77e98afaa6
Закрывает дыру #4 аудита журналирования. Объём по выбору заказчика — МИНИМУМ: ✅ Админ-API + кнопка в админке для удаления ПДн субъекта ✅ Сервис анонимизации (users + supplier_leads + deals + webhook_log) ✅ Журнал факта удаления в pd_processing_log ❌ БЕЗ формы самообслуживания на стороне субъекта ❌ БЕЗ email-подтверждения ❌ БЕЗ 30-дневного SLA (trigger deadline_at уже в схеме) Что добавлено: * Eloquent-модель `App\Models\PdSubjectRequest` (таблица уже была в схеме) * Сервис `App\Services\Pd\PdErasureService::eraseSubject()`: - cross-tenant через pgsql_supplier (BYPASSRLS) - транзакционно (rollback при ошибке) - users: email→erased-{id}@deleted.local, first_name→Удалено, last_name→null, phone→+7000{id} - supplier_leads: phone→+7000XXXXXXX, raw_payload→{erased:true} - deals: phone→+7000XXXXXXX, contact_name→Удалено (только если есть phone) - webhook_log: batched UPDATE по 500, raw_payload→{erased,erased_at} - pd_processing_log запись action=deleted за каждого user/lead с actor_admin_user_id (hash-chain audit_chain_hash триггером сам подписывает) - При requestId — pd_subject_requests SET status=completed, completed_at, response_text счёт * Контроллер `AdminPdSubjectRequestsController`: index/show/store/executeErasure * Маршруты под middleware(saas-admin): GET/POST /api/admin/pd-subject-requests, GET /{id}, POST /{id}/erase * Vue: `AdminPdSubjectRequestsView` (Quiet Luxury, таблица + диалог создания + кнопка Анонимизировать для request_type=deletion); ESLint требует v-slot:[`item.X`]= вместо #item.X для динамических slot-имён с точкой * Пункт меню в AdminLayout.vue + route /admin/pd-subject-requests NB: реальная схема — users.first_name/last_name/phone/email; supplier_leads имеет только phone (нет contact_*); deals имеет phone+contact_name (нет contact_email); webhook_log JSONB. PdErasureService адаптирован под факт. Тесты: 12/12 passed (63 assertions, ~2.6s) — index pagination, store + deadline trigger (+30 дней), eraseSubject анонимизация user/lead/deal/log, pd_processing_log запись, request status→completed, отклонение не-deletion типов, gate saas-admin, InvalidArgumentException. Plan: docs/superpowers/plans/2026-05-23-7-holes-overview.md (#4).
358 lines
12 KiB
TypeScript
358 lines
12 KiB
TypeScript
import { createRouter, createWebHistory, type RouteRecordRaw } from 'vue-router';
|
|
import { useAuthStore } from '../stores/auth';
|
|
|
|
/**
|
|
* Vue Router (фаза 2). История — `createWebHistory` (HTML5 history API);
|
|
* Laravel `Route::fallback` отдаёт SPA-shell для всех путей.
|
|
*
|
|
* Лейзи-импорты: каждый view подгружается отдельным chunk'ом.
|
|
*
|
|
* Auth-guard:
|
|
* - meta.requiresAuth=true → требует isAuthenticated, иначе redirect /login.
|
|
* - meta.guestOnly=true (auth-views) → если isAuthenticated, redirect /dashboard.
|
|
* - При первом заходе (cold start) — `fetchMe()` восстанавливает session-state.
|
|
*
|
|
* Dev-index badge: meta.devIndex/devLabel пробрасываются в layout-уровне
|
|
* (AppLayout/AuthLayout/AdminLayout) через `<DevIndexBadge>` для ручного фидбэка
|
|
* на localhost («элемент 16: бага X»). См. components/DevIndexBadge.vue.
