opencode-skill/skills/website-creator/templates/consent/api/route.ts

import { NextRequest, NextResponse } from 'next/server'
import { getPayload } from 'payload'
import config from '@/payload.config'

/**
 * POST /api/consent - Record consent action
 * 
 * Request body:
 * {
 *   action: 'accept' | 'reject' | 'update',
 *   purpose: 'analytics' | 'marketing' | 'functional' | 'all',
 *   analytics: boolean,
 *   marketing: boolean,
 *   functional: boolean,
 *   previousConsent?: { analytics: boolean, marketing: boolean, functional: boolean }
 * }
 */
export async function POST(request: NextRequest) {
  try {
    const payloadConfig = await config
    const payload = await getPayload({ config: payloadConfig })

    const body = await request.json()
    const { action, purpose, analytics, marketing, functional, previousConsent } = body

    // Validate required fields
    if (!action || !['accept', 'reject', 'update'].includes(action)) {
      return NextResponse.json({ error: 'Invalid action' }, { status: 400 })
    }
    if (!purpose || !['analytics', 'marketing', 'functional', 'all'].includes(purpose)) {
      return NextResponse.json({ error: 'Invalid purpose' }, { status: 400 })
    }

    // Get IP and User Agent
    const ip = request.headers.get('x-forwarded-for')?.split(',')[0] 
               || request.headers.get('x-real-ip') 
               || 'unknown'
    const userAgent = request.headers.get('user-agent') || 'unknown'

    // Create consent log
    const consentLog = await payload.create({
      collection: 'consent-logs',
      data: {
        action,
        purpose,
        analytics: analytics ?? false,
        marketing: marketing ?? false,
        functional: functional ?? false,
        userAgent,
        ip,
        timestamp: new Date().toISOString(),
        previousConsent: previousConsent || null,
        newConsent: {
          analytics: analytics ?? false,
          marketing: marketing ?? false,
          functional: functional ?? false,
        },
      },
    })

    return NextResponse.json({ success: true, doc: consentLog })
  } catch (error) {
    console.error('Consent logging error:', error)
    return NextResponse.json({ error: 'Failed to log consent' }, { status: 500 })
  }
}

/**
 * GET /api/consent - Get current consent status (from cookie or localStorage)
 * This endpoint is mainly for verification, actual consent is stored client-side
 */
export async function GET(request: NextRequest) {
  // Consent is stored client-side in localStorage
  // This endpoint is for compliance verification
  return NextResponse.json({ 
    message: 'Consent is stored client-side',
    purposes: ['analytics', 'marketing', 'functional'],
    note: 'Use POST to update consent preferences'
  })
}