@codaijs/keel 0.1.0

package/sails/gdpr/files/backend/routes/gdpr.ts

@@ -0,0 +1,140 @@
+import { Router, type Request, type Response } from "express";
+import { eq, and } from "drizzle-orm";
+import { verifyPassword } from "better-auth/crypto";
+import { consentInputSchema, CONSENT_TYPES } from "@keel/shared";
+import { requireAuth } from "../middleware/auth.js";
+import { env } from "../env.js";
+import { db } from "../db/index.js";
+import { accounts } from "../db/schema/index.js";
+import {
+  exportUserData,
+  requestDeletion,
+  cancelDeletion,
+  processPendingDeletions,
+  recordConsent,
+  revokeConsent,
+  getUserConsents,
+  immediatelyDeleteUser,
+} from "../services/gdpr.js";
+
+const router = Router();
+
+// POST /process-deletions — internal endpoint for cron job
+router.post("/process-deletions", async (req: Request, res: Response) => {
+  const secret = req.headers["x-cron-secret"];
+  if (secret !== env.DELETION_CRON_SECRET) {
+    res.status(403).json({ error: "Forbidden" });
+    return;
+  }
+
+  const results = await processPendingDeletions();
+  res.json({ results });
+});
+
+// All routes below require authentication
+router.use(requireAuth);
+
+// GET /export — export all user data
+router.get("/export", async (req: Request, res: Response) => {
+  const data = await exportUserData(req.user!.id);
+  res.json(data);
+});
+
+// POST /deletion — request account deletion
+router.post("/deletion", async (req: Request, res: Response) => {
+  const { reason } = req.body as { reason?: string };
+  const request = await requestDeletion(req.user!.id, reason);
+  res.json({ deletionRequest: request });
+});
+
+// POST /deletion/cancel — cancel pending deletion
+router.post("/deletion/cancel", async (req: Request, res: Response) => {
+  const result = await cancelDeletion(req.user!.id);
+  if (!result) {
+    res.status(404).json({ error: "No pending deletion request found" });
+    return;
+  }
+  res.json({ deletionRequest: result });
+});
+
+// DELETE /account — immediately and permanently delete user account (no grace period)
+router.delete("/account", async (req: Request, res: Response) => {
+  const { password } = req.body as { password?: string };
+
+  if (!password) {
+    res.status(400).json({ error: "Password confirmation is required" });
+    return;
+  }
+
+  // Look up the credential account and verify the password hash directly
+  // (avoids creating a new session just to check the password)
+  const account = await db.query.accounts.findFirst({
+    where: and(
+      eq(accounts.userId, req.user!.id),
+      eq(accounts.providerId, "credential"),
+    ),
+  });
+
+  if (!account?.password) {
+    res.status(401).json({ error: "Invalid password" });
+    return;
+  }
+
+  const valid = await verifyPassword({
+    hash: account.password,
+    password,
+  });
+
+  if (!valid) {
+    res.status(401).json({ error: "Invalid password" });
+    return;
+  }
+
+  const result = await immediatelyDeleteUser(req.user!.id);
+  if (!result) {
+    res.status(404).json({ error: "User not found" });
+    return;
+  }
+
+  res.json({ message: "Account has been permanently deleted" });
+});
+
+// GET /consents — get all user consents
+router.get("/consents", async (req: Request, res: Response) => {
+  const consents = await getUserConsents(req.user!.id);
+  res.json({ consents });
+});
+
+// POST /consents — record a new consent
+router.post("/consents", async (req: Request, res: Response) => {
+  const parsed = consentInputSchema.safeParse(req.body);
+  if (!parsed.success) {
+    res.status(400).json({ error: parsed.error.flatten() });
+    return;
+  }
+
+  const ip = req.ip ?? undefined;
+  const userAgent = req.headers["user-agent"] ?? undefined;
+
+  const record = await recordConsent(req.user!.id, parsed.data, ip, userAgent);
+  res.status(201).json({ consent: record });
+});
+
+// DELETE /consents/:consentType — revoke a specific consent
