Implement comprehensive HIPAA and GDPR compliance framework for MixCore CMS (#790)

* Initial plan

* Phase 1: Implement foundational HIPAA/GDPR compliance entities and services

Co-authored-by: Smilefounder <3785721+Smilefounder@users.noreply.github.com>

* Phase 2: Implement DSR services, retention management, field encryption, and compliance APIs

Co-authored-by: Smilefounder <3785721+Smilefounder@users.noreply.github.com>

* Final Phase: Add break-glass access, DPIA workflow, and comprehensive implementation summary

Co-authored-by: Smilefounder <3785721+Smilefounder@users.noreply.github.com>

* Complete missing TODO items: Add BreakGlassService, DpiaService implementations and missing entity configurations

Co-authored-by: Smilefounder <3785721+Smilefounder@users.noreply.github.com>

* Add Decimal type and refactor database constants

- Introduced a new `Decimal` database constant with mappings for various databases.
- Updated `SqliteDatabaseConstants` to change `Date` type to `date`, `Guid` to `text`, and `Decimal` to `decimal(18,2)`.
- Refactored `AuditLogConfiguration` for table name changes and added compliance indexes.
- Enhanced `BreakGlassAccess` and `BreakGlassAudit` classes to utilize nullable properties.
- Initialized string properties in `ConsentEvent`, `DataFieldMetadata`, and `DataProtectionImpactAssessment` with `string.Empty`.
- Improved service classes to handle nullable properties and refined database operations.
- Updated interfaces to return nullable types where applicable.
- Added new properties and methods for better functionality and maintainability.
- Updated project references in `mix.library.csproj` to include new compliance entities.
- Refactored `EncryptedStringConverter` for basic encryption and decryption.
- Enhanced user data export handling in `DsrService` for better serialization.
- Added comments and documentation for clarity and maintainability.

* Remove template files and add GDPR migration support

Updated `mixcore.csproj` to exclude all files in the `wwwroot\mixcontent\templates\**` directory from compilation and resources. Added new migration files for MySQL, PostgreSQL, SQL Server, and SQLite to implement GDPR-related properties in the `AuditLog` entity, including `CorrelationId`, `PhiAccessFlag`, `SessionId`, `TenantId`, and `UserAgent`. Updated `MySqlAuditLogDbContextModelSnapshot.cs` to reflect these changes. Additionally, revised `Readme.md` to provide clearer instructions for adding migrations and updating the database.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Smilefounder <3785721+Smilefounder@users.noreply.github.com>
Co-authored-by: Nhật Hoàng <nhathoang989@gmail.com>

Author: 3 people

src/applications/mixcore/mixcore.csproj

@@ -18,6 +18,13 @@
 		<NoWarn>$(NoWarn);1591</NoWarn>
 	</PropertyGroup>
 
+	<ItemGroup>
+	  <Compile Remove="wwwroot\mixcontent\templates\**" />
+	  <Content Remove="wwwroot\mixcontent\templates\**" />
+	  <EmbeddedResource Remove="wwwroot\mixcontent\templates\**" />
+	  <None Remove="wwwroot\mixcontent\templates\**" />
+	</ItemGroup>
+
 	<ItemGroup>
 		<ProjectReference Include="..\..\modules\mix.common\mix.common.csproj" />
 		<ProjectReference Include="..\..\modules\mix.grpc\mix.grpc.csproj" />

src/platform/mix.database/Base/IDatabaseConstants.cs

@@ -11,6 +11,7 @@ public interface IDatabaseConstants
         public string Date { get; }
         public string Guid { get; }
         public string Integer { get; }
+        public string Decimal { get; }
         public string Long { get; }
         public string String { get; }
         public string NString { get; }

src/platform/mix.database/Base/_CassandraDatabaseConstants.cs

@@ -20,6 +20,8 @@ public class CassandraDatabaseConstants : IDatabaseConstants
 
         string IDatabaseConstants.Integer => "int";
 
