Phase 7 Task 3: 数据安全与合规

- 创建 security_manager.py 安全模块 - SecurityManager: 安全管理主类 - 审计日志系统 - 记录所有数据操作 - 端到端加密 - AES-256-GCM 加密项目数据 - 数据脱敏 - 支持手机号、邮箱、身份证等敏感信息脱敏 - 数据访问策略 - 基于用户、角色、IP、时间的访问控制 - 访问审批流程 - 敏感数据访问需要审批 - 更新 schema.sql 添加安全相关数据库表 - audit_logs: 审计日志表 - encryption_configs: 加密配置表 - masking_rules: 脱敏规则表 - data_access_policies: 数据访问策略表 - access_requests: 访问请求表 - 更新 main.py 添加安全相关 API 端点 - GET /api/v1/audit-logs - 查询审计日志 - GET /api/v1/audit-logs/stats - 审计统计 - POST /api/v1/projects/{id}/encryption/enable - 启用加密 - POST /api/v1/projects/{id}/encryption/disable - 禁用加密 - POST /api/v1/projects/{id}/encryption/verify - 验证密码 - GET /api/v1/projects/{id}/encryption - 获取加密配置 - POST /api/v1/projects/{id}/masking-rules - 创建脱敏规则 - GET /api/v1/projects/{id}/masking-rules - 获取脱敏规则 - PUT /api/v1/masking-rules/{id} - 更新脱敏规则 - DELETE /api/v1/masking-rules/{id} - 删除脱敏规则 - POST /api/v1/projects/{id}/masking/apply - 应用脱敏 - POST /api/v1/projects/{id}/access-policies - 创建访问策略 - GET /api/v1/projects/{id}/access-policies - 获取访问策略 - POST /api/v1/access-policies/{id}/check - 检查访问权限 - POST /api/v1/access-requests - 创建访问请求 - POST /api/v1/access-requests/{id}/approve - 批准访问 - POST /api/v1/access-requests/{id}/reject - 拒绝访问 - 更新 requirements.txt 添加 cryptography 依赖 - 更新 STATUS.md 和 README.md 记录完成状态
2026-02-23 18:11:11 +08:00
parent 847e183b85
commit 95a558acc9
19 changed files with 4407 additions and 1646 deletions
--- a/backend/schema.sql
+++ b/backend/schema.sql
@@ -539,3 +539,97 @@ CREATE INDEX IF NOT EXISTS idx_webdav_syncs_plugin ON webdav_syncs(plugin_id);
 CREATE INDEX IF NOT EXISTS idx_plugin_logs_plugin ON plugin_activity_logs(plugin_id);
 CREATE INDEX IF NOT EXISTS idx_plugin_logs_type ON plugin_activity_logs(activity_type);
 CREATE INDEX IF NOT EXISTS idx_plugin_logs_created ON plugin_activity_logs(created_at);
+
+-- ============================================
+-- Phase 7 Task 3: 数据安全与合规
+-- ============================================
+
+-- 审计日志表
+CREATE TABLE IF NOT EXISTS audit_logs (
+    id TEXT PRIMARY KEY,
+    action_type TEXT NOT NULL,  -- create, read, update, delete, login, export, etc.
+    user_id TEXT,
+    user_ip TEXT,
+    user_agent TEXT,
+    resource_type TEXT,  -- project, entity, transcript, api_key, etc.
+    resource_id TEXT,
+    action_details TEXT,  -- JSON: 详细操作信息
+    before_value TEXT,  -- 变更前的值
+    after_value TEXT,  -- 变更后的值
+    success INTEGER DEFAULT 1,  -- 0 = 失败, 1 = 成功
+    error_message TEXT,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+
+-- 加密配置表
+CREATE TABLE IF NOT EXISTS encryption_configs (
+    id TEXT PRIMARY KEY,
+    project_id TEXT NOT NULL,
+    is_enabled INTEGER DEFAULT 0,
+    encryption_type TEXT DEFAULT 'aes-256-gcm',  -- aes-256-gcm, chacha20-poly1305
+    key_derivation TEXT DEFAULT 'pbkdf2',  -- pbkdf2, argon2
+    master_key_hash TEXT,  -- 主密钥哈希（用于验证）
+    salt TEXT,  -- 密钥派生盐值
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (project_id) REFERENCES projects(id)
+);
+
+-- 脱敏规则表
+CREATE TABLE IF NOT EXISTS masking_rules (
+    id TEXT PRIMARY KEY,
+    project_id TEXT NOT NULL,
+    name TEXT NOT NULL,
+    rule_type TEXT NOT NULL,  -- phone, email, id_card, bank_card, name, address, custom
+    pattern TEXT NOT NULL,  -- 正则表达式
+    replacement TEXT NOT NULL,  -- 替换模板
+    is_active INTEGER DEFAULT 1,
+    priority INTEGER DEFAULT 0,
+    description TEXT,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (project_id) REFERENCES projects(id)
+);
+
+-- 数据访问策略表
+CREATE TABLE IF NOT EXISTS data_access_policies (
+    id TEXT PRIMARY KEY,
+    project_id TEXT NOT NULL,
+    name TEXT NOT NULL,
+    description TEXT,
+    allowed_users TEXT,  -- JSON array: 允许访问的用户ID列表
+    allowed_roles TEXT,  -- JSON array: 允许的角色列表
+    allowed_ips TEXT,  -- JSON array: 允许的IP模式列表
+    time_restrictions TEXT,  -- JSON: {"start_time": "09:00", "end_time": "18:00", "days_of_week": [0,1,2,3,4]}
+    max_access_count INTEGER,  -- 最大访问次数限制
+    require_approval INTEGER DEFAULT 0,  -- 是否需要审批
+    is_active INTEGER DEFAULT 1,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (project_id) REFERENCES projects(id)
+);
+
+-- 访问请求表（用于需要审批的访问）
+CREATE TABLE IF NOT EXISTS access_requests (
+    id TEXT PRIMARY KEY,
+    policy_id TEXT NOT NULL,
+    user_id TEXT NOT NULL,
+    request_reason TEXT,
+    status TEXT DEFAULT 'pending',  -- pending, approved, rejected, expired
+    approved_by TEXT,
+    approved_at TIMESTAMP,
+    expires_at TIMESTAMP,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (policy_id) REFERENCES data_access_policies(id)
+);
+
+-- 数据安全相关索引
+CREATE INDEX IF NOT EXISTS idx_audit_logs_user ON audit_logs(user_id);
+CREATE INDEX IF NOT EXISTS idx_audit_logs_resource ON audit_logs(resource_type, resource_id);
+CREATE INDEX IF NOT EXISTS idx_audit_logs_action ON audit_logs(action_type);
+CREATE INDEX IF NOT EXISTS idx_audit_logs_created ON audit_logs(created_at);
+CREATE INDEX IF NOT EXISTS idx_encryption_project ON encryption_configs(project_id);
+CREATE INDEX IF NOT EXISTS idx_masking_project ON masking_rules(project_id);
+CREATE INDEX IF NOT EXISTS idx_access_policy_project ON data_access_policies(project_id);
+CREATE INDEX IF NOT EXISTS idx_access_requests_policy ON access_requests(policy_id);
+CREATE INDEX IF NOT EXISTS idx_access_requests_user ON access_requests(user_id);