/** * 审计系统 API 服务 * 模块: platform_audit * * 基于文档: docs/modules/audit-system/07-api.md */ import apiClient, { PaginatedData, ApiClientError } from '@/lib/api-client'; // ==================== 类型定义 ==================== /** * 审计操作类型 * 与后端 Prisma schema platform_audit.prisma 保持一致 */ export enum AuditAction { // CRUD 操作 CREATE = 'CREATE', READ = 'READ', UPDATE = 'UPDATE', DELETE = 'DELETE', BULK_UPDATE = 'BULK_UPDATE', BULK_DELETE = 'BULK_DELETE', // 审批流程 APPROVE = 'APPROVE', REJECT = 'REJECT', RETURN = 'RETURN', FORWARD = 'FORWARD', WITHDRAW = 'WITHDRAW', // 认证相关 LOGIN = 'LOGIN', LOGOUT = 'LOGOUT', LOGIN_FAILED = 'LOGIN_FAILED', PASSWORD_CHANGE = 'PASSWORD_CHANGE', PASSWORD_RESET = 'PASSWORD_RESET', EMAIL_CHANGE = 'EMAIL_CHANGE', // 权限相关 PERMISSION_CHANGE = 'PERMISSION_CHANGE', ROLE_CHANGE = 'ROLE_CHANGE', // 系统操作 CONFIG_CHANGE = 'CONFIG_CHANGE', BACKUP = 'BACKUP', RESTORE = 'RESTORE', EXPORT = 'EXPORT', IMPORT = 'IMPORT', DEPLOY = 'DEPLOY', ROLLBACK = 'ROLLBACK', // 财务操作 PAYMENT = 'PAYMENT', REFUND = 'REFUND', INVOICE_GENERATE = 'INVOICE_GENERATE', FINANCIAL_CLOSE = 'FINANCIAL_CLOSE', BUDGET_APPROVE = 'BUDGET_APPROVE', // 文件操作 DOWNLOAD = 'DOWNLOAD', UPLOAD = 'UPLOAD', SHARE = 'SHARE', ARCHIVE = 'ARCHIVE', } /** * 审计状态 * 与后端 Prisma schema platform_audit.prisma 保持一致 */ export enum AuditStatus { SUCCESS = 'SUCCESS', FAILED = 'FAILED', PARTIAL = 'PARTIAL', PENDING = 'PENDING', } /** * 风险级别 * 与后端 Prisma schema platform_audit.prisma 保持一致 */ export enum RiskLevel { LOW = 'LOW', MEDIUM = 'MEDIUM', HIGH = 'HIGH', } /** * 合规级别 */ export enum ComplianceLevel { LOW = 'LOW', MEDIUM = 'MEDIUM', HIGH = 'HIGH', } /** * 完整性检查范围 */ export enum IntegrityCheckScope { ALL = 'ALL', FINANCIAL_ONLY = 'FINANCIAL_ONLY', SENSITIVE_ONLY = 'SENSITIVE_ONLY', HIGH_RISK_ONLY = 'HIGH_RISK_ONLY', } /** * 完整性检查状态 */ export enum IntegrityCheckStatus { QUEUED = 'QUEUED', RUNNING = 'RUNNING', COMPLETED = 'COMPLETED', FAILED = 'FAILED', } // ==================== 接口类型 ==================== /** * 用户简要信息 */ export interface UserBrief { id: string; username: string; displayName?: string; } /** * 审计日志列表项 */ export interface AuditLogItem { id: string; region: string; tenantId: string; // 5W1H who: string; what: string; when: string; where: string; why?: string; how: string; // 操作详情 module: string; action: AuditAction; entityType: string; entityId: string; // 上下文 userId: string; ipAddress: string; userAgent: string; // 状态 status: AuditStatus; duration?: number; // 合规 isFinancial: boolean; isSensitive: boolean; riskLevel: RiskLevel; complianceLevel: ComplianceLevel; // 用户信息 user?: UserBrief; } /** * 审计日志详情 */ export interface AuditLogDetail extends AuditLogItem { // 变更内容 oldValue?: Record; newValue?: Record; changes?: Record; // 上下文详情 sessionId: string; traceId: string; requestId: string; deviceId?: string; geoLocation?: string; // 业务扩展 businessType?: string; businessKey?: string; // 错误信息 errorMessage?: string; // 完整性 previousHash?: string; currentHash: string; signature?: string; retentionYears: number; // 元数据 createdAt: string; archivedAt?: string; } /** * 实体审计历史项 */ export interface EntityHistoryItem { id: string; action: AuditAction; when: string; who: string; oldValue?: Record; newValue?: Record; changes?: Record; status: AuditStatus; user?: UserBrief; } /** * 实体审计历史响应 */ export interface EntityHistoryResponse { entityType: string; entityId: string; history: EntityHistoryItem[]; total: number; page: number; limit: number; totalPages: number; hasNext: boolean; hasPrev: boolean; } /** * 用户操作历史响应 */ export interface UserHistoryResponse { userId: string; username?: string; displayName?: string; operations: { id: string; action: AuditAction; module: string; when: string; entityType: string; entityId: string; what: string; status: AuditStatus; riskLevel: RiskLevel; isFinancial: boolean; isSensitive: boolean; }[]; summary: { total: number; byAction: Record; byModule: Record; sensitiveCount: number; financialCount: number; failedCount: number; }; total: number; page: number; limit: number; totalPages: number; hasNext: boolean; hasPrev: boolean; } /** * 追踪日志响应 */ export interface TraceLogsResponse { traceId: string; logs: { id: string; action: AuditAction; module: string; when: string; duration?: number; status: AuditStatus; errorMessage?: string; }[]; totalDuration?: number; } /** * 财务日志响应 */ export interface FinancialLogsResponse extends PaginatedData { summary: { total: number; byAction: Record; byModule: Record; }; } /** * 敏感操作日志响应 */ export interface SensitiveLogsResponse extends PaginatedData { summary: { total: number; byRiskLevel: Record; byAction: Record; }; } /** * 统计响应 */ export interface StatisticsResponse { period: { start: string; end: string; }; summary: { total: number; success: number; failed: number; financial: number; sensitive: number; }; byModule: { module: string; count: number; successRate: number; }[]; byAction: { action: AuditAction; count: number; }[]; byDay: { date: string; count: number; }[]; } /** * 完整性验证响应 */ export interface IntegrityVerifyResponse { verified: boolean; totalRecords: number; passCount: number; failCount: number; failures: { logId: string; /** * 当前服务返回的 type 取自 4 值联合,但读取历史 audit_integrity_check_log.failures (Json) * 可能命中早期已废弃的枚举值(例如 MISSING_HASH)。前端展示按字符串渲染即可,不要做穷举判别。 */ type: | 'HASH_CHAIN_BROKEN' | 'HASH_MISMATCH' | 'INVALID_GENESIS' | 'SIGNATURE_INVALID' | (string & {}); message: string; expectedHash?: string; actualHash?: string; }[]; verifiedAt: string; duration: number; } /** * 完整性检查任务 */ export interface IntegrityCheckJob { jobId: string; status: IntegrityCheckStatus; createdAt: string; startedAt?: string; completedAt?: string; result?: IntegrityVerifyResponse; error?: string; } // ==================== 请求参数类型 ==================== /** * 查询审计日志参数 */ export interface QueryAuditLogParams { // 时间范围 startDate?: string; endDate?: string; // 过滤条件 userId?: string; module?: string; action?: AuditAction; entityType?: string; entityId?: string; status?: AuditStatus; isFinancial?: boolean; isSensitive?: boolean; riskLevel?: RiskLevel; complianceLevel?: ComplianceLevel; keyword?: string; // 排序 sortBy?: 'when' | 'module' | 'action' | 'userId'; sortOrder?: 'asc' | 'desc'; // 分页 page?: number; limit?: number; } /** * 实体审计查询参数 */ export interface EntityAuditQueryParams { page?: number; limit?: number; includeDiff?: boolean; } /** * 用户审计查询参数 */ export interface UserAuditQueryParams { startDate?: string; endDate?: string; module?: string; action?: AuditAction; isSensitive?: boolean; isFinancial?: boolean; riskLevel?: RiskLevel; page?: number; limit?: number; } /** * 财务审计查询参数 */ export interface FinancialAuditQueryParams { startDate: string; endDate: string; userId?: string; action?: AuditAction; module?: string; sortBy?: string; sortOrder?: 'asc' | 'desc'; page?: number; limit?: number; } /** * 敏感操作查询参数 */ export interface SensitiveAuditQueryParams { startDate?: string; endDate?: string; userId?: string; action?: AuditAction; riskLevel?: RiskLevel; page?: number; limit?: number; } /** * 统计请求参数 */ export interface StatisticsParams { startDate: string; endDate: string; module?: string; userId?: string; } /** * 导出请求参数 */ export interface ExportParams { startDate: string; endDate: string; format: 'json' | 'csv'; filters?: { userId?: string; module?: string; action?: AuditAction; isFinancial?: boolean; isSensitive?: boolean; }; } /** * 完整性验证参数 */ export interface VerifyIntegrityParams { startDate?: string; endDate?: string; } /** * 完整性检查参数 */ export interface IntegrityCheckParams { scope: IntegrityCheckScope; startDate?: string; endDate?: string; } // ==================== API 函数 ==================== const BASE_URL = '/audit'; // -------------------- 审计日志查询 -------------------- /** * 查询审计日志 */ export async function getAuditLogs(params?: QueryAuditLogParams): Promise> { return apiClient.get(`${BASE_URL}/logs`, { params }); } /** * 获取审计日志详情 */ export async function getAuditLogById(id: string): Promise { return apiClient.get(`${BASE_URL}/logs/${id}`); } /** * 单条审计日志完整性校验 */ export interface SingleLogVerifyResult { id: string; valid: boolean; storedHash: string; calculatedHash: string; verifiedAt: string; } export async function verifySingleAuditLog(id: string): Promise { return apiClient.get(`${BASE_URL}/logs/${id}/verify`); } /** * 获取实体审计历史 */ export async function getEntityHistory( entityType: string, entityId: string, params?: EntityAuditQueryParams, ): Promise { return apiClient.get(`${BASE_URL}/entity/${entityType}/${entityId}`, { params }); } /** * 获取用户操作历史 */ export async function getUserHistory( userId: string, params?: UserAuditQueryParams, ): Promise { return apiClient.get(`${BASE_URL}/user/${userId}`, { params }); } /** * 获取财务操作日志 */ export async function getFinancialLogs(params: FinancialAuditQueryParams): Promise { return apiClient.get(`${BASE_URL}/financial`, { params }); } /** * 获取敏感操作日志 */ export async function getSensitiveLogs(params?: SensitiveAuditQueryParams): Promise { return apiClient.get(`${BASE_URL}/sensitive`, { params }); } /** * 按追踪ID获取请求链路 */ export async function getTraceLogs(traceId: string): Promise { return apiClient.get(`${BASE_URL}/trace/${traceId}`); } // -------------------- 统计与报表 -------------------- /** * 获取统计分析 */ export async function getStatistics(params: StatisticsParams): Promise { return apiClient.post(`${BASE_URL}/statistics`, params); } /** * 