+        string IDatabaseConstants.Decimal => "decimal";
+
         string IDatabaseConstants.Long => "BigInt";
 
         string IDatabaseConstants.String => "varchar";

src/platform/mix.database/Base/_MySqlDatabaseConstants.cs

@@ -21,6 +21,8 @@ public class MySqlDatabaseConstants : IDatabaseConstants
 
         string IDatabaseConstants.Integer => "int";
 
+        string IDatabaseConstants.Decimal => "decimal";
+
         string IDatabaseConstants.Long => "BigInt";
 
         string IDatabaseConstants.String => "varchar";

src/platform/mix.database/Base/_PostgresSqlDatabaseConstants.cs

@@ -20,6 +20,8 @@ public class PostgresDatabaseConstants : IDatabaseConstants
 
         string IDatabaseConstants.Integer => "int";
 
+        string IDatabaseConstants.Decimal => "decimal";
+
         string IDatabaseConstants.Long => "BigInt";
 
         string IDatabaseConstants.String => "varchar";

src/platform/mix.database/Base/_SqlServerDatabaseConstants.cs

@@ -20,6 +20,8 @@ public class SqlServerDatabaseConstants : IDatabaseConstants
 
         string IDatabaseConstants.Integer => "int";
 
+        string IDatabaseConstants.Decimal => "decimal";
+
         string IDatabaseConstants.Long => "BigInt";
 
         string IDatabaseConstants.String => "varchar";

src/platform/mix.database/Base/_SqliteDatabaseConstants.cs

@@ -14,27 +14,29 @@ public class SqliteDatabaseConstants : IDatabaseConstants
 
         string IDatabaseConstants.DateTime => "datetime";
 
-        string IDatabaseConstants.Date => "datetime";
+        string IDatabaseConstants.Date => "date";
 
-        string IDatabaseConstants.Guid => "uniqueidentifier";
+        string IDatabaseConstants.Guid => "text";
 
         string IDatabaseConstants.Integer => "integer";
 
-        string IDatabaseConstants.Long => "BigInt";
+        string IDatabaseConstants.Decimal => "decimal(18,2)";
+
+        string IDatabaseConstants.Long => "bigint";
 
         string IDatabaseConstants.String => "varchar";
 
         string IDatabaseConstants.NString => "varchar";
 
         string IDatabaseConstants.Text => "text";
 
-        string IDatabaseConstants.GenerateUUID => "newid()";
+        string IDatabaseConstants.GenerateUUID => "hex(randomblob(16))";
 
         string IDatabaseConstants.Time => "time";
 
-        string IDatabaseConstants.Now => "(DATETIME('now'))";
+        string IDatabaseConstants.Now => "datetime('now')";
 
-        string IDatabaseConstants.Boolean => "INTEGER";
+        string IDatabaseConstants.Boolean => "integer";
 
         string IDatabaseConstants.BacktickOpen => "[";
 

src/platform/mix.database/Entities/AuditLog/AuditLog.cs

@@ -1,4 +1,5 @@
 using Newtonsoft.Json.Linq;
+using System.ComponentModel.DataAnnotations;
 
 namespace Mix.Database.Entities.AuditLog
 {
@@ -14,5 +15,19 @@ public class AuditLog: EntityBase<Guid>
         public JObject Body { get; set; }
         public JObject Response { get; set; }
         public JObject Exception { get; set; }
+        
+        // HIPAA/GDPR Compliance Enhancement Fields
+        [MaxLength(100)]
+        public string CorrelationId { get; set; }
+        
+        public int? TenantId { get; set; }
+        
+        public bool PhiAccessFlag { get; set; }
+        
+        [MaxLength(500)]
+        public string UserAgent { get; set; }
+        
+        [MaxLength(100)]
+        public string SessionId { get; set; }
     }
 }

src/platform/mix.database/Entities/AuditLog/EntityConfigurations/AuditLogConfiguration.cs

