Documentation
¶
Overview ¶
Package gdpr provides GDPR data portability (Art. 20) and right-to-erasure (Art. 17) helpers used by the `nself gdpr` CLI commands.
All operations are executed against the nSelf Postgres instance identified by the DATABASE_URL environment variable. Requests are logged to np_gdpr_requests for mandatory audit-trail purposes; that table is append-only (RLS blocks DELETE).
Index ¶
- Constants
- func CheckDeadlines(ctx context.Context, db *sql.DB) (warnings []*GDPRRequest, breaches []*GDPRRequest, err error)
- func CreateRequest(ctx context.Context, db *sql.DB, rt RequestType, st SubjectType, ...) (string, error)
- func DeleteUserData(ctx context.Context, db *sql.DB, userID string) (processed int, errs []error)
- func RegistryTableStrategies(ctx context.Context, db *sql.DB, subjectType SubjectType) (map[string][]TableStrategy, error)
- func UpdateRequestStatus(ctx context.Context, db *sql.DB, requestID string, status RequestStatus, ...) error
- type DryRunResult
- type ExportFormat
- type ExportResult
- type GDPRProvider
- type GDPRRequest
- type RegistryEntry
- type RequestStatus
- type RequestType
- type SubjectType
- type TableStrategy
Constants ¶
const DeadlineDays = 30
DeadlineDays is the GDPR-mandated response window (Art. 17/20).
Variables ¶
This section is empty.
Functions ¶
func CheckDeadlines ¶
func CheckDeadlines(ctx context.Context, db *sql.DB) (warnings []*GDPRRequest, breaches []*GDPRRequest, err error)
CheckDeadlines scans np_gdpr_requests for pending requests approaching or past the 30-day GDPR deadline. Returns warning and breach lists.
func CreateRequest ¶
func CreateRequest(ctx context.Context, db *sql.DB, rt RequestType, st SubjectType, subjectID string, tenantID *string) (string, error)
CreateRequest inserts a new entry into np_gdpr_requests and returns the generated request ID. The caller is responsible for opening the connection.
func DeleteUserData ¶
DeleteUserData executes the cascading delete/anonymization across all plugin-registered tables. Each table is processed in its own transaction to limit blast radius from individual failures.
Returns the count of tables successfully processed and a slice of any per-table errors (non-fatal; logged to request notes).
func RegistryTableStrategies ¶
func RegistryTableStrategies(ctx context.Context, db *sql.DB, subjectType SubjectType) (map[string][]TableStrategy, error)
RegistryTableStrategies returns the per-plugin table strategies for a given subject type ("user" or "tenant") from np_gdpr_plugin_registry.
func UpdateRequestStatus ¶
func UpdateRequestStatus(ctx context.Context, db *sql.DB, requestID string, status RequestStatus, artifactURL *string, artifactExpires *time.Time, notes *string) error
UpdateRequestStatus transitions a request to a new status and optionally sets artifact metadata (for export completions).
Types ¶
type DryRunResult ¶
type DryRunResult struct {
Plugin string
Table string
UserCol string
Strategy string
RowCount int64
}
DryRunResult lists what would be deleted/anonymized without making changes.
func DryRunUserDelete ¶
DryRunUserDelete counts affected rows per table without deleting anything. Returns a list of results suitable for display before the user confirms.
type ExportFormat ¶
type ExportFormat string
ExportFormat is the output encoding for a GDPR export archive.
const ( FormatJSON ExportFormat = "json" FormatCSV ExportFormat = "csv" )
type ExportResult ¶
type ExportResult struct {
RequestID string
UserID string
Format ExportFormat
Data []byte
GeneratedAt time.Time
}
ExportResult carries the raw archive bytes and metadata.
func ExportUserData ¶
func ExportUserData(ctx context.Context, db *sql.DB, requestID, userID string, format ExportFormat, dryRun bool) (*ExportResult, error)
ExportUserData queries every plugin-registered table for rows matching userID, serialises them into a ZIP archive (one file per plugin/table), and returns the result. dryRun=true returns an empty archive and only enumerates what would be exported.
type GDPRProvider ¶
type GDPRProvider interface {
UserTables() []TableStrategy
AnonymizeUser(ctx context.Context, db *sql.DB, userID string) error
ExportUser(ctx context.Context, db *sql.DB, userID string) ([]byte, error)
}
GDPRProvider is the interface third-party plugins must implement to participate in the cascade export and delete flows.
type GDPRRequest ¶
type GDPRRequest struct {
ID string `json:"id"`
TenantID *string `json:"tenant_id,omitempty"`
RequestType RequestType `json:"request_type"`
SubjectType SubjectType `json:"subject_type"`
SubjectID string `json:"subject_id"`
RequestedAt time.Time `json:"requested_at"`
Deadline time.Time `json:"deadline"`
Status RequestStatus `json:"status"`
CompletedAt *time.Time `json:"completed_at,omitempty"`
ArtifactURL *string `json:"artifact_url,omitempty"`
ArtifactExpires *time.Time `json:"artifact_expires,omitempty"`
Notes *string `json:"notes,omitempty"`
}
GDPRRequest is a single row from np_gdpr_requests.
func GetRequest ¶
GetRequest returns the current state of a single GDPR request.
func ListRequests ¶
ListRequests returns all GDPR requests, optionally filtered by status. Pass an empty string to return all statuses.
type RegistryEntry ¶
type RegistryEntry struct {
ID string `json:"id"`
PluginName string `json:"plugin_name"`
UserTables json.RawMessage `json:"user_tables"`
TenantTables json.RawMessage `json:"tenant_tables"`
RegisteredAt time.Time `json:"registered_at"`
}
RegistryEntry is a plugin-registered table in np_gdpr_plugin_registry.
type RequestStatus ¶
type RequestStatus string
RequestStatus reflects the lifecycle state of a GDPR request.
const ( StatusPending RequestStatus = "pending" StatusProcessing RequestStatus = "processing" StatusComplete RequestStatus = "complete" StatusFailed RequestStatus = "failed" )
type RequestType ¶
type RequestType string
RequestType is the kind of GDPR operation being performed.
const ( RequestTypeExport RequestType = "export" RequestTypeDelete RequestType = "delete" RequestTypeRestrict RequestType = "restrict" )
type SubjectType ¶
type SubjectType string
SubjectType identifies whether the request targets a user or a whole tenant.
const ( SubjectTypeUser SubjectType = "user" SubjectTypeTenant SubjectType = "tenant" )
type TableStrategy ¶
type TableStrategy struct {
Table string `json:"table"`
UserCol string `json:"user_col"`
Strategy string `json:"strategy"` // "anonymize" or "delete"
}
TableStrategy describes what to do with a table row during erasure.
Source Files