alvis/oO
1
0
Fork 0
Code Issues 34 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(db): drop users.consentGiven/consentAt (ADR-0014 step 8)

Browse Source 
Backfills consent_given=1 rows into user_consents as data:core before
dropping the legacy columns. auth.ts now writes user_consents on signup;
POST /consent writes user_consents; admin/user routes cleaned of the old
fields. Migration is idempotent — DROP COLUMN is wrapped in try/catch so
it no-ops on fresh DBs that never had the columns.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
alvis
2026-05-05 11:50:27 +00:00
parent afb0e9b0cb
commit ed1705cb5d
15 changed files with 76 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
services/api/src/routes/user.ts
View File

@@ -1,7 +1,7 @@
import { type Router as ExpressRouter, Router, Response } from 'express';
import { db } from '../db/index.js';
import { users, integrationTokens, tipFeedback, tipViews, sessions } from '../db/schema.js';
import { eq } from 'drizzle-orm';
import { users, integrationTokens, tipFeedback, tipViews, sessions, userConsents } from '../db/schema.js';
import { eq, and, isNull } from 'drizzle-orm';
import { requireAuth, AuthenticatedRequest } from '../middleware/session.js';
const router: ExpressRouter = Router();
@@ -20,16 +20,19 @@ router.get('/me', requireAuth, async (req: AuthenticatedRequest, res: Response)
image: user.image,
role: user.role,
createdAt: user.createdAt,
consentGiven: user.consentGiven,
});
});
/** POST /api/user/consent — record consent */
/** POST /api/user/consent — record data:core consent */
router.post('/consent', requireAuth, async (req: AuthenticatedRequest, res: Response) => {
const now = new Date().toISOString();
await db
.update(users)
.set({ consentGiven: true, consentAt: new Date().toISOString() })
.where(eq(users.id, req.userId!));
.insert(userConsents)
.values({ userId: req.userId!, consentKey: 'data:core', grantedAt: now })
.onConflictDoUpdate({
target: [userConsents.userId, userConsents.consentKey],
set: { grantedAt: now, revokedAt: null },
});
res.json({ ok: true });
});