+router.delete("/consents/:consentType", async (req: Request, res: Response) => {
+  const { consentType } = req.params;
+
+  if (!consentType || !(CONSENT_TYPES as readonly string[]).includes(consentType)) {
+    res.status(400).json({ error: `Invalid consentType. Allowed values: ${CONSENT_TYPES.join(", ")}` });
+    return;
+  }
+
+  const result = await revokeConsent(req.user!.id, consentType);
+  if (!result) {
+    res.status(404).json({ error: "No active consent found for this type" });
+    return;
+  }
+  res.json({ consent: result });
+});
+
+export default router;

package/sails/gdpr/files/backend/services/gdpr.ts

@@ -0,0 +1,293 @@
+import { eq, and, isNull, lte } from "drizzle-orm";
+import { db } from "../db/index.js";
+import { env } from "../env.js";
+import {
+  users,
+  sessions,
+  accounts,
+  consentRecords,
+  deletionRequests,
+} from "../db/schema/index.js";
+import {
+  sendDeletionRequestedEmail,
+  sendDeletionCompletedEmail,
+  sendDeletionCancelledEmail,
+  sendDataExportReadyEmail,
+  sendConsentUpdatedEmail,
+} from "../auth/email.js";
+
+export async function exportUserData(userId: string) {
+  const [user] = await db.select().from(users).where(eq(users.id, userId));
+  const userSessions = await db
+    .select()
+    .from(sessions)
+    .where(eq(sessions.userId, userId));
+  const userAccounts = await db
+    .select({
+      id: accounts.id,
+      accountId: accounts.accountId,
+      providerId: accounts.providerId,
+      scope: accounts.scope,
+      createdAt: accounts.createdAt,
+    })
+    .from(accounts)
+    .where(eq(accounts.userId, userId));
+  const userConsents = await db
+    .select()
+    .from(consentRecords)
+    .where(eq(consentRecords.userId, userId));
+
+  return {
+    profile: user
+      ? {
+          id: user.id,
+          name: user.name,
+          email: user.email,
+          emailVerified: user.emailVerified,
+          image: user.image,
+          createdAt: user.createdAt,
+          updatedAt: user.updatedAt,
+        }
+      : null,
+    sessions: userSessions.map((s) => ({
+      id: s.id,
+      ipAddress: s.ipAddress,
+      userAgent: s.userAgent,
+      createdAt: s.createdAt,
+      expiresAt: s.expiresAt,
+    })),
+    accounts: userAccounts,
+    consents: userConsents,
+    exportedAt: new Date().toISOString(),
+  };
+}
+
+export async function requestDeletion(userId: string, reason?: string) {
+  // Check for an existing pending deletion request
+  const [existing] = await db
+    .select()
+    .from(deletionRequests)
+    .where(
+      and(
+        eq(deletionRequests.userId, userId),
+        eq(deletionRequests.status, "pending"),
+      ),
+    );
+
+  if (existing) {
+    return existing;
+  }
+
+  const scheduledDeletionAt = new Date();
+  scheduledDeletionAt.setDate(scheduledDeletionAt.getDate() + 30);
+
+  const [request] = await db
+    .insert(deletionRequests)
+    .values({
+      userId,
+      reason: reason ?? null,
+      scheduledDeletionAt,
+    })
+    .returning();
+
+  // Send deletion requested email
+  const [user] = await db.select().from(users).where(eq(users.id, userId));
+  if (user) {
+    const formattedDate = scheduledDeletionAt.toLocaleDateString("en-US", {
+      year: "numeric",
+      month: "long",
+      day: "numeric",
+    });
+    const cancelUrl = `${env.FRONTEND_URL}/settings/cancel-deletion?requestId=${request.id}`;
+    await sendDeletionRequestedEmail(
+      user.email,
+      user.name,
+      formattedDate,
+      cancelUrl,
+    );
+  }
+
+  return request;
+}
+
+export async function cancelDeletion(userId: string) {
+  const [updated] = await db
+    .update(deletionRequests)
+    .set({
+      status: "cancelled",
+      cancelledAt: new Date(),
+    })
+    .where(
+      and(
+        eq(deletionRequests.userId, userId),
+        eq(deletionRequests.status, "pending"),
+      ),
