Arxivga qaytish
III. Platforma, DevOps va xavfsizlikvitrinayakkamijoz anonimlashtirilgan

Admin v2 — Edge-RBAC + STRIDE mustahkamlash

Legacy Laravel backend ustida Next.js 16 / React 19 asosida qurilgan, ko'p ijarachili (multi-tenant) production darajasidagi admin panel (Restaurant chain (UZ) + Restaurant chain (UZ)), kuchli xavfsizlik yo'nalishi bilan: edge-RBAC, TOTP MFA, audit jurnali, qat'iy CSP.

Holat
faol
Davr
2026-05-20 → 2026-05-21
AI sessiyalar
Stek
Tillar
TypeScript
Freymvorklar · Infra
Next.js 16 (App RouterTurbopack)React 19better-authdrizzle-ormTailwind CSS v4shadcn/uiTanStack Query/Tablenext-safe-actionzod v4
§01

Umumiy ko'rinish

  • Bu nima: Bitta kod bazasidan ikkita brend uchun mustahkamlangan (hardened) admin panel — brending va API bazasi runtime paytida TENANT env orqali tanlanadi. Katalogni (mahsulotlar, modifikatorlar, kategoriyalar, menyu), sotuv va chegirma qoidalarini, joylashuvlarni (shaharlar/tashkilotlar/terminallar), marketingni (Telegram broadcastlar, shablonlar, SMS, yangiliklar, sliderlar) va tizim sozlamalarini (rollar, tillar, buyurtma statuslari, push hodisalar) boshqaradi. Frontend mavjud Laravel API ustidagi qobiq (telefon orqali OTP autentifikatsiya, /api/v2/*).
  • Turi / statusi / roli: web-app · active (yangi, faol ishlanmoqda) · solo (Davron Yuldashev).
  • Faollik oynasi: 2026-05-20 → 2026-05-21. Juda yosh: birinchi kunda bootstrap scaffold + bitta katta feat kommit (237 fayl, +27,468 qator), ertasi kuni esa xavfsizlik tuzatishi.
§02

Stek

  • Tillar: TypeScript (strict + noUncheckedIndexedAccess).
  • Freymvorklar/kutubxonalar: Next.js 16 (App Router, Turbopack), React 19.2, better-auth 1.6 (Drizzle adapter, SQLite session store), drizzle-orm + better-sqlite3, TanStack Query v5 + TanStack Table v8, next-safe-action v8 (type-safe server action'lar), react-hook-form + zod v4 resolver'lar, nuqs (URL state), shadcn/ui (new-york) + Tailwind v4 (CSS-first, tailwind.config.jssiz), lucide-react, sonner, @t3-oss/env-nextjs (env validatsiyasi), hashids, input-otp, react-google-recaptcha-v3.
  • Infra/deploy: Bun (bun.lock lockfile, bun dev/build skriptlari), ESLint flat config + eslint-plugin-security. CI/hosting repo'da qat'iy belgilanmagan. @upstash/ratelimit + @upstash/redis ulangan, lekin stub sifatida belgilangan (rate limiting hali faol emas).
  • Ma'lumotlar: SQLite (local.db) — faqat better-auth sessiyalari/MFA/audit uchun; biznes ma'lumotlari Laravel'da yashaydi. Migratsiyalar uchun Drizzle-kit.
  • E'tiborga molik tooling: bun smoke — Laravel klientining --conditions react-server orqali maxsus smoke testi. README "banned dependencies": react-quill (XSS), next-auth (better-auth bilan almashtirilgan), axios (faqat native fetch).
§03

Nima qilindi

Timeline (git log, 3 kommit):

