74 lines
2.0 KiB
Go
74 lines
2.0 KiB
Go
// Package audit provides audit logging for user actions.
|
|
package audit
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
"encoding/json"
|
|
"errors"
|
|
"mal/internal/db"
|
|
"mal/internal/domain"
|
|
"mal/internal/observability"
|
|
"strings"
|
|
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
type auditService struct {
|
|
queries *db.Queries
|
|
}
|
|
|
|
func NewAuditService(queries *db.Queries) domain.AuditService {
|
|
return &auditService{queries: queries}
|
|
}
|
|
|
|
func (s *auditService) Record(ctx context.Context, event domain.AuditEvent) error {
|
|
if s == nil || s.queries == nil {
|
|
return errors.New("audit service not configured")
|
|
}
|
|
action := strings.TrimSpace(event.Action)
|
|
if action == "" {
|
|
return errors.New("audit action missing")
|
|
}
|
|
|
|
ip, userAgent := RequestInfoFromContext(ctx)
|
|
if strings.TrimSpace(event.IP) != "" {
|
|
ip = event.IP
|
|
}
|
|
if strings.TrimSpace(event.UserAgent) != "" {
|
|
userAgent = event.UserAgent
|
|
}
|
|
|
|
metadataJSON := event.MetadataJSON
|
|
if len(metadataJSON) == 0 {
|
|
metadataJSON = json.RawMessage("null")
|
|
}
|
|
|
|
_, err := s.queries.CreateAuditLog(ctx, db.CreateAuditLogParams{
|
|
ID: uuid.New().String(),
|
|
UserID: sql.NullString{String: strings.TrimSpace(event.UserID), Valid: strings.TrimSpace(event.UserID) != ""},
|
|
Action: action,
|
|
ResourceType: sql.NullString{String: strings.TrimSpace(event.ResourceType), Valid: strings.TrimSpace(event.ResourceType) != ""},
|
|
ResourceID: sql.NullString{String: strings.TrimSpace(event.ResourceID), Valid: strings.TrimSpace(event.ResourceID) != ""},
|
|
Ip: sql.NullString{String: strings.TrimSpace(ip), Valid: strings.TrimSpace(ip) != ""},
|
|
UserAgent: sql.NullString{String: strings.TrimSpace(userAgent), Valid: strings.TrimSpace(userAgent) != ""},
|
|
MetadataJson: sql.NullString{String: string(metadataJSON), Valid: true},
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
observability.Info(
|
|
"audit",
|
|
"audit",
|
|
action,
|
|
map[string]any{
|
|
"user_id": event.UserID,
|
|
"resource_type": event.ResourceType,
|
|
"resource_id": event.ResourceID,
|
|
},
|
|
)
|
|
|
|
return nil
|
|
}
|