feat: implement audit trail module

- Backend (FastAPI): - AuditLog and AuditAlert models with Alembic migration - AuditService with SHA-256 checksum for log integrity - AuditMiddleware for request metadata extraction (IP, user_agent) - Integrated audit logging into Task, Project, Blocker APIs - Query API with filtering, pagination, CSV export - Integrity verification endpoint - Sensitive operation alerts with acknowledgement - Frontend (React + Vite): - Admin AuditPage with filters and export - ResourceHistory component for change tracking - Audit service for API calls - Testing: - 15 tests covering service and API endpoints - OpenSpec: - add-audit-trail change archived 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-29 21:21:18 +08:00
parent 3470428411
commit 0ef78e13ff
24 changed files with 2431 additions and 7 deletions
--- a/backend/app/api/blockers/router.py
+++ b/backend/app/api/blockers/router.py
@@ -1,15 +1,17 @@
 import uuid
 from datetime import datetime
-from fastapi import APIRouter, Depends, HTTPException, status
+from fastapi import APIRouter, Depends, HTTPException, status, Request
 from sqlalchemy.orm import Session

 from app.core.database import get_db
-from app.models import User, Task, Blocker
+from app.models import User, Task, Blocker, AuditAction
 from app.schemas.blocker import (
    BlockerCreate, BlockerResolve, BlockerResponse, BlockerListResponse, BlockerUserInfo
 )
 from app.middleware.auth import get_current_user, check_task_access, check_task_edit_access
+from app.middleware.audit import get_audit_metadata
 from app.services.notification_service import NotificationService
+from app.services.audit_service import AuditService

 router = APIRouter(tags=["blockers"])

@@ -40,6 +42,7 @@ def blocker_to_response(blocker: Blocker) -> BlockerResponse:
 async def create_blocker(
    task_id: str,
    blocker_data: BlockerCreate,
+    request: Request,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user),
 ):
@@ -85,6 +88,18 @@ async def create_blocker(
    # Notify project owner
    NotificationService.notify_blocker(db, task, current_user, blocker_data.reason)

+    # Audit log
+    AuditService.log_event(
+        db=db,
+        event_type="task.blocker",
+        resource_type="task",
+        action=AuditAction.UPDATE,
+        user_id=current_user.id,
+        resource_id=task.id,
+        changes=[{"field": "blocker_flag", "old_value": False, "new_value": True}],
+        request_metadata=get_audit_metadata(request),
+    )
+
    db.commit()
    db.refresh(blocker)