feat(security): add audit logging utility
- Add logAuditEvent function for security event logging - Add getAuditLogs function for retrieving audit logs - Gracefully handles disabled feature or missing table - Feature disabled by default via config flag
This commit is contained in:
Matteo
@@ -0,0 +1,91 @@
|
||||
/**
|
||||
* Audit logging utility for security events
|
||||
*/
|
||||
import { PrismaClient } from "../generated/client";
|
||||
|
||||
const prisma = new PrismaClient();
|
||||
|
||||
export interface AuditLogData {
|
||||
userId?: string;
|
||||
action: string;
|
||||
resource?: string;
|
||||
ipAddress?: string;
|
||||
userAgent?: string;
|
||||
details?: Record<string, unknown>;
|
||||
}
|
||||
|
||||
/**
|
||||
* Log a security event to the audit log
|
||||
* This should be called for important security-related actions
|
||||
* Gracefully handles missing audit log table (feature disabled)
|
||||
*/
|
||||
export const logAuditEvent = async (data: AuditLogData): Promise<void> => {
|
||||
try {
|
||||
// Check if audit logging is enabled via config
|
||||
const { config } = await import("../config");
|
||||
if (!config.enableAuditLogging) {
|
||||
return; // Feature disabled, silently skip
|
||||
}
|
||||
|
||||
await prisma.auditLog.create({
|
||||
data: {
|
||||
userId: data.userId || null,
|
||||
action: data.action,
|
||||
resource: data.resource || null,
|
||||
ipAddress: data.ipAddress || null,
|
||||
userAgent: data.userAgent || null,
|
||||
details: data.details ? JSON.stringify(data.details) : null,
|
||||
},
|
||||
});
|
||||
} catch (error) {
|
||||
// Don't fail the request if audit logging fails
|
||||
// This handles cases where the table doesn't exist (feature disabled)
|
||||
// or other database errors
|
||||
if (process.env.NODE_ENV === "development") {
|
||||
console.debug("Audit logging skipped (feature disabled or table missing):", error);
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Get audit logs for a user (or all users if userId is not provided)
|
||||
* Returns empty array if audit logging is disabled or table doesn't exist
|
||||
*/
|
||||
export const getAuditLogs = async (
|
||||
userId?: string,
|
||||
limit: number = 100
|
||||
): Promise<unknown[]> => {
|
||||
try {
|
||||
// Check if audit logging is enabled via config
|
||||
const { config } = await import("../config");
|
||||
if (!config.enableAuditLogging) {
|
||||
return []; // Feature disabled, return empty array
|
||||
}
|
||||
|
||||
const logs = await prisma.auditLog.findMany({
|
||||
where: userId ? { userId } : undefined,
|
||||
orderBy: { createdAt: "desc" },
|
||||
take: limit,
|
||||
include: {
|
||||
user: {
|
||||
select: {
|
||||
id: true,
|
||||
email: true,
|
||||
name: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
return logs.map((log) => ({
|
||||
...log,
|
||||
details: log.details ? JSON.parse(log.details) : null,
|
||||
}));
|
||||
} catch (error) {
|
||||
// Gracefully handle missing table or other errors
|
||||
if (process.env.NODE_ENV === "development") {
|
||||
console.debug("Failed to retrieve audit logs (feature disabled or table missing):", error);
|
||||
}
|
||||
return [];
|
||||
}
|
||||
};
|
||||
Reference in New Issue
Block a user