feat: Phase 1 - Implementation of Data Security Infrastructure

Implemented comprehensive data security infrastructure for SFERA platform: ## Security Classes Created: - `SupplyDataFilter`: Role-based data filtering for supply orders - `ParticipantIsolation`: Data isolation between competing organizations - `RecipeAccessControl`: Protection of production recipes and trade secrets - `CommercialDataAudit`: Audit logging and suspicious activity detection - `SecurityLogger`: Centralized security event logging system ## Infrastructure Components: - Feature flags system for gradual security rollout - Database migrations for audit logging (AuditLog, SecurityAlert models) - Secure resolver wrapper for automatic GraphQL security - TypeScript interfaces and type safety throughout ## Security Features: - Role-based access control (SELLER, WHOLESALE, FULFILLMENT, LOGIST) - Commercial data protection between competitors - Production recipe confidentiality - Audit trail for all data access - Real-time security monitoring and alerts - Rate limiting and suspicious activity detection ## Implementation Notes: - All console logging replaced with centralized security logger - Comprehensive TypeScript typing with no explicit 'any' types - Modular architecture following SFERA coding standards - Feature flag controlled rollout for safe deployment This completes Phase 1 of the security implementation plan. Next phases will integrate these classes into existing GraphQL resolvers. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-22 17:51:02 +03:00
parent e7e4889102
commit 6e3201f491
20 changed files with 5671 additions and 66 deletions
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@ -680,3 +680,54 @@ enum ReferralTransactionType {
  FIRST_ORDER
  MONTHLY_BONUS
 }
+
+model AuditLog {
+  id               String           @id @default(cuid())
+  userId           String
+  organizationType OrganizationType
+  action           String
+  resourceType     String
+  resourceId       String?
+  metadata         Json             @default("{}")
+  ipAddress        String?
+  userAgent        String?
+  timestamp        DateTime         @default(now())
+
+  @@index([userId])
+  @@index([timestamp])
+  @@index([action])
+  @@index([resourceType])
+  @@map("audit_logs")
+}
+
+model SecurityAlert {
+  id        String                @id @default(cuid())
+  type      SecurityAlertType
+  severity  SecurityAlertSeverity
+  userId    String
+  message   String
+  metadata  Json                  @default("{}")
+  timestamp DateTime              @default(now())
+  resolved  Boolean               @default(false)
+
+  @@index([userId])
+  @@index([timestamp])
+  @@index([resolved])
+  @@index([severity])
+  @@map("security_alerts")
+}
+
+enum SecurityAlertType {
+  EXCESSIVE_ACCESS
+  UNAUTHORIZED_ATTEMPT
+  DATA_LEAK_RISK
+  SUSPICIOUS_PATTERN
+  BULK_EXPORT_DETECTED
+}
+
+enum SecurityAlertSeverity {
+  LOW
+  MEDIUM
+  HIGH
+  CRITICAL
+}