matthias/dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3326156b15c87058e4cfaae9ee6347f95ccfd873
dashboard/backend/src/routes/admin.routes.ts
Matthias Hochmeister 3326156b15 new features
2026-03-23 14:01:39 +01:00

268 lines
9.3 KiB
TypeScript
Raw Blame History

/**
* Admin API Routes — Audit Log + Data Cleanup
*
* GET /api/admin/audit-log — paginated, filtered list
* GET /api/admin/audit-log/export — CSV download of filtered results
* DELETE /api/admin/cleanup/:target — preview / delete old data
*
* Both endpoints require authentication + admin:access permission.
*
* Register in app.ts:
* import adminRoutes from './routes/admin.routes';
* app.use('/api/admin', adminRoutes);
*/
import { Router, Request, Response } from 'express';
import { z } from 'zod';
import axios from 'axios';
import { authenticate } from '../middleware/auth.middleware';
import { requirePermission } from '../middleware/rbac.middleware';
import { auditExport } from '../middleware/audit.middleware';
import auditService, { AuditAction, AuditResourceType, AuditFilters } from '../services/audit.service';
import cleanupService from '../services/cleanup.service';
import logger from '../utils/logger';
const router = Router();
// ---------------------------------------------------------------------------
// Input validation schemas (Zod)
// ---------------------------------------------------------------------------
const auditQuerySchema = z.object({
userId: z.string().uuid().optional(),
action: z.union([
z.nativeEnum(Object.fromEntries(
Object.entries(AuditAction).map(([k, v]) => [k, v])
) as Record<string, string>),
z.array(z.string()),
]).optional(),
resourceType: z.union([
z.string(),
z.array(z.string()),
]).optional(),
resourceId: z.string().optional(),
dateFrom: z.string().datetime({ offset: true }).optional(),
dateTo: z.string().datetime({ offset: true }).optional(),
page: z.coerce.number().int().positive().default(1),
pageSize: z.coerce.number().int().min(1).max(200).default(25),
});
// ---------------------------------------------------------------------------
// Helper — parse and validate query string
// ---------------------------------------------------------------------------
function parseAuditQuery(query: Record<string, unknown>): AuditFilters {
const parsed = auditQuerySchema.parse(query);
// Normalise action to array of AuditAction
const actions = parsed.action
? (Array.isArray(parsed.action) ? parsed.action : [parsed.action]) as AuditAction[]
: undefined;
// Normalise resourceType to array of AuditResourceType
const resourceTypes = parsed.resourceType
? (Array.isArray(parsed.resourceType)
? parsed.resourceType
: [parsed.resourceType]) as AuditResourceType[]
: undefined;
return {
userId: parsed.userId,
action: actions && actions.length === 1 ? actions[0] : actions,
resourceType: resourceTypes && resourceTypes.length === 1
? resourceTypes[0]
: resourceTypes,
resourceId: parsed.resourceId,
dateFrom: parsed.dateFrom ? new Date(parsed.dateFrom) : undefined,
dateTo: parsed.dateTo ? new Date(parsed.dateTo) : undefined,
page: parsed.page,
pageSize: parsed.pageSize,
};
}
// ---------------------------------------------------------------------------
// GET /api/admin/audit-log
// ---------------------------------------------------------------------------
router.get(
'/audit-log',
authenticate,
requirePermission('admin:view'),
async (req: Request, res: Response): Promise<void> => {
try {
const filters = parseAuditQuery(req.query as Record<string, unknown>);
const result = await auditService.getAuditLog(filters);
res.status(200).json({
success: true,
data: result,
});
} catch (error) {
if (error instanceof z.ZodError) {
res.status(400).json({
success: false,
message: 'Invalid query parameters',
errors: error.issues,
});
return;
}
logger.error('Failed to fetch audit log', { error });
res.status(500).json({
success: false,
message: 'Failed to fetch audit log',
});
}
}
);
// ---------------------------------------------------------------------------
// GET /api/admin/audit-log/export
// ---------------------------------------------------------------------------
router.get(
'/audit-log/export',
authenticate,
requirePermission('admin:view'),
async (req: Request, res: Response): Promise<void> => {
try {
// For CSV exports we fetch up to 10,000 rows (no pagination).
