- Check for consent before allowing users to perform activities in the administrative app.

2025-10-14 16:20:30 +02:00
parent 37819cd7e5
commit 3ea3a06de6
11 changed files with 316 additions and 23 deletions
--- a/config/config.py
+++ b/config/config.py
@@ -364,6 +364,16 @@ class Config(object):
    # Whether to use dynamic fallback (X-Forwarded-Prefix/Referer) when EVEAI_APP_PREFIX is empty
    EVEAI_USE_DYNAMIC_PREFIX_FALLBACK = False

+    # Consent guard configuration (config-driven whitelist)
+    # List of endpoint names to exempt from the global consent guard
+    # Example: ['security_bp.login', 'security_bp.logout', 'user_bp.tenant_consent']
+    CONSENT_GUARD_EXEMPT_ENDPOINTS = []
+    # List of endpoint name prefixes; any endpoint starting with one of these is exempt
+    # Example: ['security_bp.', 'healthz_bp.']
+    CONSENT_GUARD_EXEMPT_PREFIXES = []
+    # TTL for consent status stored in session (seconds)
+    CONSENT_SESSION_TTL_SECONDS = int(environ.get('CONSENT_SESSION_TTL_SECONDS', '45'))
+

 class DevConfig(Config):
    DEVELOPMENT = True