kunthawat/moreminimore-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7552b875e913a2c1bd96aa1519f3f4765615e353
moreminimore-website/PDPA-COMPLIANCE.md
Kunthawat Greethong 7552b875e9 feat: Add full PDPA compliance with cookie consent and admin dashboard 
Features implemented:
- Cookie consent banner (Accept/Reject) with localStorage storage
- Conditional Umami Analytics loading (only with consent)
- Admin dashboard at /admin/consent-logs with password protection
- API endpoints for consent logging (POST/GET/DELETE)
- Updated Privacy Policy with all 14 PDPA Section 36 requirements
- Updated Terms & Conditions with 17 comprehensive sections
- Astro DB integration with consent logging schema
- Production-ready Dockerfile with SQLite support
- Start command for Easypanel deployment

Files added:
- src/components/consent/CookieBanner.astro
- src/pages/api/consent/index.ts
- src/pages/api/consent/[sessionId]/index.ts
- src/pages/admin/consent-logs.astro
- db/schema.ts
- .env.example
- PDPA-COMPLIANCE.md

Files modified:
- src/layouts/Layout.astro (CookieBanner + conditional Umami)
- src/pages/privacy-policy.astro (full PDPA compliance)
- src/pages/terms-and-conditions.astro (comprehensive update)
- astro.config.mjs (Node adapter + DB)
- Dockerfile (production build with DB)
- package.json (dependencies + start script)

Deployment notes:
- CHANGE ADMIN_PASSWORD from default 'changeme'
- Run with: npm run start
- Docker: docker build -t moreminimore:latest .
2026-03-10 12:59:17 +07:00

175 lines
4.4 KiB
Markdown
Raw Blame History

# PDPA Compliance Guide - MoreMiniMore Website
## ✅ Features Implemented
This website is now **PDPA-compliant** with the following features:
### 1. Cookie Consent System
- **Component:** `src/components/consent/CookieBanner.astro`
- **Features:**
- Accept All / Reject All buttons (equal prominence)
- Stores consent in localStorage
- Slides up from bottom on first visit
- Thai language with link to Privacy Policy
- Dispatches 'consentGiven' event for other components
### 2. Conditional Analytics Loading
- **Integration:** Umami Analytics
- **Behavior:** Only loads when user accepts analytics cookies
- **Implementation:** In `src/layouts/Layout.astro`
### 3. Consent API Endpoints
- **POST /api/consent** - Log new consent
- **GET /api/consent** - Retrieve consent logs (admin)
- **DELETE /api/consent/:sessionId** - Right to be forgotten
### 4. Admin Dashboard
- **URL:** `/admin/consent-logs`
- **Features:**
- Password-protected access
- View last 100 consent records
- Statistics (total, acceptance rate, etc.)
- Delete individual records
- Export CSV (coming soon)
- **Default Password:** `changeme` (MUST change in production!)
### 5. Updated Legal Pages
- **Privacy Policy:** All 14 PDPA Section 36 requirements
- **Terms & Conditions:** 17 comprehensive sections
- Both in Thai language with professional legal terminology
## 🔧 Configuration
### Environment Variables
Create a `.env` file in the root directory:
```bash
# Copy from example
cp .env.example .env
# Edit with your values
nano .env
```
**Required Variables:**
```bash
# Admin password (CHANGE THIS!)
ADMIN_PASSWORD=your-secure-password-here
# Database (for production)
ASTRO_DB_REMOTE_URL=file:./data/consent.db
```
**Optional Variables:**
```bash
# Umami Analytics
UMAMI_WEBSITE_ID=xxx-xxx-xxx
UMAMI_DOMAIN=analytics.example.com
```
## 🚀 Deployment
### Docker (Recommended)
```bash
# Build image
docker build -t moreminimore:latest .
# Run container
docker run -d \
-p 80:80 \
-e NODE_ENV=production \
-e ASTRO_DB_REMOTE_URL=file:/app/data/consent.db \
-e HOST=0.0.0.0 \
-e PORT=80 \
-e ADMIN_PASSWORD=your-secure-password \
--name moreminimore \
moreminimore:latest
```
### Easypanel Auto-Deploy
The website is configured for automatic deployment via Easypanel:
1. Push changes to Gitea main branch
2. Easypanel auto-builds (~3 minutes)
3. New version deployed automatically
**Environment Variables in Easypanel:**
- Set all variables from `.env.example`
- Use strong `ADMIN_PASSWORD`
- Configure database if using remote SQLite/Turso
## 📊 Managing Consent Logs
### Access Admin Dashboard
1. Navigate to: `https://your-domain.com/admin/consent-logs`
2. Enter admin password
3. View consent records
### Export Data
Click "Export CSV" button to download consent logs (feature in development)
### Right to be Forgotten
Users can request deletion by:
1. Contacting: contact@moreminimore.com
2. Admin deletes record via dashboard
3. Or via API: `DELETE /api/consent/:sessionId`
## 📝 PDPA Compliance Checklist
### Before Going Live:
- [ ] Change `ADMIN_PASSWORD` from default
- [ ] Test cookie consent banner appears
- [ ] Verify Umami loads only with consent
- [ ] Review Privacy Policy for accuracy
- [ ] Review Terms & Conditions for accuracy
- [ ] Test admin dashboard access
- [ ] Enable HTTPS (required for PDPA)
- [ ] Set up regular backups
### Ongoing Maintenance:
- [ ] Review consent logs monthly
- [ ] Update legal pages when laws change
- [ ] Keep admin password secure
- [ ] Monitor for consent withdrawals
- [ ] Document data processing activities
## 🔒 Security Notes
### Current Implementation:
- Client-side password check (development)
- **Production should use server-side authentication**
### Recommended Improvements:
1. Add server-side session management
2. Implement rate limiting on admin page
3. Add IP whitelist for admin access
4. Use HTTPS only
5. Regular security audits
## 📞 Support
For questions about PDPA compliance or this implementation:
- **Email:** contact@moreminimore.com
- **Phone:** 080-995-5945
- **Line:** @moreminimore
## 📚 Resources
- **PDPC Thailand:** https://www.pdpc.or.th
- **PDPA Full Text:** https://www.pdpc.or.th/กฎหมายและกฎระเบียบ/พ.ร.บ.-คุ้มครองข้อมูลส่วนบุคคล/
- **Umami Analytics:** https://umami.is/docs
- **Astro DB:** https://docs.astro.build/en/guides/astro-db/
---
**Last Updated:** March 10, 2026
**Version:** 1.0.0
Reference in New Issue View Git Blame Copy Permalink