const filters = parseAuditQuery(req.query as Record<string, unknown>);
const exportFilters: AuditFilters = {
...filters,
page: 1,
pageSize: 10_000,
};
// Audit the export action itself before streaming the response
auditExport(req, AuditResourceType.SYSTEM, {
export_format: 'csv',
filters: JSON.stringify(exportFilters),
});
const result = await auditService.getAuditLog(exportFilters);
const csv = auditService.entriesToCsv(result.entries);
const filename = `audit_log_${new Date().toISOString().replace(/[:.]/g, '-')}.csv`;
res.setHeader('Content-Type', 'text/csv; charset=utf-8');
res.setHeader('Content-Disposition', `attachment; filename="${filename}"`);
// Add BOM for Excel UTF-8 compatibility
res.send('\uFEFF' + csv);
} catch (error) {
if (error instanceof z.ZodError) {
res.status(400).json({
success: false,
message: 'Invalid query parameters',
errors: error.issues,
});
return;
}
logger.error('Failed to export audit log', { error });
res.status(500).json({
success: false,
message: 'Failed to export audit log',
});
}
}
);
// ---------------------------------------------------------------------------
// FDISK Sync proxy — forwards to the fdisk-sync sidecar service
// ---------------------------------------------------------------------------
const FDISK_SYNC_URL = process.env.FDISK_SYNC_URL ?? '';
router.get(
'/fdisk-sync/logs',
authenticate,
requirePermission('admin:view'),
async (_req: Request, res: Response): Promise<void> => {
if (!FDISK_SYNC_URL) {
res.status(503).json({ success: false, message: 'FDISK sync service not configured' });
return;
}
try {
const response = await axios.get(`${FDISK_SYNC_URL}/logs`, { timeout: 5000 });
res.json({ success: true, data: response.data });
} catch {
res.status(502).json({ success: false, message: 'Could not reach sync service' });
}
}
);
router.post(
'/fdisk-sync/trigger',
authenticate,
requirePermission('admin:view'),
async (req: Request, res: Response): Promise<void> => {
if (!FDISK_SYNC_URL) {
res.status(503).json({ success: false, message: 'FDISK sync service not configured' });
return;
}
try {
const response = await axios.post(`${FDISK_SYNC_URL}/trigger`, req.body, { timeout: 5000 });
res.json({ success: true, data: response.data });
} catch (err: unknown) {
if (axios.isAxiosError(err) && err.response?.status === 409) {
res.status(409).json({ success: false, message: 'Sync already in progress' });
return;
}
res.status(502).json({ success: false, message: 'Could not reach sync service' });
}
}
);
// ---------------------------------------------------------------------------
// Cleanup / Data Management endpoints
// ---------------------------------------------------------------------------
const cleanupBodySchema = z.object({
olderThanDays: z.number().int().min(1).max(3650),
confirm: z.boolean().optional().default(false),
});
type CleanupTarget = 'notifications' | 'audit-log' | 'events' | 'bookings' | 'orders' | 'vehicle-history' | 'equipment-history';
const CLEANUP_TARGETS: Record<CleanupTarget, (days: number, confirm: boolean) => Promise<{ count: number; deleted: boolean }>> = {
'notifications': (d, c) => cleanupService.cleanupNotifications(d, c),
'audit-log': (d, c) => cleanupService.cleanupAuditLog(d, c),
'events': (d, c) => cleanupService.cleanupEvents(d, c),
'bookings': (d, c) => cleanupService.cleanupBookings(d, c),
'orders': (d, c) => cleanupService.cleanupOrders(d, c),
'vehicle-history': (d, c) => cleanupService.cleanupVehicleHistory(d, c),
'equipment-history': (d, c) => cleanupService.cleanupEquipmentHistory(d, c),
};
router.delete(
'/cleanup/:target',
authenticate,
requirePermission('admin:write'),
async (req: Request, res: Response): Promise<void> => {
try {
const target = req.params.target as CleanupTarget;
const handler = CLEANUP_TARGETS[target];
if (!handler) {
res.status(400).json({ success: false, message: `Unknown cleanup target: ${target}` });
return;
}
const { olderThanDays, confirm } = cleanupBodySchema.parse(req.body);
const result = await handler(olderThanDays, confirm);
res.json({ success: true, data: result });
} catch (error) {
if (error instanceof z.ZodError) {
res.status(400).json({ success: false, message: 'Invalid parameters', errors: error.issues });
return;
}
logger.error('Cleanup failed', { error, target: req.params.target });
res.status(500).json({ success: false, message: 'Cleanup failed' });
}
}
);
export default router;
Reference in New Issue View Git Blame Copy Permalink