feat: 新增补丁管理和异常检测插件及相关功能

feat(protocol): 添加补丁管理和行为指标协议类型 feat(client): 实现补丁管理插件采集功能 feat(server): 添加补丁管理和异常检测API feat(database): 新增补丁状态和异常检测相关表 feat(web): 添加补丁管理和异常检测前端页面 fix(security): 增强输入验证和防注入保护 refactor(auth): 重构认证检查逻辑 perf(service): 优化Windows服务恢复策略 style: 统一健康评分显示样式 docs: 更新知识库文档
2026-04-11 15:59:53 +08:00
parent b5333d8c93
commit 60ee38a3c2
49 changed files with 3988 additions and 461 deletions
--- a/migrations/018_patch_management.sql
+++ b/migrations/018_patch_management.sql
@@ -0,0 +1,59 @@
+-- 018_patch_management.sql: Patch management system
+
+CREATE TABLE IF NOT EXISTS patch_status (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_uid      TEXT NOT NULL REFERENCES devices(device_uid) ON DELETE CASCADE,
+    kb_id           TEXT NOT NULL,
+    title           TEXT NOT NULL,
+    severity        TEXT,
+    is_installed    INTEGER NOT NULL DEFAULT 0,
+    discovered_at   TEXT NOT NULL DEFAULT (datetime('now')),
+    installed_at    TEXT,
+    updated_at      TEXT NOT NULL DEFAULT (datetime('now')),
+    UNIQUE(device_uid, kb_id)
+);
+
+CREATE TABLE IF NOT EXISTS patch_policies (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    target_type     TEXT NOT NULL DEFAULT 'global' CHECK(target_type IN ('global', 'device', 'group')),
+    target_id       TEXT,
+    auto_approve    INTEGER NOT NULL DEFAULT 0,
+    severity_filter TEXT NOT NULL DEFAULT 'important',
+    enabled         INTEGER NOT NULL DEFAULT 1,
+    created_at      TEXT NOT NULL DEFAULT (datetime('now')),
+    updated_at      TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+-- Behavior metrics for anomaly detection
+CREATE TABLE IF NOT EXISTS behavior_metrics (
+    id                  INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_uid          TEXT NOT NULL REFERENCES devices(device_uid) ON DELETE CASCADE,
+    clipboard_ops_count INTEGER NOT NULL DEFAULT 0,
+    clipboard_ops_night INTEGER NOT NULL DEFAULT 0,
+    print_jobs_count    INTEGER NOT NULL DEFAULT 0,
+    usb_file_ops_count  INTEGER NOT NULL DEFAULT 0,
+    new_processes_count INTEGER NOT NULL DEFAULT 0,
+    period_secs         INTEGER NOT NULL DEFAULT 3600,
+    reported_at         TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+-- Anomaly alerts generated by the detection engine
+CREATE TABLE IF NOT EXISTS anomaly_alerts (
+    id              INTEGER PRIMARY KEY AUTOINCREMENT,
+    device_uid      TEXT NOT NULL REFERENCES devices(device_uid) ON DELETE CASCADE,
+    anomaly_type    TEXT NOT NULL,
+    severity        TEXT NOT NULL DEFAULT 'medium' CHECK(severity IN ('low', 'medium', 'high', 'critical')),
+    detail          TEXT NOT NULL,
+    metric_value    REAL,
+    baseline_value  REAL,
+    handled         INTEGER NOT NULL DEFAULT 0,
+    handled_by      TEXT,
+    handled_at      TEXT,
+    triggered_at    TEXT NOT NULL DEFAULT (datetime('now'))
+);
+
+CREATE INDEX IF NOT EXISTS idx_patch_status_device ON patch_status(device_uid);
+CREATE INDEX IF NOT EXISTS idx_patch_status_severity ON patch_status(severity, is_installed);
+CREATE INDEX IF NOT EXISTS idx_behavior_metrics_device_time ON behavior_metrics(device_uid, reported_at);
+CREATE INDEX IF NOT EXISTS idx_anomaly_alerts_device ON anomaly_alerts(device_uid);
+CREATE INDEX IF NOT EXISTS idx_anomaly_alerts_unhandled ON anomaly_alerts(handled) WHERE handled = 0;