Commit Graph

2 Commits

Author SHA1 Message Date
Julien Gautier 472b2b2c8c feat(portal-admin): audit log viewer screen
CI / scan (pull_request) Successful in 2m21s
CI / commits (pull_request) Successful in 2m31s
CI / check (pull_request) Successful in 2m40s
CI / a11y (pull_request) Successful in 1m56s
CI / perf (pull_request) Successful in 5m44s
Final piece of the chantier portal-admin per ADR-0020 §"v1 scope"
item 4. The new /audit page consumes GET /api/admin/audit (PR #132),
renders a filter form + paginated results table, and trips the
admin.audit.query deterrent on every fetch.

What lands

- AuditEventsService (apps/portal-admin/src/app/pages/audit/
  audit-events.service.ts): thin HttpClient wrapper around
  GET /api/admin/audit. Builds HttpParams from the filter shape,
  dropping empty strings (Nest's ValidationPipe treats ?foo= as
  invalid). providedIn: 'root' — the audit page is the single v1
  consumer, no per-page DI overhead worth it.

- AuditPage component (apps/portal-admin/src/app/pages/audit/
  audit.ts): signal-driven page composing:
  - Filter form: eventType, actorIdHash, audience, outcome,
    subjectPrefix, createdAtFrom/To (datetime-local → ISO),
    page-size selector (25 / 50 / 100 / 200 matching BFF MAX_LIMIT).
  - Result table: timestamp (locale-formatted), event type,
    audience+outcome with color-coded badges, actor hash + subject
    stacked, trace id, payload disclosure (details/summary).
  - Pagination: previous/next disabled at boundaries, resets
    offset to 0 on every Apply Filters or Reset.
  - States: loading line, empty state, error message (403
    surfaces "you do not have access"; 5xx surfaces a generic
    retry message — raw status leaks to ops via the network tab,
    not to the admin UI).

- Route: /audit, lazy-loaded, title 'Audit log — APF Portal Admin'
  + matching FR translation in messages.fr.xlf
  ('Journal d'audit — Administration APF Portal').

Notes

- @RequireMfa NOT applied to the BFF endpoint in v1 — the admin
  surface already sits behind a freshly-MFA'd session per ADR-0020,
  and the per-query audit row is the deterrent. The endpoint will
  pick up @RequireMfa({ freshness: 600 }) when the security review
  asks for it; the SPA already lives behind the unauthorized
  interceptor so it would gracefully refresh on the 401.
- Page-size cap mirrors the BFF MAX_LIMIT (200). A future caller
  bypassing the SPA cap is still safe because the BFF DTO clamps
  to 200 regardless (PR #132 §AuditReader.findEvents).
- SCSS budget: 4.98 KB / 5 KB warning (1.21 KB transfer). Well
  below the 6 KB error ceiling.
- AdminAuditQuery interface uses `?: T | undefined` so callers can
  build the query object with `undefined` placeholders for absent
  filters under `exactOptionalPropertyTypes: true` — the page does
  exactly that in `buildFilters()`.

Tests: +15 specs (AuditEventsService 3, AuditPage 12: initial query,
filter forwarding, offset-reset on Apply, clearFilters, pagination
disabled at boundaries, outcome-badge variants, payload disclosure
visibility, empty / loading / error states).
2026-05-14 17:44:35 +02:00
julien d962be838a feat(portal-admin): skeleton app per ADR-0020 (#100)
CI / check (push) Successful in 2m49s
CI / commits (push) Has been skipped
CI / scan (push) Successful in 2m32s
CI / a11y (push) Successful in 1m26s
CI / perf (push) Successful in 4m17s
## Summary

First step of the admin track per ADR-0020. Scaffold the second Angular SPA in the workspace alongside `portal-shell`, with the architectural decisions from the v1 ADRs already wired so subsequent feature PRs can drop straight into modules.

## What lands

- **App generated** via `nx g @nx/angular:application` (with the matching e2e project skeleton). Standalone, zoneless-ready, prefix `app`, scss component styles, css root stylesheet, no SSR.
- **Tags** `scope:portal-admin, type:app` — module-boundary lint now treats `portal-admin` distinctly from `portal-shell` and lets it depend only on `scope:portal-admin` + `scope:shared` libs.
- **Tailwind v4 + brand tokens**: `.postcssrc.json`, `@import 'tailwindcss'`, class-based dark variant, and `@import '../../../libs/shared/tokens/src/brand-tokens.css'` — identical visual baseline to portal-shell.
- **i18n config mirrors portal-shell** (per ADR-0019): sourceLocale `en`, target `fr`, baseHref `/{locale}/` per locale, `@angular/localize/init` polyfill, `localize: ["en", "fr"]` on production, `i18nMissingTranslation: "error"` so CI blocks any PR that adds a marker without translating it. Seed [`messages.fr.xlf`](apps/portal-admin/src/locale/messages.fr.xlf) carries the four marked strings used today.
- **Budgets** relaxed to **500 KB gzip initial** per ADR-0020 §"Performance budgets" (vs 300 KB for portal-shell).
- **Skeleton home page** at `/` — `<h1>` + intro paragraph + "Skeleton — coming soon" chip in the brand-accent palette. All marked for i18n.
- **Skip-link landmark** (WCAG 2.4.1) with the same component-scoped scss as portal-shell.
- **Wildcard catch-all route** → bounces unknown paths to home (same defensive pattern as PR #96 on portal-shell).
- **Dev server on port 4300** (vs 4200 for portal-shell) — both can run in parallel.
- **`serve-static` target without `spa: true`** — locale-prefixed routing in production is handled by the reverse proxy (per ADR-0019), same as portal-shell since PR #92.

## CLAUDE.md

Picked up the second app in the **Naming** entry and the **Commands** snippet (`<app>` is now one of `portal-shell`, `portal-admin`, `portal-bff`).

## Verification

- `pnpm exec nx run-many -t lint test build --projects=portal-shell,portal-admin,shared-ui,shared-state,shared-tokens` — green.
- `portal-admin` test: 1 spec (skip-link + main landmark present).
- Production build of `portal-admin`: **62 KB gzip initial per locale** (vs 500 KB budget — plenty of headroom for the upcoming modules).
- Both `dist/apps/portal-admin/browser/{en,fr}/` emit with the right `<html lang>` and `<base href>`. FR bundle contains `"Administration"` / `"Squelette"` / `"bientôt disponible"` — translations applied.
- portal-shell production build unchanged.

## Out of scope (each its own follow-up PR)

- Admin app shell (header / sidebar / footer with "Admin" badge — likely sharing graduated primitives plus admin-specific bits).
- OpenTelemetry tracing setup (`service.name=portal-admin` per ADR-0012).
- `environment.ts` wiring (per ADR-0018) for admin-specific endpoints.
- BFF `AdminModule` + `AdminRoleGuard` + smoke `/api/admin/me` (per ADR-0020 §"Auth").
- First functional module — CMS / menu / users / audit viewer.

## Test plan

- [x] Lint + test + build green across the workspace.
- [x] Per-locale production build emits both folders with correct metadata.
- [ ] Manual: `pnpm exec nx serve portal-admin` boots on `:4300`, smoke page renders.
- [ ] Manual: prod build + `pnpm exec nx run portal-admin:serve-static` → `http://localhost:4300/en/` and `/fr/` show the placeholder with the matching language.

---------

Co-authored-by: Julien Gautier <julien.gautier@apf.asso.fr>
Reviewed-on: #100
2026-05-12 01:49:19 +02:00