fix(audit): stop default read logging and dedupe dashboard timeline

- skip read audit logging unless a path is explicitly allowlisted - exclude audit-facing endpoints from backend audit collection - remove duplicate auth timeline fetch logic from dashboard screen - add regression tests for default GET skip and dashboard timeline dedup Co-Authored-By: First Fluke <our.first.fluke@gmail.com>
2026-04-17 18:04:09 +09:00
parent b72d04f184
commit 114f203ecd
5 changed files with 94 additions and 107 deletions
--- a/backend/cmd/server/main.go
+++ b/backend/cmd/server/main.go
@@ -513,8 +513,10 @@ func main() {
 	api.Use(middleware.AuditMiddleware(middleware.AuditConfig{
 		Repo: auditRepo,
 		ExcludePaths: map[string]struct{}{
-			"/api/v1/audit":      {},
-			"/api/v1/client-log": {},
+			"/api/v1/audit":               {},
+			"/api/v1/audit/auth/timeline": {},
+			"/api/v1/client-log":          {},
+			"/api/v1/dev/audit-logs":      {},
 		},
 		BodyDump:    true,
 		WorkerCount: workerCount,
@@ -604,14 +606,14 @@ func main() {
 		KetoService:  ketoService,
 	})
 	requireAdmin := middleware.RequireRole(middleware.RBACConfig{
-	        AllowedRoles: []string{domain.RoleSuperAdmin, domain.RoleTenantAdmin},
-	        AuthHandler:  authHandler,
-	        KetoService:  ketoService,
+		AllowedRoles: []string{domain.RoleSuperAdmin, domain.RoleTenantAdmin},
+		AuthHandler:  authHandler,
+		KetoService:  ketoService,
 	})
 	requireAnyUser := middleware.RequireRole(middleware.RBACConfig{
-	        AllowedRoles: []string{domain.RoleSuperAdmin, domain.RoleTenantAdmin, domain.RoleRPAdmin, domain.RoleUser},
-	        AuthHandler:  authHandler,
-	        KetoService:  ketoService,
+		AllowedRoles: []string{domain.RoleSuperAdmin, domain.RoleTenantAdmin, domain.RoleRPAdmin, domain.RoleUser},
+		AuthHandler:  authHandler,
+		KetoService:  ketoService,
 	})

 	admin.Get("/check", adminHandler.CheckAuth) // 기본 Admin 체크는 requireAdmin 없이 ApiKeyAuth로만 보호될 수 있음 (또는 추가 가능)
@@ -640,7 +642,7 @@ func main() {

 	// Organization & Org-Chart Management (Tenant Admin/Super Admin)
 	org := admin.Group("/tenants/:tenantId/organization")
-	org.Post("/import", orgChartHandler.ImportOrgChart) // Org Chart Bulk Import API
+	org.Post("/import", orgChartHandler.ImportOrgChart)                        // Org Chart Bulk Import API
 	org.Get("/import/progress/:progressId", orgChartHandler.GetImportProgress) // Progress API

 	org.Get("/", middleware.RequireKetoPermission(middleware.RBACConfig{AuthHandler: authHandler, KetoService: ketoService}, "Tenant", "view"), userGroupHandler.List)