feat: Integrate audit logging for various operations

- Added audit logging functionality across multiple controllers, including menu, user, department, flow, screen, and table management. - Implemented logging for create, update, and delete actions, capturing relevant details such as company code, user information, and changes made. - Enhanced the category tree service with a new endpoint to check if category values are in use, improving data integrity checks. - Updated routes to include new functionalities and ensure proper logging for batch operations and individual record changes. - This integration improves traceability and accountability for data modifications within the application.
2026-03-04 13:49:08 +09:00
parent f04d224b09
commit b4d5367e2b
26 changed files with 2620 additions and 140 deletions
--- a/backend-node/src/controllers/flowController.ts
+++ b/backend-node/src/controllers/flowController.ts
@@ -10,6 +10,7 @@ import { FlowConnectionService } from "../services/flowConnectionService";
 import { FlowExecutionService } from "../services/flowExecutionService";
 import { FlowDataMoveService } from "../services/flowDataMoveService";
 import { FlowProcedureService } from "../services/flowProcedureService";
+import { auditLogService } from "../services/auditLogService";

 export class FlowController {
  private flowDefinitionService: FlowDefinitionService;
@@ -86,12 +87,25 @@ export class FlowController {
          restApiConnectionId,
          restApiEndpoint,
          restApiJsonPath,
-          restApiConnections: req.body.restApiConnections, // 다중 REST API 설정
+          restApiConnections: req.body.restApiConnections,
        },
        userId,
        userCompanyCode
      );

+      auditLogService.log({
+        companyCode: userCompanyCode || "",
+        userId: userId || "",
+        action: "CREATE",
+        resourceType: "FLOW",
+        resourceId: String(flowDef?.id || ""),
+        resourceName: flowDef?.name || name,
+        summary: `플로우 "${flowDef?.name || name}" 생성`,
+        changes: { after: { name, tableName } },
+        ipAddress: (req as any).ip,
+        requestPath: req.originalUrl,
+      });
+
      res.json({
        success: true,
        data: flowDef,
@@ -188,6 +202,7 @@ export class FlowController {
      const { name, description, isActive } = req.body;
      const userCompanyCode = (req as any).user?.companyCode;

+      const beforeFlow = await this.flowDefinitionService.findById(flowId);
      const flowDef = await this.flowDefinitionService.update(flowId, {
        name,
        description,
@@ -202,6 +217,22 @@ export class FlowController {
        return;
      }

+      auditLogService.log({
+        companyCode: userCompanyCode || "",
+        userId: (req as any).user?.userId || "",
+        action: "UPDATE",
+        resourceType: "FLOW",
+        resourceId: String(flowId),
+        resourceName: flowDef?.name || name,
+        summary: `플로우 "${flowDef?.name || name}" 수정`,
+        changes: {
+          before: { name: beforeFlow?.name, description: beforeFlow?.description, isActive: beforeFlow?.isActive },
+          after: { name, description, isActive },
+        },
+        ipAddress: (req as any).ip,
+        requestPath: req.originalUrl,
+      });
+
      res.json({
        success: true,
        data: flowDef,
@@ -234,6 +265,17 @@ export class FlowController {
        return;
      }

+      auditLogService.log({
+        companyCode: userCompanyCode || "",
+        userId: (req as any).user?.userId || "",
+        action: "DELETE",
+        resourceType: "FLOW",
+        resourceId: String(flowId),
+        summary: `플로우(ID:${flowId}) 삭제`,
+        ipAddress: (req as any).ip,
+        requestPath: req.originalUrl,
+      });
+
      res.json({
        success: true,
        message: "Flow definition deleted successfully",
@@ -321,6 +363,19 @@ export class FlowController {
        positionY,
      });

+      auditLogService.log({
+        companyCode: userCompanyCode || "",
+        userId: (req as any).user?.userId || "",
+        action: "CREATE",
+        resourceType: "FLOW_STEP",
+        resourceId: String(step?.id || ""),
+        resourceName: stepName,
+        summary: `플로우 스텝 "${stepName}" 생성 (플로우 ID:${flowDefinitionId})`,
+        changes: { after: { stepName, tableName, stepOrder } },
+        ipAddress: (req as any).ip,
+        requestPath: req.originalUrl,
+      });
+
      res.json({
        success: true,
        data: step,
@@ -373,6 +428,7 @@ export class FlowController {
        }
      }

+      const beforeStep = existingStep;
      const step = await this.flowStepService.update(id, {
        stepName,
        stepOrder,
@@ -399,6 +455,22 @@ export class FlowController {
        return;
      }

+      auditLogService.log({
+        companyCode: userCompanyCode || "",
+        userId: (req as any).user?.userId || "",
+        action: "UPDATE",
+        resourceType: "FLOW_STEP",
+        resourceId: String(id),
+        resourceName: step?.stepName || stepName,
+        summary: `플로우 스텝 "${step?.stepName || stepName}" 수정`,
+        changes: {
+          before: { stepName: beforeStep?.stepName, tableName: beforeStep?.tableName, stepOrder: beforeStep?.stepOrder },
+          after: { stepName, tableName, stepOrder },
+        },
+        ipAddress: (req as any).ip,
+        requestPath: req.originalUrl,
+      });
+
      res.json({
        success: true,
        data: step,
@@ -444,6 +516,18 @@ export class FlowController {
        return;
      }

+      auditLogService.log({
+        companyCode: userCompanyCode || "",
+        userId: (req as any).user?.userId || "",
+        action: "DELETE",
+        resourceType: "FLOW_STEP",
+        resourceId: String(id),
+        resourceName: existingStep?.stepName,
+        summary: `플로우 스텝 "${existingStep?.stepName || id}" 삭제`,
+        ipAddress: (req as any).ip,
+        requestPath: req.originalUrl,
+      });
+
      res.json({
        success: true,
        message: "Flow step deleted successfully",
@@ -530,6 +614,19 @@ export class FlowController {
        label,
      });

+      auditLogService.log({
+        companyCode: userCompanyCode || "",
+        userId: (req as any).user?.userId || "",
+        action: "CREATE",
+        resourceType: "FLOW",
+        resourceId: String(flowDefinitionId),
+        resourceName: flowDef?.name || "",
+        summary: `플로우 "${flowDef?.name}" 연결 생성 (${fromStep?.stepName} → ${toStep?.stepName})`,
+        changes: { after: { fromStepId, toStepId, label } },
+        ipAddress: (req as any).ip,
+        requestPath: req.originalUrl,
+      });
+
      res.json({
        success: true,
        data: connection,
@@ -575,6 +672,18 @@ export class FlowController {
        return;
      }

+      auditLogService.log({
+        companyCode: userCompanyCode || "",
+        userId: (req as any).user?.userId || "",
+        action: "DELETE",
+        resourceType: "FLOW",
+        resourceId: String(existingConn?.flowDefinitionId || id),
+        summary: `플로우 연결 삭제 (ID: ${id})`,
+        changes: { before: { connectionId: id } },
+        ipAddress: (req as any).ip,
+        requestPath: req.originalUrl,
+      });
+
      res.json({
        success: true,
        message: "Connection deleted successfully",