  • Initial bootstrap — Next 16 + shadcn + better-auth scaffold (61 fayl, +5154). Muallif bootstrap@admin-v2-build.local (avtomatlashtirilgan scaffolding vositasi).
  • `dfc8884` feat: auth + 22 dashboard pages + broadcasts parity — (2026-05-20, Davron Yuldashev). Asosiy hajm: 237 fayl, +27,468 / −181. Aynan shu yerda butun yadro quriladi: Laravel orqali OTP login, TOTP MFA, ~30 ta resurs bo'ylab zod sxemalari bilan type-safe Laravel klient, 22+ CRUD dashboard sahifasi va broadcasts funksiyasi (Telegram broadcastlar) to'liq hayotiy sikli bilan.
  • `28d31e3` fix(proxy): close cookie-presence auth bypass — (2026-05-21, Davron Yuldashev). O'z-o'zini audit qilishdan chiqqan xavfsizlik tuzatishi (topilma C1): axlat payload'li soxta session cookie himoyalangan yo'nalishlarda 200 qaytarayotgan edi, chunki middleware getCookieCache → null bo'lganda so'rovlarni "o'tkazib yuborardi". Tuzatildi: cookie mavjud + parse muvaffaqiyatsiz ⇒ /login'ga redirect + ikkala cookie'ni o'chirish.
  • Hajm: 2 kun ichida 3 kommit; bir zarbada "noldan-mahsulotgacha" portlash, so'ng maqsadli xavfsizlik ishi. Tashlab qo'yilganga o'xshamaydi — yangi, faol.
§04

Texnik chellenjlar

Barchasi diff'lar/fayllarga solishtirib tasdiqlangan:

  • Middleware'da DB'siz Edge-RBAC (proxy.ts): rollar to'g'ridan-to'g'ri Edge runtime'da imzolangan better-auth cookie cache'ini o'qish orqali tekshiriladi (getCookieCache, BETTER_AUTH_SECRET ustida HMAC) — SQLite'ga murojaat yo'q. Amalga oshirilgan: har bir so'rov uchun CSP-nonce generatsiyasi, absolyut 12 soatlik sessiya chegarasi (session.createdAt + 12h), admin bilan cheklangan prefikslar (/users, /configs, /admin), rolesni ham massivdan, ham JSON string'dan normalizatsiya qilish. → Edge runtime cheklovlarini va auth muhandisligini tushunishni namoyish etadi.
  • Auth bypass'ni yopish (kommit 28d31e3): klassik "cookie mavjud ⇒ o'tkazib yubor" xatosi, o'z tashabbusi bilan o'tkazilgan STRIDE audit orqali topildi va tuzatildi; RBAC va chegara tekshiruvlari if (cache) shoxobchasidan tashqariga, early-return'dan keyin ko'chirildi, chunki cache endi non-null bo'lishi kafolatlangan. → Haqiqiy xavfsizlik tafakkuri, oddiy "belgi qo'yish" emas.
  • Saqlashda shifrlanadigan sir bilan TOTP MFA (lib/auth/mfa.ts): 160-bitli base32 sir (RFC 6238) generatsiya qiladi, symmetricEncrypt orqali AES-GCM bilan shifrlaydi (kalit MFA_ENCRYPTION_KEY ⇒ zaxira sifatida BETTER_AUTH_SECRET), otpauth:// URI, ±1 oynali tekshiruv (±30s siljishga toqatli), qat'iy kod normalizatsiyasi. → Kriptografiya va TOTP standartlarini bilish.
  • DB'ga tayangan brute-force lockout (lib/auth/lockout.ts): 15 daqiqada 5 ta muvaffaqiyatsiz TOTP urinishi ⇒ 15 daqiqalik qulflash; holat xotira emas, user qatorida (mfa_failed_attempts/mfa_locked_until) saqlanadi — restart'lardan omon qoladi va worker'lar bo'ylab izchil. sql\${col} + 1\` orqali .returning()` bilan atomik inkrement. Ommaviy xatolar ataylab umumlashtirilgan. → Production darajasidagi rate limiting.
  • Type-safe Laravel klient (lib/api/laravel.ts, 405 qator): yagona kirish nuqtasi laravelFetch — strukturalangan JSON loglashni markazlashtiradi (token/body hech qachon loglanmaydi), bearer forwarding, ijarachi X-Project-Code header'i, barcha mutatsiyalarda avtomatik Idempotency-Key (UUID), AbortSignal + 15s timeout birlashtirishi, status'ni type'li xatoga o'girish (LaravelUnauthorized/Forbidden/Validation/...) va ixtiyoriy zod javob validatsiyasi. Sessiya stack'ini lazy dinamik import qiladi, shunda skipAuth chaqiruvlar DB'ni yuklamaydi. → Ajoyib integratsiya qatlami arxitekturasi.
  • Legacy Laravel bilan integratsiya g'aliranglari (lib/auth/laravel.ts, lib/api/decode.ts): g'alati OTP kontrakti "as-is" ko'chirilgan (/api/keldi → base64 CSRF, wtf header'li /api/send_otp = recaptcha, /api/auth_otp → base64 JSON yoki tom ma'nodagi "false"). Helper'lar ikki marta kodlangan base64 konvertlarni dekod qiladi. → Birovning nostandart API'sini o'zgartirmasdan bo'ysundira olish qobiliyati.
  • Server-action fabrikasi (lib/forms/serverAction.ts): defineCrudAction({input, method, path, output, revalidate}) next-safe-action ustidagi takrorlanuvchi CRUD naqshini kodifikatsiya qiladi; Laravel 422 xatolari returnValidationErrors orqali forma maydoni xatolariga qaytariladi; handleServerError har qanday non-Laravel xatoni umumiy string'ga yig'adi (stack trace'lar sizib chiqmaydi). path validatsiyalangan input'ning funksiyasi bo'lishi mumkin. → DRY + type xavfsizligi tizimli yechim sifatida.
  • Multipart aylanib o'tishi (broadcasts/actions.ts): laravelFetch faqat JSON bo'lgani uchun broadcast rasm yuklashlari FormData bilan to'g'ridan-to'g'ri fetch qiladi, Content-Typeni ataylab o'rnatmaydi (shunda fetch multipart chegarasini o'zi qo'yadi), ayni paytda bir xil auth/tenant header'larini qayta ishlatadi. Klient tarafida tur/hajm validatsiyasi (≤10 MB). Broadcast hayotiy sikli (schedule/pause/resume/cancel/cancel-and-delete/reset-to-draft/duplicate) + polling orqali Redis'dan jonli statistika.
§05

