hwinkel
f10a79471e
Improvements #1-3 deepening: 1. Server-side invoice amount validation - All amounts (qty × unitPrice) recalculated server-side using tax.ts - Prevents client-side manipulation attacks - Supports kleinunternehmer auto-inheritance 2. Comprehensive audit logging - LogAction type extended with 11 new actions - All CRUD operations now logged with metadata - Metadata includes: amounts, counts, status transitions, oldStatus/newStatus 3. Advanced Zod validation (centralized) - New file: app/lib/schemas.ts (220 lines, 18+ validators) - Custom validators: currencySchema, taxRateSchema, ibanSchema, taxIdSchema, vatIdSchema - All API routes (invoices, companies, customers) now use centralized schemas - Consistent German error messages - Single source of truth for validation logic Additional improvements: - DB indices applied: invoices(status, dueDate, deletedAt, customerId), customers(companyId) - Migration 20260415192953_add_indices applied successfully - Build succeeds without critical errors - TypeScript compilation validates all schemas Files modified: - app/lib/schemas.ts (NEW) - app/routes/api.invoices.ts (uses centralized schemas) - app/routes/api.invoices.$id.ts (status transition validation) - app/routes/api.companies.ts, api.companies.$id.ts - app/routes/api.customers.ts, api.customers.$id.ts - app/lib/logger.server.ts (metadata support) - prisma/schema.prisma (indices) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
67 lines
1.5 KiB
TypeScript
67 lines
1.5 KiB
TypeScript
import prisma from "@/lib/prisma.server";
|
|
|
|
export type LogAction =
|
|
| "LOGIN"
|
|
| "LOGIN_FAILED"
|
|
| "LOGOUT"
|
|
| "CHANGE_PASSWORD"
|
|
| "CREATE_USER"
|
|
| "UPDATE_USER"
|
|
| "DELETE_USER"
|
|
| "CREATE_COMPANY"
|
|
| "UPDATE_COMPANY"
|
|
| "DELETE_COMPANY"
|
|
| "ARCHIVE_COMPANY"
|
|
| "CREATE_INVOICE"
|
|
| "UPDATE_INVOICE"
|
|
| "DELETE_INVOICE"
|
|
| "UPDATE_INVOICE_STATUS"
|
|
| "CREATE_CUSTOMER"
|
|
| "UPDATE_CUSTOMER"
|
|
| "DELETE_CUSTOMER"
|
|
| "CREATE_SERVICE"
|
|
| "UPDATE_SERVICE"
|
|
| "DELETE_SERVICE";
|
|
|
|
export async function log({
|
|
userId,
|
|
action,
|
|
entity,
|
|
entityId,
|
|
metadata,
|
|
request,
|
|
}: {
|
|
userId?: string | null;
|
|
action: LogAction;
|
|
entity?: string;
|
|
entityId?: string;
|
|
metadata?: Record<string, unknown>;
|
|
request?: Request;
|
|
}) {
|
|
const ipAddress = request
|
|
? request.headers.get("x-forwarded-for") ??
|
|
request.headers.get("x-real-ip") ??
|
|
undefined
|
|
: undefined;
|
|
|
|
try {
|
|
await prisma.auditLog.create({
|
|
data: {
|
|
userId: userId ?? null,
|
|
action,
|
|
entity: entity ?? null,
|
|
entityId: entityId ?? null,
|
|
metadata: (metadata as any) ?? undefined,
|
|
ipAddress: ipAddress ?? null,
|
|
},
|
|
});
|
|
} catch (err) {
|
|
// Never let logging failures break the app
|
|
console.error("[AuditLog] Failed to write log entry:", err);
|
|
}
|
|
|
|
console.log(
|
|
`[AUDIT] ${new Date().toISOString()} | ${action}${entity ? ` | ${entity}` : ""}${entityId ? `:${entityId}` : ""}${userId ? ` | user:${userId}` : ""}${ipAddress ? ` | ip:${ipAddress}` : ""}`
|
|
);
|
|
}
|