初步实现审计

2025-09-28 00:13:47 +08:00
parent b177781fa1
commit 1c7e13b965
9 changed files with 324 additions and 27 deletions
--- a/internal/infra/database/postgres.go
+++ b/internal/infra/database/postgres.go
@@ -159,6 +159,7 @@ func (ps *PostgresStorage) creatingHyperTable() error {
 		{models.PlanExecutionLog{}, "started_at"},
 		{models.TaskExecutionLog{}, "started_at"},
 		{models.PendingCollection{}, "created_at"},
+		{models.UserActionLog{}, "time"},
 	}

 	for _, table := range tablesToConvert {
@@ -187,6 +188,7 @@ func (ps *PostgresStorage) applyCompressionPolicies() error {
 		{models.PlanExecutionLog{}, "plan_id"},
 		{models.TaskExecutionLog{}, "task_id"},
 		{models.PendingCollection{}, "device_id"},
+		{models.UserActionLog{}, "user_id"},
 	}

 	for _, policy := range policies {
--- a/internal/infra/models/execution.go
+++ b/internal/infra/models/execution.go
@@ -3,6 +3,7 @@ package models
 import (
 	"time"

+	"gorm.io/datatypes"
 	"gorm.io/gorm"
 )

@@ -140,3 +141,32 @@ type PendingCollection struct {
 func (PendingCollection) TableName() string {
 	return "pending_collections"
 }
+
+// --- 用户审计日志 ---
+
+// UserActionLog 记录用户的操作历史，用于审计
+type UserActionLog struct {
+	// Time 是操作发生的时间，作为主键和超表的时间分区键
+	Time time.Time `gorm:"primaryKey" json:"time"`
+
+	// --- Who (谁) ---
+	UserID   uint   `gorm:"index" json:"user_id,omitempty"`
+	Username string `json:"username,omitempty"` // 操作发生时用户名的快照
+
+	// --- Where (何地) ---
+	SourceIP string `json:"source_ip,omitempty"`
+
+	// --- What (什么) & How (如何) ---
+	ActionType     string         `gorm:"index" json:"action_type,omitempty"`          // 标准化的操作类型，如 "CREATE_DEVICE"
+	TargetResource datatypes.JSON `gorm:"type:jsonb" json:"target_resource,omitempty"` // 被操作的资源, e.g., {"type": "device", "id": 123}
+	Description    string         `json:"description,omitempty"`                       // 人类可读的操作描述
+	Status         string         `json:"status,omitempty"`                            // success 或 failed
+	HTTPPath       string         `json:"http_path,omitempty"`                         // 请求的API路径
+	HTTPMethod     string         `json:"http_method,omitempty"`                       // 请求的HTTP方法
+	ResultDetails  string         `json:"result_details,omitempty"`                    // 结果详情，如失败时的错误信息
+}
+
+// TableName 自定义 GORM 使用的数据库表名
+func (UserActionLog) TableName() string {
+	return "user_action_logs"
+}
--- a/internal/infra/repository/user_action_log_repository.go
+++ b/internal/infra/repository/user_action_log_repository.go
@@ -0,0 +1,27 @@
+// Package repository 提供了数据访问的仓库实现
+package repository
+
+import (
+	"git.huangwc.com/pig/pig-farm-controller/internal/infra/models"
+	"gorm.io/gorm"
+)
+
+// UserActionLogRepository 定义了与用户操作日志相关的数据库操作接口
+type UserActionLogRepository interface {
+	Create(log *models.UserActionLog) error
+}
+
+// gormUserActionLogRepository 是 UserActionLogRepository 的 GORM 实现
+type gormUserActionLogRepository struct {
+	db *gorm.DB
+}
+
+// NewGormUserActionLogRepository 创建一个新的 UserActionLogRepository GORM 实现实例
+func NewGormUserActionLogRepository(db *gorm.DB) UserActionLogRepository {
+	return &gormUserActionLogRepository{db: db}
+}
+
+// Create 创建一条新的用户操作日志记录
+func (r *gormUserActionLogRepository) Create(log *models.UserActionLog) error {
+	return r.db.Create(log).Error
+}