AI yordamida ishlab chiqish

  • Topilgan sessiyalar: 0 — ~/.claude/projects/*admin_v2* katalogi mavjud emas.
  • AI bilan nima qilingan: ikkala foydalanuvchi kommiti ham Co-Authored-By: Claude Opus 4.7 olib yuradi, ya'ni ishlab chiqish davomida AI ishlatilgan, biroq ushbu repo uchun lokal Claude Code sessiya loglari saqlanmagan (ehtimol boshqa yo'ldan/vositadan ishga tushirilgan). Bootstrap kommitning o'zi avtomatlashtirilgan scaffolding agenti (bootstrap@admin-v2-build.local), buni Next 16 uchun agent qoidalarini o'z ichiga olgan AGENTS.md ham ishora qiladi.
  • AI vorkflow naqshlari: agentik sozlama bilvosita ko'rinadi (AGENTS.md, README'dagi "auth-builder finalizes schema" eslatmasi, topilma kodlari bilan "security audit 2026-05-21"ga havolalar) — AI agentlar bilan strukturalangan ish va o'z tashabbusiga tayangan kod tekshiruvi/auditi. To'g'ridan-to'g'ri izlar yo'q.
§06

Yutuqlar va metrikalar

  • Miqyos: 22+ dashboard sahifasi (broadcasts, broadcast-templates, catalog, categories, cities, configs, delivery-pricings, events-system, langs, menu-items, menu-types, mobile-push-events, modifiers, news, order-statuses, organizations, products, roles, sales, sales-rules, sliders, sms-templates, terminals).
  • ~30 ta zod resurs sxemasi lib/api/schemas/** ichida (catalog/sales/locations/people/marketing/settings).
  • +27,468 qator bir kunning o'zida asosiy feat kommitida.
  • Xavfsizlik: har bir so'rov uchun nonce infratuzilmasi bilan qat'iy CSP, xavfsizlik header'larining to'liq to'plami (HSTS preload, COOP/CORP, X-Frame DENY, Permissions-Policy), ARCHITECTURE.md'dagi STRIDE tahdid modeli (§6), append-only audit jurnali, mutatsiyalarda idempotency kalitlari.
  • Multi-tenancy: bitta kod bazasi → TENANT env orqali 2 brend (Restaurant chain (UZ)/Restaurant chain (UZ)).
§07

Hissa qo'shganlar

git shortlog · barcha branchlar

  1. Dave932
  2. bootstrap1
2 hissadorjami 3 ta kommit
Hozirda

Senior / Staff muhandis rollari va tanlab olingan frilansga ochiqman — prodakshn AI, platforma va full-stack ishlar.

Bog'lanish