feat: systematic functional audit — fix 18 issues across Phase A/B

Phase A (P1 production blockers): - A1: Apply IP rate limiting to public routes (login/refresh) - A2: Publish domain events for workflow instance state transitions (completed/suspended/resumed/terminated) via outbox pattern - A3: Replace hardcoded nil UUID default tenant with dynamic DB lookup - A4: Add GET /api/v1/audit-logs query endpoint with pagination - A5: Enhance CORS wildcard warning for production environments Phase B (P2 functional gaps): - B1: Remove dead erp-common crate (zero references in codebase) - B2: Refactor 5 settings pages to use typed API modules instead of direct client calls; create api/themes.ts; delete dead errors.ts - B3: Add resume/suspend buttons to InstanceMonitor page - B4: Remove unused EventHandler trait from erp-core - B5: Handle task.completed events in message module (send notifications) - B6: Wire TimeoutChecker as 60s background task - B7: Auto-skip ServiceTask nodes instead of crashing the process - B8: Remove empty register_routes() from ErpModule trait and modules
2026-04-12 15:22:28 +08:00
parent 685df5e458
commit 14f431efff
34 changed files with 785 additions and 304 deletions
--- a/crates/erp-workflow/src/module.rs
+++ b/crates/erp-workflow/src/module.rs
@@ -1,5 +1,6 @@
 use axum::Router;
 use axum::routing::{get, post};
+use std::time::Duration;
 use uuid::Uuid;

 use erp_core::error::AppResult;
@@ -83,6 +84,38 @@ impl WorkflowModule {
                post(task_handler::delegate_task),
            )
    }
+
+    /// 启动超时检查后台任务。
+    ///
+    /// 每 60 秒扫描一次 tasks 表，查找 due_date 已过期但仍处于 pending 状态的任务。
+    /// 发现超时任务时记录 warning 日志，后续迭代将实现自动完成/升级逻辑。
+    pub fn start_timeout_checker(db: sea_orm::DatabaseConnection) {
+        tokio::spawn(async move {
+            let mut interval = tokio::time::interval(Duration::from_secs(60));
+
+            // 首次跳过，等一个完整间隔再执行
+            interval.tick().await;
+
+            loop {
+                interval.tick().await;
+
+                match crate::engine::timeout::TimeoutChecker::find_all_overdue_tasks(&db).await {
+                    Ok(overdue) => {
+                        if !overdue.is_empty() {
+                            tracing::warn!(
+                                count = overdue.len(),
+                                task_ids = ?overdue,
+                                "发现超时未完成的任务 — TODO: 实现自动完成/升级逻辑"
+                            );
+                        }
+                    }
+                    Err(e) => {
+                        tracing::warn!(error = %e, "超时检查任务执行失败");
+                    }
+                }
+            }
+        });
+    }
 }

 impl Default for WorkflowModule {
@@ -105,11 +138,6 @@ impl ErpModule for WorkflowModule {
        vec!["auth"]
    }

-    fn register_routes(&self, router: Router) -> Router {
-        // Actual route registration is done via protected_routes(), called by erp-server.
-        router
-    }
-
    fn register_event_handlers(&self, _bus: &EventBus) {}

    async fn on_tenant_created(&self, _tenant_id: Uuid) -> AppResult<()> {