security hardening + drafts/attachments

2026-02-21 19:10:56 -05:00
parent 1dc99eb681
commit a0105956e4
35 changed files with 4928 additions and 0 deletions
--- a/web/src/views/admin_audit.ejs
+++ b/web/src/views/admin_audit.ejs
@@ -0,0 +1,64 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>Mastermind — Audit Log</title>
+  <style>
+    body{font-family:system-ui,-apple-system,Segoe UI,Roboto,Arial,sans-serif;margin:0;background:#0b0f14;color:#e8eef7}
+    header{background:#111824;border-bottom:1px solid #233043;padding:14px 16px;position:sticky;top:0}
+    main{max-width:1200px;margin:0 auto;padding:16px}
+    .card{background:#111824;border:1px solid #233043;border-radius:12px;padding:14px;margin:12px 0}
+    a{color:#7cc4ff;text-decoration:none}
+    .muted{color:#a9b7c6}
+    table{width:100%;border-collapse:collapse}
+    th,td{border-bottom:1px solid #233043;padding:10px 6px;text-align:left;color:#a9b7c6;font-size:13px;vertical-align:top}
+    th{color:#e8eef7}
+    code{font-family:ui-monospace,Menlo,Consolas,monospace;color:#d6e3f3}
+  </style>
+</head>
+<body>
+  <header>
+    <div style="display:flex;justify-content:space-between;align-items:center;gap:10px">
+      <div style="font-weight:700">Audit Log</div>
+      <div style="display:flex;gap:10px">
+        <a href="/admin/users">Users</a>
+        <a href="/">Dashboard</a>
+        <a href="/logout">Logout</a>
+      </div>
+    </div>
+  </header>
+
+  <main>
+    <div class="card">
+      <div class="muted">Showing latest <%= logs.length %> events (most recent first).</div>
+      <div style="overflow:auto;margin-top:10px">
+        <table>
+          <thead>
+            <tr>
+              <th>Time</th>
+              <th>Actor</th>
+              <th>Action</th>
+              <th>Target</th>
+              <th>IP</th>
+              <th>Metadata</th>
+            </tr>
+          </thead>
+          <tbody>
+            <% logs.forEach(l => { %>
+              <tr>
+                <td><%= l.created_at %></td>
+                <td><%= l.actor_email || '' %></td>
+                <td><code><%= l.action %></code></td>
+                <td><%= l.target_type || '' %> <%= l.target_id || '' %></td>
+                <td><%= l.ip || '' %></td>
+                <td><code><%= JSON.stringify(l.metadata || {}) %></code></td>
+              </tr>
+            <% }) %>
+          </tbody>
+        </table>
+      </div>
+    </div>
+  </main>
+</body>
+</html>