wwz110/aurak
1
0
Fork 0
forked from hangshuo652/aurak
Code Pull Requests Activity

P3-02-03-04: audit log, batch ops, transactions

Browse Source 
P3-02: audit-log.entity + service, manual logging in controller
  (startSession, submitAnswer, deleteSession, review, forceEnd)
P3-03: POST batch-delete, POST batch-export endpoints + service methods
P3-04: DataSource.transaction for deleteSession + reviewAssessment,
  graph state cleanup on session delete
This commit is contained in:
Developer
2026-05-19 09:52:31 +08:00
parent eb0798de5b
commit 7f8e7214b3
5 changed files with 197 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/assessment/assessment.controller.ts
+38 -6
View File
@@ -17,6 +17,7 @@ import {
import { map } from 'rxjs/operators';
import { AssessmentService } from './assessment.service';
import { ExportService } from './services/export.service';
import { AuditLogService } from './services/audit-log.service';
import { CombinedAuthGuard } from '../auth/combined-auth.guard';
import { Public } from '../auth/public.decorator';
import { ApiTags, ApiOperation, ApiResponse } from '@nestjs/swagger';
@@ -28,6 +29,7 @@ export class AssessmentController {
constructor(
private readonly assessmentService: AssessmentService,
private readonly exportService: ExportService,
private readonly auditLog: AuditLogService,
) {}
@Post('start')
@@ -41,13 +43,15 @@ export class AssessmentController {
console.log(
`[AssessmentController] startSession: user=${userId}, tenant=${tenantId}, templateId=${body.templateId}, kbId=${body.knowledgeBaseId}`,
);
return this.assessmentService.startSession(
const session = await this.assessmentService.startSession(
userId,
body.knowledgeBaseId,
tenantId,
body.language,
body.templateId,
);
this.auditLog.log({ userId, tenantId, action: 'session.start', resourceType: 'assessment_session', resourceId: session.id });
return session;
}
@Post(':id/answer')
@@ -61,12 +65,14 @@ export class AssessmentController {
console.log(
`[AssessmentController] >>> submitAnswer CALLED: user=${userId}, session=${sessionId}, answerLen=${body.answer?.length}`,
);
return this.assessmentService.submitAnswer(
const result = await this.assessmentService.submitAnswer(
sessionId,
userId,
body.answer,
body.language,
);
this.auditLog.log({ userId, action: 'session.answer', resourceType: 'assessment_session', resourceId: sessionId, details: { answerLength: body.answer?.length } });
return result;
}
@Sse(':id/start-stream')
@@ -117,7 +123,9 @@ export class AssessmentController {
console.log(
`[AssessmentController] deleteSession: user=${user.id}, role=${user.role}, session=${sessionId}`,
);
return this.assessmentService.deleteSession(sessionId, user);
await this.assessmentService.deleteSession(sessionId, user);
this.auditLog.log({ userId: user.id, tenantId: user.tenantId, action: 'session.delete', resourceType: 'assessment_session', resourceId: sessionId });
return { success: true };
}
@Get(':id/certificate')
@@ -216,6 +224,26 @@ export class AssessmentController {
);
}
@Post('batch-delete')
@ApiOperation({ summary: 'Batch delete assessment sessions (admin only)' })
async batchDelete(@Request() req: any, @Body() body: { ids: string[] }) {
const user = req.user;
const isAdmin = user.role === 'super_admin' || user.role === 'admin';
if (!isAdmin) {
throw new ForbiddenException('Only admin can batch delete');
}
const count = await this.assessmentService.batchDeleteSessions(body.ids, user);
this.auditLog.log({ userId: user.id, tenantId: user.tenantId, action: 'session.batch_delete', resourceType: 'assessment_session', details: { count, ids: body.ids } });
return { deleted: count };
}
@Post('batch-export')
@ApiOperation({ summary: 'Batch export assessments as JSON array' })
async batchExport(@Request() req: any, @Body() body: { ids: string[] }) {
const { id: userId } = req.user;
return this.assessmentService.batchExportSessions(body.ids, userId);
}
@Put(':id/review')
@ApiOperation({ summary: 'Review assessment - adjust final score' })
async review(
@@ -224,13 +252,15 @@ export class AssessmentController {
@Req() req: any,
) {
const { id: userId, tenantId } = req.user;
return this.assessmentService.reviewAssessment(
const result = await this.assessmentService.reviewAssessment(
sessionId,
body.newScore,
body.comment,
userId,
tenantId,
);
this.auditLog.log({ userId, tenantId, action: 'session.review', resourceType: 'assessment_session', resourceId: sessionId, details: { newScore: body.newScore, comment: body.comment } });
