feat: systematic functional audit — fix 18 issues across Phase A/B

Phase A (P1 production blockers): - A1: Apply IP rate limiting to public routes (login/refresh) - A2: Publish domain events for workflow instance state transitions (completed/suspended/resumed/terminated) via outbox pattern - A3: Replace hardcoded nil UUID default tenant with dynamic DB lookup - A4: Add GET /api/v1/audit-logs query endpoint with pagination - A5: Enhance CORS wildcard warning for production environments Phase B (P2 functional gaps): - B1: Remove dead erp-common crate (zero references in codebase) - B2: Refactor 5 settings pages to use typed API modules instead of direct client calls; create api/themes.ts; delete dead errors.ts - B3: Add resume/suspend buttons to InstanceMonitor page - B4: Remove unused EventHandler trait from erp-core - B5: Handle task.completed events in message module (send notifications) - B6: Wire TimeoutChecker as 60s background task - B7: Auto-skip ServiceTask nodes instead of crashing the process - B8: Remove empty register_routes() from ErpModule trait and modules
2026-04-12 15:22:28 +08:00
parent 685df5e458
commit 14f431efff
34 changed files with 785 additions and 304 deletions
--- a/apps/web/src/api/errors.ts
+++ b/apps/web/src/api/errors.ts
@@ -1,13 +0,0 @@
-/**
- * Extract a user-friendly error message from an Axios error response.
- *
- * The backend returns `{ success: false, message: "..." }` on errors.
- * This helper centralizes the extraction logic to avoid repeating the
- * same type assertion in every catch block.
- */
-export function extractErrorMessage(err: unknown, fallback = '操作失败'): string {
-  return (
-    (err as { response?: { data?: { message?: string } } })?.response?.data
-      ?.message || fallback
-  );
-}