letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
b10bf9bf8eb99e23e627f8f9ede4fd2dc63b1e79
pn-new-crm/src/lib/queue/workers/bulk.ts
Matt Ciaccio 9890d065f8 feat(audit): wider coverage — sensitive views, cron, jobs, portal abuse 
Builds on the audit infra split (severity/source) by emitting events
from every place a security or operations review would want to see:

Sensitive data views (severity=warning):
- GDPR export download URL issued
- Audit log page opened (watch-the-watchers; first page only)
- CSV export of expenses
- Webhook secret regenerated

Authentication abuse (severity=warning, source=auth):
- Portal sign-in: success + failed-credentials + portal-disabled
- Portal password reset: unknown email + portal-disabled + bad token
- Portal activation: bad/expired token

Inbound webhook hardening:
- Documenso webhook with invalid X-Documenso-Secret now writes
  webhook_failed instead of being silently logged

Background work (source=cron / job):
- New attachWorkerAudit() helper wires every BullMQ worker to emit
  job_failed (severity=error) on .on('failed') and cron_run on
  .on('completed') for any job whose name matches the recurring
  scheduler list. Applied across all 10 workers.

1175/1175 vitest passing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 20:44:38 +02:00

36 lines
1.2 KiB
TypeScript
Raw Blame History

import { Worker, type Job } from 'bullmq';
import { env } from '@/lib/env';
import type { ConnectionOptions } from 'bullmq';
import { logger } from '@/lib/logger';
import { attachWorkerAudit } from '@/lib/queue/audit-helpers';
import { QUEUE_CONFIGS } from '@/lib/queue';
/**
* v1 of bulk operations runs synchronously through per-entity bulk
* endpoints (see `/api/v1/interests/bulk`) — a per-row loop, capped at
* the page size (100). The synchronous path gives the user instant
* feedback and a per-row failure list, which the queue can't.
*
* This worker remains here for genuinely-async cases (CSV imports,
* port-wide migrations, bulk emails to >100 recipients) where the
* caller polls for completion. Currently no producer enqueues to this
* queue — add producers as those use cases surface.
*/
export const bulkWorker = new Worker(
'bulk',
async (job: Job) => {
logger.info({ jobId: job.id, jobName: job.name }, 'Processing bulk job');
},
{
connection: { url: env.REDIS_URL } as ConnectionOptions,
concurrency: QUEUE_CONFIGS.bulk.concurrency,
},
);
bulkWorker.on('failed', (job, err) => {
logger.error({ jobId: job?.id, jobName: job?.name, err }, 'Bulk job failed');
});
attachWorkerAudit(bulkWorker, 'bulk');
Reference in New Issue View Git Blame Copy Permalink