6.2 KiB
6.2 KiB
Setrip — Admin Audit & Investigation Roadmap (ARCHIVED — DELIVERED 2026-05-18)
Admin perlu mencari lintas entity (booking/payment/refund/user/trip) dan export untuk compliance + investigasi dispute.
Status delivery
| Phase | Status | Catatan |
|---|---|---|
| Phase 1 — Filter & Search Enhancements | ✅ Delivered | Filter date range + reviewer di refunds/payouts/verifications via AdminFilterBar reusable. Reason filter di refunds. |
| Phase 2 — Global Search | ✅ Delivered | Search bar di sidebar admin dispatch by pattern (email/order_id/cuid/fuzzy). Endpoint /api/admin/search. |
| Phase 3 — CSV Export | ✅ Delivered | 3 endpoint export (refunds/payouts/verifications) dengan UTF-8 BOM untuk Excel. Tombol "⬇️ Export CSV" di tiap halaman list. |
| Phase 4 — Generic Admin Audit Log | ✅ Delivered | Model AdminActionLog (polymorphic, append-only). Helper auditLog.record() di-wire ke semua admin server action. Halaman /admin/audit-log dengan filter. |
Phase 1 — Filter & Search Enhancements ✅
| # | Item | Status | File |
|---|---|---|---|
| 1.1 | Filter date range (dateFrom, dateTo) di /admin/refunds |
✅ | app/admin/refunds/page.tsx |
| 1.2 | Filter reviewer (admin email dropdown) di /admin/refunds |
✅ | app/admin/refunds/page.tsx |
| 1.3 | Filter reason di /admin/refunds |
✅ | app/admin/refunds/page.tsx |
| 1.4 | Filter date range + processor di /admin/payouts |
✅ | app/admin/payouts/page.tsx |
| 1.5 | Filter date range + reviewer di /admin/verifications |
✅ | app/admin/verifications/page.tsx |
| 1.6 | Komponen reusable AdminFilterBar |
✅ | features/admin/components/admin-filter-bar.tsx |
| 1.7 | Filter params di refundRepo/payoutRepo/organizerRepo listByStatus |
✅ | server/repositories/*.ts |
| 1.8 | Helper listAdminEmails() untuk dropdown reviewer |
✅ | lib/admin.ts |
Phase 2 — Global Search ✅
| # | Item | Status | File |
|---|---|---|---|
| 2.1 | adminSearchService.resolve(q) — dispatch by pattern (email exact, order_id prefix, cuid, fuzzy) |
✅ | server/services/admin-search.service.ts |
| 2.2 | Route handler /api/admin/search?q=... (guard isAdmin) |
✅ | app/api/admin/search/route.ts |
| 2.3 | Component AdminSearchBar — debounced 250ms, dropdown hasil dengan type badge |
✅ | features/admin/components/admin-search-bar.tsx |
| 2.4 | Wire di admin sidebar (di bawah logo header) | ✅ | components/admin/admin-sidebar.tsx |
| 2.5 | Page /admin/search?q=... full results |
⏳ | Skip — dropdown limit 10 hit cukup; jarang butuh full page. |
Phase 3 — CSV Export ✅
| # | Item | Status | File |
|---|---|---|---|
| 3.1 | Helper lib/csv.ts — buildCsv, escapeCsvCell, csvResponse dengan UTF-8 BOM |
✅ | lib/csv.ts |
| 3.2 | Route /api/admin/export/refunds — pakai filter dari query string |
✅ | app/api/admin/export/refunds/route.ts |
| 3.3 | Route /api/admin/export/payouts |
✅ | app/api/admin/export/payouts/route.ts |
| 3.4 | Route /api/admin/export/verifications — TANPA NIK/KTP key/bank account number (privasi) |
✅ | app/api/admin/export/verifications/route.ts |
| 3.5 | Komponen ExportCsvLink + tombol di tiap admin list page (filter preserved) |
✅ | features/admin/components/export-csv-link.tsx |
Tindakan manual: test di staging dulu — pastikan tidak ada data sensitif yang ter-leak (NIK plaintext, foto KYC key, dst).
Phase 4 — Generic Admin Audit Log ✅
| # | Item | Status | File |
|---|---|---|---|
| 4.1 | Model AdminActionLog (polymorphic, append-only) + migration |
✅ | prisma/schema.prisma + prisma/migrations/20260518180000_add_admin_action_log/ |
| 4.2 | Helper auditLog.record({ admin, action, entityType, entityId, payload? }) |
✅ | server/services/audit-log.service.ts |
| 4.3 | Wire di semua admin server action: refund approve/reject/mark/create, payout markPaid, verification approve/reject/reopen, trip admin-cancel, payment reconcile, user suspend/unsuspend | ✅ | features/*/actions.ts |
| 4.4 | Page /admin/audit-log dengan filter (date range, admin email, entity type, action contains) + pagination basic (max 200) |
✅ | app/admin/audit-log/page.tsx |
| 4.5 | Link "Audit Log" di sidebar | ✅ | components/admin/admin-sidebar.tsx |
Daftar action yang ter-log:
| Action | Entity | Source |
|---|---|---|
USER_SUSPEND / USER_UNSUSPEND |
User | features/admin/actions.ts |
TRIP_ADMIN_CANCEL |
Trip | features/trip/actions.ts |
PAYMENT_RECONCILE |
Payment (orderId) | features/booking/actions.ts |
VERIFICATION_APPROVE / VERIFICATION_REJECT / VERIFICATION_REOPEN |
OrganizerVerification | features/organizer/actions.ts |
REFUND_CREATE / REFUND_APPROVE / REFUND_REJECT / REFUND_SUCCEEDED / REFUND_FAILED |
Refund | features/refund/actions.ts |
PAYOUT_MARK_PAID |
Payout | features/payout/actions.ts |
adminId nullable + adminEmail snapshot — log entry tetap auditable kalau admin dihapus.
Tindakan manual ops:
- Apply migration:
npx prisma migrate deploy. - Brief admin: setiap aksi mereka di panel akan tercatat di
/admin/audit-logdengan email mereka — pakai sebagai bukti compliance saat audit eksternal.