export - export consent data (JSON/CSV formats)
- Register consent router in routes/index.js
- Full validation and error handling
- CSV export with dynamic platform columns
- Ready for frontend integration
- Create new SocialMediaRepository for platform and consent management
- getAllPlatforms(), getActivePlatforms()
- createPlatform(), updatePlatform(), togglePlatformStatus()
- saveConsents(), getConsentsForGroup(), getGroupIdsByConsentStatus()
- revokeConsent(), restoreConsent(), hasActiveConsent()
- Extend GroupRepository with consent management methods
- createGroupWithConsent() - create group with workshop & social media consents
- getGroupWithConsents() - retrieve group with all consent data
- updateConsents() - update consent preferences
- getGroupsByConsentStatus() - filter groups by consent status
- exportConsentData() - export for legal documentation
- generateManagementToken(), getGroupByManagementToken() (Phase 2)
- Both repositories work together seamlessly via transactions
- Add POST /api/admin/cleanup/trigger for manual cleanup
- Add GET /api/admin/cleanup/preview for dry-run testing
- Create test-cleanup.sh (bash) for easy testing
- Create test-cleanup.js (node) as alternative test tool
- Enable backdating groups for testing purposes
Features:
- Add image description field (max 200 chars) for individual images
- Replace 'Sort' button with 'Edit' button in image gallery cards
- Enable edit mode with text fields for each image in moderation
- Display descriptions in slideshow and public views
- Integrate description saving with main save button
Frontend changes:
- ImageGalleryCard: Add edit mode UI with textarea and character counter
- ModerationGroupImagesPage: Integrate description editing into main save flow
- Fix keyboard event propagation in textarea (spacebar issue)
- Remove separate 'Save Descriptions' button
- Add ESLint fixes for useCallback dependencies
Backend changes:
- Fix route order: batch-description route must come before :imageId route
- Ensure batch description update API works correctly
Build optimizations:
- Add .dockerignore to exclude development data (182MB reduction)
- Fix Dockerfile: Remove non-existent frontend/conf directory
- Reduce backend image size from 437MB to 247MB
Fixes:
- Fix route matching issue with batch-description endpoint
- Prevent keyboard events from triggering drag-and-drop
- Clean up unused functions and ESLint warnings
- Fixed missing 'path' import in batchUpload.js
- Fixed GroupRepository import (singleton vs class)
- Added htpasswd file to development config
- Created new nginx.conf based on working production config
- Updated Dockerfile to copy htpasswd for development
Status:
✅ Upload functionality restored (both single and batch)
✅ Backend routing and error handling fixed
⚠️ nginx auth config needs troubleshooting (container not using new config)
🔧 Problem identified and fixed:
- nginx proxy was routing /api/groups to /groups (removing /api prefix)
- Backend route was registered under /api/groups instead of /groups
- Changed backend route registration from '/api/groups' to '/groups'
- Tested API endpoint: curl to /api/groups/qion_-lT1/reorder now works
- Removed debug console.log statements for cleaner production code
✅ Drag-and-drop reordering now functional in ModerationGroupImagesPage
✅ API requests properly routed through nginx proxy to backend
✅ Error 'Reihenfolge konnte nicht geändert werden' resolved
- Add imageUtils.js helper with getImageSrc() and getGroupPreviewSrc()
- Update ImageGalleryCard to use preview images for galleries
- Update ModerationGroupsPage to show preview images in modal
- Update ModerationGroupImagesPage to use preview images
- Update PublicGroupImagesPage to pass all image fields
- SlideshowPage continues using original images (full quality)
- Update nginx.dev.conf with /api/previews and /api/download routes
- Update start-dev.sh to generate correct nginx config
- Fix GroupRepository.getAllGroupsWithModerationInfo() to return full image data
- Remove obsolete version from docker-compose.override.yml
- Update TODO.md: mark frontend cleanup as completed
Performance: Gallery load times reduced by ~96% (100KB vs 3MB per image)
Task 4: Upload Routes Extended
- upload.js: Generate preview after single file upload
- batchUpload.js: Generate previews for all batch uploads
- Async preview generation (non-blocking response)
- Auto-update preview_path in database after generation
Task 5: Repository with preview_path
- GroupRepository: Include preview_path in INSERT
- getGroupById: Return previewPath in image objects
- groupFormatter: Add previewPath to formatGroupDetail()
- All queries now support preview_path column
Task 6: API Endpoints Extended
- Add PREVIEW_STATIC_DIRECTORY constant (/previews)
- Serve preview images via express.static
- All existing endpoints now return previewPath field
- Fallback to filePath if preview not available (frontend)
- Install sharp@0.33.5 for image processing
- Create ImagePreviewService with preview generation
- Support 800px max width, JPEG 85% quality
- Automatic directory creation on first use
- Include preview size reduction logging
- Add cleanup method for orphaned previews
- README aktualisiert, um die neuen Verzeichnisse zu reflektieren
- Konstanten für Verzeichnispfade in 'constants.js' hinzugefügt
- 'DatabaseManager.js' angepasst, um die neuen Datenbankverzeichnisse zu verwenden
- Routen für Batch-Upload, Download und Upload aktualisiert, um die neuen Pfade zu berücksichtigen
- 'MigrationService.js' hinzugefügt, um vorhandene Daten in die neuen Verzeichnisse zu migrieren
- Hilfsfunktionen in 'groupStorage.js' und 'initiate-resources.js' angepasst
- 'docker-compose.yml' und 'prod.sh' aktualisiert, um die neuen Verzeichnisse zu berücksichtigen
