chore: Integrate edit location booking audit (calcom#26569)

## What does this PR do?

Integrates booking audit logging for the edit location functionality, following the pattern established in PR calcom#26046 (booking creation/rescheduling audit).

This PR adds audit logging when a booking's location is changed through:
1. **Web app** (tRPC handler): `packages/trpc/server/routers/viewer/bookings/editLocation.handler.ts`
2. **API v2**: `apps/api/v2/src/ee/bookings/2024-08-13/services/booking-location.service.ts`

### Changes:
- Added `actionSource` as a **required** parameter to `editLocationHandler` (no fallback)
- Added optional `userUuid` parameter (defaults to logged-in user's uuid)
- Added `ValidActionSource` type that excludes "UNKNOWN" for client-facing APIs
- Captures old location before update for audit data
- Calls `BookingEventHandlerService.onLocationChanged()` after successful location update
- Web app uses `actionSource: "WEBAPP"`, API v2 uses `actionSource: "API_V2"`
- Updated router to explicitly pass `actionSource: "WEBAPP"`
- Updated test to pass `actionSource: "WEBAPP"`
- **API v2**: Uses NestJS dependency injection pattern with `BookingEventHandlerService` injected via constructor

### Updates since last revision:
- **Created `BookingEventHandlerModule`** (`apps/api/v2/src/lib/modules/booking-event-handler.module.ts`) to encapsulate `BookingEventHandlerService` and its dependencies (Logger, TaskerService, HashedLinkService, BookingAuditProducerService)
- Updated both bookings modules (2024-04-15 and 2024-08-13) to import `BookingEventHandlerModule` instead of listing individual providers
- This reduces code duplication and makes dependency management cleaner

## Mandatory Tasks (DO NOT REMOVE)

- [x] I have self-reviewed the code (A decent size PR without self-review might be rejected).
- [x] I have updated the developer docs in /docs if this PR makes changes that would require a [documentation change](https://cal.com/docs). N/A - no documentation changes needed.
- [x] I confirm automated tests are in place that prove my fix is effective or that my feature works. N/A - using existing audit infrastructure that is already tested.

## How should this be tested?

1. Update a booking's location through the web app
2. Update a booking's location through API v2
3. Verify audit logs are created with:
   - Correct `bookingUid`
   - Correct `actor` (user who made the change)
   - Correct `source` ("WEBAPP" or "API_V2")
   - Correct `auditData.location.old` and `auditData.location.new` values

## Checklist

- [x] My code follows the style guidelines of this project
- [x] I have commented my code, particularly in hard-to-understand areas
- [x] I have checked if my changes generate no new warnings

## Human Review Checklist

- [ ] Verify all callers of `editLocationHandler` pass `actionSource` (router updated, test updated)
- [ ] Verify `organizationId` derivation is correct in both handlers (tRPC uses `booking.user?.profiles?.[0]?.organizationId`, API v2 uses `existingBookingHost.organizationId`)
- [ ] Confirm audit call placement after location update is intentional (audit failures would fail the operation even though location was already updated)
- [ ] Note: API v2 has its own implementation and does NOT reuse `editLocationHandler` - this is correct
- [ ] Verify `BookingEventHandlerModule` properly exports `BookingEventHandlerService` and is imported in both bookings modules
- [ ] Verify the `updateBookingLocationInDb` return value (`{ updatedLocation }`) is destructured and used correctly for audit data
- [ ] Verify API v2 uses `bookingLocation` for audit `new` value, while tRPC uses `updatedLocation` from DB update

---


Link to Devin run: https://app.devin.ai/sessions/fd1d439779674050a26ea3fa7d799943
Requested by: @hariombalhara

Author: hariombalhara

apps/api/v2/src/ee/bookings/2024-04-15/bookings.module.ts

@@ -27,6 +27,7 @@ import { TokensModule } from "@/modules/tokens/tokens.module";
 import { TokensRepository } from "@/modules/tokens/tokens.repository";
 import { UsersModule } from "@/modules/users/users.module";
 import { Module } from "@nestjs/common";
+import { BookingEventHandlerModule } from "@/lib/modules/booking-event-handler.module";
 
 @Module({
   imports: [
@@ -43,6 +44,7 @@ import { Module } from "@nestjs/common";
     RegularBookingModule,
     RecurringBookingModule,
     InstantBookingModule,
+    BookingEventHandlerModule,
   ],
   providers: [
     TokensRepository,

apps/api/v2/src/ee/bookings/2024-08-13/bookings.module.ts

@@ -50,6 +50,7 @@ import { TokensModule } from "@/modules/tokens/tokens.module";
 import { TokensRepository } from "@/modules/tokens/tokens.repository";
 import { UsersModule } from "@/modules/users/users.module";
 import { Module } from "@nestjs/common";
+import { BookingEventHandlerModule } from "@/lib/modules/booking-event-handler.module";
 