导出审计日志 */ export async function exportLogs(params: ExportParams): Promise { const response = await apiClient.post(`${BASE_URL}/export`, params, { responseType: 'blob', }); return response as unknown as Blob; } // -------------------- 完整性验证 -------------------- /** * 即时验证完整性(同步) */ export async function verifyIntegrity(params?: VerifyIntegrityParams): Promise { return apiClient.post(`${BASE_URL}/verify-integrity`, params); } /** * 触发后台完整性检查任务(异步) */ export async function triggerIntegrityCheck(params: IntegrityCheckParams): Promise { return apiClient.post(`${BASE_URL}/integrity-check`, params); } /** * 查询完整性检查任务状态 */ export async function getIntegrityCheckJob(jobId: string): Promise { return apiClient.get(`${BASE_URL}/integrity-check/${jobId}`); } // ==================== 辅助函数 ==================== // eslint-disable-next-line @typescript-eslint/no-explicit-any type TranslationObject = Record; /** * 获取操作类型标签 */ export function getActionLabel(action: AuditAction, t?: TranslationObject): string { const labels: Record = { // CRUD 操作 [AuditAction.CREATE]: t?.audit?.action?.create || '创建', [AuditAction.READ]: t?.audit?.action?.read || '查看', [AuditAction.UPDATE]: t?.audit?.action?.update || '更新', [AuditAction.DELETE]: t?.audit?.action?.delete || '删除', [AuditAction.BULK_UPDATE]: t?.audit?.action?.bulkUpdate || '批量更新', [AuditAction.BULK_DELETE]: t?.audit?.action?.bulkDelete || '批量删除', // 审批流程 [AuditAction.APPROVE]: t?.audit?.action?.approve || '审批通过', [AuditAction.REJECT]: t?.audit?.action?.reject || '审批拒绝', [AuditAction.RETURN]: t?.audit?.action?.return || '退回', [AuditAction.FORWARD]: t?.audit?.action?.forward || '转发', [AuditAction.WITHDRAW]: t?.audit?.action?.withdraw || '撤回', // 认证相关 [AuditAction.LOGIN]: t?.audit?.action?.login || '登录', [AuditAction.LOGOUT]: t?.audit?.action?.logout || '登出', [AuditAction.LOGIN_FAILED]: t?.audit?.action?.loginFailed || '登录失败', [AuditAction.PASSWORD_CHANGE]: t?.audit?.action?.passwordChange || '修改密码', [AuditAction.PASSWORD_RESET]: t?.audit?.action?.passwordReset || '重置密码', [AuditAction.EMAIL_CHANGE]: t?.audit?.action?.emailChange || '修改邮箱', // 权限相关 [AuditAction.PERMISSION_CHANGE]: t?.audit?.action?.permissionChange || '权限变更', [AuditAction.ROLE_CHANGE]: t?.audit?.action?.roleChange || '角色变更', // 系统操作 [AuditAction.CONFIG_CHANGE]: t?.audit?.action?.configChange || '配置变更', [AuditAction.BACKUP]: t?.audit?.action?.backup || '备份', [AuditAction.RESTORE]: t?.audit?.action?.restore || '恢复', [AuditAction.EXPORT]: t?.audit?.action?.export || '导出', [AuditAction.IMPORT]: t?.audit?.action?.import || '导入', [AuditAction.DEPLOY]: t?.audit?.action?.deploy || '部署', [AuditAction.ROLLBACK]: t?.audit?.action?.rollback || '回滚', // 财务操作 [AuditAction.PAYMENT]: t?.audit?.action?.payment || '付款', [AuditAction.REFUND]: t?.audit?.action?.refund || '退款', [AuditAction.INVOICE_GENERATE]: t?.audit?.action?.invoiceGenerate || '生成发票', [AuditAction.FINANCIAL_CLOSE]: t?.audit?.action?.financialClose || '财务结账', [AuditAction.BUDGET_APPROVE]: t?.audit?.action?.budgetApprove || '预算审批', // 文件操作 [AuditAction.DOWNLOAD]: t?.audit?.action?.download || '下载', [AuditAction.UPLOAD]: t?.audit?.action?.upload || '上传', [AuditAction.SHARE]: t?.audit?.action?.share || '分享', [AuditAction.ARCHIVE]: t?.audit?.action?.archive || '归档', }; return labels[action] || action; } /** * 获取操作类型颜色 */ export function getActionColor(action: AuditAction): { bg: string; text: string; border: string } { const colors: Record = { // 创建类 CREATE: { bg: 'bg-green-50', text: 'text-green-600', border: 'border-green-200' }, IMPORT: { bg: 'bg-green-50', text: 'text-green-600', border: 'border-green-200' }, UPLOAD: { bg: 'bg-green-50', text: 'text-green-600', border: 'border-green-200' }, BACKUP: { bg: 'bg-green-50', text: 'text-green-600', border: 'border-green-200' }, // 读取类 READ: { bg: 'bg-blue-50', text: 'text-blue-600', border: 'border-blue-200' }, EXPORT: { bg: 'bg-blue-50', text: 'text-blue-600', border: 'border-blue-200' }, DOWNLOAD: { bg: 'bg-blue-50', text: 'text-blue-600', border: 'border-blue-200' }, // 更新类 UPDATE: { bg: 'bg-yellow-50', text: 'text-yellow-600', border: 'border-yellow-200' }, BULK_UPDATE: { bg: 'bg-yellow-50', text: 'text-yellow-600', border: 'border-yellow-200' }, PASSWORD_CHANGE: { bg: 'bg-yellow-50', text: 'text-yellow-600', border: 'border-yellow-200' }, PASSWORD_RESET: { bg: 'bg-yellow-50', text: 'text-yellow-600', border: 'border-yellow-200' }, EMAIL_CHANGE: { bg: 'bg-yellow-50', text: 'text-yellow-600', border: 'border-yellow-200' }, CONFIG_CHANGE: { bg: 'bg-yellow-50', text: 'text-yellow-600', border: 'border-yellow-200' }, RESTORE: { bg: 'bg-yellow-50', text: 'text-yellow-600', border: 'border-yellow-200' }, // 删除类 DELETE: { bg: 'bg-red-50', text: 'text-red-600', border: 'border-red-200' }, BULK_DELETE: { bg: 'bg-red-50', text: 'text-red-600', border: 'border-red-200' }, ROLLBACK: { bg: 'bg-red-50', text: 'text-red-600', border: 'border-red-200' }, WITHDRAW: { bg: 'bg-red-50', text: 'text-red-600', border: 'border-red-200' }, // 认证类 LOGIN: { bg: 'bg-purple-50', text: 'text-purple-600', border: 'border-purple-200' }, LOGOUT: { bg: 'bg-gray-50', text: 'text-gray-600', border: 'border-gray-200' }, LOGIN_FAILED: { bg: 'bg-red-50', text: 'text-red-600', border: 'border-red-200' }, // 权限类 PERMISSION_CHANGE: { bg: 'bg-orange-50', text: 'text-orange-600', border: 'border-orange-200' }, ROLE_CHANGE: { bg: 'bg-orange-50', text: 'text-orange-600', border: 'border-orange-200' }, // 审批类 APPROVE: { bg: 'bg-green-50', text: 'text-green-600', border: 'border-green-200' }, REJECT: { bg: 'bg-red-50', text: 'text-red-600', border: 'border-red-200' }, RETURN: { bg: 'bg-yellow-50', text: 'text-yellow-600', border: 'border-yellow-200' }, FORWARD: { bg: 'bg-blue-50', text: 'text-blue-600', border: 'border-blue-200' }, // 财务类 PAYMENT: { bg: 'bg-emerald-50', text: 'text-emerald-600', border: 'border-emerald-200' }, REFUND: { bg: 'bg-amber-50', text: 'text-amber-600', border: 'border-amber-200' }, INVOICE_GENERATE: { bg: 'bg-emerald-50', text: 'text-emerald-600', border: 'border-emerald-200' }, FINANCIAL_CLOSE: { bg: 'bg-emerald-50', text: 'text-emerald-600', border: 'border-emerald-200' }, BUDGET_APPROVE: { bg: 'bg-emerald-50', text: 'text-emerald-600', border: 