+    )
+    .returning();
+
+  if (!updated) return null;
+
+  // Send deletion cancelled email
+  const [user] = await db.select().from(users).where(eq(users.id, userId));
+  if (user) {
+    await sendDeletionCancelledEmail(
+      user.email,
+      user.name,
+      `${env.FRONTEND_URL}/dashboard`,
+    );
+  }
+
+  return updated;
+}
+
+export async function processPendingDeletions() {
+  const now = new Date();
+
+  const expiredRequests = await db
+    .select()
+    .from(deletionRequests)
+    .where(
+      and(
+        eq(deletionRequests.status, "pending"),
+        lte(deletionRequests.scheduledDeletionAt, now),
+      ),
+    );
+
+  const results: Array<{ userId: string; success: boolean; error?: string }> =
+    [];
+
+  for (const request of expiredRequests) {
+    try {
+      // Fetch user info before deletion so we can send the email
+      const [user] = await db
+        .select()
+        .from(users)
+        .where(eq(users.id, request.userId));
+
+      // Delete user data (cascades handle related records)
+      await db.delete(users).where(eq(users.id, request.userId));
+
+      // Mark deletion as completed
+      await db
+        .update(deletionRequests)
+        .set({
+          status: "completed",
+          completedAt: new Date(),
+        })
+        .where(eq(deletionRequests.id, request.id));
+
+      // Send deletion completed email
+      if (user) {
+        await sendDeletionCompletedEmail(user.email, user.name);
+      }
+
+      results.push({ userId: request.userId, success: true });
+    } catch (error) {
+      const message =
+        error instanceof Error ? error.message : "Unknown error";
+      results.push({ userId: request.userId, success: false, error: message });
+    }
+  }
+
+  return results;
+}
+
+export async function sendExportReadyNotification(
+  userId: string,
+  downloadUrl: string,
+  expiresIn: string,
+) {
+  const [user] = await db.select().from(users).where(eq(users.id, userId));
+  if (user) {
+    await sendDataExportReadyEmail(user.email, user.name, downloadUrl, expiresIn);
+  }
+}
+
+export async function recordConsent(
+  userId: string,
+  input: { consentType: string; granted: boolean; version: string },
+  ip?: string,
+  userAgent?: string,
+) {
+  const [record] = await db
+    .insert(consentRecords)
+    .values({
+      userId,
+      consentType: input.consentType,
+      granted: input.granted,
+      version: input.version,
+      ipAddress: ip ?? null,
+      userAgent: userAgent ?? null,
+    })
+    .returning();
+
+  // Send consent updated email
+  const [user] = await db.select().from(users).where(eq(users.id, userId));
+  if (user) {
+    await sendConsentUpdatedEmail(user.email, user.name, [
+      {
+        type: input.consentType,
+        action: input.granted ? "granted" : "revoked",
+      },
+    ]);
+  }
+
+  return record;
+}
+
+export async function revokeConsent(userId: string, consentType: string) {
+  const [updated] = await db
+    .update(consentRecords)
+    .set({ revokedAt: new Date() })
+    .where(
+      and(
+        eq(consentRecords.userId, userId),
+        eq(consentRecords.consentType, consentType),
+        isNull(consentRecords.revokedAt),
+      ),
+    )
+    .returning();
+
+  if (!updated) return null;
+
+  // Send consent updated email
+  const [user] = await db.select().from(users).where(eq(users.id, userId));
+  if (user) {
+    await sendConsentUpdatedEmail(user.email, user.name, [
+      { type: consentType, action: "revoked" },
+    ]);
+  }
+
+  return updated;
+}
+
+export async function getUserConsents(userId: string) {
+  return db
+    .select()
+    .from(consentRecords)
+    .where(
+      and(
+        eq(consentRecords.userId, userId),
+        isNull(consentRecords.revokedAt),
+      ),
+    );
+}
+
+export async function immediatelyDeleteUser(userId: string) {
+  // Fetch user info before deletion
