api-server/src/modules/compliance/compliance.controller.ts

import { Controller, Get, Post, Patch, Param, Body, UseGuards } from '@nestjs/common';
import { ApiTags, ApiBearerAuth, ApiOperation } from '@nestjs/swagger';
import { PrismaService } from '../../infrastructure/database/prisma.service';
import { AdminAuthGuard } from '../../common/guards/admin-auth.guard';
import { AdminRolesGuard } from '../../common/guards/admin-roles.guard';

@ApiTags('admin-compliance')
@ApiBearerAuth()
@Controller('admin-api/compliance')
@UseGuards(AdminAuthGuard, AdminRolesGuard)
export class ComplianceController {
  constructor(private readonly prisma: PrismaService) {}

  // ═══ Privacy Policy ═══

  @Get('privacy-policies')
  @ApiOperation({ summary: '隐私政策列表' })
  async listPrivacyPolicies() {
    return this.prisma.privacyPolicy.findMany({ orderBy: { createdAt: 'desc' } });
  }

  @Post('privacy-policies')
  @ApiOperation({ summary: '创建隐私政策版本' })
  async createPrivacyPolicy(@Body() dto: { version: string; title: string; content: string; effectiveAt: string }) {
    return this.prisma.privacyPolicy.create({ data: { ...dto, effectiveAt: new Date(dto.effectiveAt) } });
  }

  @Patch('privacy-policies/:id')
  @ApiOperation({ summary: '更新隐私政策' })
  async updatePrivacyPolicy(@Param('id') id: string, @Body() dto: Record<string, any>) {
    return this.prisma.privacyPolicy.update({ where: { id }, data: dto });
  }

  // ═══ User Agreement ═══

  @Get('user-agreements')
  @ApiOperation({ summary: '用户协议列表' })
  async listUserAgreements() {
    return this.prisma.userAgreement.findMany({ orderBy: { createdAt: 'desc' } });
  }

  @Post('user-agreements')
  @ApiOperation({ summary: '创建用户协议版本' })
  async createUserAgreement(@Body() dto: { version: string; title: string; content: string; effectiveAt: string }) {
    return this.prisma.userAgreement.create({ data: { ...dto, effectiveAt: new Date(dto.effectiveAt) } });
  }

  @Patch('user-agreements/:id')
  @ApiOperation({ summary: '更新用户协议' })
  async updateUserAgreement(@Param('id') id: string, @Body() dto: Record<string, any>) {
    if (dto.effectiveAt) dto.effectiveAt = new Date(dto.effectiveAt);
    return this.prisma.userAgreement.update({ where: { id }, data: dto });
  }

  // ═══ Filing Records ═══

  @Get('filings')
  @ApiOperation({ summary: '备案台账列表' })
  async listFilings() {
    return this.prisma.filingRecord.findMany({ orderBy: { createdAt: 'desc' } });
  }

  @Post('filings')
  @ApiOperation({ summary: '创建备案记录' })
  async createFiling(@Body() dto: { type: string; title: string; notes?: string }) {
    return this.prisma.filingRecord.create({ data: dto });
  }

  // ═══ Data Deletion Requests ═══

  @Get('deletion-requests')
  @ApiOperation({ summary: '用户数据删除请求' })
  async listDeletionRequests() {
    return this.prisma.accountDeletionRequest.findMany({ orderBy: { createdAt: 'desc' }, take: 100 });
  }

  @Post('deletion-requests/:id/approve')
  @ApiOperation({ summary: '批准删除请求' })
  async approveDeletion(@Param('id') id: string) {
    return this.prisma.accountDeletionRequest.update({ where: { id }, data: { status: 'APPROVED', reviewedAt: new Date() } });
  }

  // ═══ Data Export Requests ═══

  @Get('export-requests')
  @ApiOperation({ summary: '用户数据导出请求' })
  async listExportRequests() {
    return this.prisma.dataExportRequest.findMany({ orderBy: { createdAt: 'desc' }, take: 100 });
  }

  // ═══ Security Events ═══

  @Get('security-events')
  @ApiOperation({ summary: '安全事件列表' })
  async listSecurityEvents() {
    return this.prisma.securityEvent.findMany({ orderBy: { createdAt: 'desc' }, take: 100 });
  }
}