maxim.dolgolyov/Learn_System
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(admin): журнал событий безопасности (Tier 1-2) + аудит чувствительных действий (Tier 3)

Browse Source 
- security_events (миграция 047) + utils/securityLog.js (defensive, lazy stmt)
- Tier 1: login.success/fail, register, password.change в authController
- Tier 2: 403 (роль/разрешение) в middleware/auth, rate_limited в rateLimit
- Tier 3: audit() на выдачу доступа (access), начисление/сброс XP (gam), модерацию аватаров
- API GET/DELETE /api/admin/security-log (фильтр по категории + поиск, прунинг по дням)
- Frontend: вкладка «Безопасность» в admin.html + loadSecurityLog, расширены ACTION_LABELS

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Maxim Dolgolyov
2026-06-01 15:28:21 +03:00
parent 30626e0928
commit fe122b7681
12 changed files with 262 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/controllers/avatarController.js
+3
View File
@@ -1,6 +1,7 @@
const path = require('path');
const fs = require('fs');
const db = require('../db/db');
const { audit } = require('../utils/audit');
const AVATARS_DIR = path.join(__dirname, '../../uploads/avatars');
@@ -71,6 +72,7 @@ function approveAvatar(req, res) {
WHERE id=?
`).run(req.user.id, row.id);
audit(req, 'avatar.approve', `user:${row.user_id}`, row.filename);
res.json({ ok: true });
}
@@ -91,6 +93,7 @@ function rejectAvatar(req, res) {
WHERE id=?
`).run(req.user.id, msg || null, row.id);
audit(req, 'avatar.reject', `user:${row.user_id}`, msg || '');
res.json({ ok: true });
}