pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-26 08:51:09 -05:00
Code Issues Packages Projects Releases Wiki Activity

Implement Phase 1 audit logging

Browse Source 
Add centralized admin action logger and integrate logging for:
- Alert resolutions (system, rate limit, grouped)
- Role grants/revokes in UserRoleManager
- Incident creation/acknowledgement/resolution
- Moderation lock overrides

Includes file updates and usage across relevant components to ensure consistent audit trails.
This commit is contained in:
gpt-engineer-app[bot]
2025-11-11 14:22:30 +00:00
parent 53b576ecc1
commit 8581950a6e
7 changed files with 167 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/components/admin/PipelineHealthAlerts.tsx
View File

@@ -16,6 +16,7 @@ import { supabase } from '@/lib/supabaseClient';
import { toast } from 'sonner';
import { useQueryClient } from '@tanstack/react-query';
import { queryKeys } from '@/lib/queryKeys';
import { logAdminAction } from '@/lib/adminActionAuditHelpers';
const SEVERITY_CONFIG = {
critical: { color: 'destructive', icon: XCircle },
@@ -58,6 +59,9 @@ export function PipelineHealthAlerts() {
setResolvingAlertId(alertId);
try {
// Fetch alert details before resolving
const alertToResolve = allAlerts.find(a => a.id === alertId);
const { error } = await supabase
.from('system_alerts')
.update({ resolved_at: new Date().toISOString() })
@@ -72,6 +76,17 @@ export function PipelineHealthAlerts() {
console.log('✅ Alert resolved successfully');
toast.success('Alert resolved');
// Log to audit trail
if (alertToResolve) {
await logAdminAction('system_alert_resolved', {
alert_id: alertToResolve.id,
alert_type: alertToResolve.alert_type,
severity: alertToResolve.severity,
message: alertToResolve.message,
metadata: alertToResolve.metadata,
});
}
// Invalidate all system-alerts queries (critical, high, medium, etc.)
await Promise.all([
queryClient.invalidateQueries({ queryKey: ['system-alerts'] }),

16
src/components/moderation/ModerationQueue.tsx
View File

@@ -262,7 +262,23 @@ export const ModerationQueue = forwardRef<ModerationQueueRef, ModerationQueuePro
// Superuser force release lock
const handleSuperuserReleaseLock = useCallback(async (submissionId: string) => {
// Fetch lock details before releasing
const { data: submission } = await supabase
.from('content_submissions')
.select('assigned_to, locked_until')
.eq('id', submissionId)
.single();
await queueManager.queue.superuserReleaseLock(submissionId);
// Log to audit trail
const { logAdminAction } = await import('@/lib/adminActionAuditHelpers');
await logAdminAction('moderation_lock_force_released', {
submission_id: submissionId,
original_moderator_id: submission?.assigned_to,
original_locked_until: submission?.locked_until,
});
// Refresh locks count and queue
setActiveLocksCount(prev => Math.max(0, prev - 1));
queueManager.refresh();

22
src/components/moderation/UserRoleManager.tsx
View File

@@ -189,6 +189,15 @@ export function UserRoleManager() {
if (error) throw error;
// Log to audit trail
const { logAdminAction } = await import('@/lib/adminActionAuditHelpers');
const targetUsername = searchResults.find(p => p.user_id === userId)?.username;
await logAdminAction('role_granted', {
target_user_id: userId,
target_username: targetUsername,
role: role,
}, userId);
handleSuccess('Role Granted', `User has been granted ${getRoleLabel(role)} role`);
setNewUserSearch('');
setNewRole('');
@@ -208,10 +217,23 @@ export function UserRoleManager() {
if (!isAdmin()) return;
setActionLoading(roleId);
try {
// Fetch role details before revoking
const roleToRevoke = userRoles.find(r => r.id === roleId);
const {
error
} = await supabase.from('user_roles').delete().eq('id', roleId);
if (error) throw error;
// Log to audit trail
const { logAdminAction } = await import('@/lib/adminActionAuditHelpers');
await logAdminAction('role_revoked', {
role_id: roleId,
target_user_id: roleToRevoke?.user_id,
target_username: roleToRevoke?.profiles?.username,
role: roleToRevoke?.role,
}, roleToRevoke?.user_id);
handleSuccess('Role Revoked', 'User role has been revoked');
fetchUserRoles();
} catch (error: unknown) {