Back to Details

audit_logging

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Audit Logging Protocol

审计日志协议

1. Principles

1. 原则

  • No Invisible Actions: Every state-changing API call (POST, PUT, DELETE) must produce a log entry.
  • Traceability: Logs must include 
    userId
    , 
    action
    , 
    resourceId
    , and 
    metadata
    .
  • 无隐形操作:每一个会改变状态的API调用(POST、PUT、DELETE)都必须生成一条日志记录。
  • 可追溯性:日志必须包含
    userId
    action
    resourceId
    metadata

2. Implementation Standards

2. 实现标准

  • Backend (API):
    • Use the project's standard Logger service (e.g., 
      src/services/logger.ts
      or similar).
    • Example:
      typescript
      await Logger.info({
  event: 'POST_CREATED',
  userId: user.id,
  metadata: { postId: newPost.id },
});
  • Database (Supabase):
    • Ensure tables have 
      created_at
      , 
      updated_at
      , and 
      created_by
      columns.
    • Check if specific Audit Table inserts are required (e.g. 
      audit_logs
      table).
  • 后端(API)
    • 使用项目的标准Logger服务(例如
      src/services/logger.ts
      或类似文件)。
    • 示例:
      typescript
      await Logger.info({
  event: 'POST_CREATED',
  userId: user.id,
  metadata: { postId: newPost.id },
});
  • 数据库(Supabase)
    • 确保表中包含
      created_at
      updated_at
      created_by
      列。
    • 检查是否需要插入到特定的审计表中(例如
      audit_logs
      表)。

3. Verification Checklist

3. 验证清单

  • Does the new API endpoint call 
    Logger
    ?
  • Are logs visible in Supabase/Dashboards?
  • Is the log level appropriate (Info vs Error)?
  • Does the log contain enough context to debug issues later?
  • 新的API端点是否调用了
    Logger
  • 日志是否在Supabase/仪表板中可见?
  • 日志级别是否合适(Info vs Error)?
  • 日志是否包含足够的上下文以便后续调试问题?