--- // Password-protected admin page for viewing consent logs // Uses API instead of Astro DB (better-sqlite3) to bypass remote SQLite limitation const ADMIN_PASSWORD = Astro.env.ADMIN_PASSWORD || 'changeme'; let logs = []; let isAuthenticated = false; let error = ''; if (Astro.request.method === 'POST') { const formData = await Astro.request.formData(); const password = formData.get('password'); if (password === ADMIN_PASSWORD) { isAuthenticated = true; try { const response = await fetch('/api/consent'); const data = await response.json(); logs = data.logs || []; } catch (err) { error = 'Failed to load consent logs. Make sure the API is running.'; console.error(err); } } else { error = 'Invalid password'; } } --- Consent Logs Admin | PDPA Compliance

🔐 Consent Logs Admin Dashboard

{!isAuthenticated ? (

Admin Login

{error &&
{error}
}

Default password: changeme (change in .env)

) : (
Refresh ← Back to Site
{error &&
{error}
}
{logs.length === 0 ? ( ) : ( logs.map((log) => ( )) )}
Date/Time Session ID Essential Analytics Marketing Policy Ver IP Hash Action
No consent logs found. Make sure the website has received consent.
{new Date(log.timestamp).toLocaleString('th-TH')} {log.sessionId} {log.essential ? 'Yes' : 'No'} {log.analytics ? ( ) : ( )} {log.marketing ? ( ) : ( )} {log.policyVersion} {log.ipHash}

⚠️ Important Notes (PDPA Compliance):

  • Consent records must be retained for 10 years
  • Only delete records when user exercises "right to be forgotten"
  • IP addresses are hashed (SHA-256, first 16 chars) for privacy
  • Rate limiting: 10 requests/minute per IP
)}