collabdocchat 2.4.4 → 2.4.5

package/server/utils/auditLogger.js

@@ -1,238 +1,268 @@
-import AuditLog from '../models/AuditLog.js';
-
-/**
- * 计算文本差异
- * @param {string} oldText - 原始文本
- * @param {string} newText - 新文本
- * @returns {Object} 包含插入和删除操作的对象
- */
-function calculateTextDiff(oldText = '', newText = '') {
-  const insertions = [];
-  const deletions = [];
-  
-  // 简单的差异计算算法
-  // 这里使用基础实现，生产环境可以使用更复杂的diff算法
-  if (oldText !== newText) {
-    // 如果完全不同，记录为完全替换
-    if (oldText.length > 0) {
-      deletions.push({
-        position: 0,
-        content: oldText,
-        length: oldText.length
-      });
-    }
-    
-    if (newText.length > 0) {
-      insertions.push({
-        position: 0,
-        content: newText,
-        length: newText.length
-      });
-    }
-  }
-  
-  return { insertions, deletions };
-}
-
-/**
- * 记录审计日志
- * @param {Object} logData - 日志数据
- * @param {Object} req - Express请求对象（可选，用于获取IP等信息）
- */
-export async function logAuditAction(logData, req = null) {
-  try {
-    const auditData = {
-      action: logData.action,
-      user: logData.userId,
-      resourceType: logData.resourceType,
-      resourceId: logData.resourceId,
-      resourceTitle: logData.resourceTitle || '',
-      details: {
-        oldValue: logData.oldValue,
-        newValue: logData.newValue,
-        field: logData.field,
-        description: logData.description
-      },
-      metadata: {
-        groupId: logData.groupId
-      }
-    };
-
-    // 如果是内容编辑，计算文本差异
-    if (logData.action === 'content_edit' && logData.oldValue && logData.newValue) {
-      auditData.changes = calculateTextDiff(logData.oldValue, logData.newValue);
-    }
-
-    // 从请求中提取元数据
-    if (req) {
-      auditData.metadata.ipAddress = req.ip || req.connection.remoteAddress;
-      auditData.metadata.userAgent = req.get('User-Agent');
-    }
-
-    const auditLog = new AuditLog(auditData);
-    await auditLog.save();
-    
-    return auditLog;
-  } catch (error) {
-    console.error('记录审计日志失败:', error);
-    // 审计日志记录失败不应该影响主业务逻辑
-    return null;
-  }
-}
-
-/**
- * 批量记录审计日志
- * @param {Array} logDataArray - 日志数据数组
- * @param {Object} req - Express请求对象
- */
-export async function logMultipleAuditActions(logDataArray, req = null) {
-  const promises = logDataArray.map(logData => logAuditAction(logData, req));
-  return Promise.allSettled(promises);
-}
-
-/**
- * 查询审计日志
- * @param {Object} filters - 查询过滤条件
- * @param {Object} options - 查询选项（分页、排序等）
- */
-export async function queryAuditLogs(filters = {}, options = {}) {
-  try {
-    const {
-      page = 1,
-      limit = 50,
-      sortBy = 'createdAt',
-      sortOrder = -1
-    } = options;
-
-    const query = {};
-    
-    // 构建查询条件
-    if (filters.userId) {
-      query.user = filters.userId;
-    }
-    
-    if (filters.resourceId) {
-      query.resourceId = filters.resourceId;
-    }
-    
-    if (filters.resourceType) {
-      query.resourceType = filters.resourceType;
-    }
-    
-    if (filters.action) {
-      query.action = filters.action;
-    }
-    
-    if (filters.groupId) {
-      query['metadata.groupId'] = filters.groupId;
-    }
-    
-    if (filters.startDate && filters.endDate) {
-      query.createdAt = {
-        $gte: new Date(filters.startDate),
-        $lte: new Date(filters.endDate)
-      };
-    } else if (filters.startDate) {
-      query.createdAt = { $gte: new Date(filters.startDate) };
-    } else if (filters.endDate) {
-      query.createdAt = { $lte: new Date(filters.endDate) };
-    }
-
-    const skip = (page - 1) * limit;
-    
-    const [logs, total] = await Promise.all([
-      AuditLog.find(query)
-        .populate('user', 'username email avatar')
-        .populate('metadata.groupId', 'name')
-        .sort({ [sortBy]: sortOrder })
-        .skip(skip)
-        .limit(limit)
-        .lean(),
-      AuditLog.countDocuments(query)
-    ]);
-
-    return {
-      logs,
-      pagination: {
-        page,
-        limit,
-        total,
-        pages: Math.ceil(total / limit)
