chahine/rebreak-monorepo
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
rebreak-monorepo/apps/rebreak-native/components/mail/MailConsentReminderSheet.tsx
chahinebrini 0ab635c74a feat: art-9 consent flow + outlook-oauth schema + cooldown patterns + mail draft persist 
DSGVO Art. 9 — Compliance-Gap im Mail-Connect-Flow geschlossen (Hans-Müller-DSB
hat den Gap für Gmail/iCloud/GMX identifiziert, schon vor Outlook-OAuth-Pflicht):

- Schema: mail_connections.consent_at + consent_version + consent_ip_address;
  neue consent_logs-Tabelle für Audit (grant + revoke append-only)
- Endpoints:
  - POST /api/mail-connections/consent (Bulk-Array für Re-Consent, partial-fail
    wirft sofort = DSGVO-sicher gegen silent-skip fremder IDs)
  - POST /api/mail-connections/:id mit consent-gate (412 wenn consentVersion fehlt)
  - DELETE /api/mail-connections/:id mit Widerruf-Log (OAuth-Token-Revoke als
    TODO für mo Phase 2)
  - GET /api/mail-connections/pending-consent — listet Bestands-Connections
    mit consent_at=NULL für Re-Consent-Modal
- Account-Lösch-Bug fix: deleteAllMailConnections() war in user/delete nicht
  eingebunden — Verbindungen blieben als Waisen
- Frontend:
  - ConnectMailSheet: neuer Consent-Step VOR Provider-Grid (view-Machine
    consent → grid → form), exakter Hans-Müller-Wortlaut für Art. 9 Abs. 2
    lit. a Einwilligung
  - MailConsentReminderSheet: Re-Consent-Modal beim App-Open für Bestands-User
  - Stores mailConsent + mailConnectDraft (letzterer fixt Bug: Email/Provider
    ging verloren wenn User Browser für App-Pw-Generierung öffnete)
  - 12 neue i18n-Keys mail.consent.* in DE + EN
- Versionierter Consent-Text: art9-mail-v1-2026-05-13 (Bump bei Text-Änderung
  triggert Re-Consent für alle)

Outlook-OAuth Schema (Phase 0 — additiv, Endpoints kommen später):

- mail_connections: auth_method (default 'app_password' → keine Bestands-
  Connection bricht), oauth_access_token, oauth_refresh_token,
  oauth_token_expiry, oauth_scope
- Encryption via bestehendes server/utils/crypto.ts (AES-256-GCM, Key aus
  Infisical)
- Plan-Doc backend/docs/mail-outlook-oauth-plan.md (mo)
- DSB-Review backend/docs/mail-outlook-oauth-dsgvo-review.md (Hans-Müller):
  MS als Sub-AV via DPA Sep 2025, EU Data Boundary seit Feb 2025; 5 Pflicht-
  Aufgaben + Anwalts-Klärung zu DPA-Anspruch ohne MS-Lizenz

Profile — Cooldown-Pattern-Analysis als Collapsible:

- CooldownPatternAnalysis: 24h-Uhrzeit-Heatmap, Mo–So-Wochentag-Histogramm,
  Top-5-Reason-Wortcloud mit Stop-Words-Filter, Cancel-Rate-Anzeige
- DiGA-relevant: NLP läuft client-side, reason-Texte verlassen das Device
  nicht (gut für DSB-Akte)
- useProfileData: useCooldownHistoryFull (limit=100) für Pattern-Analyse
- Neutral formuliert, kein Stigma, alle Headings als Frage

Plan-Docs (kein Code):

- backend/docs/mail-custom-keywords-plan.md — Pro/Legend Custom-Keyword-Filter
  (3.25 PT MVP, user-scoped, Body-Match in Phase 2)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 16:35:18 +02:00

