security(csv-export): harden mnemonic export with super admin, audit, watermark (#48)
- Add SUPER_ADMIN_IDS config (fallback to ADMIN_IDS if not set) - Add isSuperAdmin() to middleware/auth.js - Create auditService.js for structured audit logging (DB + pino) - Create migration 005_audit_log.js - Add confirmation dialog before CSV export (confirm_export_ callback) - Check isSuperAdmin before export — block non-super admins - Audit log every export: admin ID, wallet type, wallet count - Add exported_by watermark column to CSV with admin telegram ID - Notify all other super admins when export occurs - Add SUPER_ADMIN_IDS to .env.example 8 files changed, 154 insertions, 39 deletions
This commit is contained in:
@@ -39,6 +39,7 @@ export async function runMigrations() {
|
||||
(await import('./002_add_columns.js')).default,
|
||||
(await import('./003_add_indexes.js')).default,
|
||||
(await import('./004_user_states.js')).default,
|
||||
(await import('./005_audit_log.js')).default,
|
||||
];
|
||||
|
||||
for (let i = currentVersion; i < migrations.length; i++) {
|
||||
|
||||
Reference in New Issue
Block a user