1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
import { NextResponse } from "next/server"
import { createSupabaseServerClient } from "@/lib/supabase/server"
import { rateLimit } from "@/lib/rate-limit"
export async function GET() {
const supabaseClient = await createSupabaseServerClient()
const {
data: { user },
} = await supabaseClient.auth.getUser()
if (!user) {
return NextResponse.json({ error: "not authenticated" }, { status: 401 })
}
const rateLimitResult = await rateLimit(`gdpr-export:${user.id}`, 3, 86_400_000)
if (!rateLimitResult.success) {
return NextResponse.json({ error: "too many requests" }, { status: 429 })
}
const [
profileResult,
subscriptionsResult,
foldersResult,
mutedKeywordsResult,
customFeedsResult,
entryStatesResult,
highlightsResult,
sharedEntriesResult,
savedEntriesResult,
] = await Promise.all([
supabaseClient
.from("user_profiles")
.select("id, tier, created_at")
.eq("id", user.id)
.single(),
supabaseClient
.from("subscriptions")
.select("id, feed_id, folder_id, custom_title, created_at, feeds(title, url)")
.eq("user_id", user.id),
supabaseClient
.from("folders")
.select("id, name, position, created_at")
.eq("user_id", user.id),
supabaseClient
.from("muted_keywords")
.select("id, keyword, created_at")
.eq("user_id", user.id),
supabaseClient
.from("custom_feeds")
.select("id, name, query, position, created_at")
.eq("user_id", user.id),
supabaseClient
.from("user_entry_states")
.select("entry_id, read, saved, updated_at")
.eq("user_id", user.id),
supabaseClient
.from("user_highlights")
.select(
"id, entry_id, highlighted_text, note, color, text_offset, text_length, created_at, entries(title, url)"
)
.eq("user_id", user.id),
supabaseClient
.from("shared_entries")
.select("id, entry_id, share_token, created_at, entries(title, url)")
.eq("user_id", user.id),
supabaseClient
.from("user_entry_states")
.select(
"entries(id, title, url, author, summary, published_at, feeds(title, url))"
)
.eq("user_id", user.id)
.eq("saved", true),
])
const exportData = {
exportedAt: new Date().toISOString(),
account: {
emailAddress: user.email,
displayName: user.user_metadata?.display_name ?? null,
...profileResult.data,
},
subscriptions: subscriptionsResult.data ?? [],
folders: foldersResult.data ?? [],
mutedKeywords: mutedKeywordsResult.data ?? [],
customFeeds: customFeedsResult.data ?? [],
entryStates: entryStatesResult.data ?? [],
highlights: highlightsResult.data ?? [],
sharedEntries: sharedEntriesResult.data ?? [],
savedEntries:
(savedEntriesResult.data ?? []).map(
(row) => (row as Record<string, unknown>).entries
) ?? [],
}
const jsonString = JSON.stringify(exportData, null, 2)
return new Response(jsonString, {
headers: {
"Content-Type": "application/json",
"Content-Disposition": `attachment; filename="asa-news-gdpr-export-${new Date().toISOString().slice(0, 10)}.json"`,
},
})
}
|