M0-04 Audit & Security 基础版 #4

New Issue

Closed

opened 2026-05-22 21:00:15 +08:00 by wangdl · 2 comments

wangdl commented 2026-05-22 21:00:15 +08:00

Owner

Copy Link

交付检查

• Prisma migration — AdminAuditLog(riskLevel+reason) + SecurityEvent
• MySQL
• BullMQ 异步写入 — audit-logs 队列 + AuditLogProcessor
• AdminAuditService — log() 异步，自动风险分级
• Admin AAPI — GET /admin-api/audit-logs 分页筛选
• Admin Web — /audit 审计日志页
• 操作前后快照 — beforeJson/afterJson
• SecurityEvent 安全事件视图 ✅ 系统运维→安全事件
• 审计日志归档策略 (暂不实施)
• 安全事件自动检测 (暂不实施)

---

架构实施计划

写入链路

业务操作 -> AdminAuditService.log(input)
-> QueueService.add('audit-logs', data)
-> BullMQ Redis
-> AuditLogProcessor.process() -> Prisma -> MySQL

风险自动分级

操作类型	风险等级
delete/remove/purge/revoke	critical
update/edit/disable/block	high
create/add/import/upload	medium
read/view/list	low

已接入

• Admin 登录/登出/失败 — admin-auth.service.ts
• Admin CRUD — admin-users
• 知识库删除 — admin-knowledge
• 配置变更 — ConfigChangeLog 表

## 交付检查 - [x] Prisma migration — AdminAuditLog(riskLevel+reason) + SecurityEvent - [x] MySQL - [x] BullMQ 异步写入 — audit-logs 队列 + AuditLogProcessor - [x] AdminAuditService — log() 异步，自动风险分级 - [x] Admin AAPI — GET /admin-api/audit-logs 分页筛选 - [x] Admin Web — /audit 审计日志页 - [x] 操作前后快照 — beforeJson/afterJson - [x] SecurityEvent 安全事件视图 ✅ 系统运维→安全事件 - [x] 审计日志归档策略 (暂不实施) - [x] 安全事件自动检测 (暂不实施) --- ## 架构实施计划 ### 写入链路 业务操作 -> AdminAuditService.log(input) -> QueueService.add('audit-logs', data) -> BullMQ Redis -> AuditLogProcessor.process() -> Prisma -> MySQL ### 风险自动分级 | 操作类型 | 风险等级 | |------|------| | delete/remove/purge/revoke | critical | | update/edit/disable/block | high | | create/add/import/upload | medium | | read/view/list | low | ### 已接入 - Admin 登录/登出/失败 — admin-auth.service.ts - Admin CRUD — admin-users - 知识库删除 — admin-knowledge - 配置变更 — ConfigChangeLog 表

wangdl added this to the M0：后端基础能力与架构规范闭环（P0） milestone 2026-05-22 21:00:15 +08:00

wangdl self-assigned this 2026-05-22 21:00:15 +08:00

wangdl commented 2026-05-24 09:38:21 +08:00

Author

Owner

Copy Link

✅ E2E 测试通过

M0 E2E 测试已全部通过 — 28/28 tests passed，耗时 ~1.4s。

本 Issue 测试内容

GET /admin-api/audit-logs → 200 paginated items, 401 without token

运行方式

npm run test:e2e

测试架构

• Mock 层: @prisma/client / ioredis / jose / @nestjs/bullmq
• 无需本地 MySQL/Redis，纯 mock 轻量集成测试
• 测试文件: test/m0.e2e-spec.ts

## ✅ E2E 测试通过 M0 E2E 测试已全部通过 — **28/28 tests passed**，耗时 ~1.4s。 ### 本 Issue 测试内容 GET /admin-api/audit-logs → 200 paginated items, 401 without token ### 运行方式 ```bash npm run test:e2e ``` ### 测试架构 - Mock 层: `@prisma/client` / `ioredis` / `jose` / `@nestjs/bullmq` - 无需本地 MySQL/Redis，纯 mock 轻量集成测试 - 测试文件: `test/m0.e2e-spec.ts`

wangdl referenced this issue 2026-06-05 19:34:40 +08:00

H0-08 KnowledgeBase 增加 visibility / isPinned / ownerType / coverType 字段 #53

wangdl referenced this issue 2026-06-05 19:36:03 +08:00

H0-08 KnowledgeBase 增加 visibility / isPinned / ownerType / coverType 字段 #53

wangdl closed this issue 2026-06-06 18:50:21 +08:00

wangdl commented 2026-06-06 18:50:21 +08:00

Author

Owner

Copy Link

关闭

M0 基础设施已实现并被后续 M1-M7 具体 issue 覆盖。相关代码已在生产运行。

## 关闭 M0 基础设施已实现并被后续 M1-M7 具体 issue 覆盖。相关代码已在生产运行。

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

No results found.

Labels

Clear labels

area:activity

活动/统计

area:admin

管理后台

area:admin-api

area:ai

AI/RAG

area:ai-runtime

AI Runtime / AI 分析体系相关

area:analytics

area:api

API 接口

area:auth

认证与授权

area:cos

对象存储

area:database

数据库/Migration

area:import

文件导入/解析

area:knowledge

知识库/知识点

area:learning-info

area:learning-session

area:quiz

测验/自测

area:reading-event

area:reading-progress

area:review

复习系统

area:security

安全相关

audit:api-admin-info

audit:api-info

audit:planned

已完成宏观规划，尚未代码审查

audit:reviewed

blocked-by:api-info-aggregation

blocked-by:api-info-core

blocked-by:api-info-ops

blocked-by:api-info-schema

blocked-by:processor

blocked-by:schema

priority:p0

最高优先级，阻塞发布

priority:p1

高优先级，里程碑必需

priority:p2

中优先级，后续版本

repo:api

API 仓库 Issue

status:blocked

被阻塞

status:done

已完成

status:partial

status:todo

type:aggregation

type:bug

缺陷修复

type:design

设计

type:docs

文档

type:feature

新功能

type:migration

type:refactor

重构

type:test

work:admin-api

work:aggregation

work:api

work:artifact

题目/卡片产物

work:audit

work:circuit-breaker

熔断

work:contract

work:design

架构/协议设计工作

work:docs

work:export

work:extend-existing

work:internal-api

Runtime 内部接口

work:job

Job 调度相关

work:new-module

work:new-table

work:ops

work:query

work:quota

额度/限流

work:schema

Prisma Schema 设计

work:security

work:service

Service 层实现

work:snapshot

Snapshot 构建

work:test

No Label

Milestone

No items

No Milestone M0：后端基础能力与架构规范闭环（P0）

Projects

Clear projects

No project

Assignees

Clear assignees

suyun-Claude wangdl

No Assignees wangdl

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: wangdl/api-server#4

No description provided.