101 lines
3.8 KiB
JavaScript
101 lines
3.8 KiB
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.AdminAuditService = exports.AdminBypassService = void 0;
|
|
const UserAggregate_1 = require("../../Domain/User/UserAggregate");
|
|
const Logger_1 = require("./Logger");
|
|
/**
|
|
* Admin Bypass Service - Centralized admin privilege checking and logging
|
|
*/
|
|
class AdminBypassService {
|
|
/**
|
|
* Check if user has admin privileges
|
|
* @param userState - User's current state
|
|
* @returns true if user is admin
|
|
*/
|
|
static isAdmin(userState) {
|
|
return userState === UserAggregate_1.UserState.ADMIN;
|
|
}
|
|
/**
|
|
* Check if user should bypass all restrictions
|
|
* @param userState - User's current state
|
|
* @returns true if restrictions should be bypassed
|
|
*/
|
|
static shouldBypassRestrictions(userState) {
|
|
return this.isAdmin(userState);
|
|
}
|
|
/**
|
|
* Log admin bypass action for audit trail
|
|
* @param action - Description of the action being bypassed
|
|
* @param adminUserId - ID of the admin user
|
|
* @param targetId - ID of the target resource
|
|
* @param details - Additional details about the bypass
|
|
* @param req - Optional request object for context
|
|
* @param res - Optional response object for context
|
|
*/
|
|
static logAdminBypass(action, adminUserId, targetId, details, req, res) {
|
|
(0, Logger_1.logAuth)(`ADMIN_BYPASS: ${action}`, adminUserId, {
|
|
targetId,
|
|
action,
|
|
bypassReason: 'Admin privileges',
|
|
timestamp: new Date().toISOString(),
|
|
...details
|
|
}, req, res);
|
|
}
|
|
}
|
|
exports.AdminBypassService = AdminBypassService;
|
|
/**
|
|
* Admin Audit Service - Enhanced logging for all admin actions
|
|
*/
|
|
class AdminAuditService {
|
|
/**
|
|
* Log comprehensive admin action for audit trail
|
|
* @param action - Action being performed
|
|
* @param adminUserId - ID of the admin user
|
|
* @param details - Detailed information about the action
|
|
* @param req - Request object for context
|
|
* @param res - Response object for context
|
|
*/
|
|
static logAdminAction(action, adminUserId, details, req, res) {
|
|
const auditData = {
|
|
timestamp: new Date().toISOString(),
|
|
adminUserId,
|
|
action,
|
|
...details,
|
|
ip: req?.ip,
|
|
userAgent: req?.get('User-Agent'),
|
|
endpoint: req?.path,
|
|
method: req?.method,
|
|
requestId: req?.headers['x-request-id'] || 'unknown'
|
|
};
|
|
// Enhanced logging for admin actions
|
|
(0, Logger_1.logAuth)(`ADMIN_AUDIT: ${action}`, adminUserId, auditData, req, res);
|
|
// Additional security logging for sensitive operations
|
|
if (details.sensitive) {
|
|
(0, Logger_1.logAuth)(`ADMIN_SENSITIVE: ${action}`, adminUserId, {
|
|
...auditData,
|
|
alertLevel: 'HIGH',
|
|
requiresReview: true
|
|
}, req, res);
|
|
}
|
|
}
|
|
/**
|
|
* Log bulk admin operations
|
|
* @param action - Bulk action being performed
|
|
* @param adminUserId - ID of the admin user
|
|
* @param affectedCount - Number of resources affected
|
|
* @param targetType - Type of resources affected
|
|
* @param req - Request object for context
|
|
* @param res - Response object for context
|
|
*/
|
|
static logBulkAdminAction(action, adminUserId, affectedCount, targetType, req, res) {
|
|
this.logAdminAction(`BULK_${action}`, adminUserId, {
|
|
targetType: targetType,
|
|
targetId: `bulk-${affectedCount}-items`,
|
|
operation: 'update',
|
|
metadata: { affectedCount },
|
|
sensitive: affectedCount > 10 // Mark large bulk operations as sensitive
|
|
}, req, res);
|
|
}
|
|
}
|
|
exports.AdminAuditService = AdminAuditService;
|
|
//# sourceMappingURL=AdminBypassService.js.map
|