fivo_cookie_consent 0.2.0

data/app/helpers/rails_cookies_gdpr/application_helper.rb

@@ -0,0 +1,156 @@
+# frozen_string_literal: true
+
+module RailsCookiesGdpr
+  # Main helper module for GDPR cookie consent functionality
+  module ApplicationHelper
+    # Renders the GDPR cookie consent banner with server-side cookie data
+    # @return [String] HTML markup for the cookie consent banner and modal
+    def gdpr_cookie_banner
+      render partial: 'rails_cookies_gdpr/banner'
+    end
+
+    # Detects server-side cookies that JavaScript cannot access (HttpOnly)
+    # @return [Hash] Hash of categorized server-side cookies
+    def detect_server_side_cookies
+      cookies_data = {
+        necessary: []
+      }
+
+      return cookies_data unless respond_to?(:request) && request
+
+      # Ensure Rails sets a real session cookie for this response.
+      # Accessing +session.id+ forces session creation if it does not exist yet.
+      session.id
+
+      # Determine the session cookie key configured for the app
+      session_key = Rails.application.config.session_options[:key] || '_session'
+      session_keys = [session_key, '_session'].uniq
+
+      session_keys.each do |key|
+        cookies_data[:necessary] << {
+          name: key,
+          duration: 'Session',
+          description: 'Speichert Sitzungsdaten für die Funktionalität der Website',
+          server_side: true
+        }
+      end
+
+      # Detect CSRF token cookie (only if present)
+      csrf_cookie_name = 'csrf_token'
+      if request.cookies[csrf_cookie_name]
+        cookies_data[:necessary] << {
+          name: csrf_cookie_name,
+          duration: 'Session',
+          description: 'Schutz vor Cross-Site Request Forgery (CSRF) Angriffen',
+          server_side: true
+        }
+      end
+
+      # Check for other common Rails cookies if they already exist
+      rails_cookies = [
+        { name: '_rails_session', description: 'Rails Sitzungsdaten' },
+        { name: 'authenticity_token', description: 'Rails Authentifizierungstoken' },
+        { name: '_session_id', description: 'Sitzungs-Identifikator' }
+      ]
+
+      rails_cookies.each do |cookie_info|
+        next unless request.cookies[cookie_info[:name]]
+
+        cookies_data[:necessary] << {
+          name: cookie_info[:name],
+          duration: 'Session',
+          description: cookie_info[:description],
+          server_side: true
+        }
+      end
+
+      cookies_data
+    end
+
+    # Returns a JSON string of detected server-side cookies that is safe to embed
+    # inside an HTML attribute. Rely on Rails’ automatic HTML escaping instead
+    # of marking the string as +html_safe+, otherwise the attribute would break
+    # because the quotes inside the JSON would not be escaped, resulting in
+    # invalid markup and a subsequent JSON.parse() error in the browser.
+    #
+    # @return [String] Escaped JSON string
+    def server_cookies_json
+      detect_server_side_cookies.to_json
+    end
+
+    def gdpr_consent_mode_defaults(functionality: true, security: true)
+      analytics_default = functionality ? 'granted' : 'denied'
+      functionality_default = functionality ? 'granted' : 'denied'
+      security_default = security ? 'granted' : 'denied'
+
+      script = <<~JS
+        window.dataLayer = window.dataLayer || [];
+        function gtag(){ dataLayer.push(arguments); }
+        gtag('consent', 'default', {
+          ad_storage: 'denied',
+          analytics_storage: '#{analytics_default}',
+          functionality_storage: '#{functionality_default}',
+          security_storage: '#{security_default}',
+          personalization_storage: 'denied'
+        });
+        document.addEventListener('gdpr:accept', function(event) {
+          var detail = event && event.detail || {};
+          var categories = detail.categories || [];
+          var analyticsGranted = categories.indexOf('analytics') !== -1;
+          var marketingGranted = categories.indexOf('marketing') !== -1;
+          var functionalGranted = categories.indexOf('functional') !== -1;
+          gtag('consent', 'update', {
+            ad_storage: marketingGranted ? 'granted' : 'denied',
+            analytics_storage: analyticsGranted ? 'granted' : 'denied',
+            functionality_storage: functionalGranted ? 'granted' : 'denied'
+          });
+        });
+        document.addEventListener('gdpr:decline', function() {
+          gtag('consent', 'update', {
+            ad_storage: 'denied',
+            analytics_storage: 'denied',
+            functionality_storage: 'denied'
+          });
+        });
+      JS
+
+      content_tag(:script, script.html_safe)
+    end
+
+    def gdpr_lazy_load_tag(name, **options)
+      name_sym = name.to_sym
+      config = RailsCookiesGdpr.configuration
+      registered = config.respond_to?(:registered_scripts) ? RailsCookiesGdpr.registered_scripts[name_sym] : {}
+      merged = (registered || {}).merge(options)
+
+      category = (merged[:category] || :analytics).to_s
+      attrs = { type: 'text/plain', 'data-gdpr-category': category }
+
+      case name_sym
+      when :gtm
+        gtm_id = merged[:id] || merged[:gtm_id]
+        return '' unless gtm_id
+        attrs['data-gdpr-src'] = "https://www.googletagmanager.com/gtm.js?id=#{gtm_id}"
+        attrs['data-gdpr-async'] = 'true'
+      when :ga4, :gtag
+        measurement_id = merged[:id] || merged[:measurement_id]
+        return '' unless measurement_id
+        attrs['data-gdpr-src'] = "https://www.googletagmanager.com/gtag/js?id=#{measurement_id}"
+        attrs['data-gdpr-async'] = 'true'
+      else
+        src = merged[:src]
+        attrs['data-gdpr-src'] = src if src
+        attrs['data-gdpr-async'] = 'true' if merged[:async]
+        attrs['data-gdpr-defer'] = 'true' if merged[:defer]
+      end
+
+      inline_code = merged[:inline_code]
+
+      if inline_code
+        content_tag(:script, inline_code.html_safe, attrs)
+      else
+        content_tag(:script, '', attrs)
+      end
+    end
+  end
+end

