chore(cleanup): Phase 1 — gap closure across audit, alerts, soft-delete, perms
Multi-area cleanup pass closing partial-implementation gaps surfaced by the
post-i18n audit. No behavior changes for happy-path users; closes real
correctness/security holes.
PR1a Public yacht-interest endpoint i18n. /api/public/interests now accepts
phoneE164/phoneCountry, nationalityIso, address.{countryIso, subdivisionIso},
and company.{incorporationCountryIso, incorporationSubdivisionIso}.
Server-side parsePhone() fallback for legacy raw phone strings.
PR1b Alert rule registry trim. Two rule slots ('document.expiring_soon',
'audit.suspicious_login') were registered but evaluators returned [].
Both required schema/instrumentation that hadn't landed. Removed from
the registry; comments record the dependencies needed to revive them.
Effective rule count: 8 active.
PR1c vi.mock hoist + flake fix. Hoisted vi.mock calls to top-level in 5
integration test files; webhook-delivery uses vi.hoisted for the
queue-add ref. Vitest no longer warns about non-top-level mocks.
Deflaked the 'short value' assertion in security-encryption.test.ts
by switching plaintext from 'ab' to 'XY' (non-hex chars). 5/5 runs green.
PR1d Soft-delete reference audit. listClientOptions and listYachtsForOwner
now filter by isNull(archivedAt). Berths use status (no archivedAt).
PR1e Permission-matrix audit script + report. scripts/audit-permissions.ts
walks every src/app/api/v1/**/route.ts and reports handlers without a
withPermission() wrapper. Initial run found 33 violations.
- Allow-listed 17 with explicit reasons (self-data, admin, alerts,
search, currency, ai, custom-fields — some marked TODO).
- Wrapped 7 routes with concrete permissions: clients/options
(clients:view), berths/options (berths:view), dashboard/*
(reports:view_dashboard), analytics (reports:view_analytics).
Audit report at docs/runbooks/permission-audit.md. Script exits
non-zero on any unallow-listed violation so it can become a CI gate.
Vitest: 741 -> 741 (no new tests; existing suite covers the changes).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
@@ -11,7 +11,7 @@
|
||||
* 4. Add a unit test in tests/unit/services/alert-rules-evaluators.test.ts.
|
||||
*/
|
||||
|
||||
import { and, eq, isNull, isNotNull, lt, gt, gte, sql, inArray, or, desc } from 'drizzle-orm';
|
||||
import { and, eq, isNull, isNotNull, lt, gt, sql, inArray, or, desc } from 'drizzle-orm';
|
||||
|
||||
import { db } from '@/lib/db';
|
||||
import { interests } from '@/lib/db/schema/interests';
|
||||
@@ -19,7 +19,6 @@ import { berthReservations } from '@/lib/db/schema/reservations';
|
||||
import { berths } from '@/lib/db/schema/berths';
|
||||
import { documents, documentSigners } from '@/lib/db/schema/documents';
|
||||
import { expenses } from '@/lib/db/schema/financial';
|
||||
import { auditLogs } from '@/lib/db/schema/system';
|
||||
import { alerts as alertsTable } from '@/lib/db/schema/insights';
|
||||
import { ALERT_RULES, type AlertRuleId } from '@/lib/db/schema/insights';
|
||||
|
||||
@@ -108,16 +107,6 @@ async function interestStale(portId: string): Promise<AlertCandidate[]> {
|
||||
}));
|
||||
}
|
||||
|
||||
// ─── document.expiring_soon ───────────────────────────────────────────────────
|
||||
// In-flight signing documents whose expiry is within 7 days.
|
||||
|
||||
async function documentExpiringSoon(_portId: string): Promise<AlertCandidate[]> {
|
||||
// documents schema doesn't expose expires_at on the parent row in this
|
||||
// build. Until the column lands, fall back to no-op so the rule slot
|
||||
// is registered but doesn't fire.
|
||||
return [];
|
||||
}
|
||||
|
||||
// ─── document.signer_overdue ──────────────────────────────────────────────────
|
||||
// Pending signer for >14d, last reminder >7d ago (or never).
|
||||
|
||||
@@ -319,49 +308,15 @@ async function eoiUnsignedLong(portId: string): Promise<AlertCandidate[]> {
|
||||
}));
|
||||
}
|
||||
|
||||
// ─── audit.suspicious_login ───────────────────────────────────────────────────
|
||||
// >3 failed logins from same IP in the past hour. Depends on the auth layer
|
||||
// recording rows with action='login.failed' (TODO: instrument better-auth
|
||||
// hooks to record these — until that lands, this evaluator returns [] and
|
||||
// the rule slot stays inert).
