Plug accepting consent-event POSTs.
The host application is expected to have Plug.Parsers configured for JSON
upstream of this plug. Mount via forward at whatever path makes sense for
your app — the plug doesn't care about its own URL:
forward "/api/cookie-consents", Keksdose.PlugHandlerAny POST that lands on the plug is treated as a consent event. Non-POST
methods get 405 Method Not Allowed.
Wire format
The plug accepts the camelCase JSON shape emitted by common browser-side consent libraries (vanilla-cookieconsent, etc.). Required fields:
consentId— UUIDv4 the browser generates once and persistscategories— non-empty list of accepted category strings
Optional fields:
changedCategories— list of categories that changed since the prior eventrevision— integer policy version the user acceptedlanguage— BCP-47-ish tag, e.g."en"
The server derives country_iso from the cf-ipcountry /
x-vercel-ip-country headers, masks the remote IP, and stamps
inserted_at server-side. Any client timestamp field is ignored.
Each successful POST inserts a new audit row. Repeat POSTs from the same
browser share the same consent_id but each event has its own server-
generated row id.