data/app/views/rails_cookies_gdpr/_banner.html.erb

@@ -0,0 +1,27 @@
+<div id="gdpr-cookie-banner" class="gdpr-banner" style="display: none;" data-server-cookies="<%= server_cookies_json %>">
+  <div class="gdpr-banner__container">
+    <div class="gdpr-banner__content">
+      <div class="gdpr-banner__text">
+        <h3 class="gdpr-banner__title">Cookie-Einstellungen</h3>
+        <p class="gdpr-banner__description">
+          Wir verwenden Cookies, um Ihnen die bestmögliche Nutzung unserer Website zu ermöglichen. 
+          Einige Cookies sind für das Funktionieren der Website erforderlich, während andere uns helfen, 
+          die Website zu verbessern und Ihnen personalisierte Inhalte anzuzeigen.
+        </p>
+      </div>
+      <div class="gdpr-banner__actions">
+        <button type="button" class="gdpr-banner__btn gdpr-banner__btn--secondary" data-action="decline">
+          Alles ablehnen
+        </button>
+        <button type="button" class="gdpr-banner__btn gdpr-banner__btn--link" data-action="settings">
+          Einstellungen ändern
+        </button>
+        <button type="button" class="gdpr-banner__btn gdpr-banner__btn--primary" data-action="accept">
+          Alle akzeptieren
+        </button>
+      </div>
+    </div>
+  </div>
+</div>
+
+<%= render partial: "rails_cookies_gdpr/modal" %>

