Add audit log UI and backend API seeded E2E

- Add Auth Context route role guards so doctors cannot directly enter template management, user management, or audit logs. - Add Audit Logs page, sidebar entry, frontend audit API client, and API client test. - Add backend audit log query endpoint with super/admin visibility rules and query filtering. - Extend PostgreSQL integration tests to cover audit log query permissions. - Move Playwright E2E away from localStorage seed data to real backend API login and seed helpers. - Add E2E coverage for route guards and audit log visibility. - Run Playwright backend on port 3100 and proxy Vite API requests there to avoid local port conflicts. - Make server:dev use the compiled NestJS server path, avoiding tsx parameter-property injection issues. - Update README, AGENTS, feature, testing, security, deployment, progress, API, backendization, and auth/user module docs.
2026-05-02 02:04:56 +08:00
parent a16f522a4b
commit 750cf4129d
31 changed files with 719 additions and 261 deletions
--- a/docs/security.md
+++ b/docs/security.md
@@ -20,5 +20,5 @@
 3. 增加文件服务：报告图片、视频和关键帧后续可切换对象存储或院内文件服务；签名、模板图片、视频和关键帧已完成第一版后端文件资源。
 4. 完善 API 代理：AI 和语音已完成第一版后端代理，后续应补限流、审计、错误分级和第三方调用隔离测试。
 5. 增强 HTML 清洗：当前报告和模板保存已有第一版白名单过滤，后续需覆盖 AI 返回、导入文件、旧数据迁移和绕过测试。
-6. 增加审计日志：当前登录、报告/模板/用户/设置/文件修改已有第一版审计，后续补查看日志、打印/导出错误追踪和第三方代理调用摘要；报告导出不要求专门导出审计。
+6. 增强审计日志：当前登录、报告/模板/用户/设置/文件修改已有审计写入和查询页面；后续补打印/导出错误追踪和第三方代理调用摘要。报告导出不要求专门导出审计。
 7. 增加数据备份与恢复：避免浏览器清理缓存造成业务数据丢失。