monorepo/cloud/maplefile-backend/internal/repo/collection/anonymize_collection_ips.go

// monorepo/cloud/maplefile-backend/internal/repo/collection/anonymize_collection_ips.go
package collection

import (
	"context"
	"time"

	"github.com/gocql/gocql"
	"go.uber.org/zap"
)

// AnonymizeCollectionIPsByOwner immediately anonymizes all IP addresses for collections owned by a specific user
// Used for GDPR right-to-be-forgotten implementation
func (impl *collectionRepositoryImpl) AnonymizeCollectionIPsByOwner(ctx context.Context, ownerID gocql.UUID) (int, error) {
	impl.Logger.Info("Anonymizing IPs for collections owned by user (GDPR mode)",
		zap.String("owner_id", ownerID.String()))

	count := 0

	// Query all collections owned by this user
	query := `SELECT id FROM maplefile.collections_by_id WHERE owner_id = ? ALLOW FILTERING`
	iter := impl.Session.Query(query, ownerID).WithContext(ctx).Iter()

	var collectionID gocql.UUID
	var collectionIDs []gocql.UUID

	// Collect all collection IDs first
	for iter.Scan(&collectionID) {
		collectionIDs = append(collectionIDs, collectionID)
	}

	if err := iter.Close(); err != nil {
		impl.Logger.Error("Error querying collections by owner", zap.Error(err))
		return count, err
	}

	// Anonymize IPs for each collection
	for _, colID := range collectionIDs {
		updateQuery := `
			UPDATE maplefile.collections_by_id
			SET created_from_ip_address = '0.0.0.0',
			    modified_from_ip_address = '0.0.0.0',
			    ip_anonymized_at = ?
			WHERE id = ?
		`

		if err := impl.Session.Query(updateQuery, time.Now(), colID).WithContext(ctx).Exec(); err != nil {
			impl.Logger.Error("Failed to anonymize collection IPs",
				zap.String("collection_id", colID.String()),
				zap.Error(err))
			continue // Best-effort: continue with next collection
		}
		count++
	}

	impl.Logger.Info("✅ Successfully anonymized collection IPs",
		zap.String("owner_id", ownerID.String()),
		zap.Int("collections_anonymized", count))

	return count, nil
}