feat(audit): Q2 Chunk 3 — 审计日志补全

- 登录成功/失败均写入审计日志（含 IP、User-Agent）
- 登出、密码修改添加审计日志
- 用户/角色 update 记录变更前后值（old_value/new_value）
- 插件数据 CRUD（create/update/delete）添加审计日志
- auth handler 提取 X-Forwarded-For/X-Real-IP/User-Agent

crates/erp-plugin/src/data_service.rs

@@ -1,6 +1,8 @@
 use sea_orm::{ColumnTrait, ConnectionTrait, EntityTrait, FromQueryResult, QueryFilter, Statement};
 use uuid::Uuid;
 
+use erp_core::audit::{AuditLog};
+use erp_core::audit_service;
 use erp_core::error::{AppError, AppResult};
 use erp_core::events::EventBus;
 
@@ -51,6 +53,13 @@ impl PluginDataService {
         .await?
         .ok_or_else(|| PluginError::DatabaseError("INSERT 未返回结果".to_string()))?;
 
+        audit_service::record(
+            AuditLog::new(tenant_id, Some(operator_id), "plugin.data.create", entity_name)
+                .with_resource_id(result.id),
+            db,
+        )
+        .await;
+
         Ok(PluginDataResp {
             id: result.id.to_string(),
             data: result.data,
@@ -243,6 +252,13 @@ impl PluginDataService {
         .await?
         .ok_or_else(|| AppError::VersionMismatch)?;
 
+        audit_service::record(
+            AuditLog::new(tenant_id, Some(operator_id), "plugin.data.update", entity_name)
+                .with_resource_id(id),
+            db,
+        )
+        .await;
+
         Ok(PluginDataResp {
             id: result.id.to_string(),
             data: result.data,
@@ -369,6 +385,13 @@ impl PluginDataService {
         ))
         .await?;
 
+        audit_service::record(
+            AuditLog::new(tenant_id, None, "plugin.data.delete", entity_name)
+                .with_resource_id(id),
+            db,
+        )
+        .await;
+
         Ok(())
     }