@gftdcojp/auth
Version:
✅ Enterprise-grade Auth0 integration for GFTD platform - 90% Complete, High Quality Implementation
318 lines • 11.5 kB
JavaScript
;
/**
* プロセス管理機能と認証の統合
*
* 機能:
* - プロセス実行時の認証チェック
* - 組織レベルでのプロセス管理
* - プロセス実行権限の管理
* - 監査ログ統合
*
* ✅ Next.js 15対応 - Server Actions統合
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.getProcessExecutionHistory = exports.getOrganizationProcesses = exports.executeProcess = void 0;
exports.checkProcessPermissions = checkProcessPermissions;
const server_actions_1 = require("./server-actions");
const types_1 = require("./types");
const logger_1 = require("./utils/logger");
/**
* プロセス実行権限チェック
*/
function checkProcessPermissions(user, process) {
// 組織チェック
if (process.organizationId && user.organization_id !== process.organizationId) {
return {
allowed: false,
reason: 'Organization access denied',
};
}
// ユーザー指定チェック
if (process.allowedUsers && process.allowedUsers.length > 0) {
if (!process.allowedUsers.includes(user.sub)) {
return {
allowed: false,
reason: 'User not in allowed list',
};
}
}
// ロールチェック
if (process.requiredRoles && process.requiredRoles.length > 0) {
const userRoles = user.metadata?.roles || [];
const hasRequiredRole = process.requiredRoles.some(role => userRoles.includes(role));
if (!hasRequiredRole) {
return {
allowed: false,
reason: `Required roles: ${process.requiredRoles.join(', ')}`,
};
}
}
// 権限チェック
if (process.requiredPermissions && process.requiredPermissions.length > 0) {
const userPermissions = user.metadata?.permissions || [];
const hasRequiredPermission = process.requiredPermissions.some(permission => userPermissions.includes(permission));
if (!hasRequiredPermission) {
return {
allowed: false,
reason: `Required permissions: ${process.requiredPermissions.join(', ')}`,
};
}
}
return { allowed: true };
}
/**
* プロセス実行のServer Action
*/
exports.executeProcess = (0, server_actions_1.withServerAuth)(async (authContext, processId, parameters = {}) => {
'use server';
try {
// プロセス設定を取得(実際の実装では外部ストレージから取得)
const processConfig = await getProcessConfig(processId);
if (!processConfig) {
return {
success: false,
error: {
message: 'Process not found',
code: 'PROCESS_NOT_FOUND',
},
};
}
// 権限チェック
const permissionCheck = checkProcessPermissions(authContext.user, processConfig);
if (!permissionCheck.allowed) {
// 監査ログ記録
types_1.AuditLogManager.log({
level: types_1.AuditLogLevel.WARN,
eventType: types_1.AuditEventType.ADMIN_ACTION,
organizationId: authContext.organizationId,
userId: authContext.user.sub,
result: 'DENIED',
message: `Process execution denied: ${processConfig.name}`,
details: {
processId,
reason: permissionCheck.reason,
},
});
return {
success: false,
error: {
message: permissionCheck.reason || 'Access denied',
code: 'ACCESS_DENIED',
},
};
}
// プロセス実行
const executionId = generateExecutionId();
const startTime = new Date().toISOString();
logger_1.log.info(`Starting process execution: ${processId} by ${authContext.user.sub}`);
// 監査ログ記録(開始)
types_1.AuditLogManager.log({
level: types_1.AuditLogLevel.INFO,
eventType: types_1.AuditEventType.ADMIN_ACTION,
organizationId: authContext.organizationId,
userId: authContext.user.sub,
result: 'STARTED',
message: `Process execution started: ${processConfig.name}`,
details: {
processId,
executionId,
parameters,
},
});
// TODO: 実際のプロセス実行ロジック
const processResult = await runProcess(processConfig, parameters, {
userId: authContext.user.sub,
organizationId: authContext.organizationId,
});
const endTime = new Date().toISOString();
const result = {
processId,
executionId,
status: processResult.success ? 'completed' : 'failed',
startTime,
endTime,
output: processResult.output,
error: processResult.error,
executedBy: {
userId: authContext.user.sub,
organizationId: authContext.organizationId,
},
};
// 監査ログ記録(完了)
types_1.AuditLogManager.log({
level: processResult.success ? types_1.AuditLogLevel.INFO : types_1.AuditLogLevel.ERROR,
eventType: types_1.AuditEventType.ADMIN_ACTION,
