ahmido
28cfe38ba4
## Summary - turn the Monitoring audit log placeholder into a real workspace-scoped audit review surface - introduce a shared audit recorder, richer audit value objects, and additive audit log schema evolution - add audit outcome and actor badges, permission-aware related navigation, and durable audit retention coverage ## Included - canonical `/admin/audit-log` list and detail inspection UI - audit model helpers, taxonomy expansion, actor/target snapshots, and recorder/builder services - operation terminal audit writes and purge command retention changes - spec 134 design artifacts and focused Pest coverage for audit foundation behavior ## Validation - `vendor/bin/sail bin pint --dirty --format agent` - `vendor/bin/sail artisan test --compact tests/Unit/Audit tests/Unit/Badges/AuditBadgesTest.php tests/Feature/Filament/AuditLogPageTest.php tests/Feature/Filament/AuditLogDetailInspectionTest.php tests/Feature/Filament/AuditLogAuthorizationTest.php tests/Feature/Monitoring/AuditCoverageGovernanceTest.php tests/Feature/Monitoring/AuditCoverageOperationsTest.php tests/Feature/Console/TenantpilotPurgeNonPersistentDataTest.php` ## Notes - Livewire v4.0+ compliance is preserved within the existing Filament v5 application. - No provider registration changes were needed; panel provider registration remains in `bootstrap/providers.php`. - No new globally searchable resource was introduced. - The audit page remains read-only; no destructive actions were added. - No new asset pipeline changes were introduced; existing deploy-time `php artisan filament:assets` behavior remains unchanged. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #163
36 lines
1.2 KiB
PHP
36 lines
1.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Support\Audit\AuditContextSanitizer;
|
|
|
|
it('redacts protected audit fields recursively', function (): void {
|
|
$sanitized = AuditContextSanitizer::sanitize([
|
|
'token' => 'super-secret',
|
|
'nested' => [
|
|
'client_secret' => 'another-secret',
|
|
],
|
|
'notes' => 'Authorization: Bearer abc.def.ghi',
|
|
]);
|
|
|
|
expect(data_get($sanitized, 'token'))->toBe('[REDACTED]')
|
|
->and(data_get($sanitized, 'nested.client_secret'))->toBe('[REDACTED]')
|
|
->and(data_get($sanitized, 'notes'))->toBe('[REDACTED]');
|
|
});
|
|
|
|
it('truncates oversized strings and arrays before they reach the audit log', function (): void {
|
|
$items = collect(range(1, 55))
|
|
->mapWithKeys(static fn (int $index): array => ["key_{$index}" => "value_{$index}"])
|
|
->all();
|
|
|
|
$sanitized = AuditContextSanitizer::sanitize([
|
|
'message' => str_repeat('x', 600),
|
|
'items' => $items,
|
|
]);
|
|
|
|
expect((string) data_get($sanitized, 'message'))->toEndWith(' [truncated]')
|
|
->and(data_get($sanitized, 'items.truncated'))->toBeTrue()
|
|
->and(array_key_exists('key_50', $sanitized['items']))->toBeTrue()
|
|
->and(array_key_exists('key_51', $sanitized['items']))->toBeFalse();
|
|
});
|