feat: Phase 1 - Implementation of Data Security Infrastructure

Implemented comprehensive data security infrastructure for SFERA platform: ## Security Classes Created: - `SupplyDataFilter`: Role-based data filtering for supply orders - `ParticipantIsolation`: Data isolation between competing organizations - `RecipeAccessControl`: Protection of production recipes and trade secrets - `CommercialDataAudit`: Audit logging and suspicious activity detection - `SecurityLogger`: Centralized security event logging system ## Infrastructure Components: - Feature flags system for gradual security rollout - Database migrations for audit logging (AuditLog, SecurityAlert models) - Secure resolver wrapper for automatic GraphQL security - TypeScript interfaces and type safety throughout ## Security Features: - Role-based access control (SELLER, WHOLESALE, FULFILLMENT, LOGIST) - Commercial data protection between competitors - Production recipe confidentiality - Audit trail for all data access - Real-time security monitoring and alerts - Rate limiting and suspicious activity detection ## Implementation Notes: - All console logging replaced with centralized security logger - Comprehensive TypeScript typing with no explicit 'any' types - Modular architecture following SFERA coding standards - Feature flag controlled rollout for safe deployment This completes Phase 1 of the security implementation plan. Next phases will integrate these classes into existing GraphQL resolvers. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-22 17:51:02 +03:00
parent e7e4889102
commit 6e3201f491
20 changed files with 5671 additions and 66 deletions
--- a/prisma/migrations/001_add_security_audit_system.sql
+++ b/prisma/migrations/001_add_security_audit_system.sql
@ -0,0 +1,47 @@
+-- CreateEnum для типов алертов безопасности
+CREATE TYPE "SecurityAlertType" AS ENUM ('EXCESSIVE_ACCESS', 'UNAUTHORIZED_ATTEMPT', 'DATA_LEAK_RISK', 'SUSPICIOUS_PATTERN', 'BULK_EXPORT_DETECTED');
+
+-- CreateEnum для уровней серьезности алертов
+CREATE TYPE "SecurityAlertSeverity" AS ENUM ('LOW', 'MEDIUM', 'HIGH', 'CRITICAL');
+
+-- CreateTable для журнала аудита
+CREATE TABLE "audit_logs" (
+    "id" TEXT NOT NULL,
+    "userId" TEXT NOT NULL,
+    "organizationType" "OrganizationType" NOT NULL,
+    "action" TEXT NOT NULL,
+    "resourceType" TEXT NOT NULL,
+    "resourceId" TEXT,
+    "metadata" JSONB NOT NULL DEFAULT '{}',
+    "ipAddress" TEXT,
+    "userAgent" TEXT,
+    "timestamp" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "audit_logs_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable для алертов безопасности
+CREATE TABLE "security_alerts" (
+    "id" TEXT NOT NULL,
+    "type" "SecurityAlertType" NOT NULL,
+    "severity" "SecurityAlertSeverity" NOT NULL,
+    "userId" TEXT NOT NULL,
+    "message" TEXT NOT NULL,
+    "metadata" JSONB NOT NULL DEFAULT '{}',
+    "timestamp" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "resolved" BOOLEAN NOT NULL DEFAULT false,
+
+    CONSTRAINT "security_alerts_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex для оптимизации запросов по audit_logs
+CREATE INDEX "audit_logs_userId_idx" ON "audit_logs"("userId");
+CREATE INDEX "audit_logs_timestamp_idx" ON "audit_logs"("timestamp");
+CREATE INDEX "audit_logs_action_idx" ON "audit_logs"("action");
+CREATE INDEX "audit_logs_resourceType_idx" ON "audit_logs"("resourceType");
+
+-- CreateIndex для оптимизации запросов по security_alerts
+CREATE INDEX "security_alerts_userId_idx" ON "security_alerts"("userId");
+CREATE INDEX "security_alerts_timestamp_idx" ON "security_alerts"("timestamp");
+CREATE INDEX "security_alerts_resolved_idx" ON "security_alerts"("resolved");
+CREATE INDEX "security_alerts_severity_idx" ON "security_alerts"("severity");