security(csv-export): harden mnemonic export with super admin, audit, watermark (#48)
- Add SUPER_ADMIN_IDS config (fallback to ADMIN_IDS if not set) - Add isSuperAdmin() to middleware/auth.js - Create auditService.js for structured audit logging (DB + pino) - Create migration 005_audit_log.js - Add confirmation dialog before CSV export (confirm_export_ callback) - Check isSuperAdmin before export — block non-super admins - Audit log every export: admin ID, wallet type, wallet count - Add exported_by watermark column to CSV with admin telegram ID - Notify all other super admins when export occurs - Add SUPER_ADMIN_IDS to .env.example 8 files changed, 154 insertions, 39 deletions
This commit is contained in:
14
src/migrations/005_audit_log.js
Normal file
14
src/migrations/005_audit_log.js
Normal file
@@ -0,0 +1,14 @@
|
||||
import logger from '../utils/logger.js';
|
||||
|
||||
export default async function migration005(db) {
|
||||
await db.runAsync(`
|
||||
CREATE TABLE IF NOT EXISTS audit_log (
|
||||
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
||||
action TEXT NOT NULL,
|
||||
admin_id TEXT NOT NULL,
|
||||
details TEXT,
|
||||
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
||||
)
|
||||
`);
|
||||
logger.info('Migration 005: audit_log table created');
|
||||
}
|
||||
@@ -39,6 +39,7 @@ export async function runMigrations() {
|
||||
(await import('./002_add_columns.js')).default,
|
||||
(await import('./003_add_indexes.js')).default,
|
||||
(await import('./004_user_states.js')).default,
|
||||
(await import('./005_audit_log.js')).default,
|
||||
];
|
||||
|
||||
for (let i = currentVersion; i < migrations.length; i++) {
|
||||
|
||||
Reference in New Issue
Block a user