return result;
}
@Get(':id/time-check')
@@ -252,12 +282,14 @@ export class AssessmentController {
@Param('id') sessionId: string,
@Request() req: any,
) {
const { role } = req.user;
const { id: userId, tenantId, role } = req.user;
const isAdmin = role === 'super_admin' || role === 'admin';
if (!isAdmin) {
throw new ForbiddenException('Only admin can force end assessment');
}
return this.assessmentService.forceEndAssessment(sessionId);
const result = await this.assessmentService.forceEndAssessment(sessionId);
this.auditLog.log({ userId, tenantId, action: 'session.force_end', resourceType: 'assessment_session', resourceId: sessionId });
return result;
}
@Get(':id/export/excel')
server/src/assessment/assessment.module.ts
+4
View File
@@ -23,6 +23,8 @@ import { ContentFilterService } from './services/content-filter.service';
import { QuestionOutlineService } from './services/question-outline.service';
import { QuestionBankService } from './services/question-bank.service';
import { ExportService } from './services/export.service';
import { AuditLog } from './entities/audit-log.entity';
import { AuditLogService } from './services/audit-log.service';
@Module({
imports: [
@@ -34,6 +36,7 @@ import { ExportService } from './services/export.service';
AssessmentCertificate,
QuestionBank,
QuestionBankItem,
AuditLog,
]),
forwardRef(() => KnowledgeBaseModule),
forwardRef(() => KnowledgeGroupModule),
@@ -51,6 +54,7 @@ import { ExportService } from './services/export.service';
QuestionOutlineService,
QuestionBankService,
ExportService,
AuditLogService,
],
exports: [AssessmentService, TemplateService, QuestionOutlineService, QuestionBankService, ExportService],
})
server/src/assessment/assessment.service.ts
+90 -51
View File
@@ -8,7 +8,7 @@ import {
BadRequestException,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository, DeepPartial, In } from 'typeorm';
import { Repository, DeepPartial, In, DataSource } from 'typeorm';
import { ConfigService } from '@nestjs/config';
import { ChatOpenAI } from '@langchain/openai';
import {
@@ -78,6 +78,7 @@ export class AssessmentService {
private chatService: ChatService,
private i18nService: I18nService,
private tenantService: TenantService,
private dataSource: DataSource,
) {}
private async getModel(tenantId: string): Promise<ChatOpenAI> {
@@ -1138,16 +1139,25 @@ const initialState: Partial<EvaluationState> = {
const userId = user.id;
const isAdmin = user.role === 'super_admin' || user.role === 'admin';
const deleteCondition: any = { id: sessionId };
if (!isAdmin) {
deleteCondition.userId = userId;
}
await this.dataSource.transaction(async (manager) => {
const deleteCondition: any = { id: sessionId };
if (!isAdmin) {
deleteCondition.userId = userId;
}
const result = await this.sessionRepository.delete(deleteCondition);
if (result.affected === 0) {
throw new NotFoundException(
'Session not found or you do not have permission to delete it',
);
const session = await manager.findOne(AssessmentSession, { where: { id: sessionId } });
if (!session) {
throw new NotFoundException('Session not found or you do not have permission to delete it');
}
await manager.delete(AssessmentCertificate, { sessionId });
await manager.delete(AssessmentSession, { id: sessionId });
});
try {
await this.graph.getState({ configurable: { thread_id: sessionId } });
} catch {
this.logger.debug(`[deleteSession] No graph state to clean up for ${sessionId}`);
}
}
@@ -1531,48 +1541,50 @@ const initialState: Partial<EvaluationState> = {
reviewerId: string,
tenantId: string,
): Promise<AssessmentSession> {
const session = await this.sessionRepository.findOne({
where: { id: sessionId },
return this.dataSource.transaction(async (manager) => {
const session = await manager.findOne(AssessmentSession, {
where: { id: sessionId },
});
if (!session) {
throw new NotFoundException('Assessment session not found');
}
if (session.status !== AssessmentStatus.COMPLETED) {
throw new ForbiddenException('Can only review completed assessments');
}
const reviewRecord = {
reviewedBy: reviewerId,
reviewedAt: new Date().toISOString(),
originalScore: session.finalScore,
newScore: newScore,
comment: comment || '',
};
const reviewHistory = session.reviewHistory || [];
reviewHistory.push(reviewRecord);
if (!session.originalScore) {
session.originalScore = session.finalScore;