+  const [user] = await db.select().from(users).where(eq(users.id, userId));
+  if (!user) {
+    return null;
+  }
+
+  const email = user.email;
+  const name = user.name;
+
+  // Delete user data (cascades handle related records)
+  await db.delete(users).where(eq(users.id, userId));
+
+  // Send deletion completed email
+  await sendDeletionCompletedEmail(email, name);
+
+  return { userId, email };
+}

package/sails/gdpr/files/frontend/components/auth/ConsentCheckboxes.tsx

@@ -0,0 +1,97 @@
+import { Link } from "react-router";
+
+export interface ConsentState {
+  privacyPolicy: boolean;
+  termsOfService: boolean;
+  marketingEmails: boolean;
+  analytics: boolean;
+}
+
+interface ConsentCheckboxesProps {
+  value: ConsentState;
+  onChange: (value: ConsentState) => void;
+}
+
+export default function ConsentCheckboxes({
+  value,
+  onChange,
+}: ConsentCheckboxesProps) {
+  const update = (field: keyof ConsentState, checked: boolean) => {
+    onChange({ ...value, [field]: checked });
+  };
+
+  return (
+    <div className="space-y-3">
+      <p className="text-xs font-medium text-keel-gray-400 uppercase tracking-wide">
+        Consent
+      </p>
+
+      <label className="flex items-start gap-3 cursor-pointer">
+        <input
+          type="checkbox"
+          checked={value.privacyPolicy}
+          onChange={(e) => update("privacyPolicy", e.target.checked)}
+          className="mt-0.5 h-4 w-4 rounded border-keel-gray-800 bg-keel-gray-900 text-keel-blue focus:ring-keel-blue"
+        />
+        <span className="text-sm text-keel-gray-100">
+          I have read and accept the{" "}
+          <Link
+            to="/privacy-policy"
+            target="_blank"
+            className="font-medium text-keel-blue hover:text-keel-blue/80"
+          >
+            Privacy Policy
+          </Link>
+          <span className="text-red-400"> *</span>
+        </span>
+      </label>
+
+      <label className="flex items-start gap-3 cursor-pointer">
+        <input
+          type="checkbox"
+          checked={value.termsOfService}
+          onChange={(e) => update("termsOfService", e.target.checked)}
+          className="mt-0.5 h-4 w-4 rounded border-keel-gray-800 bg-keel-gray-900 text-keel-blue focus:ring-keel-blue"
+        />
+        <span className="text-sm text-keel-gray-100">
+          I agree to the{" "}
+          <a
+            href="#"
+            target="_blank"
+            rel="noopener noreferrer"
+            className="font-medium text-keel-blue hover:text-keel-blue/80"
+          >
+            Terms of Service
+          </a>
+          <span className="text-red-400"> *</span>
+        </span>
+      </label>
+
+      <label className="flex items-start gap-3 cursor-pointer">
+        <input
+          type="checkbox"
+          checked={value.marketingEmails}
+          onChange={(e) => update("marketingEmails", e.target.checked)}
+          className="mt-0.5 h-4 w-4 rounded border-keel-gray-800 bg-keel-gray-900 text-keel-blue focus:ring-keel-blue"
+        />
+        <span className="text-sm text-keel-gray-400">
+          I would like to receive product updates and marketing emails
+          <span className="ml-1 text-xs text-keel-gray-400/60">(optional)</span>
+        </span>
+      </label>
+
+      <label className="flex items-start gap-3 cursor-pointer">
+        <input
+          type="checkbox"
+          checked={value.analytics}
+          onChange={(e) => update("analytics", e.target.checked)}
+          className="mt-0.5 h-4 w-4 rounded border-keel-gray-800 bg-keel-gray-900 text-keel-blue focus:ring-keel-blue"
+        />
+        <span className="text-sm text-keel-gray-400">
+          I consent to anonymous usage analytics to help improve the service
+          <span className="ml-1 text-xs text-keel-gray-400/60">(optional)</span>
+        </span>
+      </label>
+    </div>
+  );
+}