feat: systematic functional audit — fix 18 issues across Phase A/B

Phase A (P1 production blockers): - A1: Apply IP rate limiting to public routes (login/refresh) - A2: Publish domain events for workflow instance state transitions (completed/suspended/resumed/terminated) via outbox pattern - A3: Replace hardcoded nil UUID default tenant with dynamic DB lookup - A4: Add GET /api/v1/audit-logs query endpoint with pagination - A5: Enhance CORS wildcard warning for production environments Phase B (P2 functional gaps): - B1: Remove dead erp-common crate (zero references in codebase) - B2: Refactor 5 settings pages to use typed API modules instead of direct client calls; create api/themes.ts; delete dead errors.ts - B3: Add resume/suspend buttons to InstanceMonitor page - B4: Remove unused EventHandler trait from erp-core - B5: Handle task.completed events in message module (send notifications) - B6: Wire TimeoutChecker as 60s background task - B7: Auto-skip ServiceTask nodes instead of crashing the process - B8: Remove empty register_routes() from ErpModule trait and modules
2026-04-12 15:22:28 +08:00
parent 685df5e458
commit 14f431efff
34 changed files with 785 additions and 304 deletions
--- a/crates/erp-message/src/module.rs
+++ b/crates/erp-message/src/module.rs
@@ -123,10 +123,6 @@ impl ErpModule for MessageModule {
        vec!["auth"]
    }

-    fn register_routes(&self, router: Router) -> Router {
-        router
-    }
-
    fn register_event_handlers(&self, _bus: &EventBus) {}

    async fn on_tenant_created(&self, _tenant_id: Uuid) -> AppResult<()> {
@@ -177,8 +173,32 @@ async fn handle_workflow_event(
            }
        }
        "task.completed" => {
-            // 任务完成时通知发起人（此处简化处理）
-            tracing::debug!("Task completed event received, skipping notification for now");
+            // 任务完成时通知流程发起人
+            let task_id = event.payload.get("task_id")
+                .and_then(|v| v.as_str())
+                .unwrap_or("unknown");
+            let starter_id = event.payload.get("started_by")
+                .and_then(|v| v.as_str());
+
+            if let Some(starter) = starter_id {
+                let recipient = match uuid::Uuid::parse_str(starter) {
+                    Ok(id) => id,
+                    Err(_) => return Ok(()),
+                };
+                let _ = crate::service::message_service::MessageService::send_system(
+                    event.tenant_id,
+                    recipient,
+                    "流程任务已完成".to_string(),
+                    format!("流程任务 {} 已完成，请查看。", task_id),
+                    "normal",
+                    Some("workflow_task".to_string()),
+                    uuid::Uuid::parse_str(task_id).ok(),
+                    db,
+                    event_bus,
+                )
+                .await
+                .map_err(|e| e.to_string())?;
+            }
        }
        _ => {}
    }