Refactor: Add full PDPA compliance features

- Cookie consent system (banner + modal) with Thai language - Consent logging database (Astro DB + SQLite) - API endpoints for consent management (POST/GET/DELETE) - Admin dashboard for viewing consent logs (/admin/consent-logs) - Umami Analytics integration (conditional loading with consent) - Updated Privacy Policy (full 14-section PDPA Section 36 compliance) - Updated Terms & Conditions (17 sections, Thailand law) - Dockerfile updated with SQLite runtime - Node.js adapter for SSR support - Admin password: moreminimore2026!Secure (CHANGE IN PRODUCTION) TODO: Configure Umami Analytics with actual Website ID
2026-03-09 13:08:09 +07:00
parent da8437bed0
commit 14ca77ed09
17 changed files with 2372 additions and 43 deletions
--- a/src/pages/api/consent/[sessionId]/DELETE.ts
+++ b/src/pages/api/consent/[sessionId]/DELETE.ts
@@ -0,0 +1,51 @@
+import type { APIRoute } from 'astro';
+import { getDb } from '../../../../../db/config';
+import schema from '../../../../../db/schema';
+import { eq } from 'drizzle-orm';
+
+export const prerender = false;
+
+const db = getDb();
+const { ConsentLog } = schema.tables;
+
+export const DELETE: APIRoute = async ({ params, request }) => {
+  try {
+    // Get sessionId from URL path or query parameter
+    const url = new URL(request.url);
+    const sessionId = params.sessionId || url.searchParams.get('sessionId');
+
+    if (!sessionId) {
+      return new Response(JSON.stringify({ error: 'Session ID is required' }), {
+        status: 400,
+        headers: { 'Content-Type': 'application/json' }
+      });
+    }
+
+    // Check if consent exists
+    const existing = await db.select()
+      .from(ConsentLog)
+      .where(eq(ConsentLog.sessionId, sessionId))
+      .limit(1);
+
+    if (existing.length === 0) {
+      return new Response(JSON.stringify({ error: 'Consent not found' }), {
+        status: 404,
+        headers: { 'Content-Type': 'application/json' }
+      });
+    }
+
+    // Delete consent record (Right to be Forgotten - PDPA)
+    await db.delete(ConsentLog).where(eq(ConsentLog.sessionId, sessionId));
+
+    return new Response(JSON.stringify({ success: true, message: 'Consent deleted successfully' }), {
+      status: 200,
+      headers: { 'Content-Type': 'application/json' }
+    });
+  } catch (error) {
+    console.error('Consent DELETE error:', error);
+    return new Response(JSON.stringify({ error: 'Internal server error' }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' }
+    });
+  }
+};