|
|
*/
|
|
declare module 'vue-router' {
|
|
interface RouteMeta {
|
|
layout?: string;
|
|
title?: string;
|
|
requiresAuth?: boolean;
|
|
guestOnly?: boolean;
|
|
errorCode?: string;
|
|
devIndex?: number;
|
|
devLabel?: string;
|
|
transition?: string;
|
|
}
|
|
}
|
|
|
|
const routes: RouteRecordRaw[] = [
|
|
{
|
|
path: '/',
|
|
redirect: '/dashboard',
|
|
},
|
|
{
|
|
path: '/login',
|
|
name: 'login',
|
|
component: () => import('../views/auth/LoginView.vue'),
|
|
meta: { layout: 'auth', title: 'Вход', guestOnly: true, devIndex: 1, devLabel: 'Login' },
|
|
},
|
|
{
|
|
path: '/register',
|
|
name: 'register',
|
|
component: () => import('../views/auth/RegisterView.vue'),
|
|
meta: { layout: 'auth', title: 'Регистрация', guestOnly: true, devIndex: 2, devLabel: 'Register' },
|
|
},
|
|
{
|
|
path: '/2fa',
|
|
name: '2fa',
|
|
component: () => import('../views/auth/TwoFactorView.vue'),
|
|
meta: { layout: 'auth', title: 'Двухфакторная проверка', devIndex: 3, devLabel: '2FA' },
|
|
},
|
|
{
|
|
path: '/forgot',
|
|
name: 'forgot',
|
|
component: () => import('../views/auth/ForgotPasswordView.vue'),
|
|
meta: { layout: 'auth', title: 'Сброс пароля', guestOnly: true, devIndex: 4, devLabel: 'Forgot password' },
|
|
},
|
|
{
|
|
path: '/recovery-use',
|
|
name: 'recovery-use',
|
|
component: () => import('../views/auth/UseRecoveryCodeView.vue'),
|
|
meta: { layout: 'auth', title: 'Вход по резервному коду', devIndex: 7, devLabel: 'Use recovery' },
|
|
},
|
|
{
|
|
path: '/legal/:doc(offer|privacy)',
|
|
name: 'legal',
|
|
component: () => import('../views/legal/LegalDocView.vue'),
|
|
meta: { layout: 'auth', title: 'Правовые документы' },
|
|
},
|
|
{
|
|
path: '/reset/:token',
|
|
name: 'reset-password',
|
|
component: () => import('../views/auth/ResetPasswordView.vue'),
|
|
meta: { layout: 'auth', title: 'Новый пароль', guestOnly: true, devIndex: 5, devLabel: 'Reset password' },
|
|
},
|
|
{
|
|
path: '/dashboard',
|
|
name: 'dashboard',
|
|
component: () => import('../views/DashboardView.vue'),
|
|
meta: {
|
|
layout: 'app',
|
|
title: 'Дашборд',
|
|
requiresAuth: true,
|
|
transition: 'ld-route-fadeup',
|
|
devIndex: 8,
|
|
devLabel: 'Dashboard',
|
|
},
|
|
},
|
|
{
|
|
path: '/deals',
|
|
name: 'deals',
|
|
component: () => import('../views/DealsView.vue'),
|
|
meta: {
|
|
layout: 'app',
|
|
title: 'Сделки',
|
|
requiresAuth: true,
|
|
transition: 'ld-route-fadeup',
|
|
devIndex: 9,
|
|
devLabel: 'Сделки',
|
|
},
|
|
},
|
|
{
|
|
path: '/kanban',
|
|
name: 'kanban',
|
|
component: () => import('../views/KanbanView.vue'),
|
|
meta: {
|
|
layout: 'app',
|
|
title: 'Канбан',
|
|
requiresAuth: true,
|
|
transition: 'ld-route-fadeup',
|
|
devIndex: 10,
|
|
devLabel: 'Канбан',
|
|
},
|
|
},
|
|
{
|
|
path: '/projects',
|
|
name: 'projects',
|
|
component: () => import('../views/ProjectsView.vue'),
|
|
meta: {
|
|
layout: 'app',
|
|
title: 'Проекты',
|
|
requiresAuth: true,
|
|
transition: 'ld-route-fadeup',
|
|
devIndex: 16,
|
|
devLabel: 'Проекты',
|
|
},
|
|
},
|
|
{
|
|
path: '/billing',
|
|
name: 'billing',
|
|
component: () => import('../views/BillingView.vue'),
|
|
meta: {
|
|
layout: 'app',
|
|
