feat: gdpr

src/bin/server.rs

@@ -25,6 +25,7 @@ use zettle_db::{
             },
             html::{
                 account::{delete_account, set_api_key, show_account_page},
+                gdpr::{accept_gdpr, deny_gdpr},
                 index::index_handler,
                 ingress::{process_ingress_form, show_ingress_form},
                 search_result::search_result_handler,
@@ -96,7 +97,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     let session_config = SessionConfig::default()
         .with_table_name("test_session_table")
-        .with_secure(false);
+        .with_secure(true);
     let auth_config = AuthConfig::<String>::default();
 
     let session_store: SessionStore<SessionSurrealPool<Any>> = SessionStore::new(
@@ -150,6 +151,8 @@ fn html_routes(
 ) -> Router<AppState> {
     Router::new()
         .route("/", get(index_handler))
+        .route("/gdpr/accept", post(accept_gdpr))
+        .route("/gdpr/deny", post(deny_gdpr))
         .route("/search", get(search_result_handler))
         .route("/signout", get(sign_out_user))
         .route("/signin", get(show_signin_form).post(authenticate_user))

src/server/routes/html/gdpr.rs

@@ -0,0 +1,22 @@
+use axum::response::{Html, IntoResponse};
+use axum_session::Session;
+use axum_session_surreal::SessionSurrealPool;
+use surrealdb::engine::any::Any;
+
+use crate::error::HtmlError;
+
+pub async fn accept_gdpr(
+    session: Session<SessionSurrealPool<Any>>,
+) -> Result<impl IntoResponse, HtmlError> {
+    session.set("gdpr_accepted", true);
+
+    Ok(Html("").into_response())
+}
+
+pub async fn deny_gdpr(
+    session: Session<SessionSurrealPool<Any>>,
+) -> Result<impl IntoResponse, HtmlError> {
+    session.set("gdpr_accepted", true);
+
+    Ok(Html("").into_response())
+}

src/server/routes/html/index.rs

@@ -1,4 +1,5 @@
 use axum::{extract::State, response::IntoResponse};
+use axum_session::Session;
 use axum_session_auth::AuthSession;
 use axum_session_surreal::SessionSurrealPool;
 use surrealdb::{engine::any::Any, Surreal};
@@ -12,6 +13,7 @@ use crate::{
 };
 
 page_data!(IndexData, "index/index.html", {
+    gdpr_accepted: bool,
     queue_length: u32,
     user: Option<User>
 });
@@ -19,9 +21,12 @@ page_data!(IndexData, "index/index.html", {
 pub async fn index_handler(
     State(state): State<AppState>,
     auth: AuthSession<User, String, SessionSurrealPool<Any>, Surreal<Any>>,
+    session: Session<SessionSurrealPool<Any>>,
 ) -> Result<impl IntoResponse, HtmlError> {
     info!("Displaying index page");
 
+    let gdpr_accepted = auth.current_user.is_some() | session.get("gdpr_accepted").unwrap_or(false);
+
     let queue_length = state
         .rabbitmq_consumer
         .get_queue_length()
@@ -40,6 +45,7 @@ pub async fn index_handler(
         IndexData::template_name(),
         IndexData {
             queue_length,
+            gdpr_accepted,
             user: auth.current_user,
         },
         state.templates.clone(),

src/server/routes/html/mod.rs

@@ -4,6 +4,7 @@ use axum::response::Html;
 use minijinja_autoreload::AutoReloader;
 
 pub mod account;
+pub mod gdpr;
 pub mod index;
 pub mod ingress;
 pub mod search_result;

templates/body_base.html

@@ -27,4 +27,4 @@
     </main>
   </div>
 </body>
-{% endblock %}
+{% endblock %}

templates/gdpr.html

@@ -0,0 +1,13 @@
+<div id="gdpr-banner" class="fixed card mx-auto max-w-screen-sm  bg-neutral text-neutral-content bottom-0">
+  <div class="card-body items-center text-center">
+    <p class="text-sm"> We use cookies to enhance your experience. By continuing to visit this site, you agree to
+      our use cookies.
+      <a href="/privacy-policy" class="link link-primary">Learn more</a>
+    </p>
+    <div class="card-actions justify-end">
+      <button class="btn btn-ghost" hx-post="/gdpr/deny" hx-target="#gdpr-banner" hx-swap="outerHTML">Deny</button>
+      <button class="btn btn-primary" hx-post="/gdpr/accept" hx-target="#gdpr-banner"
+        hx-swap="outerHTML">Accept</button>
+    </div>
+  </div>
+</div>

templates/index/index.html

@@ -4,5 +4,8 @@
 {% include 'index/signed_in_view.html' %}
 {% else %}
 {% include 'index/hero.html' %}
+{% if not gdpr_accepted %}
+{% include "gdpr.html" %}
+{% endif %}
 {% endif %}
 {% endblock %}