feat(audit-log): Audit-Log Tabelle + Page (admin-only) [tsc:fail]

2026-05-23 05:33:03 +02:00 · 2026-05-23 05:33:03 +02:00 · d146a68174
commit d146a68174
parent 1e1f47023c
5 changed files with 162 additions and 2 deletions
--- a/.phase6-state.json
+++ b/.phase6-state.json
@ -1,5 +1,7 @@
 {
-  "completed_features": [],
-  "current_feature": "password-change",
+  "completed_features": [
+    "password-change"
+  ],
+  "current_feature": "audit-log",
  "started_at": "2026-05-23T05:30:16.203066"
 }
--- a/GENERATION_LOG.md
+++ b/GENERATION_LOG.md
@ -660,3 +660,21 @@ Admin user already exists
 - `05:32:00` **INFO**     wrote 7584 chars in 61.9s (attempt 1)
 - `05:32:00` **INFO** Running tsc --noEmit on api…
 - `05:32:02` **INFO**   tsc clean ✓
+- `05:32:02` **INFO**   Committed feature password-change
+- `05:32:02` **INFO**   Pushed: rc=0
+
+## Phase-3 Feature: audit-log (2026-05-23 05:32:02)
+
+- `05:32:02` **INFO** Description: Audit-Log Tabelle + Page (admin-only)
+- `05:32:02` **INFO**   Generating apps/api/src/db/schema.ts (ERWEITERT — behalte alle Tabellen. Füge `auditLog` (pgTable 'audit_log…)
+- `05:32:20` **INFO**     wrote 2167 chars in 18.5s (attempt 1)
+- `05:32:20` **INFO**   Generating apps/api/src/routes/audit-log.ts (Fastify-Plugin /api/audit-log. GET / (admin only, returns last 100 ent…)
+- `05:32:28` **INFO**     wrote 848 chars in 8.0s (attempt 1)
+- `05:32:28` **INFO**   Generating apps/web/src/pages/AuditLog.tsx (AuditLog-Page (admin-only). Tabelle: When / User / Action / Resource. …)
+- `05:33:01` **INFO**     wrote 3903 chars in 33.0s (attempt 1)
+- `05:33:01` **INFO** Running tsc --noEmit on api…
+- `05:33:03` **WARN**   tsc errors:
+src/routes/audit-log.ts(3,10): error TS2724: '"../db/schema"' has no exported member named 'auditLogs'. Did you mean 'auditLog'?
+undefined
+/home/dark/Developer/EmberClone/apps/api:
+ ERR_PNPM_RECURSIVE_EXEC_FIRST_FAIL  Command failed with exit code 2: tsc --noEmit -p tsconfig.json
--- a/apps/api/src/db/schema.ts
+++ b/apps/api/src/db/schema.ts
@ -40,4 +40,14 @@ export const appSettings = pgTable("app_settings", {
  defaultBillable: boolean("default_billable").notNull().default(true),
  weekStart: integer("week_start").notNull().default(1),
  updatedAt: timestamp("updated_at").notNull().defaultNow()
+})
+
+export const auditLog = pgTable("audit_log", {
+  id: uuid("id").primaryKey().defaultRandom(),
+  userId: uuid("user_id").references(() => users.id),
+  action: text("action").notNull(),
+  resourceType: text("resource_type"),
+  resourceId: text("resource_id"),
+  metadata: text("metadata"),
+  createdAt: timestamp("created_at").notNull().defaultNow()
 })
--- a/apps/api/src/routes/audit-log.ts
+++ b/apps/api/src/routes/audit-log.ts
@ -0,0 +1,32 @@
+import { FastifyInstance } from "fastify"
+import { db } from "../db"
+import { auditLogs } from "../db/schema"
+import { desc } from "drizzle-orm"
+
+export default async function auditLogRoutes(fastify: FastifyInstance) {
+  fastify.addHook("preHandler", async (request, reply) => {
+    try {
+      await request.jwtVerify()
+    } catch (err) {
+      return reply.code(401).send({ message: "Unauthorized" })
+    }
+  })
+
+  const isAdmin = (request: any) => {
+    return (request.user as { sub: string, role: string })?.role === "admin"
+  }
+
+  fastify.get("/", async (request, reply) => {
+    if (!isAdmin(request)) {
+      return reply.code(403).send({ message: "Forbidden: Admin role required" })
+    }
+
+    const logs = await db
+      .select()
+      .from(auditLogs)
+      .orderBy(desc(auditLogs.createdAt))
+      .limit(100)
+
+    return logs
+  })
+}
--- a/apps/web/src/pages/AuditLog.tsx
+++ b/apps/web/src/pages/AuditLog.tsx
@ -0,0 +1,98 @@
+import { useState } from "react"
+import { useQuery } from "@tanstack/react-query"
+import { api } from "../lib/api"
