mirror of
https://github.com/Syngnat/GoNavi.git
synced 2026-07-13 16:34:35 +08:00
- 新增脱敏审计存储、筛选、保留策略、完整性校验与 JSON/CSV 导出 - 覆盖查询编辑器、事务、导入同步、对象操作、AI/MCP 与 Web 运行时入口 - 完善事务完整语句日志、Windows 快捷键映射及 SQL 分析布局 - 补充多语言、健康状态、数据目录迁移和回归测试
115 lines
3.8 KiB
Go
115 lines
3.8 KiB
Go
package sqlaudit
|
|
|
|
const (
|
|
CaptureModeRedacted = "redacted"
|
|
CaptureModeMetadata = "metadata"
|
|
|
|
BoundaryModeDriverAPI = "driver_api"
|
|
BoundaryModeTextSQL = "text_sql"
|
|
BoundaryModeImplicit = "implicit"
|
|
BoundaryModeUnknown = "unknown"
|
|
|
|
CommitModeAuto = "auto"
|
|
CommitModeManual = "manual"
|
|
CommitModePending = "pending"
|
|
)
|
|
|
|
const (
|
|
defaultPageSize = 50
|
|
maxPageSize = 500
|
|
defaultRetentionDays = 30
|
|
defaultMaxRecords = 100_000
|
|
)
|
|
|
|
// Event is one immutable SQL audit fact. SQLText is always sanitized again by
|
|
// Store.Append; callers cannot use this type to persist raw SQL.
|
|
type Event struct {
|
|
ID string `json:"id"`
|
|
Sequence int64 `json:"sequence"`
|
|
Timestamp int64 `json:"timestamp"`
|
|
EventType string `json:"eventType"`
|
|
Status string `json:"status"`
|
|
ConnectionID string `json:"connectionId"`
|
|
ConnectionFingerprint string `json:"connectionFingerprint"`
|
|
DBType string `json:"dbType"`
|
|
Database string `json:"database"`
|
|
QueryID string `json:"queryId"`
|
|
TransactionID string `json:"transactionId"`
|
|
Source string `json:"source"`
|
|
BoundaryMode string `json:"boundaryMode"`
|
|
CommitMode string `json:"commitMode"`
|
|
SQLText string `json:"sqlText"`
|
|
SQLRedacted bool `json:"sqlRedacted"`
|
|
SQLFingerprint string `json:"sqlFingerprint"`
|
|
StatementIndex int `json:"statementIndex"`
|
|
StatementCount int `json:"statementCount"`
|
|
DurationMs int64 `json:"durationMs"`
|
|
RowsAffected int64 `json:"rowsAffected"`
|
|
RowsReturned int64 `json:"rowsReturned"`
|
|
Error string `json:"error"`
|
|
PrevHash string `json:"prevHash"`
|
|
Hash string `json:"hash"`
|
|
}
|
|
|
|
type Filter struct {
|
|
Search string `json:"search"`
|
|
ConnectionID string `json:"connectionId"`
|
|
Database string `json:"database"`
|
|
DBType string `json:"dbType"`
|
|
EventType string `json:"eventType"`
|
|
Status string `json:"status"`
|
|
TransactionID string `json:"transactionId"`
|
|
Source string `json:"source"`
|
|
FromTimestamp int64 `json:"fromTimestamp"`
|
|
ToTimestamp int64 `json:"toTimestamp"`
|
|
Page int `json:"page"`
|
|
PageSize int `json:"pageSize"`
|
|
}
|
|
|
|
type Summary struct {
|
|
TotalEvents int64 `json:"totalEvents"`
|
|
SuccessCount int64 `json:"successCount"`
|
|
ErrorCount int64 `json:"errorCount"`
|
|
TransactionCount int64 `json:"transactionCount"`
|
|
}
|
|
|
|
type Page struct {
|
|
Items []Event `json:"items"`
|
|
Total int64 `json:"total"`
|
|
Page int `json:"page"`
|
|
PageSize int `json:"pageSize"`
|
|
Summary Summary `json:"summary"`
|
|
}
|
|
|
|
type Settings struct {
|
|
Enabled bool `json:"enabled"`
|
|
CaptureMode string `json:"captureMode"`
|
|
RetentionDays int `json:"retentionDays"`
|
|
MaxRecords int `json:"maxRecords"`
|
|
}
|
|
|
|
func DefaultSettings() Settings {
|
|
return Settings{
|
|
Enabled: true,
|
|
CaptureMode: CaptureModeRedacted,
|
|
RetentionDays: defaultRetentionDays,
|
|
MaxRecords: defaultMaxRecords,
|
|
}
|
|
}
|
|
|
|
// IntegrityReport reports local SHA-256 chain consistency. WeakValidation is
|
|
// always true because an unkeyed chain detects accidental/local edits but does
|
|
// not stop an attacker who can rewrite both records and hashes.
|
|
type IntegrityReport struct {
|
|
Valid bool `json:"valid"`
|
|
WeakValidation bool `json:"weakValidation"`
|
|
PartialChain bool `json:"partialChain"`
|
|
TruncatedPrefix bool `json:"truncatedPrefix"`
|
|
Algorithm string `json:"algorithm"`
|
|
CheckedRecords int64 `json:"checkedRecords"`
|
|
FirstSequence int64 `json:"firstSequence,omitempty"`
|
|
LastSequence int64 `json:"lastSequence,omitempty"`
|
|
InvalidSequence int64 `json:"invalidSequence,omitempty"`
|
|
Message string `json:"message"`
|
|
}
|