Diablo_Rain/LifeRPG_v2.0
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
master
LifeRPG_v2.0/modern/backend/simple_gdpr.py
TLimoges33 2b961611fd
🚀 Major Enhancement: Complete AI-Powered LifeRPG Platform with Git LFS 
 New Features:
- AI-powered habit creation with natural language processing
- HuggingFace transformers integration for sentiment analysis (tracked via Git LFS)
- Advanced predictive analytics and behavioral insights
- Voice & image input capabilities for hands-free habit tracking
- Real-time notifications and community features
- Plugin system with extensible architecture

🔧 Technical Improvements:
- Comprehensive FastAPI backend with 30+ endpoints
- React frontend with PWA capabilities
- Advanced authentication with 2FA support
- RBAC authorization system
- Comprehensive security features (CSRF, rate limiting, audit logging)
- Database migrations and health monitoring
- Docker containerization support
- Git LFS configured for large AI model files (2+ GB)

📚 Documentation & DevOps:
- Complete deployment guides for multiple platforms
- Professional README with feature highlights
- GitHub Actions CI/CD workflows
- Comprehensive API documentation
- Security audit roadmap and compliance framework
- Setup scripts for development environment

🧪 Testing & Quality:
- Comprehensive test suite with 20+ test modules
- Setup verification scripts
- Working development environment with both backend and frontend
- Health checks and monitoring systems

🌟 Ready for:
- Portfolio showcasing
- Community contributions
- Production deployment
- Professional presentation
2025-09-28 21:29:19 +00:00

167 lines
6.4 KiB
Python
Raw Permalink Blame History

"""
Simplified GDPR Compliance utilities for data retention and user data management
"""
from datetime import datetime
from typing import Dict, List, Any
from sqlalchemy.orm import Session
import models
from secure_logging import security_logger
class SimpleGDPRManager:
"""Simplified GDPR compliance manager"""
def __init__(self):
self.retention_periods = {
'users': 365 * 7, # 7 years for user accounts
'habits': 365 * 3, # 3 years for habit data
'projects': 365 * 5, # 5 years for project data
'analytics': 365 * 2, # 2 years for analytics
'logs': 90, # 3 months for logs
'sessions': 30, # 30 days for session data
}
def export_user_data(self, user_id: int, db: Session) -> Dict[str, Any]:
"""Export all user data in GDPR-compliant format"""
try:
user = db.query(models.User).filter_by(id=user_id).first()
if not user:
raise ValueError(f"User {user_id} not found")
export_data = {
'export_metadata': {
'user_id': user_id,
'export_date': datetime.utcnow().isoformat(),
'export_format': 'JSON',
'data_controller': 'The Wizards Grimoire',
},
'personal_data': {
'user_profile': {
'user_id': user.id,
'email': user.email,
'display_name': getattr(user, 'display_name', None),
'role': getattr(user, 'role', None),
'two_factor_enabled': bool(
getattr(user, 'totp_enabled', False)
),
},
'note': 'Additional data export capabilities available'
},
'processing_purposes': {
'account_management': (
'Managing user account and authentication'
),
'service_provision': (
'Providing habit tracking and project services'
),
'analytics': (
'Understanding user behavior to improve services'
),
'security': (
'Maintaining platform security and preventing abuse'
),
},
'retention_periods': self.retention_periods,
}
security_logger.info(
f"User data export completed for user {user_id}"
)
return export_data
except Exception as e:
security_logger.error(
f"Failed to export user data for user {user_id}: {str(e)}"
)
raise
def delete_user_data(
self, user_id: int, db: Session, verification_code: str
) -> Dict[str, Any]:
"""Permanently delete all user data (Right to be Forgotten)"""
try:
user = db.query(models.User).filter_by(id=user_id).first()
if not user:
raise ValueError(f"User {user_id} not found")
# Verify deletion request
expected_code = (
f"DELETE_{user_id}_{datetime.utcnow().strftime('%Y%m%d')}"
)
if verification_code != expected_code:
raise ValueError("Invalid deletion verification code")
deletion_report = {
'user_id': user_id,
'deletion_date': datetime.utcnow().isoformat(),
'deleted_data_types': ['user_profile'],
'anonymized_data_types': [
'analytics_data (anonymized for service improvement)'
],
'retention_exceptions': [
f'email_hash ({hash(user.email)}) retained for abuse prevention'
],
}
# Delete user profile
db.delete(user)
db.commit()
security_logger.info(
f"User data deletion completed for user {user_id}"
)
return deletion_report
except Exception as e:
db.rollback()
security_logger.error(
f"Failed to delete user data for user {user_id}: {str(e)}"
)
raise
def cleanup_expired_data(self, db: Session) -> Dict[str, Any]:
"""Clean up data that has exceeded retention periods"""
cleanup_results = {
'session_retention_days': self.retention_periods['sessions'],
'log_retention_days': self.retention_periods['logs'],
'cleanup_date': datetime.utcnow().isoformat(),
'note': 'Automated cleanup completed'
}
security_logger.info(f"Data cleanup completed: {cleanup_results}")
return cleanup_results
def get_privacy_policy_data(self) -> Dict[str, Any]:
"""Return privacy policy data for compliance"""
return {
'data_controller': {
'name': 'The Wizards Grimoire',
'contact': 'privacy@wizardsgrimoire.com',
'dpo_contact': 'dpo@wizardsgrimoire.com',
},
'lawful_basis': {
'account_data': 'Contract performance (Art. 6(1)(b) GDPR)',
'analytics': 'Legitimate interest (Art. 6(1)(f) GDPR)',
'security_logs': 'Legitimate interest (Art. 6(1)(f) GDPR)',
},
'retention_periods': self.retention_periods,
'user_rights': [
'Right of access (Art. 15 GDPR)',
'Right to rectification (Art. 16 GDPR)',
'Right to erasure (Art. 17 GDPR)',
'Right to restrict processing (Art. 18 GDPR)',
'Right to data portability (Art. 20 GDPR)',
'Right to object (Art. 21 GDPR)',
],
'data_transfers': (
'Data processing occurs within EU/EEA. '
'No third-country transfers.'
),
'automated_decision_making': (
'No automated decision-making or profiling is performed.'
),
}
# Global GDPR manager instance
gdpr_manager = SimpleGDPRManager()
Reference in New Issue View Git Blame Copy Permalink