npm - create-dp-koa - Versions diffs - 1.1.1 → 1.1.3 - Mend

create-dp-koa 1.1.1 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (84) hide show

package/template/src/annotations/processors/SecurityAuditProcessor.ts DELETED Viewed

@@ -1,345 +0,0 @@
-/**
- * 企业级安全审计注解处理器
- * 提供安全事件记录、审计日志和合规性检查
- */
-import { Context } from 'koa';
-import { AnnotationProcessor } from '@src/framework/decorator/processor/AnnotationProcessor';
-import { logger } from '@src/framework/utils/logger';
-export interface SecurityAuditConfig {
-    enableAudit?: boolean;
-    logLevel?: 'info' | 'warn' | 'error';
-    includeRequestData?: boolean;
-    includeResponseData?: boolean;
-    sensitiveFields?: string[];
-    complianceMode?: 'GDPR' | 'SOX' | 'HIPAA' | 'PCI-DSS';
-    retentionDays?: number;
-}
-export interface SecurityEvent {
-    timestamp: string;
-    userId?: string;
-    sessionId?: string;
-    ipAddress: string;
-    userAgent: string;
-    method: string;
-    url: string;
-    controller: string;
-    action: string;
-    requestData?: any;
-    responseData?: any;
-    securityLevel: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
-    eventType: 'AUTHENTICATION' | 'AUTHORIZATION' | 'DATA_ACCESS' | 'DATA_MODIFICATION' | 'SYSTEM_ACCESS';
-    riskScore: number;
-    complianceFlags: string[];
-}
-export class SecurityAuditProcessor implements AnnotationProcessor {
-    readonly name = 'SecurityAudit';
-    readonly priority = 2; // 高优先级
-    private auditLog: SecurityEvent[] = [];
-    private complianceRules: Map<string, any> = new Map();
-    constructor() {
-        this.initializeComplianceRules();
-    }
-    async process(
-        ctx: Context,
-        controller: any,
-        methodName: string,
-        annotationData: SecurityAuditConfig,
-        callParams: any[]
-    ): Promise<boolean> {
-        if (!annotationData?.enableAudit) return true;
-        const config = annotationData;
-        // 创建安全事件
-        const securityEvent: SecurityEvent = {
-            timestamp: new Date().toISOString(),
-            userId: ctx.state.user?.id,
-            sessionId: ctx.state.sessionId,
-            ipAddress: ctx.ip || ctx.request.ip,
-            userAgent: ctx.get('User-Agent') || '',
-            method: ctx.method,
-            url: ctx.url,
-            controller: controller.constructor.name,
-            action: methodName,
-            securityLevel: this.determineSecurityLevel(controller, methodName),
-            eventType: this.determineEventType(controller, methodName),
-            riskScore: this.calculateRiskScore(ctx, controller, methodName),
-            complianceFlags: this.checkCompliance(ctx, config)
-        };
-        // 添加请求数据（如果配置允许）
-        if (config.includeRequestData) {
-            securityEvent.requestData = this.sanitizeData(ctx.request.body, config.sensitiveFields);
-        }
-        // 存储事件
-        this.auditLog.push(securityEvent);
-        // 记录审计日志
-        this.logSecurityEvent(securityEvent, config.logLevel || 'info');
-        // 检查高风险操作
-        if (securityEvent.riskScore > 7) {
-            this.handleHighRiskEvent(securityEvent);
-        }
-        return true;
-    }
-    async postProcess(
-        ctx: Context,
-        controller: any,
-        methodName: string,
-        response: any
-    ): Promise<void> {
-        // 更新最后的安全事件
-        const lastEvent = this.auditLog[this.auditLog.length - 1];
-        if (lastEvent && lastEvent.controller === controller.constructor.name && lastEvent.action === methodName) {
-            lastEvent.responseData = this.sanitizeData(response, []);
-            // 检查响应中的敏感数据泄露
-            this.checkDataLeakage(lastEvent);
-        }
-    }
-    private determineSecurityLevel(controller: any, methodName: string): SecurityEvent['securityLevel'] {
-        const controllerName = controller.constructor.name.toLowerCase();
-        const method = methodName.toLowerCase();
-        // 高风险操作
-        if (method.includes('delete') || method.includes('remove') || method.includes('destroy')) {
-            return 'CRITICAL';
-        }
-        // 中等风险操作
-        if (method.includes('update') || method.includes('modify') || method.includes('change')) {
-            return 'HIGH';
-        }
-        // 低风险操作
-        if (method.includes('get') || method.includes('list') || method.includes('find')) {
-            return 'LOW';
-        }
-        return 'MEDIUM';
-    }
-    private determineEventType(controller: any, methodName: string): SecurityEvent['eventType'] {
-        const controllerName = controller.constructor.name.toLowerCase();
-        const method = methodName.toLowerCase();
-        if (controllerName.includes('auth') || controllerName.includes('login')) {
-            return 'AUTHENTICATION';
-        }
-        if (method.includes('create') || method.includes('update') || method.includes('delete')) {
-            return 'DATA_MODIFICATION';
-        }
-        if (method.includes('get') || method.includes('list') || method.includes('find')) {
-            return 'DATA_ACCESS';
-        }
-        return 'SYSTEM_ACCESS';
-    }
-    private calculateRiskScore(ctx: Context, controller: any, methodName: string): number {
-        let score = 0;
-        // 基于HTTP方法
-        switch (ctx.method) {
-            case 'DELETE': score += 4; break;
-            case 'PUT': score += 3; break;
-            case 'POST': score += 2; break;
-            case 'GET': score += 1; break;
-        }
-        // 基于用户权限
-        if (!ctx.state.user) score += 3;
-        if (!ctx.state.user?.isAdmin) score += 1;
