rckrdmrd/template-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
template-saas/docs/01-modulos/SAAS-008-audit-logs.md
rckrdmrd 50a821a415
Some checks failed
CI / Backend CI (push) Has been cancelled
Details
CI / Frontend CI (push) Has been cancelled
Details
CI / Security Scan (push) Has been cancelled
Details
CI / CI Summary (push) Has been cancelled
Details
[SIMCO-V38] feat: Actualizar a SIMCO v3.8.0 
- HERENCIA-SIMCO.md actualizado con directivas v3.7 y v3.8
- Actualizaciones de configuracion

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-10 08:53:08 -06:00

4.9 KiB
Raw Permalink Blame History

id title type status priority module version created_date updated_date
SAAS-008 Audit Logs Module Published P1 audit-logs 1.0.0 2026-01-07 2026-01-10

SAAS-008: Audit Logs

Metadata

  • Codigo: SAAS-008
  • Modulo: Audit
  • Prioridad: P1
  • Estado: Completado
  • Fase: 3 - Features Core
  • Ultima Actualizacion: 2026-01-10

Descripcion

Sistema de auditoria completo: registro automatico de acciones, cambios en entidades, accesos de usuario, con busqueda y exportacion para compliance.

Objetivos

  1. Registro automatico de acciones
  2. Tracking de cambios (before/after)
  3. Log de accesos
  4. Busqueda y filtrado
  5. Exportacion para compliance

Alcance

Incluido

  • Logs de CREATE/UPDATE/DELETE
  • Diff de cambios (before/after)
  • Logs de autenticacion
  • IP y user agent
  • Retencion configurable
  • Busqueda full-text
  • Export CSV/JSON

Excluido

  • Replay de acciones
  • Alertas automaticas por patrones
  • Integracion SIEM

Modelo de Datos

Tablas (schema: audit)

audit_logs

  • id, tenant_id, user_id
  • action (create/update/delete/read/auth)
  • entity_type, entity_id
  • changes (JSONB: {before, after, diff})
  • ip_address, user_agent
  • metadata (JSONB)
  • created_at

auth_logs

  • id, tenant_id, user_id
  • action (login/logout/failed/mfa)
  • ip_address, user_agent
  • location (JSONB: {country, city})
  • success, failure_reason
  • created_at

Tipos de Eventos

Acciones de Datos

Accion Descripcion
entity.created Registro creado
entity.updated Registro modificado
entity.deleted Registro eliminado
entity.viewed Registro consultado
bulk.import Importacion masiva
bulk.export Exportacion masiva

Acciones de Auth

Accion Descripcion
auth.login Login exitoso
auth.logout Logout
auth.failed Login fallido
auth.mfa MFA verificado
auth.password_change Password cambiado
auth.session_revoked Sesion revocada

Endpoints API

Metodo Endpoint Descripcion
GET /audit/logs Listar logs
GET /audit/logs/:id Detalle de log
GET /audit/entity/:type/:id Logs de entidad
GET /audit/user/:id Logs de usuario
GET /audit/auth Logs de auth
GET /audit/export Exportar logs (Pendiente implementacion)
GET /audit/stats Estadisticas

Filtros de Busqueda

interface AuditFilters {
  dateFrom?: Date;
  dateTo?: Date;
  userId?: string;
  action?: string;
  entityType?: string;
  entityId?: string;
  ipAddress?: string;
  search?: string; // full-text
}

Implementacion

Interceptor Automatico

@Injectable()
export class AuditInterceptor implements NestInterceptor {
  intercept(context: ExecutionContext, next: CallHandler) {
    const request = context.switchToHttp().getRequest();
    const before = request.body;

    return next.handle().pipe(
      tap(async (result) => {
        await this.auditService.log({
          userId: request.user.id,
          action: this.getAction(request.method),
          entityType: this.getEntityType(request.path),
          entityId: result?.id,
          changes: { before, after: result },
          ip: request.ip,
          userAgent: request.headers['user-agent']
        });
      })
    );
  }
}

Decorator Manual

@AuditLog('custom.action')
async customOperation() {
  // Se registra automaticamente
}

Retencion de Datos

Plan Retencion
Free 7 dias
Starter 30 dias
Pro 90 dias
Enterprise 1 año (configurable)

Estructura de Log

interface AuditLog {
  id: string;
  tenantId: string;
  userId: string;
  userName: string;
  action: string;
  entityType: string;
  entityId: string;
  changes: {
    before: object | null;
    after: object | null;
    diff: object; // solo campos cambiados
  };
  metadata: {
    ip: string;
    userAgent: string;
    location?: {
      country: string;
      city: string;
    };
    requestId: string;
  };
  createdAt: Date;
}

Entregables

Entregable Estado Archivo
audit.module.ts Completado modules/audit/
audit.service.ts Completado services/
audit.interceptor.ts Completado interceptors/
DDL audit schema Completado ddl/schemas/audit/

Dependencias

Depende de

  • SAAS-001 (Auth)
  • SAAS-002 (Tenants)
  • SAAS-003 (Users)
  • SAAS-005 (Plans - retencion)

Bloquea a

  • Compliance reports
  • Security dashboards

Criterios de Aceptacion

  • CRUD se registra automaticamente
  • Auth events se registran
  • Before/after se captura
  • Busqueda funciona
  • Export CSV funciona
  • Retencion se aplica

Feature Flag

// Solo disponible en Enterprise
@RequiresFeature('audit_logs')
@Get('/audit/logs')
async getAuditLogs() {
  // ...
}

Ultima actualizacion: 2026-01-10