238 lines
6.7 KiB
TypeScript
Raw Blame History

import { useEffect, useRef, useState } from 'react';
import { ActivityIndicator, Switch, Text, TouchableOpacity, View } from 'react-native';
import { TrueSheet, type SheetDetent } from '@lodev09/react-native-true-sheet';
import { Ionicons } from '@expo/vector-icons';
import { useTranslation } from 'react-i18next';
import { useRouter } from 'expo-router';
import { apiFetch } from '../../lib/api';
import { useColors } from '../../lib/theme';
const CONSENT_VERSION = 'art9-mail-v1-2026-05-13';
type PendingConnection = {
id: string;
email: string;
};
type Props = {
connections: PendingConnection[];
onDismiss: () => void;
onConsented: () => void;
};
export function MailConsentReminderSheet({ connections, onDismiss, onConsented }: Props) {
const { t } = useTranslation();
const colors = useColors();
const router = useRouter();
const sheetRef = useRef<TrueSheet>(null);
const [consentGiven, setConsentGiven] = useState(false);
const [submitting, setSubmitting] = useState(false);
const [error, setError] = useState<string | null>(null);
useEffect(() => {
if (connections.length > 0) {
sheetRef.current?.present();
}
}, [connections.length]);
async function handleConsent() {
if (!consentGiven || submitting) return;
setSubmitting(true);
setError(null);
try {
await apiFetch('/api/mail-connections/consent', {
method: 'POST',
body: {
mailConnectionId: connections.map((c) => c.id),
consentVersion: CONSENT_VERSION,
},
});
sheetRef.current?.dismiss();
onConsented();
} catch {
setError(t('mail.consent.reminder_consent_error'));
} finally {
setSubmitting(false);
}
}
function handleLater() {
sheetRef.current?.dismiss();
onDismiss();
}
function handleDisconnect() {
sheetRef.current?.dismiss();
onDismiss();
router.push('/(app)/mail');
}
const count = connections.length;
const bodyText =
count === 1
? t('mail.consent.reminder_body_one')
: t('mail.consent.reminder_body_other', { count });
return (
<TrueSheet
ref={sheetRef}
detents={['auto', 1] satisfies SheetDetent[]}
cornerRadius={20}
grabber
onDidDismiss={onDismiss}
>
<View style={{ paddingHorizontal: 20, paddingTop: 8, paddingBottom: 40, gap: 16 }}>
<View
style={{
width: 44,
height: 44,
borderRadius: 12,
backgroundColor: 'rgba(245,158,11,0.12)',
alignItems: 'center',
justifyContent: 'center',
}}
>
<Ionicons name="lock-closed-outline" size={22} color="#b45309" />
</View>
<View style={{ gap: 6 }}>
<Text
style={{
fontSize: 20,
fontFamily: 'Nunito_700Bold',
color: colors.text,
}}
>
{t('mail.consent.reminder_title')}
</Text>
<Text
style={{
fontSize: 14,
fontFamily: 'Nunito_400Regular',
color: colors.textMuted,
lineHeight: 20,
}}
>
{bodyText}
</Text>
</View>
<View
style={{
backgroundColor: '#fefce8',
borderRadius: 12,
borderWidth: 1,
borderColor: '#fde68a',
padding: 14,
gap: 12,
}}
>
<View style={{ flexDirection: 'row', alignItems: 'center', gap: 12 }}>
<Switch
value={consentGiven}
onValueChange={setConsentGiven}
trackColor={{ false: '#d1d5db', true: '#16a34a' }}
thumbColor="#fff"
/>
<TouchableOpacity
activeOpacity={0.7}
onPress={() => setConsentGiven((v) => !v)}
style={{ flex: 1 }}
>
<Text
style={{
fontSize: 13,
fontFamily: 'Nunito_400Regular',
color: '#78350f',
lineHeight: 18,
}}
>
{t('mail.consent.reminder_legal_short')}
</Text>
</TouchableOpacity>
</View>
</View>
{error ? (
<Text
style={{
fontSize: 13,
fontFamily: 'Nunito_400Regular',
color: colors.error,
}}
>
{error}
</Text>
) : null}
<TouchableOpacity
activeOpacity={consentGiven && !submitting ? 0.85 : 1}
onPress={handleConsent}
disabled={!consentGiven || submitting}
>
<View
style={{
backgroundColor: consentGiven && !submitting ? '#007AFF' : '#d4d4d4',
borderRadius: 14,
paddingVertical: 14,
alignItems: 'center',
}}
>
{submitting ? (
<ActivityIndicator color="#fff" />
) : (
<Text style={{ fontSize: 15, fontFamily: 'Nunito_700Bold', color: '#fff' }}>
{t('mail.consent.reminder_cta_consent')}
</Text>
)}
</View>
</TouchableOpacity>
<View style={{ flexDirection: 'row', justifyContent: 'space-between', gap: 12 }}>
<TouchableOpacity activeOpacity={0.7} onPress={handleLater} style={{ flex: 1 }}>
<View
style={{
borderRadius: 14,
paddingVertical: 12,
alignItems: 'center',
backgroundColor: colors.surfaceElevated,
}}
>
<Text
style={{
fontSize: 14,
fontFamily: 'Nunito_600SemiBold',
color: colors.textMuted,
}}
>
{t('mail.consent.reminder_cta_later')}
</Text>
</View>
</TouchableOpacity>
<TouchableOpacity activeOpacity={0.7} onPress={handleDisconnect} style={{ flex: 1 }}>
<View
style={{
borderRadius: 14,
paddingVertical: 12,
alignItems: 'center',
backgroundColor: 'rgba(220,38,38,0.08)',
}}
>
<Text
style={{
fontSize: 14,
fontFamily: 'Nunito_600SemiBold',
color: colors.error,
}}
>
{t('mail.consent.reminder_cta_disconnect')}
</Text>
</View>
</TouchableOpacity>
</View>
</View>
</TrueSheet>
);
}
Reference in New Issue View Git Blame Copy Permalink