-        // 基于IP地址
-        if (this.isSuspiciousIP(ctx.ip)) score += 2;
-        // 基于时间
-        if (this.isOffHours()) score += 1;
-        return Math.min(score, 10);
-    }
-    private checkCompliance(ctx: Context, config: SecurityAuditConfig): string[] {
-        const flags: string[] = [];
-        if (config.complianceMode) {
-            const rules = this.complianceRules.get(config.complianceMode);
-            if (rules) {
-                // GDPR 检查
-                if (config.complianceMode === 'GDPR') {
-                    if (this.containsPersonalData(ctx.request.body)) {
-                        flags.push('GDPR_PERSONAL_DATA');
-                    }
-                }
-                // SOX 检查
-                if (config.complianceMode === 'SOX') {
-                    if (this.isFinancialData(ctx.request.body)) {
-                        flags.push('SOX_FINANCIAL_DATA');
-                    }
-                }
-            }
-        }
-        return flags;
-    }
-    private sanitizeData(data: any, sensitiveFields: string[] = []): any {
-        if (!data || typeof data !== 'object') return data;
-        const sanitized = { ...data };
-        // 移除敏感字段
-        sensitiveFields.forEach(field => {
-            if (sanitized[field]) {
-                sanitized[field] = '[REDACTED]';
-            }
-        });
-        // 移除密码字段
-        if (sanitized.password) {
-            sanitized.password = '[REDACTED]';
-        }
-        return sanitized;
-    }
-    private logSecurityEvent(event: SecurityEvent, level: string): void {
-        const logData = {
-            securityEvent: event,
-            message: `Security audit: ${event.eventType} - ${event.controller}.${event.action}`,
-            riskScore: event.riskScore,
-            complianceFlags: event.complianceFlags
-        };
-        switch (level) {
-            case 'error':
-                logger.error(`[SecurityAudit] ${logData.message}`, undefined, logData);
-                break;
-            case 'warn':
-                logger.warn(`[SecurityAudit] ${logData.message}`, logData);
-                break;
-            default:
-                logger.info(`[SecurityAudit] ${logData.message}`, logData);
-        }
-    }
-    private handleHighRiskEvent(event: SecurityEvent): void {
-        logger.error(`[SecurityAudit] 高风险安全事件`, undefined, {
-            event,
-            alert: 'HIGH_RISK_SECURITY_EVENT',
-            timestamp: new Date().toISOString()
-        });
-        // 这里可以集成外部安全系统
-        // 例如：发送到 SIEM 系统、触发告警等
-    }
-    private checkDataLeakage(event: SecurityEvent): void {
-        if (event.responseData && typeof event.responseData === 'object') {
-            const responseStr = JSON.stringify(event.responseData);
-            // 检查是否包含敏感信息
-            const sensitivePatterns = [
-                /password/i,
-                /ssn/i,
-                /credit.*card/i,
-                /social.*security/i
-            ];
-            sensitivePatterns.forEach(pattern => {
-                if (pattern.test(responseStr)) {
-                    logger.error(`[SecurityAudit] 潜在数据泄露`, undefined, {
-                        event,
-                        pattern: pattern.toString(),
-                        alert: 'POTENTIAL_DATA_LEAKAGE'
-                    });
-                }
-            });
-        }
-    }
-    private initializeComplianceRules(): void {
-        this.complianceRules.set('GDPR', {
-            personalDataFields: ['email', 'phone', 'address', 'name', 'ssn'],
-            retentionPeriod: 365
-        });
-        this.complianceRules.set('SOX', {
-            financialDataFields: ['amount', 'transaction', 'payment', 'invoice'],
-            auditTrail: true
-        });
-        this.complianceRules.set('HIPAA', {
-            healthDataFields: ['medical', 'health', 'diagnosis', 'treatment'],
-            encryptionRequired: true
-        });
-    }
-    private containsPersonalData(data: any): boolean {
-        const personalFields = ['email', 'phone', 'address', 'name', 'ssn'];
-        return personalFields.some(field =>
-            data && typeof data === 'object' && data[field]
-        );
-    }
-    private isFinancialData(data: any): boolean {
-        const financialFields = ['amount', 'transaction', 'payment', 'invoice'];
-        return financialFields.some(field =>
-            data && typeof data === 'object' && data[field]
-        );
-    }
-    private isSuspiciousIP(ip: string): boolean {
-        // 简单的可疑IP检查
-        const suspiciousRanges = ['192.168.', '10.', '172.'];
-        return suspiciousRanges.some(range => ip.startsWith(range));
-    }
-    private isOffHours(): boolean {
-        const hour = new Date().getHours();
-        return hour < 6 || hour > 22;
-    }
-    /**
-     * 获取审计日志
-     */
-    getAuditLog(filter?: Partial<SecurityEvent>): SecurityEvent[] {
-        if (!filter) return [...this.auditLog];
-        return this.auditLog.filter(event => {
-            return Object.keys(filter).every(key =>
-                event[key as keyof SecurityEvent] === filter[key as keyof SecurityEvent]
-            );
-        });
-    }
-    /**
-     * 清理过期日志
-     */
-    cleanupExpiredLogs(retentionDays: number = 90): void {
-        const cutoffDate = new Date();
-        cutoffDate.setDate(cutoffDate.getDate() - retentionDays);
-        this.auditLog = this.auditLog.filter(event =>
-            new Date(event.timestamp) > cutoffDate
-        );
-        logger.info(`[SecurityAudit] 清理过期日志完成，保留 ${this.auditLog.length} 条记录`);
-    }
-}