初步实现数据加密、权限管理、日志审计等功能

app/api/v1/endpoints/audit.py

@@ -0,0 +1,99 @@
+"""
+审计日志 API 接口
+
+仅管理员可访问
+"""
+from typing import List, Optional
+from datetime import datetime
+from fastapi import APIRouter, Depends, Query, Request
+from app.domain.schemas.audit import AuditLogResponse, AuditLogQuery
+from app.domain.schemas.user import UserInDB
+from app.infra.repositories.audit_repository import AuditRepository
+from app.auth.dependencies import get_user_repository, get_db
+from app.auth.permissions import get_current_admin
+from app.infra.db.postgresql.database import Database
+
+router = APIRouter()
+
+async def get_audit_repository(db: Database = Depends(get_db)) -> AuditRepository:
+    """获取审计日志仓储"""
+    return AuditRepository(db)
+
+@router.get("/logs", response_model=List[AuditLogResponse])
+async def get_audit_logs(
+    user_id: Optional[int] = Query(None, description="按用户ID过滤"),
+    username: Optional[str] = Query(None, description="按用户名过滤"),
+    action: Optional[str] = Query(None, description="按操作类型过滤"),
+    resource_type: Optional[str] = Query(None, description="按资源类型过滤"),
+    start_time: Optional[datetime] = Query(None, description="开始时间"),
+    end_time: Optional[datetime] = Query(None, description="结束时间"),
+    skip: int = Query(0, ge=0, description="跳过记录数"),
+    limit: int = Query(100, ge=1, le=1000, description="限制记录数"),
+    current_user: UserInDB = Depends(get_current_admin),
+    audit_repo: AuditRepository = Depends(get_audit_repository)
+) -> List[AuditLogResponse]:
+    """
+    查询审计日志（仅管理员）
+    
+    支持按用户、时间、操作类型等条件过滤
+    """
+    logs = await audit_repo.get_logs(
+        user_id=user_id,
+        username=username,
+        action=action,
+        resource_type=resource_type,
+        start_time=start_time,
+        end_time=end_time,
+        skip=skip,
+        limit=limit
+    )
+    return logs
+
+@router.get("/logs/count")
+async def get_audit_logs_count(
+    user_id: Optional[int] = Query(None, description="按用户ID过滤"),
+    username: Optional[str] = Query(None, description="按用户名过滤"),
+    action: Optional[str] = Query(None, description="按操作类型过滤"),
+    resource_type: Optional[str] = Query(None, description="按资源类型过滤"),
+    start_time: Optional[datetime] = Query(None, description="开始时间"),
+    end_time: Optional[datetime] = Query(None, description="结束时间"),
+    current_user: UserInDB = Depends(get_current_admin),
+    audit_repo: AuditRepository = Depends(get_audit_repository)
+) -> dict:
+    """
+    获取审计日志总数（仅管理员）
+    """
+    count = await audit_repo.get_log_count(
+        user_id=user_id,
+        username=username,
+        action=action,
+        resource_type=resource_type,
+        start_time=start_time,
+        end_time=end_time
+    )
+    return {"count": count}
+
+@router.get("/logs/my", response_model=List[AuditLogResponse])
+async def get_my_audit_logs(
+    action: Optional[str] = Query(None, description="按操作类型过滤"),
+    start_time: Optional[datetime] = Query(None, description="开始时间"),
+    end_time: Optional[datetime] = Query(None, description="结束时间"),
+    skip: int = Query(0, ge=0),
+    limit: int = Query(100, ge=1, le=1000),
+    current_user: UserInDB = Depends(get_current_admin),
+    audit_repo: AuditRepository = Depends(get_audit_repository)
+) -> List[AuditLogResponse]:
+    """
+    查询当前用户的审计日志
+    
+    普通用户只能查看自己的操作记录
+    """
+    logs = await audit_repo.get_logs(
+        user_id=current_user.id,
+        action=action,
+        start_time=start_time,
+        end_time=end_time,
+        skip=skip,
+        limit=limit
+    )
+    return logs