complete new audit system

2026-03-21 18:23:54 +01:00
parent 38b3b7da73
commit fd55742c57
159 changed files with 2841 additions and 736 deletions
@@ -387,17 +387,44 @@ export function auditMiddleware(req: AuthRequest, res: Response, next: NextFunct
  };

  // Response-Ende abfangen für Logging
+  // Audit-Kontext hier erfassen (bevor AsyncLocalStorage den Kontext verliert)
+  let capturedAuditContext: ReturnType<typeof getAuditContext> | undefined;
+
+  const origEnd = res.end;
+  (res as any).end = function(chunk?: any, encoding?: any, cb?: any) {
+    // Kontext VOR dem Ende erfassen
+    capturedAuditContext = getAuditContext();
+    return origEnd.call(this, chunk, encoding, cb);
+  };
+
  res.on('finish', () => {
    // Async Logging - blockiert nicht die Response
    setImmediate(async () => {
      try {
        const durationMs = Date.now() - startTime;
        const action = determineAction(req.method, req.path, responseSuccess);
+
+        // READ-Aktionen nicht loggen (nur Änderungen, Logins und Exporte)
+        if (action === 'READ') return;
+
+        // Routen die bereits gezielt via logChange() geloggt werden → nicht doppelt loggen
+        const manuallyLoggedPaths = [
+          '/api/customers',
+          '/api/contracts',
+          '/api/meters',
+          '/api/gdpr',
+          '/api/upload',
+        ];
+        // Login/Logout immer loggen
+        if (action !== 'LOGIN' && action !== 'LOGOUT' && action !== 'LOGIN_FAILED') {
+          if (manuallyLoggedPaths.some(p => req.originalUrl?.startsWith(p) || req.baseUrl?.startsWith(p))) return;
+        }
+
        const resourceId = mapping.extractId?.(req);
        const dataSubjectId = extractDataSubjectId(req);

-        // Audit-Kontext abrufen (enthält Before/After-Werte von Prisma Middleware)
-        const auditContext = getAuditContext();
+        // Audit-Kontext nutzen (wurde vor Response-Ende erfasst)
+        const auditContext = capturedAuditContext;

        // Menschenlesbares Label generieren
        const resourceLabel = generateHumanLabel(action, mapping.type, req, responseBody);
@@ -405,7 +432,7 @@ export function auditMiddleware(req: AuthRequest, res: Response, next: NextFunct
        await createAuditLog({
          userId: req.user?.userId,
          userEmail: req.user?.email || 'anonymous',
-          userRole: req.user?.permissions?.join(', '),
+          userRole: req.user?.isCustomerPortal ? 'Kundenportal' : (req.user as any)?.roleName || 'Mitarbeiter',
          customerId: req.user?.customerId,
          isCustomerPortal: req.user?.isCustomerPortal,
          action,