api-server/src/modules/compliance/compliance.controller.ts

import { Controller, Get, Post, Patch, Param, Body, UseGuards } from '@nestjs/common';
import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
import { PrismaService } from '../../infrastructure/database/prisma.service';
import { AdminAuthGuard } from '../../common/guards/admin-auth.guard';
import { AdminRolesGuard } from '../../common/guards/admin-roles.guard';

@ApiTags('admin-compliance')
@ApiBearerAuth()
@Controller('admin-api/compliance')
@UseGuards(AdminAuthGuard, AdminRolesGuard)
export class ComplianceController {
  constructor(private readonly prisma: PrismaService) {}

  // ═══ Privacy Policy ═══

  @Get('privacy-policies')
  @ApiOperation({ summary: '隐私政策列表' })
  async listPrivacyPolicies() {
    return this.prisma.privacyPolicy.findMany({ orderBy: { createdAt: 'desc' } });
  }

  @Post('privacy-policies')
  @ApiOperation({ summary: '创建隐私政策版本' })
  async createPrivacyPolicy(@Body() dto: { version: string; title: string; content: string; effectiveAt: string }) {
    return this.prisma.privacyPolicy.create({ data: { ...dto, effectiveAt: new Date(dto.effectiveAt) } });
  }

  @Patch('privacy-policies/:id')
  @ApiOperation({ summary: '更新隐私政策' })
  async updatePrivacyPolicy(@Param('id') id: string, @Body() dto: Record<string, any>) {
    return this.prisma.privacyPolicy.update({ where: { id }, data: dto });
  }

  // ═══ User Agreement ═══

  @Get('user-agreements')
  @ApiOperation({ summary: '用户协议列表' })
  async listUserAgreements() {
    return this.prisma.userAgreement.findMany({ orderBy: { createdAt: 'desc' } });
  }

  @Post('user-agreements')
  @ApiOperation({ summary: '创建用户协议版本' })
  async createUserAgreement(@Body() dto: { version: string; title: string; content: string; effectiveAt: string }) {
    return this.prisma.userAgreement.create({ data: { ...dto, effectiveAt: new Date(dto.effectiveAt) } });
  }

  // ═══ Filing Records ═══

  @Get('filings')
  @ApiOperation({ summary: '备案台账列表' })
  async listFilings() {
    return this.prisma.filingRecord.findMany({ orderBy: { createdAt: 'desc' } });
  }

  @Post('filings')
  @ApiOperation({ summary: '创建备案记录' })
  async createFiling(@Body() dto: { type: string; title: string; notes?: string }) {
    return this.prisma.filingRecord.create({ data: dto });
  }

  // ═══ Data Deletion Requests ═══

  @Get('deletion-requests')
  @ApiOperation({ summary: '用户数据删除请求' })
  async listDeletionRequests() {
    return this.prisma.accountDeletionRequest.findMany({ orderBy: { createdAt: 'desc' }, take: 100 });
  }

  @Post('deletion-requests/:id/approve')
  @ApiOperation({ summary: '批准删除请求' })
  async approveDeletion(@Param('id') id: string) {
    return this.prisma.accountDeletionRequest.update({ where: { id }, data: { status: 'APPROVED', reviewedAt: new Date() } });
  }

  // ═══ Data Export Requests ═══

  @Get('export-requests')
  @ApiOperation({ summary: '用户数据导出请求' })
  async listExportRequests() {
    return this.prisma.dataExportRequest.findMany({ orderBy: { createdAt: 'desc' }, take: 100 });
  }

  // ═══ Security Events ═══

  @Get('security-events')
  @ApiOperation({ summary: '安全事件列表' })
  async listSecurityEvents() {
    return this.prisma.securityEvent.findMany({ orderBy: { createdAt: 'desc' }, take: 100 });
  }
}
feat: M4-09 — compliance & safety module (policies, agreements, filings, data requests) - Add PrivacyPolicy, UserAgreement, FilingRecord, DataExportRequest Prisma models - ComplianceController: privacy policies, user agreements, filings, deletion/export requests - AAPI: /admin-api/compliance/* (6 resource groups) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-05-24 18:19:32 +08:00			`import { Controller, Get, Post, Patch, Param, Body, UseGuards } from '@nestjs/common';`
			`import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';`
			`import { PrismaService } from '../../infrastructure/database/prisma.service';`
			`import { AdminAuthGuard } from '../../common/guards/admin-auth.guard';`
			`import { AdminRolesGuard } from '../../common/guards/admin-roles.guard';`

