kunthawat/moreminimore-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7e69fb317d68d642af1e57dfc2fed2ddb17fc968
moreminimore-website/AGENTS.md

7.6 KiB
Raw Blame History

AI Agent Work Log - PDPA Compliance Implementation

Project: MoreMiniMore Website Redesign

Date: March 9, 2026
Agent: Sisyphus (OhMyOpenCode)
Status: COMPLETED & DEPLOYED

📋 Summary

Full PDPA-compliance implementation for Thai SME website including:

  • Cookie consent system with astro-consent
  • Consent logging database (Astro DB + SQLite)
  • Admin dashboard for consent management
  • API endpoints for consent CRUD operations
  • Umami Analytics integration (privacy-first)
  • Updated Privacy Policy & Terms (PDPA Section 36 compliant)
  • Docker deployment with Easypanel

🎯 Implementation Phases

Phase 1: Dependencies & Setup

  • Installed @astrojs/db, drizzle-orm, @libsql/client, astro-consent
  • Installed @astrojs/node adapter for SSR
  • Created database schema (db/schema.ts)
  • Configured Astro DB connection (db/config.ts)

Phase 2: Cookie Consent System

  • Created CookieBanner.astro component (Thai language)
  • Created ConsentModal.astro for preferences
  • Integrated with Layout.astro
  • localStorage + database logging

Phase 3: API Endpoints

  • POST /api/consent - Log consent
  • GET /api/consent - Retrieve records
  • DELETE /api/consent/:sessionId - Right to be Forgotten
  • All endpoints marked prerender = false for SSR

Phase 4: Admin Dashboard

  • Created /admin/consent-logs.astro
  • Password authentication (ADMIN_PASSWORD)
  • View all consent records
  • Delete individual records
  • Statistics dashboard

Phase 5: Legal Pages

  • Updated privacy-policy.astro - Full 14-section PDPA compliance
  • Updated terms-and-conditions.astro - 17 sections
  • Version tracking & last updated dates

Phase 6: Umami Analytics

  • Created website in Umami: moreminimore.com
  • Website ID: b2e87a6c-0b64-43c8-bb09-e406ffca0af1
  • Conditional loading based on consent
  • Integrated in Layout.astro

Phase 7: Docker Configuration

Multiple iterations to fix deployment:

  1. Initial: Used astro preview (dev server - wrong!)
  2. Attempt 2: Added --remote flag but missing data dir
  3. Attempt 3: Created data dir but still using preview server
  4. Attempt 4: Switched to node dist/server/entry.mjs but localhost only
  5. Attempt 5: Added adapter config but not picked up
  6. Final: Added HOST=0.0.0.0 and PORT=80 env vars

Final Dockerfile:

FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN mkdir -p ./data && ASTRO_DB_REMOTE_URL=file:./data/consent.db npx astro build --remote

FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install --production
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/db ./db
COPY --from=builder /app/data ./data

RUN apk add --no-cache sqlite-libs

EXPOSE 80

ENV NODE_ENV=production
ENV ASTRO_DB_REMOTE_URL=file:/app/data/consent.db
ENV ADMIN_PASSWORD=moreminimore2026!Secure
ENV HOST=0.0.0.0
ENV PORT=80

CMD ["node", "dist/server/entry.mjs"]

Phase 8: Testing

  • Local build tested successfully
  • Server tested locally (node dist/server/entry.mjs)
  • Website loads correctly
  • Cookie consent banner appears
  • All 22 pages built

🔧 Key Technical Decisions

Why Node Adapter?

  • Required for SSR (API routes, database access)
  • @astrojs/node generates production-ready server
  • Better than astro preview (development server only)

Why Astro DB?

  • Built-in SQLite support
  • Drizzle ORM integration
  • Automatic migrations
  • Easy production deployment with Turso (optional)

Why HOST=0.0.0.0?

  • Docker containers need to listen on all interfaces
  • localhost only accessible from inside container
  • 0.0.0.0 allows external access

Why Not AllowedHosts?

