Git Product home page Git Product logo

consent-as-a-service's Introduction

Consent As A Service

Monorepo for the Consent as a Service (CAAS) Platform

What is it?

Consent as a Service (CAAS) is a web service designed to manage consents for user data. Its purpose is to act as an intermediary between an online service and the end user. The objective of this platform is to improve trust levels when using online services. This stems from the idea that if the user can trust the platform (CAAS) then by extension, they’re able to trust the service on the other end. This is done by providing the service with APIs which can be used to construct consent requests which consists of data types for the forms of data to be gathered.

What's inside?

Consent As A Service (CAAS) is an Open Platform designed to manage and store consents for users

This turborepo uses pnpm as a package manager. It includes the following packages/apps:

Apps and Packages

  • server: a Nest.js app which provides the service implementation
  • docs: a Next.js app which hosts documentation
  • web: another Next.js app which provides the 'user' frontend to the platform-service
  • ui: a stub React component library shared by both web and docs applications
  • eslint-config-custom: eslint configurations (includes eslint-config-next and eslint-config-prettier)
  • tsconfig: tsconfig.jsons used throughout the monorepo
  • domain: Common Library hosting domain definitions, validators etc.
  • database-prisma: a Prisma.js library with the data-access implementation

Each package/app is 100% TypeScript.

External Utilities

  • auth0: Authentication

Build

To build all apps and packages, run the following command:

cd consent-as-a-service
pnpm run build

Develop

To Start a live development environment run:

cd consent-as-a-service
pnpm run dev

Additionally, packages may have their own setup requirements

Remote Caching

Turborepo can use a technique known as Remote Caching to share cache artifacts across machines, enabling you to share build caches with your team and CI/CD pipelines.

By default, Turborepo will cache locally. To enable Remote Caching you will need an account with Vercel. If you don't have an account you can create one, then enter the following commands:

cd consent-as-a-service
pnpm dlx turbo login

This will authenticate the Turborepo CLI with your Vercel account.

Next, you can link your Turborepo to your Remote Cache by running the following command from the root of your turborepo:

pnpm dlx turbo link

consent-as-a-service's People

Contributors

hsravat-4590 avatar

Watchers

avatar

consent-as-a-service's Issues

Endpoints for Voiding Consents and Consent Requests

This Epic aims to provide endpoints for voiding consents and consent requests along with returning the state of given consents and requests

Endpoints

Get State of Consent

/consent/state/v1/:consentId

Should return the TXN_STATUS for the given consentId. Should return:

{
   "consent" : <STATUS_OF_CONSENT>,
   "consent_request": <STATUS_OF_CONSENT_REQUEST>
}

Void Consent Request

VALID FOR REQUESTER ONLY

/consent/state/v1/void/request/:requestId

Should void a consent request type

Void Consent

VALID FOR CONSENT OWNER AND CONSENTER

/consent/state/v1/void/consent/:consentId

Should set the state of the given consent to VOIDED

Void Consent as Org

VALID FOR ANYONE WITH REQUESTER PERMISSION IN REQUESTER'S ORG

/consent/state/v1/void/consent/:orgId/:consentId

Should void the consent from the org-side

Create UI for NextJS Consent Requests

Populate the UI for filling out a ConsentRequest form and submitting to endpoint

  • UI takes schema and generates a UI form for that Consent
  • Submit button packages it into a response type and sends data to endpoint
  • Endpoint will send a CallbackUrl which the page should now redirect to

Endpoint for Submitting Consent Requests

Once the User has completed the request form, an endpoint is required to submit the data

  • Authenticated Endpoint which will take the response form and return the callbackUrl defined by the org for that consent
  • Save given data to a db for lookups
  • Validate Users
  • Update Txn and Consent tables in database

Landing Pages

Create Implementations for Landing Pages:

From Planning:

User Not Logged In:

Image

User Logged In (Dashboard)

Image

Endpoints for requesting stored ConsentData

Two Endpoints must be created

  1. Endpoint which can be used by Requester to get consent data. Must also run checks against Expiry etc before fulfilment
  2. Endpoint to be used by User to get consent data. Allow expired consents too but add flag. This endpoint should be added to UserConsentController

Role Based Access Control

Role Based Access Control (RBAC) also known as role-based security, is a mechanism that restricts system access. It involves setting permissions and privileges to enable access to authorized users.

This needs to be implemented in the server in order to restrict user movements around the API. The roles will be managed via Auth0 and they will store the data we require for implementing RBAC.

Roles

We can expect the following roles to apply:

Role Description
Admin Mostly for the API itself and any dashboards that may come in the future to manage the overall system
User The end-user. This role allows one to view/accept and fulfill consents
CreateConsents Users with this role can create ConsentRequests
RequestConsents Users with this role can use ConsentRequestModels to send ConsentRequests to users

Add Service Request to API to get consent request from URI

The URI will have a consentId onboard which must be sent to the API in order to retrieve the ConsentRequest and Schema

  • Add Endpoint on Server to request a ConsentRequestModel and ConsentDataSchema from a given ConsentId with statuses CREATED
  • Add User Authenticated Endpoint on Server to request ConsentRequestModel and ConsentDataSchema for a given UserId and ConsentId with status of WAITING
  • Add api code in NextJs to handle these endpoints
  • Documentation

Generate a Link for a given consent request

For any consent request made by an org user, The service should generate a unique token which in turn is used as part of the URL query to the frontend for creating the UI

Consent Record:

model Consent {
  id            Int                   @id@default(autoincrement())
  consentId     String                @default(uuid())
  userid        String?
  orgid         String                @db.VarChar(255)
  expiry        DateTime?              @db.DateTime(0)
  consentState  Consent_consentState
  consentRequestId String
}

As part of this request, we won't have userid or an expiry (This is only given by the user). The ConsentId will be to form the URI but only when it's still in it's CREATED or WAITING phase

  • Endpoint must validate inputs
  • Generate a basic consent (1st phase) which generates a partial Consent record
  • Use the record's consentId to form part of the url returned to the Requester
  • Documentation

Demo Site

Create a Simple Demo site using svelte to show consenting

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.