From 17a95bea5ba6f51f1e8f5a51967acb897a10b300 Mon Sep 17 00:00:00 2001 From: voson Date: Sat, 21 Mar 2026 12:24:00 +0800 Subject: [PATCH] =?UTF-8?q?refactor(audit):=20=E7=A7=BB=E9=99=A4=E6=97=A7?= =?UTF-8?q?=E6=A0=BC=E5=BC=8F=E5=85=BC=E5=AE=B9=EF=BC=8Cuser=5Fid=20?= =?UTF-8?q?=E7=BB=9F=E4=B8=80=E8=B5=B0=E5=88=97=E5=AD=97=E6=AE=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - audit_log 查询去掉 detail->>'user_id' 回退分支 - login_detail 不再冗余写入 user_id 到 detail JSON - 迁移 SQL 去掉多余的 ALTER TABLE ADD COLUMN Made-with: Cursor --- crates/secrets-core/src/audit.rs | 14 +++----------- crates/secrets-core/src/db.rs | 1 - crates/secrets-core/src/service/audit_log.rs | 2 +- 3 files changed, 4 insertions(+), 13 deletions(-) diff --git a/crates/secrets-core/src/audit.rs b/crates/secrets-core/src/audit.rs index b8e319f..a739937 100644 --- a/crates/secrets-core/src/audit.rs +++ b/crates/secrets-core/src/audit.rs @@ -10,14 +10,8 @@ pub fn current_actor() -> String { std::env::var("USER").unwrap_or_default() } -fn login_detail( - user_id: Uuid, - provider: &str, - client_ip: Option<&str>, - user_agent: Option<&str>, -) -> Value { +fn login_detail(provider: &str, client_ip: Option<&str>, user_agent: Option<&str>) -> Value { json!({ - "user_id": user_id, "provider": provider, "client_ip": client_ip, "user_agent": user_agent, @@ -34,7 +28,7 @@ pub async fn log_login( user_agent: Option<&str>, ) { let actor = current_actor(); - let detail = login_detail(user_id, provider, client_ip, user_agent); + let detail = login_detail(provider, client_ip, user_agent); let result: Result<_, sqlx::Error> = sqlx::query( "INSERT INTO audit_log (user_id, action, namespace, kind, name, detail, actor) \ VALUES ($1, $2, $3, $4, $5, $6, $7)", @@ -94,10 +88,8 @@ mod tests { #[test] fn login_detail_includes_expected_fields() { - let user_id = Uuid::nil(); - let detail = login_detail(user_id, "google", Some("127.0.0.1"), Some("Mozilla/5.0")); + let detail = login_detail("google", Some("127.0.0.1"), Some("Mozilla/5.0")); - assert_eq!(detail["user_id"], json!(user_id)); assert_eq!(detail["provider"], "google"); assert_eq!(detail["client_ip"], "127.0.0.1"); assert_eq!(detail["user_agent"], "Mozilla/5.0"); diff --git a/crates/secrets-core/src/db.rs b/crates/secrets-core/src/db.rs index 5b60da6..f2fe70a 100644 --- a/crates/secrets-core/src/db.rs +++ b/crates/secrets-core/src/db.rs @@ -77,7 +77,6 @@ pub async fn migrate(pool: &PgPool) -> Result<()> { created_at TIMESTAMPTZ NOT NULL DEFAULT NOW() ); - ALTER TABLE audit_log ADD COLUMN IF NOT EXISTS user_id UUID; CREATE INDEX IF NOT EXISTS idx_audit_log_created ON audit_log(created_at DESC); CREATE INDEX IF NOT EXISTS idx_audit_log_ns_kind ON audit_log(namespace, kind); CREATE INDEX IF NOT EXISTS idx_audit_log_user_id ON audit_log(user_id) WHERE user_id IS NOT NULL; diff --git a/crates/secrets-core/src/service/audit_log.rs b/crates/secrets-core/src/service/audit_log.rs index 9bd5692..131fce7 100644 --- a/crates/secrets-core/src/service/audit_log.rs +++ b/crates/secrets-core/src/service/audit_log.rs @@ -10,7 +10,7 @@ pub async fn list_for_user(pool: &PgPool, user_id: Uuid, limit: i64) -> Result>'user_id' = $1::text) \ + WHERE user_id = $1 \ ORDER BY created_at DESC, id DESC \ LIMIT $2", )