feat(phase-9): implement MVP polishing and closure

T-032: User management admin panel - backend users router with CRUD, frontend UsersPage with modals T-033: Audit log viewer - backend audit router with filters/pagination, frontend AuditLogPage T-034: Global error handling - ErrorBoundary, LoadingSpinner, ErrorMessage, Toast components T-035: Backend tests - pytest setup with SQLite, tests for health/auth/techniques/tests T-036: Documentation - Updated README with testing section, created docs/API.md
2026-02-06 16:30:35 +01:00
parent cb447f3803
commit 174919da4e
27 changed files with 2539 additions and 17 deletions
--- a/README.md
+++ b/README.md
@@ -147,6 +147,21 @@ Once the backend is running, access the interactive API documentation at:
 | GET | `/api/v1/metrics/summary` | Authenticated | Global coverage summary (counts + percentage) |
 | GET | `/api/v1/metrics/by-tactic` | Authenticated | Coverage breakdown per MITRE tactic |

+### Users (Admin)
+| Method | Route | Auth | Description |
+|--------|-------|------|-------------|
+| GET | `/api/v1/users` | Admin | List all users |
+| POST | `/api/v1/users` | Admin | Create new user |
+| GET | `/api/v1/users/{id}` | Admin | Get user by ID |
+| PATCH | `/api/v1/users/{id}` | Admin | Update user (role, email, active status) |
+
+### Audit Logs (Admin)
+| Method | Route | Auth | Description |
+|--------|-------|------|-------------|
+| GET | `/api/v1/audit-logs` | Admin | List audit logs (filters: `?action=`, `?entity_type=`, `?start_date=`, `?end_date=`) |
+| GET | `/api/v1/audit-logs/actions` | Admin | List distinct action types |
+| GET | `/api/v1/audit-logs/entity-types` | Admin | List distinct entity types |
+
 ## Project Structure

 ```
@@ -187,7 +202,9 @@ Aegis/
 │       │   ├── tests.py        # CRUD tests (create, detail, update, validate, reject)
 │       │   ├── evidence.py     # Upload evidence, presigned download
 │       │   ├── system.py       # MITRE sync trigger, scheduler status
-│       │   └── metrics.py      # Coverage summary & per-tactic breakdown
+│       │   ├── metrics.py      # Coverage summary & per-tactic breakdown
+│       │   ├── users.py        # User management (admin only)
+│       │   └── audit.py        # Audit log viewer (admin only)
 │       ├── dependencies/       # FastAPI dependencies (DI)
 │       │   └── auth.py         # get_current_user, require_role, require_any_role
 │       ├── jobs/               # Background scheduled jobs
@@ -213,7 +230,9 @@ Aegis/
        │   ├── techniques.ts     # getTechniques(), getTechniqueByMitreId()
        │   ├── tests.ts          # createTest(), validateTest(), rejectTest()
        │   ├── evidence.ts       # uploadEvidence(), getEvidence()
-        │   └── system.ts         # triggerMitreSync(), triggerIntelScan()
+        │   ├── system.ts         # triggerMitreSync(), triggerIntelScan()
+        │   ├── users.ts          # getUsers(), createUser(), updateUser()
+        │   └── audit.ts          # getAuditLogs(), getAuditActions()
        ├── context/
        │   └── AuthContext.tsx    # Auth state: user, login, logout, isLoading
        ├── components/
@@ -226,7 +245,11 @@ Aegis/
        │   ├── TechniqueCell.tsx       # Individual technique cell in matrix
        │   ├── TestForm.tsx            # Reusable test creation/edit form
        │   ├── EvidenceUpload.tsx      # Drag & drop file upload
-        │   └── EvidenceList.tsx        # Evidence file listing
+        │   ├── EvidenceList.tsx        # Evidence file listing
+        │   ├── ErrorBoundary.tsx       # Global error boundary
+        │   ├── ErrorMessage.tsx        # Reusable error display
+        │   ├── LoadingSpinner.tsx      # Reusable loading indicator
+        │   └── Toast.tsx               # Toast notification system
        ├── pages/
        │   ├── LoginPage.tsx           # User authentication form
        │   ├── DashboardPage.tsx       # Coverage metrics dashboard with summary cards
@@ -235,7 +258,9 @@ Aegis/
        │   ├── TestsPage.tsx           # Tests overview and navigation
        │   ├── TestCreatePage.tsx      # Test creation form
        │   ├── TestDetailPage.tsx      # Test details with evidence upload
-        │   └── SystemPage.tsx          # Admin panel for MITRE sync & intel scan
+        │   ├── SystemPage.tsx          # Admin panel for MITRE sync & intel scan
+        │   ├── UsersPage.tsx           # User management (admin only)
+        │   └── AuditLogPage.tsx        # Audit log viewer (admin only)
        ├── types/
        │   └── models.ts         # TS interfaces matching backend schemas
        ├── hooks/
@@ -293,6 +318,33 @@ docker exec -w /app aegis-backend-1 alembic current
 - **MinIO Console**: http://localhost:9001 (login: `minioadmin` / `minioadmin`)
 - **PostgreSQL**: `psql -h localhost -p 5433 -U postgres -d attackdb`

+### Running Tests
+
+The backend includes a test suite using pytest:
+
+```bash
+# Install test dependencies (if running locally)
+pip install pytest pytest-asyncio httpx
+
+# Run all tests
+docker exec -w /app aegis-backend-1 pytest
+
+# Run tests with verbose output
+docker exec -w /app aegis-backend-1 pytest -v
+
+# Run specific test file
+docker exec -w /app aegis-backend-1 pytest tests/test_auth.py
+
+# Run locally (requires SQLite)
+cd backend && pytest
+```
+
+Test files:
+- `test_health.py` - Health endpoint tests
+- `test_auth.py` - Authentication and authorization tests
+- `test_techniques.py` - Technique CRUD tests
+- `test_tests.py` - Security test CRUD and validation tests
+
 ## User Roles

 | Role | Description |