generated from fpindej/web-api-template
-
-
Notifications
You must be signed in to change notification settings - Fork 2
Open
Labels
backendBackend (.NET)Backend (.NET)enhancementNew feature or requestNew feature or requestfrontendFrontend (SvelteKit)Frontend (SvelteKit)
Description
Summary
Add GDPR-compliant consent gate at registration and a visible data processing notice page.
Since the demo app lets anyone register and switch to admin role (exposing other users' data), we need to:
- Require explicit consent to data processing at registration time
- Provide a visible data processing notice page explaining what data is collected, why, and users' rights
- Add a "Your Data" info card on the settings page
Tasks
Backend
- Add
ConsentGivenrequired boolean property toRegisterRequest - Add FluentValidation rule requiring
ConsentGiven == true - Update existing registration tests to include
ConsentGiven - Add test for
ConsentGiven = falserejection
Frontend — Privacy Page
- Create
/privacyroute (accessible regardless of auth state) - Content sections: What We Collect, Purpose, Storage & Sharing, Your Rights, Contact
- Links to Profile (view/edit data), Settings (delete account), and contact email
- Language selector + theme toggle, back-to-login link
Frontend — Registration Form
- Add consent checkbox between Turnstile widget and submit button
- Link to
/privacypage (opens in new tab) - Wire
consentGivento API request body - Disable submit when consent not given
- Reset consent on form reset (don't persist in draft)
- Display backend validation errors for
consentGiven
Frontend — Settings Page
- Add "Your Data" info card between Activity Log and Danger Zone
- Shield icon, description of stored data, link to privacy notice
i18n
- Add all privacy/consent keys to
en.jsonandcs.json
Verification
- Backend build + tests pass
- Frontend format + lint + check pass
- Regenerate API types (
pnpm run api:generate)
Context
The registration audit event timestamp already serves as the consent record — no additional database changes needed. The consent is a gate-check at the API boundary only.
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
backendBackend (.NET)Backend (.NET)enhancementNew feature or requestNew feature or requestfrontendFrontend (SvelteKit)Frontend (SvelteKit)