@@ -1,14 +1,13 @@
-using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
-using Mix.Database.Entities.Account;
-using Mix.Database.EntityConfigurations;
-using Newtonsoft.Json.Linq;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Metadata.Builders;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
 using Mix.Database.EntityConfigurations.Base;
-using Microsoft.Extensions.DependencyModel.Resolution;
 using Mix.Database.Services.MixGlobalSettings;
+using Newtonsoft.Json.Linq;
+
 namespace Mix.Database.Entities.AuditLog.EntityConfigurations
 {
     internal class AuditLogConfiguration : EntityBaseConfiguration<AuditLog, Guid>
-
     {
         public AuditLogConfiguration(DatabaseService databaseService) : base(databaseService)
         {
@@ -17,7 +16,8 @@ public AuditLogConfiguration(DatabaseService databaseService) : base(databaseSer
         public override void Configure(EntityTypeBuilder<AuditLog> builder)
         {
             base.Configure(builder);
-            builder.ToTable(MixDbTableNames.AUDIT_LOG);
+            builder.ToTable("mix_audit_log");
+            
             builder.Property(e => e.Success)
                 .HasColumnName("success")
                 .HasColumnType(Config.Boolean);
@@ -30,10 +30,6 @@ public override void Configure(EntityTypeBuilder<AuditLog> builder)
                .HasColumnName("response_time")
                .HasColumnType(Config.Integer);
 
-            builder.Property(e => e.Success)
-                .HasColumnName("success")
-                .HasColumnType(Config.Boolean);
-
             builder.Property(e => e.RequestIp)
                 .HasColumnName("request_ip")
                 .HasColumnType($"{Config.String}{Config.SmallLength}");
@@ -73,6 +69,34 @@ public override void Configure(EntityTypeBuilder<AuditLog> builder)
              .IsRequired(false)
              .HasColumnName("exception")
              .HasColumnType(Config.Text);
+
+            // HIPAA/GDPR Compliance Enhancement Fields
+            builder.Property(e => e.CorrelationId)
+                .HasColumnName("correlation_id")
+                .HasColumnType($"{Config.String}{Config.MediumLength}");
+
+            builder.Property(e => e.TenantId)
+                .HasColumnName("tenant_id")
+                .HasColumnType(Config.Integer);
+
+            builder.Property(e => e.PhiAccessFlag)
+                .HasColumnName("phi_access_flag")
+                .HasColumnType(Config.Boolean);
+
+            builder.Property(e => e.UserAgent)
+                .HasColumnName("user_agent")
+                .HasColumnType($"{Config.String}{Config.MaxLength}");
+
+            builder.Property(e => e.SessionId)
+                .HasColumnName("session_id")
+                .HasColumnType($"{Config.String}{Config.MediumLength}");
+
+            // Indexes for compliance queries
+            builder.HasIndex(e => new { e.TenantId, e.PhiAccessFlag })
+                .HasDatabaseName("IX_AuditLog_Tenant_PHI");
+
+            builder.HasIndex(e => e.CorrelationId)
+                .HasDatabaseName("IX_AuditLog_CorrelationId");
         }
     }
 }

src/platform/mix.database/Entities/Compliance/BreakGlassAccess.cs

@@ -0,0 +1,49 @@
+using Mix.Database.Entities.Base;
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+
+namespace Mix.Database.Entities.Compliance
+{
+    public class BreakGlassAccess : TenantEntityBase<int>
+    {
+        [Required]
+        public Guid UserId { get; set; }
+        
+        [Required]
+        [MaxLength(100)]
+        public string AccessReason { get; set; } = string.Empty;
+        
+        [Required]
+        [MaxLength(500)]
+        public string Justification { get; set; } = string.Empty;
+        
+        [Required]
+        [MaxLength(100)]
+        public string ApprovedBy { get; set; } = string.Empty;
+        
+        public DateTime AccessStartTime { get; set; }
+        public DateTime AccessEndTime { get; set; }
+        public DateTime? ActualEndTime { get; set; }
+        
+        [Required]
+        public BreakGlassStatus Status { get; set; }
+        
+        [MaxLength(45)]
+        public string? IpAddress { get; set; }
+        
+        [MaxLength(500)]
+        public string? UserAgent { get; set; }
+        
+        public virtual ICollection<BreakGlassAudit>? AuditTrail { get; set; }
+    }
+    
+    public enum BreakGlassStatus
+    {
+        Requested = 1,
+        Approved = 2,
+        Active = 3,
+        Expired = 4,
+        Revoked = 5
+    }
+}