feat: systematic functional audit — fix 18 issues across Phase A/B

Phase A (P1 production blockers): - A1: Apply IP rate limiting to public routes (login/refresh) - A2: Publish domain events for workflow instance state transitions (completed/suspended/resumed/terminated) via outbox pattern - A3: Replace hardcoded nil UUID default tenant with dynamic DB lookup - A4: Add GET /api/v1/audit-logs query endpoint with pagination - A5: Enhance CORS wildcard warning for production environments Phase B (P2 functional gaps): - B1: Remove dead erp-common crate (zero references in codebase) - B2: Refactor 5 settings pages to use typed API modules instead of direct client calls; create api/themes.ts; delete dead errors.ts - B3: Add resume/suspend buttons to InstanceMonitor page - B4: Remove unused EventHandler trait from erp-core - B5: Handle task.completed events in message module (send notifications) - B6: Wire TimeoutChecker as 60s background task - B7: Auto-skip ServiceTask nodes instead of crashing the process - B8: Remove empty register_routes() from ErpModule trait and modules
2026-04-12 15:22:28 +08:00
parent 685df5e458
commit 14f431efff
34 changed files with 785 additions and 304 deletions
--- a/crates/erp-auth/Cargo.toml
+++ b/crates/erp-auth/Cargo.toml
@@ -5,7 +5,6 @@ edition.workspace = true

 [dependencies]
 erp-core.workspace = true
-erp-common.workspace = true
 tokio.workspace = true
 serde.workspace = true
 serde_json.workspace = true
--- a/crates/erp-auth/src/module.rs
+++ b/crates/erp-auth/src/module.rs
@@ -129,24 +129,17 @@ impl ErpModule for AuthModule {
        vec![]
    }

-    fn register_routes(&self, router: Router) -> Router {
-        // The ErpModule trait uses Router<()> (no state type).
-        // Actual route registration with typed state is done
-        // via public_routes() and protected_routes(), called by erp-server.
-        router
-    }
-
    fn register_event_handlers(&self, _bus: &EventBus) {
-        // Phase 2: subscribe to events from other modules if needed
+        // Auth 模块暂无跨模块事件订阅需求
    }

    async fn on_tenant_created(&self, _tenant_id: Uuid) -> AppResult<()> {
-        // Phase 2+: create default roles and admin user for new tenant
+        // TODO: 创建默认角色和管理员用户
        Ok(())
    }

    async fn on_tenant_deleted(&self, _tenant_id: Uuid) -> AppResult<()> {
-        // Phase 2+: soft-delete all users belonging to the tenant
+        // TODO: 软删除该租户下所有用户
        Ok(())
    }