iti-framework
/
iTi-Flask
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
hsyh
v0.3.0
v0.2.5
v0.2.4
v0.2.3
v0.2.1
v0.1.1
v0.1.0
v0.2.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6aec02acb6'
${ noResults }
iTi-Flask/docs/AUDIT.md

1.5 KiB
Raw Blame History

审计

iTi-Flask 只提供审计事件工具和异步发送器。 它不写 sys_log

sys_log 由注册了 iti-system 的业务项目接收并入库。

配置

class DevConfig(BaseDevConfig):
    def __init__(self) -> None:
        super().__init__()
        self.audit_enabled = True
        self.audit_service_name = "audit"
        self.services = {
            "audit": {
                "base_url": "http://business-app.local",
                "token": "change-me",
            }
        }

接收方需要把同一个 token 配进 service_tokens

self.service_tokens = {"internal": "change-me"}

操作日志

业务显式提供 before / after 快照。 框架负责 diff、脱敏和异步发送。

from fastapi import Request
from iti.audit import audit_operation


def update_order(order_id: str, request: Request):
    before = {"qty": 1}
    after = {"qty": 2}
    audit_operation(
        request,
        title="修改生产订单",
        target_type="mo",
        target_id=order_id,
        before=before,
        after=after,
    )

登录日志

系统包登录接口已调用 audit_login()。 普通业务项目如需自定义登录,也使用同一个工具。

from iti.audit import audit_login


def login(request):
    audit_login(request, success=True, desc="admin")

接收入口

iti-system 提供:

POST /internal/audit/events
POST /internal/audit/login
POST /internal/audit/operation

这些接口使用框架服务 token 鉴权。