title: 'Биллинг и тарифы',
|
|
requiresAuth: true,
|
|
transition: 'ld-route-fadeup',
|
|
devIndex: 13,
|
|
devLabel: 'Биллинг',
|
|
},
|
|
},
|
|
{
|
|
path: '/settings',
|
|
name: 'settings',
|
|
component: () => import('../views/SettingsView.vue'),
|
|
meta: {
|
|
layout: 'app',
|
|
title: 'Настройки',
|
|
requiresAuth: true,
|
|
transition: 'ld-route-fadeup',
|
|
devIndex: 14,
|
|
devLabel: 'Настройки',
|
|
},
|
|
},
|
|
{
|
|
path: '/reports',
|
|
name: 'reports',
|
|
component: () => import('../views/ReportsView.vue'),
|
|
meta: {
|
|
layout: 'app',
|
|
title: 'Отчёты',
|
|
requiresAuth: true,
|
|
transition: 'ld-route-fadeup',
|
|
devIndex: 12,
|
|
devLabel: 'Отчёты',
|
|
},
|
|
},
|
|
{
|
|
path: '/reminders',
|
|
name: 'reminders',
|
|
component: () => import('../views/RemindersView.vue'),
|
|
meta: {
|
|
layout: 'app',
|
|
title: 'Напоминания',
|
|
requiresAuth: true,
|
|
transition: 'ld-route-fadeup',
|
|
devIndex: 11,
|
|
devLabel: 'Напоминания',
|
|
},
|
|
},
|
|
{
|
|
path: '/import',
|
|
name: 'import',
|
|
component: () => import('../views/ImportView.vue'),
|
|
meta: {
|
|
layout: 'app',
|
|
title: 'Импорт данных',
|
|
requiresAuth: true,
|
|
transition: 'ld-route-fadeup',
|
|
devIndex: 29,
|
|
devLabel: 'Импорт данных',
|
|
},
|
|
},
|
|
// Админка SaaS — отдельный layout с под-брендом ADMIN.
|
|
// TODO: дополнительный role-guard на super_admin.
|
|
{
|
|
path: '/admin',
|
|
redirect: '/admin/tenants',
|
|
},
|
|
{
|
|
path: '/admin/tenants',
|
|
name: 'admin-tenants',
|
|
component: () => import('../views/admin/AdminTenantsView.vue'),
|
|
meta: { layout: 'admin', title: 'Тенанты', requiresAuth: true, devIndex: 21, devLabel: 'Admin Tenants' },
|
|
},
|
|
{
|
|
path: '/admin/tenants/:code',
|
|
name: 'admin-tenant-detail',
|
|
component: () => import('../views/admin/AdminTenantDetailView.vue'),
|
|
meta: { layout: 'admin', title: 'Тенант', requiresAuth: true, devIndex: 22, devLabel: 'Admin Tenant Detail' },
|
|
},
|
|
{
|
|
path: '/admin/billing',
|
|
name: 'admin-billing',
|
|
component: () => import('../views/admin/AdminBillingView.vue'),
|
|
meta: { layout: 'admin', title: 'Биллинг', requiresAuth: true, devIndex: 23, devLabel: 'Admin Billing' },
|
|
},
|
|
{
|
|
path: '/admin/incidents',
|
|
name: 'admin-incidents',
|
|
component: () => import('../views/admin/AdminIncidentsView.vue'),
|
|
meta: { layout: 'admin', title: 'Инциденты', requiresAuth: true, devIndex: 24, devLabel: 'Admin Incidents' },
|
|
},
|
|
{
|
|
path: '/admin/incidents/:id',
|
|
name: 'admin-incident-detail',
|
|
component: () => import('../views/admin/AdminIncidentDetailView.vue'),
|
|
meta: { layout: 'admin', title: 'Инцидент', requiresAuth: true },
|
|
},
|
|
{
|
|
path: '/admin/system',
|
|
name: 'admin-system',
|
|
component: () => import('../views/admin/AdminSystemView.vue'),
|
|
meta: { layout: 'admin', title: 'Система', requiresAuth: true, devIndex: 25, devLabel: 'Admin System' },
|
|
},
|
|
{
|
|
path: '/admin/pricing-tiers',
|
|
name: 'admin-pricing-tiers',
|
|
component: () => import('../views/admin/AdminPricingTiersView.vue'),
|
|
meta: {
|
|
layout: 'admin',
|
|
title: 'Тарифная сетка',
|
|
requiresAuth: true,