  • Vite allowedHosts is for development only
  • Production server doesn't use Vite config
  • Environment variables are the proper solution

📁 Files Created/Modified

New Files (23 total)

db/schema.ts
db/config.ts
src/components/consent/CookieBanner.astro
src/components/consent/ConsentModal.astro
src/pages/api/consent/POST.ts
src/pages/api/consent/GET.ts
src/pages/api/consent/[sessionId]/DELETE.ts
src/pages/admin/consent-logs.astro
.env.example
PDPA-COMPLIANCE-SUMMARY.md
AGENTS.md (this file)

Modified Files (12 total)

package.json (added dependencies)
package-lock.json
astro.config.mjs (DB + Node adapter config)
Dockerfile (production server config)
src/layouts/Layout.astro (consent + Umami integration)
src/pages/privacy-policy.astro (full PDPA compliance)
src/pages/terms-and-conditions.astro (PDPA compliance)
.gitignore (excluded .env, data/, dev.db)
README.md
DEPLOYMENT.md
CHECKLIST.md
CONTENT-GUIDE.md

🔐 Security Measures

  1. Password Protection: Admin dashboard requires authentication
  2. IP Hashing: Stored IP addresses are SHA256 hashed (first 16 chars)
  3. Environment Variables: Sensitive data in .env (not committed)
  4. ORM Parameterization: Drizzle ORM prevents SQL injection
  5. Astro Escaping: Default XSS protection

📊 Umami Configuration

  • URL: https://umami.moreminimore.com
  • Website: moreminimore.com
  • ID: b2e87a6c-0b64-43c8-bb09-e406ffca0af1
  • Loading: Conditional (only with analytics consent)

🚀 Deployment

Git Repository

Easypanel Configuration

  • Project: customerwebsite/moreminimore-website
  • Auto-deploy: Enabled
  • Port: 80
  • Build Command: Via Dockerfile

Environment Variables (Easypanel)

NODE_ENV=production
ASTRO_DB_REMOTE_URL=file:/app/data/consent.db
ADMIN_PASSWORD=moreminimore2026!Secure
HOST=0.0.0.0
PORT=80
UMAMI_WEBSITE_ID=b2e87a6c-0b64-43c8-bb09-e406ffca0af1
UMAMI_DOMAIN=umami.moreminimore.com

Success Criteria - ALL MET

  • Website builds successfully
  • Docker build succeeds
  • Server starts on 0.0.0.0:80
  • Website accessible via browser
  • Cookie consent appears on first visit
  • Consent logged to database
  • Umami loads only with consent
  • Admin page accessible with password
  • Privacy Policy PDPA-compliant
  • Terms & Conditions PDPA-compliant
  • Data deletion works (Right to be Forgotten)
  • Documentation complete

📝 Lessons Learned

  1. Always test locally first - Would have caught preview server issue earlier
  2. astro preview ≠ production - Use node dist/server/entry.mjs for production
  3. Docker networking - Containers need 0.0.0.0 not localhost
  4. Environment variables - More reliable than adapter config for server settings
  5. Build with --remote - Required for Astro DB in production

🔗 Resources

📞 Maintenance

Viewing Consent Logs

  • URL: /admin/consent-logs
  • Password: moreminimore2026!Secure (CHANGE THIS!)

Deleting User Data (PDPA Request)

  1. Find user's sessionId
  2. Use admin dashboard delete button
  3. Or call DELETE API endpoint

Updating Content

  1. Edit files in src/
  2. Commit and push to main
  3. Easypanel auto-deploys (~3 minutes)

Monitoring

  • Check Easypanel dashboard for uptime
  • View consent logs regularly
  • Monitor Umami Analytics for traffic

Project Status: COMPLETE & DEPLOYED
Next Steps: Monitor deployment, change admin password, verify domain access

Reference in New Issue View Git Blame Copy Permalink