modified: web/app.py

modified: web/blueprints/auth.py modified: web/blueprints/site_admin.py modified: web/config.py modified: web/panel_db.py modified: web/templates/admin/audit_log.html modified: web/templates/admin/dashboard.html new file: web/templates/auth/consent.html
2026-04-15 11:05:21 +02:00
parent 179a0e1042
commit bdf83bd275
8 changed files with 333 additions and 2 deletions
--- a/web/templates/auth/consent.html
+++ b/web/templates/auth/consent.html
@@ -0,0 +1,84 @@
+<!DOCTYPE html>
+<html lang="en" data-bs-theme="dark">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>MCLogger – Privacy Consent</title>
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css">
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
+    <style>
+        body { background: #0d1117; min-height: 100vh; display: flex; align-items: center; justify-content: center; }
+        .consent-card { width: 100%; max-width: 600px; }
+    </style>
+</head>
+<body>
+<div class="consent-card p-4">
+    <div class="text-center mb-4">
+        <i class="bi bi-shield-check fs-1 text-warning"></i>
+        <h3 class="fw-bold mt-2">Privacy Policy Consent</h3>
+        <p class="text-muted small">Version {{ policy_version }}</p>
+    </div>
+
+    {% with messages = get_flashed_messages(with_categories=true) %}
+    {% if messages %}
+        {% for cat, msg in messages %}
+        <div class="alert alert-{{ cat }}">{{ msg }}</div>
+        {% endfor %}
+    {% endif %}
+    {% endwith %}
+
+    <div class="card border-warning mb-4">
+        <div class="card-header bg-transparent border-warning text-warning fw-semibold">
+            <i class="bi bi-file-earmark-text me-2"></i>What data we process
+        </div>
+        <div class="card-body small text-secondary">
+            <p>To operate MCLogger we process the following personal data:</p>
+            <ul class="mb-2">
+                <li><strong>Account data</strong> — username, e-mail address, hashed password (no plain-text storage)</li>
+                <li><strong>Session &amp; security data</strong> — login timestamps, IP addresses (stored for up to 90 days in the audit log)</li>
+                <li><strong>Minecraft server data</strong> — player names, UUIDs, chat messages, commands &amp; block interactions logged by the Minecraft plugin</li>
+                <li><strong>Audit events</strong> — records of actions you perform in the panel (logins, member changes, configuration edits)</li>
+            </ul>
+            <p class="mb-0">
+                <strong>Legal basis:</strong> Art. 6 (1)(b) GDPR — performance of a contract / provision of the service.<br>
+                <strong>Retention:</strong> Audit log entries containing IP addresses are automatically deleted after 90 days.
+                Account data is retained for as long as your account exists.
+            </p>
+        </div>
+    </div>
+
+    <div class="card border-secondary mb-4">
+        <div class="card-body small text-secondary">
+            <p class="mb-1">
+                <strong>Your rights (GDPR Art. 15–21):</strong> You may request access to, rectification or deletion of your
+                personal data, as well as data portability, at any time by contacting
+                <a href="mailto:simon@devanturas.net" class="text-warning">simon@devanturas.net</a>.
+            </p>
+            <p class="mb-0">
+                Read the full <a href="{{ url_for('privacy_policy') }}" target="_blank" class="text-warning">Privacy Policy</a>.
+            </p>
+        </div>
+    </div>
+
+    <form method="post">
+        <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
+
+        <div class="d-flex gap-3">
+            <button type="submit" name="action" value="accept" class="btn btn-warning w-100 fw-semibold">
+                <i class="bi bi-check-circle-fill me-1"></i>I accept the Privacy Policy
+            </button>
+            <button type="submit" name="action" value="decline"
+                    class="btn btn-outline-secondary w-100"
+                    onclick="return confirm('Declining will log you out. Are you sure?')">
+                <i class="bi bi-x-circle me-1"></i>Decline &amp; Logout
+            </button>
+        </div>
+        <p class="text-muted text-center mt-3 small">
+            By accepting you confirm that you have read and understood the Privacy Policy
+            (version {{ policy_version }}).
+        </p>
+    </form>
+</div>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
+</body>
+</html>