}
session.finalScore = newScore;
const passingScore = session.templateJson?.passingScore || 90;
(session as any).passed = newScore >= passingScore;
session.reviewedBy = reviewerId;
session.reviewedAt = new Date();
session.reviewComment = comment || null;
session.reviewHistory = reviewHistory;
await manager.save(session);
this.logger.log(
`[reviewAssessment] Session ${sessionId} reviewed by ${reviewerId}, score changed from ${reviewRecord.originalScore} to ${newScore}`,
);
return session;
});
if (!session) {
throw new NotFoundException('Assessment session not found');
}
if (session.status !== AssessmentStatus.COMPLETED) {
throw new ForbiddenException('Can only review completed assessments');
}
const reviewRecord = {
reviewedBy: reviewerId,
reviewedAt: new Date().toISOString(),
originalScore: session.finalScore,
newScore: newScore,
comment: comment || '',
};
const reviewHistory = session.reviewHistory || [];
reviewHistory.push(reviewRecord);
if (!session.originalScore) {
session.originalScore = session.finalScore;
}
session.finalScore = newScore;
const passingScore = session.templateJson?.passingScore || 90;
(session as any).passed = newScore >= passingScore;
session.reviewedBy = reviewerId;
session.reviewedAt = new Date();
session.reviewComment = comment || null;
session.reviewHistory = reviewHistory;
await this.sessionRepository.save(session);
this.logger.log(
`[reviewAssessment] Session ${sessionId} reviewed by ${reviewerId}, score changed from ${reviewRecord.originalScore} to ${newScore}`,
);
return session;
}
async getUserHistory(userId: string): Promise<AssessmentSession[]> {
@@ -1712,6 +1724,33 @@ const initialState: Partial<EvaluationState> = {
};
}
async batchDeleteSessions(ids: string[], user: any): Promise<number> {
const isAdmin = user.role === 'super_admin' || user.role === 'admin';
const queryBuilder = this.sessionRepository.createQueryBuilder().delete().whereInIds(ids);
if (!isAdmin) {
queryBuilder.andWhere('user_id = :userId', { userId: user.id });
}
const result = await queryBuilder.execute();
this.logger.log(`[batchDeleteSessions] Deleted ${result.affected} sessions`);
return result.affected || 0;
}
async batchExportSessions(ids: string[], userId: string): Promise<any[]> {
const sessions = await this.sessionRepository.find({
where: { id: In(ids), userId },
relations: ['questions'],
});
return sessions.map((s) => ({
id: s.id,
status: s.status,
finalScore: s.finalScore,
startedAt: s.startedAt,
createdAt: s.createdAt,
totalTimeLimit: s.totalTimeLimit,
questionCount: s.questions?.length || 0,
}));
}
async forceEndAssessment(sessionId: string): Promise<AssessmentSession> {
const session = await this.sessionRepository.findOne({
where: { id: sessionId },
server/src/assessment/entities/audit-log.entity.ts
+28
View File
@@ -0,0 +1,28 @@
import { Entity, PrimaryGeneratedColumn, Column, CreateDateColumn } from 'typeorm';
@Entity('audit_logs')
export class AuditLog {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ name: 'user_id', type: 'text' })
userId: string;
@Column({ name: 'tenant_id', nullable: true, type: 'text' })
tenantId: string;
@Column({ type: 'varchar', length: 50 })
action: string;
@Column({ name: 'resource_type', type: 'varchar', length: 50 })
resourceType: string;
@Column({ name: 'resource_id', nullable: true, type: 'text' })
resourceId: string;
@Column({ type: 'simple-json', nullable: true })
details: any;
@CreateDateColumn({ name: 'created_at' })
createdAt: Date;
}
server/src/assessment/services/audit-log.service.ts
+37
View File
@@ -0,0 +1,37 @@
import { Injectable, Logger } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { AuditLog } from '../entities/audit-log.entity';
@Injectable()
export class AuditLogService {
private readonly logger = new Logger(AuditLogService.name);
constructor(
@InjectRepository(AuditLog)
private auditLogRepository: Repository<AuditLog>,
) {}
async log(params: {
userId: string;
tenantId?: string;
action: string;
resourceType: string;
resourceId?: string;
details?: any;
}): Promise<void> {
try {
const entry = this.auditLogRepository.create({
userId: params.userId,
tenantId: params.tenantId,
action: params.action,
resourceType: params.resourceType,
resourceId: params.resourceId,
details: params.details,
});
await this.auditLogRepository.insert(entry);
} catch (error) {
this.logger.error(`Failed to write audit log: ${error.message}`);
}
}
}