data/app/views/rails_cookies_gdpr/_modal.html.erb

@@ -0,0 +1,123 @@
+<div id="gdpr-cookie-modal" class="gdpr-modal" style="display: none;" role="dialog" aria-labelledby="gdpr-modal-title" aria-modal="true">
+  <div class="gdpr-modal__backdrop" data-action="close-modal"></div>
+  <div class="gdpr-modal__container">
+    <div class="gdpr-modal__header">
+      <h2 id="gdpr-modal-title" class="gdpr-modal__title">Cookie-Einstellungen verwalten</h2>
+      <button type="button" class="gdpr-modal__close" data-action="close-modal" aria-label="Modal schließen">
+        <span aria-hidden="true">&times;</span>
+      </button>
+    </div>
+    
+    <div class="gdpr-modal__body">
+      <p class="gdpr-modal__description">
+        Wählen Sie aus, welche Cookies Sie zulassen möchten. Sie können diese Einstellungen jederzeit ändern.
+        Weitere Informationen finden Sie in unserer 
+        <a href="<%= RailsCookiesGdpr.configuration.privacy_url %>" target="_blank" rel="noopener">Datenschutzerklärung</a>.
+      </p>
+
+      <div class="gdpr-modal__categories">
+        <!-- Necessary cookies (always enabled) -->
+        <div class="gdpr-modal__category" data-category-section="necessary">
+          <div class="gdpr-modal__category-header" data-category="necessary">
+            <div class="gdpr-modal__category-title-wrapper">
+              <span class="gdpr-modal__chevron" aria-expanded="false" role="button" tabindex="0" aria-label="Cookie-Liste anzeigen">▶</span>
+              <h3 class="gdpr-modal__category-title">Notwendige Cookies</h3>
+            </div>
+            <div class="gdpr-modal__toggle gdpr-modal__toggle--disabled">
+              <input type="checkbox" id="gdpr-necessary" checked disabled>
+              <label for="gdpr-necessary" class="gdpr-modal__toggle-label">
+                <span class="gdpr-modal__toggle-slider"></span>
+              </label>
+            </div>
+          </div>
+          <p class="gdpr-modal__category-description">
+            Diese Cookies sind für das ordnungsgemäße Funktionieren der Website erforderlich und können nicht deaktiviert werden.
+          </p>
+          <div class="gdpr-modal__empty-state" style="display: none;">
+            <p class="gdpr-modal__empty-text">Keine Cookies gesetzt</p>
+          </div>
+          <div class="gdpr-modal__cookie-list" style="display: none;"></div>
+        </div>
+
+        <!-- Analytics cookies -->
+        <div class="gdpr-modal__category" data-category-section="analytics">
+          <div class="gdpr-modal__category-header" data-category="analytics">
+            <div class="gdpr-modal__category-title-wrapper">
+              <span class="gdpr-modal__chevron" aria-expanded="false" role="button" tabindex="0" aria-label="Cookie-Liste anzeigen">▶</span>
+              <h3 class="gdpr-modal__category-title"><%= RailsCookiesGdpr.configuration.analytics_label %></h3>
+            </div>
+            <div class="gdpr-modal__toggle">
+              <input type="checkbox" id="gdpr-analytics" data-category="analytics">
+              <label for="gdpr-analytics" class="gdpr-modal__toggle-label">
+                <span class="gdpr-modal__toggle-slider"></span>
+              </label>
+            </div>
+          </div>
+          <p class="gdpr-modal__category-description">
+            Diese Cookies helfen uns zu verstehen, wie Besucher mit unserer Website interagieren, 