-      }
-    };
-  } catch (error) {
-    console.error('查询审计日志失败:', error);
-    throw new Error('查询审计日志失败');
-  }
-}
-
-/**
- * 获取用户活动统计
- * @param {string} userId - 用户ID
- * @param {Object} timeRange - 时间范围
- */
-export async function getUserActivityStats(userId, timeRange = {}) {
-  try {
-    const { startDate, endDate } = timeRange;
-    const matchStage = { user: userId };
-    
-    if (startDate && endDate) {
-      matchStage.createdAt = {
-        $gte: new Date(startDate),
-        $lte: new Date(endDate)
-      };
-    }
-
-    const stats = await AuditLog.aggregate([
-      { $match: matchStage },
-      {
-        $group: {
-          _id: '$action',
-          count: { $sum: 1 },
-          lastActivity: { $max: '$createdAt' }
-        }
-      },
-      { $sort: { count: -1 } }
-    ]);
-
-    const totalActions = stats.reduce((sum, stat) => sum + stat.count, 0);
-    
-    return {
-      totalActions,
-      actionBreakdown: stats,
-      timeRange
-    };
-  } catch (error) {
-    console.error('获取用户活动统计失败:', error);
-    throw new Error('获取用户活动统计失败');
-  }
-}
-
-/**
- * 获取文档编辑历史摘要
- * @param {string} documentId - 文档ID
- * @param {number} limit - 返回记录数限制
- */
-export async function getDocumentEditHistory(documentId, limit = 20) {
-  try {
-    const history = await AuditLog.find({
-      resourceId: documentId,
-      resourceType: 'document',
-      action: { $in: ['content_edit', 'title_edit', 'document_update'] }
-    })
-    .populate('user', 'username avatar')
-    .sort({ createdAt: -1 })
-    .limit(limit)
-    .lean();
-
-    return history;
-  } catch (error) {
-    console.error('获取文档编辑历史失败:', error);
-    throw new Error('获取文档编辑历史失败');
-  }
-}
-
-
-
-
-
+import AuditLog from '../models/AuditLog.js';
+
+/**
+ * 去除HTML标签，只保留纯文本
+ * @param {string} html - HTML内容
+ * @returns {string} 纯文本内容
+ */
+function stripHtmlTags(html) {
+  if (!html || typeof html !== 'string') return '';
+  
+  // 移除HTML标签
+  let text = html.replace(/<[^>]*>/g, '');
+  
+  // 解码HTML实体
+  text = text
+    .replace(/&nbsp;/g, ' ')
+    .replace(/&lt;/g, '<')
+    .replace(/&gt;/g, '>')
+    .replace(/&amp;/g, '&')
+    .replace(/&quot;/g, '"')
+    .replace(/&#39;/g, "'");
+  
+  // 移除多余的空白字符
+  text = text.trim();
+  
+  return text;
+}
+
+/**
+ * 计算文本差异
+ * @param {string} oldText - 原始文本
+ * @param {string} newText - 新文本
+ * @returns {Object} 包含插入和删除操作的对象
+ */
+function calculateTextDiff(oldText = '', newText = '') {
+  // 去除HTML标签，只比较纯文本
+  const cleanOldText = stripHtmlTags(oldText);
+  const cleanNewText = stripHtmlTags(newText);
+  
+  const insertions = [];
+  const deletions = [];
+  
+  // 简单的差异计算算法
+  // 这里使用基础实现，生产环境可以使用更复杂的diff算法
+  if (cleanOldText !== cleanNewText) {
+    // 如果完全不同，记录为完全替换
+    if (cleanOldText.length > 0) {
+      deletions.push({
+        position: 0,
+        content: cleanOldText,
+        length: cleanOldText.length
+      });
+    }
+    
+    if (cleanNewText.length > 0) {
+      insertions.push({
+        position: 0,
+        content: cleanNewText,
+        length: cleanNewText.length
+      });
+    }
+  }
+  
+  return { insertions, deletions };
+}
+
+/**
+ * 记录审计日志
+ * @param {Object} logData - 日志数据
+ * @param {Object} req - Express请求对象（可选，用于获取IP等信息）
+ */
+export async function logAuditAction(logData, req = null) {
+  try {
+    const auditData = {
+      action: logData.action,
+      user: logData.userId,
+      resourceType: logData.resourceType,
+      resourceId: logData.resourceId,
+      resourceTitle: logData.resourceTitle || '',
+      details: {
+        oldValue: stripHtmlTags(logData.oldValue),
+        newValue: stripHtmlTags(logData.newValue),
+        field: logData.field,
+        description: logData.description
+      },
+      metadata: {
+        groupId: logData.groupId
+      }
+    };
+
+    // 如果是内容编辑，计算文本差异
+    if (logData.action === 'content_edit' && logData.oldValue && logData.newValue) {
+      auditData.changes = calculateTextDiff(logData.oldValue, logData.newValue);
+    }
+
+    // 从请求中提取元数据
+    if (req) {
