0b7e2d0a5b
- Created complete documentation in docs/ directory - Added PROJECT_OVERVIEW.md with feature highlights and getting started guide - Added ARCHITECTURE.md with system design and technical details - Added SECURITY.md with comprehensive security implementation guide - Added DEVELOPMENT.md with development workflows and best practices - Added DEPLOYMENT.md with production deployment instructions - Added API.md with complete REST API documentation - Added CONTRIBUTING.md with contribution guidelines - Added CHANGELOG.md with version history and migration notes - Reorganized all documentation files into docs/ directory for better organization - Updated README.md with proper documentation links and quick navigation - Enhanced project structure with professional documentation standards
1.2 KiB
1.2 KiB
Privacy, Data Export/Delete, and Admin Audit
This document outlines how to implement user privacy controls and admin auditing in EasyStream.
User Data Export
- Endpoint:
api/privacy.php?action=export(requires login) - Returns a JSON bundle of key user data (profile, uploads, subscriptions). The current implementation returns a stub template; extend to include all relevant fields.
User Data Delete (Account Deletion)
- Endpoint:
api/privacy.php?action=delete(requires login and CSRF token) - Performs a soft-delete or anonymization pass across user-owned content and PII. The current implementation is a stub returning 202; extend with real logic gated by configuration and admin review.
Admin Audit Logs
- Enable database logging in
f_core/config.logging.phpvialogging_database_logging. - The logger writes to
db_logswith request id, user id, IP, and optional context. - Use
f_modules/m_backend/log_viewer.phpto browse logs; it supports search and time filtering.
Security Considerations
- Require authentication and CSRF validation for destructive actions.
- Enforce rate limiting via
VSecurity::checkRateLimit. - Consider adding a review workflow for delete requests.