|
|
devIndex: 27,
|
|
devLabel: 'Admin Pricing Tiers',
|
|
},
|
|
},
|
|
{
|
|
path: '/admin/supplier-prices',
|
|
name: 'admin-supplier-prices',
|
|
component: () => import('../views/admin/AdminSupplierPricesView.vue'),
|
|
meta: {
|
|
layout: 'admin',
|
|
title: 'Цены поставщиков',
|
|
requiresAuth: true,
|
|
devIndex: 28,
|
|
devLabel: 'Admin Supplier Prices',
|
|
},
|
|
},
|
|
{
|
|
path: '/admin/impersonation',
|
|
name: 'admin-impersonation',
|
|
component: () => import('../views/admin/AdminImpersonationView.vue'),
|
|
meta: {
|
|
layout: 'admin',
|
|
title: 'Impersonation',
|
|
requiresAuth: true,
|
|
devIndex: 26,
|
|
devLabel: 'Admin Impersonation',
|
|
},
|
|
},
|
|
{
|
|
path: '/admin/supplier-integration',
|
|
name: 'admin-supplier-integration',
|
|
component: () => import('../views/admin/AdminSupplierIntegrationView.vue'),
|
|
meta: {
|
|
layout: 'admin',
|
|
title: 'Интеграция с поставщиком',
|
|
requiresAuth: true,
|
|
devIndex: 30,
|
|
devLabel: 'Admin Supplier Integration',
|
|
},
|
|
},
|
|
{
|
|
path: '/admin/supplier-projects',
|
|
name: 'admin-supplier-projects',
|
|
component: () => import('../views/admin/AdminSupplierProjectsView.vue'),
|
|
meta: {
|
|
layout: 'admin',
|
|
title: 'Проекты у поставщика',
|
|
requiresAuth: true,
|
|
devIndex: 31,
|
|
devLabel: 'Admin Supplier Projects',
|
|
},
|
|
},
|
|
{
|
|
path: '/admin/pd-subject-requests',
|
|
name: 'admin-pd-subject-requests',
|
|
component: () => import('../views/admin/AdminPdSubjectRequestsView.vue'),
|
|
meta: {
|
|
layout: 'admin',
|
|
title: 'Обращения ПДн',
|
|
requiresAuth: true,
|
|
devIndex: 32,
|
|
devLabel: 'Admin PD Requests',
|
|
},
|
|
},
|
|
// Error pages: 403/500 явные + catch-all 404 (всегда последний).
|
|
{
|
|
path: '/403',
|
|
name: 'forbidden',
|
|
component: () => import('../views/errors/ErrorView.vue'),
|
|
meta: { layout: 'error', errorCode: '403', title: 'Доступ запрещён', devIndex: 15, devLabel: 'Ошибка 403' },
|
|
},
|
|
{
|
|
path: '/500',
|
|
name: 'server-error',
|
|
component: () => import('../views/errors/ErrorView.vue'),
|
|
meta: { layout: 'error', errorCode: '500', title: 'Ошибка сервера', devIndex: 15, devLabel: 'Ошибка 500' },
|
|
},
|
|
{
|
|
path: '/:pathMatch(.*)*',
|
|
name: 'not-found',
|
|
component: () => import('../views/errors/ErrorView.vue'),
|
|
meta: { layout: 'error', errorCode: '404', title: 'Страница не найдена', devIndex: 15, devLabel: 'Ошибка 404' },
|
|
},
|
|
];
|
|
|
|
export const router = createRouter({
|
|
history: createWebHistory(),
|
|
routes,
|
|
});
|
|
|
|
let authInitialized = false;
|
|
|
|
router.beforeEach(async (to) => {
|
|
const auth = useAuthStore();
|
|
|
|
// На первый переход — восстанавливаем session через /api/auth/me.
|
|
// Если cookie валиден — auth.user будет заполнен; иначе остаётся null.
|
|
if (!authInitialized) {
|
|
await auth.fetchMe();
|
|
authInitialized = true;
|
|
}
|
|
|
|
if (to.meta.requiresAuth && !auth.isAuthenticated) {
|
|
return { path: '/login', query: { redirect: to.fullPath } };
|
|
}
|
|
|
|
if (to.meta.guestOnly && auth.isAuthenticated) {
|
|
return { path: '/dashboard' };
|
|
}
|
|
|
|
return true;
|
|
});
|