feat: record audit events for api token creation and revocation

This commit is contained in:
2026-05-26 16:14:31 +02:00
parent a303c131f1
commit 6dd84976de

View File

@@ -6,6 +6,7 @@ import (
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"encoding/json"
"errors"
"fmt"
"mal/internal/domain"
@@ -18,10 +19,11 @@ import (
type authService struct {
repo domain.AuthRepository
auditSvc domain.AuditService
}
func NewAuthService(repo domain.AuthRepository) domain.AuthService {
return &authService{repo: repo}
func NewAuthService(repo domain.AuthRepository, auditSvc domain.AuditService) domain.AuthService {
return &authService{repo: repo, auditSvc: auditSvc}
}
func (s *authService) Login(ctx context.Context, username, password string) (*domain.Session, error) {
@@ -67,6 +69,24 @@ func (s *authService) LoginForAPIToken(ctx context.Context, username, password,
return "", nil, err
}
metadataBytes, err := json.Marshal(struct {
Name string `json:"name"`
}{Name: trimmedName})
if err == nil {
_ = s.auditSvc.Record(ctx, domain.AuditEvent{
UserID: user.ID,
Action: "api_token_created",
ResourceType: "api_token",
MetadataJSON: metadataBytes,
})
} else {
_ = s.auditSvc.Record(ctx, domain.AuditEvent{
UserID: user.ID,
Action: "api_token_created",
ResourceType: "api_token",
})
}
return rawToken, user, nil
}
@@ -124,7 +144,15 @@ func (s *authService) RevokeAllAPITokensForUser(ctx context.Context, userID stri
if strings.TrimSpace(userID) == "" {
return errors.New("user id missing")
}
return s.repo.RevokeAllAPITokensForUser(ctx, userID)
if err := s.repo.RevokeAllAPITokensForUser(ctx, userID); err != nil {
return err
}
_ = s.auditSvc.Record(ctx, domain.AuditEvent{
UserID: userID,
Action: "api_token_revoked_all",
ResourceType: "api_token",
})
return nil
}
func newOpaqueToken() (token string, tokenHash string, err error) {