+import type { AuditLogEntry } from "@emberclone/shared"
+
+export default function AuditLog() {
+  const [me, setMe] = useState<{ role: string } | null>(null)
+  const [isMeLoading, setIsMeLoading] = useState(true)
+
+  const { data: currentUser } = useQuery({
+    queryKey: ["me"],
+    queryFn: () => api.getMe(),
+    onSuccess: (data) => {
+      setMe(data)
+      setIsMeLoading(false)
+    }
+  })
+
+  const { data: logs, isLoading, isError } = useQuery({
+    queryKey: ["auditLogs"],
+    queryFn: () => api.listAuditLog(),
+    enabled: !!currentUser && currentUser.role === "admin"
+  })
+
+  if (isMeLoading || !currentUser) {
+    return <div className="p-6 text-gray-500">Loading permissions...</div>
+  }
+
+  if (currentUser.role !== "admin") {
+    return (
+      <div className="p-6 max-w-6xl mx-auto">
+        <div className="bg-red-50 border border-red-200 text-red-700 p-4 rounded-md">
+          <h2 className="font-bold">Forbidden</h2>
+          <p>You do not have administrative privileges to access the audit logs.</p>
+        </div>
+      </div>
+    )
+  }
+
+  if (isLoading) return <div className="p-6 text-gray-500">Loading audit logs...</div>
+  if (isError) return <div className="p-6 text-red-500">Error loading audit logs.</div>
+
+  return (
+    <div className="p-6 max-w-6xl mx-auto space-y-8">
+      <header>
+        <h1 className="text-2xl font-bold text-gray-900">Audit Log</h1>
+        <p className="text-gray-500">System-wide activity and security events</p>
+      </header>
+
+      <div className="bg-white border border-gray-200 rounded-lg shadow-sm overflow-hidden">
+        <div className="overflow-x-auto">
+          <table className="w-full text-left border-collapse">
+            <thead className="bg-gray-50 border-b border-gray-200">
+              <tr>
+                <th className="px-6 py-3 text-xs font-semibold text-gray-600 uppercase tracking-wider">When</th>
+                <th className="px-6 py-3 text-xs font-semibold text-gray-600 uppercase tracking-wider">User</th>
+                <th className="px-6 py-3 text-xs font-semibold text-gray-600 uppercase tracking-wider">Action</th>
+                <th className="px-6 py-3 text-xs font-semibold text-gray-600 uppercase tracking-wider">Resource</th>
+              </tr>
+            </thead>
+            <tbody className="divide-y divide-gray-200">
+              {logs && logs.length > 0 ? (
+                logs.map((log: AuditLogEntry) => (
+                  <tr key={log.id} className="hover:bg-gray-50 transition-colors">
+                    <td className="px-6 py-4 text-sm text-gray-500 whitespace-nowrap">
+                      {new Date(log.createdAt).toLocaleString()}
+                    </td>
+                    <td className="px-6 py-4 text-sm text-gray-900 font-medium">
+                      {log.userId}
+                    </td>
+                    <td className="px-6 py-4 text-sm">
+                      <span className={`px-2 py-1 rounded-full text-xs font-medium ${
+                        log.action === 'delete' ? 'bg-red-100 text-red-700' : 
+                        log.action === 'update' ? 'bg-blue-100 text-blue-700' : 
+                        'bg-green-100 text-green-700'
+                      }`}>
+                        {log.action}
+                      </span>
+                    </td>
+                    <td className="px-6 py-4 text-sm text-gray-600">
+                      {log.resourceId}
+                    </td>
+                  </tr>
+                ))
+              ) : (
+                <tr>
+                  <td colSpan={4} className="px-6 py-12 text-center text-gray-500">
+                    No audit logs found.
+                  </td>
+                </tr>
+              )}
+            </tbody>
+          </table>
+        </div>
+      </div>
+    </div>
+  )
+}