Description
GDPR requires data subject export. Implement a request/processing/export pipeline that compiles user data into a portable archive with a signed download URL and short-lived access.
Requirements and context
- Must be secure, tested, and documented
- Should be efficient and easy to review
- Relevant code:
src/db/repositories/userRepository.ts, src/routes/users.ts
- Download URLs must expire and be one-time-use
Suggested execution
- Fork the repo and create a branch
git checkout -b feat/gdpr-export- Implement changes
- Add
data_export_requests table and worker
- Build archive with PII categorization
- Add signed-URL endpoint with one-time consumption
- Validate security and correctness assumptions
Test and commit
- Run tests
- Cover edge cases
- Reuse attempt, expiry race, partial archive failure
- Include test output and notes
Example commit message
feat: GDPR data subject export pipeline
Guidelines
- Minimum 95 percent test coverage
- Clear documentation
- Timeframe: 96 hours
Description
GDPR requires data subject export. Implement a request/processing/export pipeline that compiles user data into a portable archive with a signed download URL and short-lived access.
Requirements and context
src/db/repositories/userRepository.ts,src/routes/users.tsSuggested execution
git checkout -b feat/gdpr-exportdata_export_requeststable and workerTest and commit
npm testExample commit message
feat: GDPR data subject export pipelineGuidelines