feat: implement audit trail module
- Backend (FastAPI): - AuditLog and AuditAlert models with Alembic migration - AuditService with SHA-256 checksum for log integrity - AuditMiddleware for request metadata extraction (IP, user_agent) - Integrated audit logging into Task, Project, Blocker APIs - Query API with filtering, pagination, CSV export - Integrity verification endpoint - Sensitive operation alerts with acknowledgement - Frontend (React + Vite): - Admin AuditPage with filters and export - ResourceHistory component for change tracking - Audit service for API calls - Testing: - 15 tests covering service and API endpoints - OpenSpec: - add-audit-trail change archived 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
beabigegg
84
openspec/changes/archive/2025-12-29-add-audit-trail/tasks.md
Normal file
84
openspec/changes/archive/2025-12-29-add-audit-trail/tasks.md
Normal file
@@ -0,0 +1,84 @@
|
||||
## 1. Database Schema
|
||||
|
||||
- [x] 1.1 建立 AuditLog model (`pjctrl_audit_logs`)
|
||||
- [x] 1.2 建立 AuditAlert model (`pjctrl_audit_alerts`)
|
||||
- [x] 1.3 建立 Alembic migration
|
||||
- [x] 1.4 建立 event types 和 sensitivity levels 常數
|
||||
|
||||
## 2. Core Audit Service
|
||||
|
||||
- [x] 2.1 建立 AuditService 核心類別
|
||||
- [x] 2.2 實作 checksum 計算邏輯
|
||||
- [x] 2.3 實作 log_event() 方法 (非同步)
|
||||
- [x] 2.4 實作 detect_changes() 方法 (比較 old/new values)
|
||||
- [x] 2.5 實作敏感度判定邏輯
|
||||
|
||||
## 3. Audit Middleware
|
||||
|
||||
- [x] 3.1 建立 AuditMiddleware 擷取 request metadata (IP, user_agent)
|
||||
- [x] 3.2 將 metadata 注入 request state
|
||||
|
||||
## 4. API Integration - Task
|
||||
|
||||
- [x] 4.1 整合 Task create 稽核
|
||||
- [x] 4.2 整合 Task update 稽核 (含 changes diff)
|
||||
- [x] 4.3 整合 Task delete 稽核
|
||||
- [x] 4.4 整合 Task assign 稽核
|
||||
|
||||
## 5. API Integration - Project
|
||||
|
||||
- [x] 5.1 整合 Project create 稽核
|
||||
- [x] 5.2 整合 Project update 稽核
|
||||
- [x] 5.3 整合 Project delete 稽核
|
||||
|
||||
## 6. API Integration - User & Auth
|
||||
|
||||
- [x] 6.1 整合 User permission change 稽核
|
||||
- [x] 6.2 整合 Login/Logout 稽核
|
||||
- [x] 6.3 整合 Blocker 事件稽核
|
||||
|
||||
## 7. Backend API - Query
|
||||
|
||||
- [x] 7.1 建立 AuditLog schemas (response)
|
||||
- [x] 7.2 實作 GET `/api/audit-logs` - 查詢稽核日誌
|
||||
- [x] 7.3 實作 GET `/api/audit-logs/resource/{type}/{id}` - 資源歷史
|
||||
- [x] 7.4 實作 query filters (時間、使用者、資源、敏感度)
|
||||
|
||||
## 8. Backend API - Export & Verify
|
||||
|
||||
- [x] 8.1 實作 GET `/api/audit-logs/export` - CSV 匯出
|
||||
- [x] 8.2 實作 POST `/api/audit-logs/verify-integrity` - 完整性驗證
|
||||
- [x] 8.3 實作分頁處理大量資料
|
||||
|
||||
## 9. Alert System
|
||||
|
||||
- [x] 9.1 建立 AuditAlert schemas
|
||||
- [x] 9.2 實作 create_alert() 方法
|
||||
- [x] 9.3 實作敏感操作警示觸發
|
||||
- [x] 9.4 實作大量刪除偵測
|
||||
- [x] 9.5 整合 NotificationService 發送警示
|
||||
- [x] 9.6 實作 PUT `/api/audit-alerts/{id}/acknowledge` - 確認警示
|
||||
|
||||
## 10. Frontend - Admin Audit Page
|
||||
|
||||
- [x] 10.1 建立 audit.ts service
|
||||
- [x] 10.2 建立 AuditLogList 元件
|
||||
- [x] 10.3 建立 AuditLogFilters 元件 (日期、使用者、資源)
|
||||
- [x] 10.4 建立 AuditLogDetail modal (顯示 changes diff)
|
||||
- [x] 10.5 建立 CSV 匯出按鈕
|
||||
- [x] 10.6 新增 Admin menu 連結
|
||||
|
||||
## 11. Frontend - Resource History
|
||||
|
||||
- [x] 11.1 建立 ResourceHistory 元件
|
||||
- [x] 11.2 整合至 Task 詳情頁
|
||||
- [x] 11.3 整合至 Project 詳情頁
|
||||
|
||||
## 12. Testing
|
||||
|
||||
- [x] 12.1 AuditService 單元測試
|
||||
- [x] 12.2 Checksum 計算測試
|
||||
- [x] 12.3 Audit API 端點測試
|
||||
- [x] 12.4 Alert 觸發測試
|
||||
- [x] 12.5 CSV 匯出測試
|
||||
- [x] 12.6 完整性驗證測試
|
||||
Reference in New Issue
Block a user