|
||||
|
||||
async function auditSuspiciousLogin(_portId: string): Promise<AlertCandidate[]> {
|
||||
const cutoff = new Date(Date.now() - 60 * 60 * 1000);
|
||||
const rows = await db
|
||||
.select({
|
||||
ipAddress: auditLogs.ipAddress,
|
||||
attempts: sql<number>`count(*)::int`,
|
||||
})
|
||||
.from(auditLogs)
|
||||
.where(and(eq(auditLogs.action, 'login.failed'), gte(auditLogs.createdAt, cutoff)))
|
||||
.groupBy(auditLogs.ipAddress)
|
||||
.having(sql`count(*) > 3`);
|
||||
|
||||
return rows
|
||||
.filter((r) => r.ipAddress)
|
||||
.map((r) => ({
|
||||
ruleId: 'audit.suspicious_login' as const,
|
||||
severity: 'critical' as const,
|
||||
title: `Repeated failed logins`,
|
||||
body: `${r.attempts} failed attempts from ${r.ipAddress} in the last hour.`,
|
||||
link: `/[port]/admin/audit?ip=${encodeURIComponent(r.ipAddress!)}`,
|
||||
entityType: 'audit',
|
||||
entityId: r.ipAddress!,
|
||||
metadata: { attempts: r.attempts },
|
||||
}));
|
||||
}
|
||||
|
||||
export const RULE_REGISTRY: Record<AlertRuleId, RuleEvaluator> = {
|
||||
'reservation.no_agreement': reservationNoAgreement,
|
||||
'interest.stale': interestStale,
|
||||
'document.expiring_soon': documentExpiringSoon,
|
||||
'document.signer_overdue': documentSignerOverdue,
|
||||
'berth.under_offer_stalled': berthUnderOfferStalled,
|
||||
'expense.duplicate': expenseDuplicate,
|
||||
'expense.unscanned': expenseUnscanned,
|
||||
'interest.high_value_silent': interestHighValueSilent,
|
||||
'eoi.unsigned_long': eoiUnsignedLong,
|
||||
'audit.suspicious_login': auditSuspiciousLogin,
|
||||
};
|
||||
|
||||
export function listRuleIds(): readonly AlertRuleId[] {
|
||||
|
||||
@@ -578,7 +578,9 @@ export async function findDuplicates(portId: string, fullName: string) {
|
||||
// ─── Options (for comboboxes) ─────────────────────────────────────────────────
|
||||
|
||||
export async function listClientOptions(portId: string, search?: string) {
|
||||
const conditions = [eq(clients.portId, portId)];
|
||||
// Pickers only surface active rows. Archived clients are still resolvable
|
||||
// by id (e.g. history views) but should not appear in dropdowns.
|
||||
const conditions = [eq(clients.portId, portId), isNull(clients.archivedAt)];
|
||||
if (search) {
|
||||
conditions.push(ilike(clients.fullName, `%${search}%`));
|
||||
}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import { and, eq, ilike, inArray, or, sql } from 'drizzle-orm';
|
||||
import { and, eq, ilike, inArray, isNull, or, sql } from 'drizzle-orm';
|
||||
import { db } from '@/lib/db';
|
||||
import { yachts, yachtOwnershipHistory, yachtTags, clients } from '@/lib/db/schema';
|
||||
import type { Yacht } from '@/lib/db/schema/yachts';
|
||||
@@ -355,11 +355,14 @@ export async function listYachtsForOwner(
|
||||
ownerType: 'client' | 'company',
|
||||
ownerId: string,
|
||||
) {
|
||||
// Owner-detail tabs only surface active yachts. Archived ones live in the
|
||||
// ownership history view and are reachable by id, not via this lister.
|
||||
return await db.query.yachts.findMany({
|
||||
where: and(
|
||||
eq(yachts.portId, portId),
|
||||
eq(yachts.currentOwnerType, ownerType),
|
||||
eq(yachts.currentOwnerId, ownerId),
|
||||
isNull(yachts.archivedAt),
|
||||
),
|
||||
orderBy: (t, { desc }) => [desc(t.updatedAt)],
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user