organizationId: authContext.organizationId,
userId: authContext.user.sub,
result: processResult.success ? 'SUCCESS' : 'FAILED',
message: `Process execution ${processResult.success ? 'completed' : 'failed'}: ${processConfig.name}`,
details: {
processId,
executionId,
duration: Date.parse(endTime) - Date.parse(startTime),
error: processResult.error,
},
});
return {
success: true,
data: result,
};
}
catch (error) {
logger_1.log.error(`Process execution error: ${error}`);
// 監査ログ記録(エラー)
types_1.AuditLogManager.log({
level: types_1.AuditLogLevel.ERROR,
eventType: types_1.AuditEventType.ADMIN_ACTION,
organizationId: authContext.organizationId,
userId: authContext.user.sub,
result: 'ERROR',
message: `Process execution error: ${processId}`,
details: {
error: error instanceof Error ? error.message : String(error),
},
});
return {
success: false,
error: {
message: 'Process execution failed',
code: 'EXECUTION_ERROR',
details: error,
},
};
}
}, {
requireAuth: true,
});
/**
* 組織内プロセス一覧取得のServer Action
*/
exports.getOrganizationProcesses = (0, server_actions_1.withOrganizationServerAuth)('dynamic', // 動的組織ID(実際の実装では引数から取得)
async (authContext, filter) => {
'use server';
try {
logger_1.log.info(`Getting organization processes for ${authContext.organizationId}`);
// TODO: 実際のプロセス一覧取得実装
const processes = [
{
id: 'process-1',
name: 'データ同期',
description: '外部システムとのデータ同期',
requiredPermissions: ['data:sync'],
organizationId: authContext.organizationId,
},
{
id: 'process-2',
name: 'レポート生成',
description: '月次レポートの自動生成',
requiredRoles: ['admin'],
organizationId: authContext.organizationId,
},
];
// フィルタリング
let filteredProcesses = processes;
if (filter?.category) {
// カテゴリーフィルタリング(実装例)
filteredProcesses = filteredProcesses.filter(p => p.description?.toLowerCase().includes(filter.category.toLowerCase()));
}
return {
success: true,
data: filteredProcesses,
};
}
catch (error) {
logger_1.log.error(`Failed to get organization processes: ${error}`);
return {
success: false,
error: {
message: 'Failed to get processes',
code: 'DATA_FETCH_ERROR',
},
};
}
});
/**
* プロセス実行履歴取得のServer Action
*/
exports.getProcessExecutionHistory = (0, server_actions_1.withServerAuth)(async (authContext, processId, limit = 50) => {
'use server';
try {
logger_1.log.info(`Getting process execution history for user ${authContext.user.sub}`);
// TODO: 実際の履歴取得実装
const history = [
{
processId: 'process-1',
executionId: 'exec-001',
status: 'completed',
startTime: '2025-01-15T10:00:00Z',
endTime: '2025-01-15T10:05:00Z',
output: { recordsProcessed: 1000 },
executedBy: {
userId: authContext.user.sub,
organizationId: authContext.organizationId,
},
},
];
// プロセスIDフィルタリング
let filteredHistory = history;
if (processId) {
filteredHistory = history.filter(h => h.processId === processId);
}
// 制限適用
filteredHistory = filteredHistory.slice(0, limit);
return {
success: true,
data: filteredHistory,
};
}
catch (error) {
logger_1.log.error(`Failed to get process execution history: ${error}`);
return {
success: false,
error: {
message: 'Failed to get execution history',
code: 'DATA_FETCH_ERROR',
},
};
}
}, {
requireAuth: true,
});
/**
* ヘルパー関数
*/
async function getProcessConfig(processId) {
// TODO: 実際のデータストレージからプロセス設定を取得
const mockProcesses = {
'process-1': {
id: 'process-1',
name: 'データ同期',
description: '外部システムとのデータ同期',
requiredPermissions: ['data:sync'],
},
'process-2': {
id: 'process-2',
name: 'レポート生成',
description: '月次レポートの自動生成',
requiredRoles: ['admin'],
},
};
return mockProcesses[processId] || null;
}
async function runProcess(config, parameters, context) {
// TODO: 実際のプロセス実行実装
// シミュレーション
await new Promise(resolve => setTimeout(resolve, 1000));
return {
success: true,
output: {
message: `Process ${config.name} completed successfully`,
parameters,
timestamp: new Date().toISOString(),
},
};
}
function generateExecutionId() {
return `exec-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
}
//# sourceMappingURL=process-integration.js.map