tksadik92/wrenn-releases
1
0
Fork 0
forked from wrenn/wrenn
Code Pull Requests Activity

feat: add audit logging for all admin actions and admin audit page

Browse Source 
Log every admin-panel action (user activate/deactivate, team BYOC toggle,
team delete, template delete, build create/cancel) to the audit_logs table
under PlatformTeamID with scope "admin".

Add GET /v1/admin/audit-logs endpoint and /admin/audit frontend page with
infinite scroll and hierarchical filters. Expose audit.Entry + Log() for
cloud repo extensibility.

Fix seed_platform_team down-migration FK violation by deleting dependent
rows before the team row.
This commit is contained in:
Rafeed M. Bhuiyan
2026-04-21 15:41:45 +06:00
parent edec170652
commit 7fd801c1eb
10 changed files with 917 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
internal/api/handlers_users.go
View File

@ -9,6 +9,7 @@ import (
"github.com/go-chi/chi/v5"
"github.com/jackc/pgx/v5/pgtype"
"git.omukk.dev/wrenn/wrenn/pkg/audit"
"git.omukk.dev/wrenn/wrenn/pkg/auth"
"git.omukk.dev/wrenn/wrenn/pkg/db"
"git.omukk.dev/wrenn/wrenn/pkg/id"
@ -16,12 +17,13 @@ import (
)
type usersHandler struct {
db *db.Queries
svc *service.UserService
db *db.Queries
svc *service.UserService
audit *audit.AuditLogger
}
func newUsersHandler(db *db.Queries, svc *service.UserService) *usersHandler {
return &usersHandler{db: db, svc: svc}
func newUsersHandler(db *db.Queries, svc *service.UserService, al *audit.AuditLogger) *usersHandler {
return &usersHandler{db: db, svc: svc, audit: al}
}
// Search handles GET /v1/users/search?email=<prefix>
@ -140,11 +142,23 @@ func (h *usersHandler) SetUserActive(w http.ResponseWriter, r *http.Request) {
newStatus = "disabled"
}
// Look up user email for audit log before changing status.
user, err := h.db.GetUserByID(r.Context(), userID)
if err != nil {
writeError(w, http.StatusNotFound, "not_found", "user not found")
return
}
if err := h.svc.SetUserStatus(r.Context(), userID, newStatus); err != nil {
httpStatus, code, msg := serviceErrToHTTP(err)
writeError(w, httpStatus, code, msg)
return
}
if req.Active {
h.audit.LogUserActivate(r.Context(), ac, userID, user.Email)
} else {
h.audit.LogUserDeactivate(r.Context(), ac, userID, user.Email)
}
w.WriteHeader(http.StatusNoContent)
}