'border-emerald-200' }, // 其他 SHARE: { bg: 'bg-indigo-50', text: 'text-indigo-600', border: 'border-indigo-200' }, ARCHIVE: { bg: 'bg-gray-50', text: 'text-gray-600', border: 'border-gray-200' }, DEPLOY: { bg: 'bg-cyan-50', text: 'text-cyan-600', border: 'border-cyan-200' }, }; return colors[action] || { bg: 'bg-gray-50', text: 'text-gray-600', border: 'border-gray-200' }; } /** * 获取风险级别标签 */ export function getRiskLevelLabel(level: RiskLevel, t?: TranslationObject): string { const labels: Record = { [RiskLevel.LOW]: t?.audit?.riskLevel?.low || '低风险', [RiskLevel.MEDIUM]: t?.audit?.riskLevel?.medium || '中风险', [RiskLevel.HIGH]: t?.audit?.riskLevel?.high || '高风险', }; return labels[level] || level; } /** * 获取风险级别颜色 */ export function getRiskLevelColor(level: RiskLevel): { bg: string; text: string; border: string } { const colors: Record = { [RiskLevel.LOW]: { bg: 'bg-green-50', text: 'text-green-600', border: 'border-green-200' }, [RiskLevel.MEDIUM]: { bg: 'bg-yellow-50', text: 'text-yellow-600', border: 'border-yellow-200' }, [RiskLevel.HIGH]: { bg: 'bg-red-50', text: 'text-red-600', border: 'border-red-200' }, }; return colors[level] || { bg: 'bg-gray-50', text: 'text-gray-600', border: 'border-gray-200' }; } /** * 获取状态标签 */ export function getStatusLabel(status: AuditStatus, t?: TranslationObject): string { const labels: Record = { [AuditStatus.SUCCESS]: t?.audit?.status?.success || '成功', [AuditStatus.FAILED]: t?.audit?.status?.failed || '失败', [AuditStatus.PARTIAL]: t?.audit?.status?.partial || '部分成功', [AuditStatus.PENDING]: t?.audit?.status?.pending || '待处理', }; return labels[status] || status; } /** * 获取状态颜色 */ export function getStatusColor(status: AuditStatus): { bg: string; text: string; border: string } { const colors: Record = { [AuditStatus.SUCCESS]: { bg: 'bg-green-50', text: 'text-green-600', border: 'border-green-200' }, [AuditStatus.FAILED]: { bg: 'bg-red-50', text: 'text-red-600', border: 'border-red-200' }, [AuditStatus.PARTIAL]: { bg: 'bg-orange-50', text: 'text-orange-600', border: 'border-orange-200' }, [AuditStatus.PENDING]: { bg: 'bg-yellow-50', text: 'text-yellow-600', border: 'border-yellow-200' }, }; return colors[status] || { bg: 'bg-gray-50', text: 'text-gray-600', border: 'border-gray-200' }; } /** * 格式化模块名称 */ export function formatModuleName(module: string, t?: TranslationObject): string { const moduleNames: Record = { User: t?.audit?.module?.user || '用户管理', Role: t?.audit?.module?.role || '角色管理', Permission: t?.audit?.module?.permission || '权限管理', Department: t?.audit?.module?.department || '部门管理', Position: t?.audit?.module?.position || '职位管理', Form: t?.audit?.module?.form || '表单管理', Approval: t?.audit?.module?.approval || '审批流程', WorkRecord: t?.audit?.module?.workRecord || '工时记录', Part: t?.audit?.module?.part || '零件管理', Inventory: t?.audit?.module?.inventory || '库存管理', Ticket: t?.audit?.module?.ticket || '工单系统', Notification: t?.audit?.module?.notification || '通知管理', Auth: t?.audit?.module?.auth || '认证授权', System: t?.audit?.module?.system || '系统设置', }; return moduleNames[module] || module; } // 导出错误类 export { ApiClientError };