			`@ApiTags('admin-compliance')`
			`@ApiBearerAuth()`
			`@Controller('admin-api/compliance')`
			`@UseGuards(AdminAuthGuard, AdminRolesGuard)`
			`export class ComplianceController {`
			`constructor(private readonly prisma: PrismaService) {}`

			`// ═══ Privacy Policy ═══`

			`@Get('privacy-policies')`
			`@ApiOperation({ summary: '隐私政策列表' })`
			`async listPrivacyPolicies() {`
			`return this.prisma.privacyPolicy.findMany({ orderBy: { createdAt: 'desc' } });`
			`}`

			`@Post('privacy-policies')`
			`@ApiOperation({ summary: '创建隐私政策版本' })`
			`async createPrivacyPolicy(@Body() dto: { version: string; title: string; content: string; effectiveAt: string }) {`
			`return this.prisma.privacyPolicy.create({ data: { ...dto, effectiveAt: new Date(dto.effectiveAt) } });`
			`}`

			`@Patch('privacy-policies/:id')`
			`@ApiOperation({ summary: '更新隐私政策' })`
			`async updatePrivacyPolicy(@Param('id') id: string, @Body() dto: Record<string, any>) {`
			`return this.prisma.privacyPolicy.update({ where: { id }, data: dto });`
			`}`

			`// ═══ User Agreement ═══`

			`@Get('user-agreements')`
			`@ApiOperation({ summary: '用户协议列表' })`
			`async listUserAgreements() {`
			`return this.prisma.userAgreement.findMany({ orderBy: { createdAt: 'desc' } });`
			`}`

			`@Post('user-agreements')`
			`@ApiOperation({ summary: '创建用户协议版本' })`
			`async createUserAgreement(@Body() dto: { version: string; title: string; content: string; effectiveAt: string }) {`
			`return this.prisma.userAgreement.create({ data: { ...dto, effectiveAt: new Date(dto.effectiveAt) } });`
			`}`

			`// ═══ Filing Records ═══`

			`@Get('filings')`
			`@ApiOperation({ summary: '备案台账列表' })`
			`async listFilings() {`
			`return this.prisma.filingRecord.findMany({ orderBy: { createdAt: 'desc' } });`
			`}`

			`@Post('filings')`
			`@ApiOperation({ summary: '创建备案记录' })`
			`async createFiling(@Body() dto: { type: string; title: string; notes?: string }) {`
			`return this.prisma.filingRecord.create({ data: dto });`
			`}`

			`// ═══ Data Deletion Requests ═══`

			`@Get('deletion-requests')`
			`@ApiOperation({ summary: '用户数据删除请求' })`
			`async listDeletionRequests() {`
			`return this.prisma.accountDeletionRequest.findMany({ orderBy: { createdAt: 'desc' }, take: 100 });`
			`}`

			`@Post('deletion-requests/:id/approve')`
			`@ApiOperation({ summary: '批准删除请求' })`
			`async approveDeletion(@Param('id') id: string) {`
			`return this.prisma.accountDeletionRequest.update({ where: { id }, data: { status: 'APPROVED', reviewedAt: new Date() } });`
			`}`

			`// ═══ Data Export Requests ═══`

			`@Get('export-requests')`
			`@ApiOperation({ summary: '用户数据导出请求' })`
			`async listExportRequests() {`
			`return this.prisma.dataExportRequest.findMany({ orderBy: { createdAt: 'desc' }, take: 100 });`
			`}`

			`// ═══ Security Events ═══`

			`@Get('security-events')`
			`@ApiOperation({ summary: '安全事件列表' })`
			`async listSecurityEvents() {`
			`return this.prisma.securityEvent.findMany({ orderBy: { createdAt: 'desc' }, take: 100 });`
			`}`
			`}`