feat: systematic functional audit — fix 18 issues across Phase A/B
Phase A (P1 production blockers): - A1: Apply IP rate limiting to public routes (login/refresh) - A2: Publish domain events for workflow instance state transitions (completed/suspended/resumed/terminated) via outbox pattern - A3: Replace hardcoded nil UUID default tenant with dynamic DB lookup - A4: Add GET /api/v1/audit-logs query endpoint with pagination - A5: Enhance CORS wildcard warning for production environments Phase B (P2 functional gaps): - B1: Remove dead erp-common crate (zero references in codebase) - B2: Refactor 5 settings pages to use typed API modules instead of direct client calls; create api/themes.ts; delete dead errors.ts - B3: Add resume/suspend buttons to InstanceMonitor page - B4: Remove unused EventHandler trait from erp-core - B5: Handle task.completed events in message module (send notifications) - B6: Wire TimeoutChecker as 60s background task - B7: Auto-skip ServiceTask nodes instead of crashing the process - B8: Remove empty register_routes() from ErpModule trait and modules
This commit is contained in:
iven
75
crates/erp-server/src/handlers/audit_log.rs
Normal file
75
crates/erp-server/src/handlers/audit_log.rs
Normal file
@@ -0,0 +1,75 @@
|
||||
use axum::extract::{Query, State};
|
||||
use axum::response::Json;
|
||||
use axum::routing::get;
|
||||
use axum::Router;
|
||||
use sea_orm::{ColumnTrait, EntityTrait, PaginatorTrait, QueryFilter, QueryOrder};
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use crate::state::AppState;
|
||||
use erp_core::entity::audit_log;
|
||||
use erp_core::error::AppError;
|
||||
|
||||
/// 审计日志查询参数。
|
||||
#[derive(Debug, Deserialize)]
|
||||
pub struct AuditLogQuery {
|
||||
pub resource_type: Option<String>,
|
||||
pub user_id: Option<uuid::Uuid>,
|
||||
pub page: Option<u64>,
|
||||
pub page_size: Option<u64>,
|
||||
}
|
||||
|
||||
/// 审计日志分页响应。
|
||||
#[derive(Debug, Serialize)]
|
||||
pub struct AuditLogResponse {
|
||||
pub items: Vec<audit_log::Model>,
|
||||
pub total: u64,
|
||||
pub page: u64,
|
||||
pub page_size: u64,
|
||||
}
|
||||
|
||||
/// GET /audit-logs
|
||||
///
|
||||
/// 分页查询审计日志,支持按 resource_type 和 user_id 过滤。
|
||||
pub async fn list_audit_logs(
|
||||
State(state): State<AppState>,
|
||||
Query(params): Query<AuditLogQuery>,
|
||||
) -> Result<Json<AuditLogResponse>, AppError> {
|
||||
let page = params.page.unwrap_or(1).max(1);
|
||||
let page_size = params.page_size.unwrap_or(20).min(100);
|
||||
let tenant_id = state.default_tenant_id;
|
||||
|
||||
let mut q = audit_log::Entity::find()
|
||||
.filter(audit_log::Column::TenantId.eq(tenant_id));
|
||||
|
||||
if let Some(rt) = ¶ms.resource_type {
|
||||
q = q.filter(audit_log::Column::ResourceType.eq(rt.clone()));
|
||||
}
|
||||
if let Some(uid) = ¶ms.user_id {
|
||||
q = q.filter(audit_log::Column::UserId.eq(*uid));
|
||||
}
|
||||
|
||||
let paginator = q
|
||||
.order_by_desc(audit_log::Column::CreatedAt)
|
||||
.paginate(&state.db, page_size);
|
||||
|
||||
let total = paginator
|
||||
.num_items()
|
||||
.await
|
||||
.map_err(|e| AppError::Internal(format!("查询审计日志失败: {e}")))?;
|
||||
|
||||
let items = paginator
|
||||
.fetch_page(page - 1)
|
||||
.await
|
||||
.map_err(|e| AppError::Internal(format!("查询审计日志失败: {e}")))?;
|
||||
|
||||
Ok(Json(AuditLogResponse {
|
||||
items,
|
||||
total,
|
||||
page,
|
||||
page_size,
|
||||
}))
|
||||
}
|
||||
|
||||
pub fn audit_log_router() -> Router<AppState> {
|
||||
Router::new().route("/audit-logs", get(list_audit_logs))
|
||||
}
|
||||
Reference in New Issue
Block a user