+            indem sie Informationen anonym sammeln und melden.
+          </p>
+          <div class="gdpr-modal__empty-state" style="display: none;">
+            <p class="gdpr-modal__empty-text">Keine Cookies gesetzt</p>
+          </div>
+          <div class="gdpr-modal__cookie-list" style="display: none;"></div>
+        </div>
+
+        <!-- Marketing cookies -->
+        <div class="gdpr-modal__category" data-category-section="marketing">
+          <div class="gdpr-modal__category-header" data-category="marketing">
+            <div class="gdpr-modal__category-title-wrapper">
+              <span class="gdpr-modal__chevron" aria-expanded="false" role="button" tabindex="0" aria-label="Cookie-Liste anzeigen">▶</span>
+              <h3 class="gdpr-modal__category-title"><%= RailsCookiesGdpr.configuration.marketing_label %></h3>
+            </div>
+            <div class="gdpr-modal__toggle">
+              <input type="checkbox" id="gdpr-marketing" data-category="marketing">
+              <label for="gdpr-marketing" class="gdpr-modal__toggle-label">
+                <span class="gdpr-modal__toggle-slider"></span>
+              </label>
+            </div>
+          </div>
+          <p class="gdpr-modal__category-description">
+            Diese Cookies werden verwendet, um Ihnen relevante Werbung und Marketing-Kommunikation zu zeigen.
+          </p>
+          <div class="gdpr-modal__empty-state" style="display: none;">
+            <p class="gdpr-modal__empty-text">Keine Cookies gesetzt</p>
+          </div>
+          <div class="gdpr-modal__cookie-list" style="display: none;"></div>
+        </div>
+
+        <!-- Functional cookies -->
+        <div class="gdpr-modal__category" data-category-section="functional">
+          <div class="gdpr-modal__category-header" data-category="functional">
+            <div class="gdpr-modal__category-title-wrapper">
+              <span class="gdpr-modal__chevron" aria-expanded="false" role="button" tabindex="0" aria-label="Cookie-Liste anzeigen">▶</span>
+              <h3 class="gdpr-modal__category-title"><%= RailsCookiesGdpr.configuration.functional_label %></h3>
+            </div>
+            <div class="gdpr-modal__toggle">
+              <input type="checkbox" id="gdpr-functional" data-category="functional">
+              <label for="gdpr-functional" class="gdpr-modal__toggle-label">
+                <span class="gdpr-modal__toggle-slider"></span>
+              </label>
+            </div>
+          </div>
+          <p class="gdpr-modal__category-description">
+            Diese Cookies ermöglichen erweiterte Funktionalitäten und Personalisierung der Website.
+          </p>
+          <div class="gdpr-modal__empty-state" style="display: none;">
+            <p class="gdpr-modal__empty-text">Keine Cookies gesetzt</p>
+          </div>
+          <div class="gdpr-modal__cookie-list" style="display: none;"></div>
+        </div>
+      </div>
+    </div>
+
+    <div class="gdpr-modal__footer">
+      <button type="button" class="gdpr-modal__btn gdpr-modal__btn--secondary" data-action="decline-all">
+        Alles ablehnen
+      </button>
+      <button type="button" class="gdpr-modal__btn gdpr-modal__btn--primary" data-action="save-preferences">
+        Einstellungen speichern
+      </button>
+    </div>
+  </div>
+</div>

