refactor: 日志库拆分与清理用户审计

2025-12-26 17:24:10 +08:00
parent 755b61a044
commit ca632a7c09
21 changed files with 1042 additions and 392 deletions
--- a/deploy/postgres/create_databases.sql
+++ b/deploy/postgres/create_databases.sql
@@ -15,6 +15,9 @@ BEGIN
    IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'hangfire_user') THEN
        CREATE ROLE hangfire_user LOGIN PASSWORD 'HangFire112233';
    END IF;
+    IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'logs_user') THEN
+        CREATE ROLE logs_user LOGIN PASSWORD 'Logs112233';
+    END IF;
 END $$;

 DO $$
@@ -49,6 +52,14 @@ BEGIN
 END $$;
 COMMENT ON DATABASE takeout_hangfire_db IS 'Takeout SaaS 调度/Hangfire 数据库';

+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'takeout_logs_db') THEN
+        CREATE DATABASE takeout_logs_db OWNER logs_user ENCODING 'UTF8';
+    END IF;
+END $$;
+COMMENT ON DATABASE takeout_logs_db IS 'Takeout SaaS 审计/日志数据库';
+
 -- Ensure privileges and default schema permissions
 \connect takeout_app_db
 GRANT CONNECT, TEMP ON DATABASE takeout_app_db TO app_user;
@@ -81,3 +92,11 @@ GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO hangfire_
 GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO hangfire_user;
 ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO hangfire_user;
 ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO hangfire_user;
+
+\connect takeout_logs_db
+GRANT CONNECT, TEMP ON DATABASE takeout_logs_db TO logs_user;
+GRANT USAGE ON SCHEMA public TO logs_user;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO logs_user;
+GRANT USAGE, SELECT, UPDATE ON ALL SEQUENCES IN SCHEMA public TO logs_user;
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO logs_user;
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT, UPDATE ON SEQUENCES TO logs_user;
--- a/deploy/postgres/migrate_logs_to_logs_db.sql
+++ b/deploy/postgres/migrate_logs_to_logs_db.sql
@@ -0,0 +1,89 @@
+-- 日志库迁移脚本（请在 psql 中按步骤执行）
+
+-- 1. 在日志库创建表结构（takeout_logs_db）
+\connect takeout_logs_db
+
+CREATE TABLE IF NOT EXISTS tenant_audit_logs (
+    "Id" bigint GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
+    "TenantId" bigint NOT NULL,
+    "Action" integer NOT NULL,
+    "Title" character varying(128) NOT NULL,
+    "Description" character varying(1024),
+    "OperatorId" bigint,
+    "OperatorName" character varying(64),
+    "PreviousStatus" integer,
+    "CurrentStatus" integer,
+    "CreatedAt" timestamp with time zone NOT NULL,
+    "UpdatedAt" timestamp with time zone,
+    "DeletedAt" timestamp with time zone,
+    "CreatedBy" bigint,
+    "UpdatedBy" bigint,
+    "DeletedBy" bigint
+);
+CREATE INDEX IF NOT EXISTS "IX_tenant_audit_logs_TenantId" ON tenant_audit_logs ("TenantId");
+
+CREATE TABLE IF NOT EXISTS merchant_audit_logs (
+    "Id" bigint GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
+    "MerchantId" bigint NOT NULL,
+    "Action" integer NOT NULL,
+    "Title" character varying(128) NOT NULL,
+    "Description" character varying(1024),
+    "OperatorId" bigint,
+    "OperatorName" character varying(64),
+    "CreatedAt" timestamp with time zone NOT NULL,
+    "UpdatedAt" timestamp with time zone,
+    "DeletedAt" timestamp with time zone,
+    "CreatedBy" bigint,
+    "UpdatedBy" bigint,
+    "DeletedBy" bigint,
+    "TenantId" bigint NOT NULL
+);
+CREATE INDEX IF NOT EXISTS "IX_merchant_audit_logs_TenantId_MerchantId" ON merchant_audit_logs ("TenantId", "MerchantId");
+
+CREATE TABLE IF NOT EXISTS operation_logs (
+    "Id" bigint GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
+    "OperationType" character varying(64) NOT NULL,
+    "TargetType" character varying(64) NOT NULL,
+    "TargetIds" text,
+    "OperatorId" character varying(64),
+    "OperatorName" character varying(128),
+    "Parameters" text,
+    "Result" text,
+    "Success" boolean NOT NULL,
+    "CreatedAt" timestamp with time zone NOT NULL,
+    "UpdatedAt" timestamp with time zone,
+    "DeletedAt" timestamp with time zone,
+    "CreatedBy" bigint,
+    "UpdatedBy" bigint,
+    "DeletedBy" bigint
+);
+CREATE INDEX IF NOT EXISTS "IX_operation_logs_CreatedAt" ON operation_logs ("CreatedAt");
+CREATE INDEX IF NOT EXISTS "IX_operation_logs_OperationType_CreatedAt" ON operation_logs ("OperationType", "CreatedAt");
+
+CREATE TABLE IF NOT EXISTS member_growth_logs (
+    "Id" bigint GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
+    "MemberId" bigint NOT NULL,
+    "ChangeValue" integer NOT NULL,
+    "CurrentValue" integer NOT NULL,
+    "Notes" character varying(256),
+    "OccurredAt" timestamp with time zone NOT NULL,
+    "CreatedAt" timestamp with time zone NOT NULL,
+    "UpdatedAt" timestamp with time zone,
+    "DeletedAt" timestamp with time zone,
+    "CreatedBy" bigint,
+    "UpdatedBy" bigint,
+    "DeletedBy" bigint,
+    "TenantId" bigint NOT NULL
+);
+CREATE INDEX IF NOT EXISTS "IX_member_growth_logs_TenantId_MemberId_OccurredAt" ON member_growth_logs ("TenantId", "MemberId", "OccurredAt");
+
+-- 2. 迁移数据（建议使用 pg_dump/pg_restore 或应用侧批量拷贝）
+--    示例：pg_dump -t tenant_audit_logs -t merchant_audit_logs -t operation_logs -t member_growth_logs takeout_app_db > logs_dump.sql
+--          psql -d takeout_logs_db -f logs_dump.sql
+
+-- 3. 在业务库删除旧日志表（takeout_app_db）
+\connect takeout_app_db
+DROP TABLE IF EXISTS tenant_audit_logs;
+DROP TABLE IF EXISTS merchant_audit_logs;
+DROP TABLE IF EXISTS operation_logs;
+DROP TABLE IF EXISTS member_growth_logs;