fix(audit): H2 audit-view dedupe, M3/M4 honest labels, M10 documenso DLQ alert

H2: audit-page view audit row was firing on every filter change. Now deduped per-user via Redis SET NX with a 60s TTL, so heavy filter- tweaking writes one self-reference per minute instead of dozens. R2-M3: /admin landing card for Onboarding said "Initial-setup wizard for fresh ports" — the page is a static checklist that even calls itself "what this page will become". Relabelled to "Onboarding checklist · Setup checklist for fresh ports (read-only references)." R2-M4: same for Backup & Restore — landing card promised "on-demand exports" while the page renders only docs. Relabelled to "Backup posture + retention policy (read-only)." R2-M10: documenso-void worker had no DLQ alert hook — a persistent 401/403 from Documenso retried until BullMQ exhausted attempts and the failure disappeared into audit. Now on final-attempt failure we notify all super-admins via createNotification with a deduplicating key per documentId, surfacing the 'void manually in Documenso if still active' actionable. 1175/1175 vitest passing. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 22:31:52 +02:00
parent 0a5f085a9e
commit da7ede71d6
3 changed files with 79 additions and 27 deletions
--- a/src/app/api/v1/admin/audit/route.ts
+++ b/src/app/api/v1/admin/audit/route.ts
@@ -9,6 +9,7 @@ import { db } from '@/lib/db';
 import { user } from '@/lib/db/schema/users';
 import { errorResponse } from '@/lib/errors';
 import { createAuditLog } from '@/lib/audit';
+import { redis } from '@/lib/redis';

 const auditQuerySchema = z.object({
  limit: z.coerce.number().int().min(1).max(200).default(50),
@@ -69,31 +70,38 @@ export const GET = withAuth(
      }));

      // Watch-the-watchers: record that an operator opened the audit log
-      // page. Only fire on the first page (no cursor) so paginating
-      // through doesn't spam the log; use 'view' at warning severity so
-      // the entry stands out in the inspector.
+      // page. Per-user 60s TTL dedupe so heavy filter-tweaking doesn't
+      // bury the log in a flood of self-references; first request in
+      // each window writes the row, subsequent requests within the
+      // window are silent.
      if (!cursor) {
-        void createAuditLog({
-          userId: ctx.userId,
-          portId: ctx.portId,
-          action: 'view',
-          entityType: 'audit_log',
-          entityId: 'list',
-          metadata: {
-            filters: {
-              entityType: query.entityType,
-              action: query.action,
-              severity: query.severity,
-              source: query.source,
-              userId: query.userId,
-              entityId: query.entityId,
-              search: query.search,
+        const dedupeKey = `audit-view:${ctx.userId}:${ctx.portId}`;
+        // SET NX returns 'OK' on insert, null when the key already exists
+        // (TTL still ticking down).
+        const inserted = await redis.set(dedupeKey, '1', 'EX', 60, 'NX');
+        if (inserted === 'OK') {
+          void createAuditLog({
+            userId: ctx.userId,
+            portId: ctx.portId,
+            action: 'view',
+            entityType: 'audit_log',
+            entityId: 'list',
+            metadata: {
+              filters: {
+                entityType: query.entityType,
+                action: query.action,
+                severity: query.severity,
+                source: query.source,
+                userId: query.userId,
+                entityId: query.entityId,
+                search: query.search,
+              },
            },
-          },
-          ipAddress: ctx.ipAddress,
-          userAgent: ctx.userAgent,
-          severity: 'warning',
-        });
+            ipAddress: ctx.ipAddress,
+            userAgent: ctx.userAgent,
+            severity: 'warning',
+          });
+        }
      }

      return NextResponse.json({