data/config/database.yml

@@ -0,0 +1,6 @@
+# SQLite. Versions 3.8.0 and up are supported.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
+  timeout: 5000

data/lib/fivo_cookie_consent/configuration.rb

@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+
+module FivoCookieConsent
+  # Configuration class for customizing cookie consent settings
+  class Configuration
+    attr_accessor :analytics_label, :marketing_label, :functional_label, :privacy_url, :cookie_lifespan,
+                  :cookie_patterns, :registered_scripts
+
+    def initialize
+      @analytics_label = 'Analyse-Cookies'
+      @marketing_label = 'Marketing-Cookies'
+      @functional_label = 'Präferenz-Cookies'
+      @privacy_url = '/datenschutz'
+      @cookie_lifespan = 365 # days
+      @cookie_patterns = default_cookie_patterns
+      @registered_scripts = default_registered_scripts
+    end
+
+    private
+
+    # Default cookie patterns for categorization
+    def default_cookie_patterns
+      {
+        necessary: [
+          /^_session_/,
+          /^session_/,
+          /^csrf_token/,
+          /^authenticity_token/,
+          /^_rails_/,
+          /^gdpr_cookie_consent$/
+        ],
+        analytics: [
+          /^_ga/,
+          /^_gid/,
+          /^_gat/,
+          /^_gtag/,
+          /^__utm/,
+          /^_dc_gtm_/,
+          /^_hjid/,
+          /^_hjFirstSeen/,
+          /^_hj/
+        ],
+        marketing: [
+          /^_fbp/,
+          /^_fbc/,
+          /^fr$/,
+          /^tr$/,
+          /^_pinterest_/,
+          /^_pin_unauth/,
+          /^__Secure-3PAPISID/,
+          /^__Secure-3PSID/,
+          /^NID$/,
+          /^IDE$/
+        ],
+        functional: [
+          /^_locale/,
+          /^language/,
+          /^theme/,
+          /^preferences/,
+          /^_user_settings/,
+          /^_ui_/
+        ]
+      }
+    end
+
+    def default_registered_scripts
+      FivoCookieConsent.default_registered_scripts
+    end
+  end
+
+  class << self
+    attr_writer :configuration
+
+    # Get current configuration instance
+    # @return [Configuration] The current configuration
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    # Configure the gem with a block
+    # @yield [Configuration] The configuration instance
+    # @example
+    #   FivoCookieConsent.configure do |config|
+    #     config.analytics_label = "Custom Analytics"
+    #   end
+    def configure
+      yield(configuration)
+    end
+
+    def register_script(name, options = {})
+      configuration.registered_scripts ||= {}
+      configuration.registered_scripts[name.to_sym] = options
+    end
+
+    def registered_scripts
+      configuration.registered_scripts || {}
+    end
+
+    def default_registered_scripts
+      {
+        gtm: { category: :analytics },
+        ga4: { category: :analytics },
+        gtag: { category: :analytics },
+        recaptcha: { category: :functional },
+        hotjar: { category: :analytics },
+        fb_pixel: { category: :marketing }
+      }
+    end
+  end
+end
+
+# Alias for backwards compatibility with the expected namespace
+module RailsCookiesGdpr
+  class << self
+    # Configure method for RailsCookiesGdpr namespace
+    # @yield [FivoCookieConsent::Configuration] The configuration instance
+    def configure(&block)
+      FivoCookieConsent.configure(&block)
+    end
+
+    # Get configuration from FivoCookieConsent
+    # @return [FivoCookieConsent::Configuration] The current configuration
+    def configuration
+      FivoCookieConsent.configuration
+    end
+
+    # Get cookie patterns for categorization
+    # @return [Hash] Cookie patterns hash with categories as keys
+    def cookie_patterns
+      configuration.cookie_patterns
+    end
+
+    def register_script(name, options = {})
+      FivoCookieConsent.register_script(name, options)
+    end
+
+    def registered_scripts
+      FivoCookieConsent.registered_scripts
+    end
+  end
+end

data/lib/fivo_cookie_consent/engine.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+# Fix for Rails 7.0 Logger compatibility issue
+require 'logger'
+
+# Ensure Logger is available before ActiveSupport tries to use it
+Logger.class unless defined?(Logger)
+begin
+  require 'rails/engine'
+rescue LoadError
+  # Rails not available
+  return
+end
+
+module FivoCookieConsent
+  class Engine < ::Rails::Engine
+    isolate_namespace RailsCookiesGdpr
+
+    # Configure paths for autoloading
+    config.autoload_paths += %W[
+      #{root}/app/controllers
+      #{root}/app/helpers
+      #{root}/app/models
+    ]
+
+    # Include helpers only after code is loaded (works with Rails 7.0+)
+    config.to_prepare do
+      ActionController::Base.helper RailsCookiesGdpr::ApplicationHelper if defined?(ActionController::Base)
+    end
+  end
+end

data/lib/fivo_cookie_consent/railtie.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+begin
+  require 'rails/railtie'
+rescue LoadError
+  return
+end
+
+module FivoCookieConsent
+  class Railtie < Rails::Railtie
+    # Load helpers into ActionController AFTER ActionController is ready
+    initializer 'fivo_cookie_consent.load_helpers' do
+      ActiveSupport.on_load :action_controller do
+        helper RailsCookiesGdpr::ApplicationHelper
+      end
+    end
+  end
+end

data/lib/fivo_cookie_consent/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module FivoCookieConsent
+  VERSION = '0.2.0'
+end

data/lib/fivo_cookie_consent.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'logger'
+
+require_relative 'fivo_cookie_consent/version'
+require_relative 'fivo_cookie_consent/configuration'
+
+# Only load Rails components when Rails is available
+if defined?(Rails)
+  require_relative 'fivo_cookie_consent/railtie'
+  require_relative 'fivo_cookie_consent/engine'
+end
+
+module FivoCookieConsent
+  class Error < StandardError; end
+end