+      auditData.metadata.ipAddress = req.ip || req.connection.remoteAddress;
+      auditData.metadata.userAgent = req.get('User-Agent');
+    }
+
+    const auditLog = new AuditLog(auditData);
+    await auditLog.save();
+    
+    return auditLog;
+  } catch (error) {
+    console.error('记录审计日志失败:', error);
+    // 审计日志记录失败不应该影响主业务逻辑
+    return null;
+  }
+}
+
+/**
+ * 批量记录审计日志
+ * @param {Array} logDataArray - 日志数据数组
+ * @param {Object} req - Express请求对象
+ */
+export async function logMultipleAuditActions(logDataArray, req = null) {
+  const promises = logDataArray.map(logData => logAuditAction(logData, req));
+  return Promise.allSettled(promises);
+}
+
+/**
+ * 查询审计日志
+ * @param {Object} filters - 查询过滤条件
+ * @param {Object} options - 查询选项（分页、排序等）
+ */
+export async function queryAuditLogs(filters = {}, options = {}) {
+  try {
+    const {
+      page = 1,
+      limit = 50,
+      sortBy = 'createdAt',
+      sortOrder = -1
+    } = options;
+
+    const query = {};
+    
+    // 构建查询条件
+    if (filters.userId) {
+      query.user = filters.userId;
+    }
+    
+    if (filters.resourceId) {
+      query.resourceId = filters.resourceId;
+    }
+    
+    if (filters.resourceType) {
+      query.resourceType = filters.resourceType;
+    }
+    
+    if (filters.action) {
+      query.action = filters.action;
+    }
+    
+    if (filters.groupId) {
+      query['metadata.groupId'] = filters.groupId;
+    }
+    
+    if (filters.startDate && filters.endDate) {
+      query.createdAt = {
+        $gte: new Date(filters.startDate),
+        $lte: new Date(filters.endDate)
+      };
+    } else if (filters.startDate) {
+      query.createdAt = { $gte: new Date(filters.startDate) };
+    } else if (filters.endDate) {
+      query.createdAt = { $lte: new Date(filters.endDate) };
+    }
+
+    const skip = (page - 1) * limit;
+    
+    const [logs, total] = await Promise.all([
+      AuditLog.find(query)
+        .populate('user', 'username email avatar')
+        .populate('metadata.groupId', 'name')
+        .sort({ [sortBy]: sortOrder })
+        .skip(skip)
+        .limit(limit)
+        .lean(),
+      AuditLog.countDocuments(query)
+    ]);
+
+    return {
+      logs,
+      pagination: {
+        page,
+        limit,
+        total,
+        pages: Math.ceil(total / limit)
+      }
+    };
+  } catch (error) {
+    console.error('查询审计日志失败:', error);
+    throw new Error('查询审计日志失败');
+  }
+}
+
+/**
+ * 获取用户活动统计
+ * @param {string} userId - 用户ID
+ * @param {Object} timeRange - 时间范围
+ */
+export async function getUserActivityStats(userId, timeRange = {}) {
+  try {
+    const { startDate, endDate } = timeRange;
+    const matchStage = { user: userId };
+    
+    if (startDate && endDate) {
+      matchStage.createdAt = {
+        $gte: new Date(startDate),
+        $lte: new Date(endDate)
+      };
+    }
+
+    const stats = await AuditLog.aggregate([
+      { $match: matchStage },
+      {
+        $group: {
+          _id: '$action',
+          count: { $sum: 1 },
+          lastActivity: { $max: '$createdAt' }
+        }
+      },
+      { $sort: { count: -1 } }
+    ]);
+
+    const totalActions = stats.reduce((sum, stat) => sum + stat.count, 0);
+    
+    return {
+      totalActions,
+      actionBreakdown: stats,
+      timeRange
+    };
+  } catch (error) {
+    console.error('获取用户活动统计失败:', error);
+    throw new Error('获取用户活动统计失败');
+  }
+}
+
+/**
+ * 获取文档编辑历史摘要
+ * @param {string} documentId - 文档ID
+ * @param {number} limit - 返回记录数限制
+ */
+export async function getDocumentEditHistory(documentId, limit = 20) {
+  try {
+    const history = await AuditLog.find({
+      resourceId: documentId,
+      resourceType: 'document',
+      action: { $in: ['content_edit', 'title_edit', 'document_update'] }
+    })
+    .populate('user', 'username avatar')
+    .sort({ createdAt: -1 })
+    .limit(limit)
+    .lean();
+
+    return history;
+  } catch (error) {
+    console.error('获取文档编辑历史失败:', error);
+    throw new Error('获取文档编辑历史失败');
+  }
+}
+
+
+
+
+