 @Module({
   imports: [
@@ -71,6 +72,7 @@ import { Module } from "@nestjs/common";
     RegularBookingModule,
     RecurringBookingModule,
     InstantBookingModule,
+    BookingEventHandlerModule,
   ],
   providers: [
     TokensRepository,

apps/api/v2/src/ee/bookings/2024-08-13/services/booking-location.service.ts

@@ -1,18 +1,19 @@
+import { makeUserActor } from "@calcom/platform-libraries/bookings";
+import type {
+  BookingInputLocation_2024_08_13,
+  UpdateBookingInputLocation_2024_08_13,
+  UpdateBookingLocationInput_2024_08_13,
+} from "@calcom/platform-types";
+import { Booking } from "@calcom/prisma/client";
+import { ForbiddenException, Injectable, Logger, NotFoundException } from "@nestjs/common";
 import { BookingsRepository_2024_08_13 } from "@/ee/bookings/2024-08-13/repositories/bookings.repository";
 import { BookingsService_2024_08_13 } from "@/ee/bookings/2024-08-13/services/bookings.service";
 import { InputBookingsService_2024_08_13 } from "@/ee/bookings/2024-08-13/services/input.service";
-import { ApiAuthGuardUser } from "@/modules/auth/strategies/api-auth/api-auth.strategy";
 import { EventTypesRepository_2024_06_14 } from "@/ee/event-types/event-types_2024_06_14/event-types.repository";
+import { BookingEventHandlerService } from "@/lib/services/booking-event-handler.service";
+import { ApiAuthGuardUser } from "@/modules/auth/strategies/api-auth/api-auth.strategy";
 import { EventTypeAccessService } from "@/modules/event-types/services/event-type-access.service";
 import { UsersRepository } from "@/modules/users/users.repository";
-import { Injectable, Logger, NotFoundException, ForbiddenException } from "@nestjs/common";
-
-import type {
-  UpdateBookingLocationInput_2024_08_13,
-  BookingInputLocation_2024_08_13,
-  UpdateBookingInputLocation_2024_08_13,
-} from "@calcom/platform-types";
-import { Booking } from "@calcom/prisma/client";
 
 @Injectable()
 export class BookingLocationService_2024_08_13 {
@@ -24,7 +25,8 @@ export class BookingLocationService_2024_08_13 {
     private readonly usersRepository: UsersRepository,
     private readonly inputService: InputBookingsService_2024_08_13,
     private readonly eventTypesRepository: EventTypesRepository_2024_06_14,
-    private readonly eventTypeAccessService: EventTypeAccessService
+    private readonly eventTypeAccessService: EventTypeAccessService,
+    private readonly bookingEventHandlerService: BookingEventHandlerService
   ) {}
 
   async updateBookingLocation(
@@ -66,6 +68,7 @@ export class BookingLocationService_2024_08_13 {
     user: ApiAuthGuardUser
   ) {
     const bookingUid = existingBooking.uid;
+    const oldLocation = existingBooking.location;
     const bookingLocation = this.getLocationValue(inputLocation) ?? existingBooking.location;
 
     if (!existingBooking.userId) {
@@ -96,6 +99,19 @@ export class BookingLocationService_2024_08_13 {
       responses: updatedBookingResponses,
     });
 
+    await this.bookingEventHandlerService.onLocationChanged({
+      bookingUid: existingBooking.uid,
+      actor: makeUserActor(user.uuid),
+      organizationId: existingBookingHost.organizationId ?? null,
+      source: "API_V2",
+      auditData: {
+        location: {
+          old: oldLocation,
+          new: bookingLocation,
+        },
+      },
+    });
+
     return this.bookingsService.getBooking(updatedBooking.uid, user);
   }
 

apps/api/v2/src/lib/modules/booking-event-handler.module.ts

@@ -0,0 +1,24 @@
+import { Logger } from "@/lib/logger.bridge";
+import { BookingAuditProducerService } from "@/lib/services/booking-audit-producer.service";
+import { BookingEventHandlerService } from "@/lib/services/booking-event-handler.service";
+import { HashedLinkService } from "@/lib/services/hashed-link.service";
+import { TaskerService } from "@/lib/services/tasker.service";
+import { Module, Scope } from "@nestjs/common";
+
+@Module({
+  providers: [
+    {
+      provide: Logger,
+      useFactory: () => {
+        return new Logger();
+      },
+      scope: Scope.TRANSIENT,
+    },
+    TaskerService,
+    HashedLinkService,
+    BookingAuditProducerService,
+    BookingEventHandlerService,
+  ],
+  exports: [BookingEventHandlerService],
+})
+export class BookingEventHandlerModule {}

packages/features/booking-audit/lib/actions/LocationChangedAuditActionService.ts

@@ -3,7 +3,11 @@ import { z } from "zod";
 import { getHumanReadableLocationValue } from "@calcom/app-store/locations";
 import { StringChangeSchema } from "../common/changeSchemas";
 import { AuditActionServiceHelper } from "./AuditActionServiceHelper";
-import type { IAuditActionService, TranslationWithParams, GetDisplayTitleParams } from "./IAuditActionService";
+import type {
+  IAuditActionService,
+  TranslationWithParams,
+  GetDisplayTitleParams,
+} from "./IAuditActionService";
 import { getTranslation } from "@calcom/lib/server/i18n";
 /**
  * Location Changed Audit Action Service
@@ -12,67 +16,67 @@ import { getTranslation } from "@calcom/lib/server/i18n";
 
 // Module-level because it is passed to IAuditActionService type outside the class scope
 const fieldsSchemaV1 = z.object({
-    location: StringChangeSchema,
+  location: StringChangeSchema,
 });
 
 export class LocationChangedAuditActionService implements IAuditActionService {
-    readonly VERSION = 1;
-    public static readonly TYPE = "LOCATION_CHANGED" as const;
-    private static dataSchemaV1 = z.object({
-        version: z.literal(1),
-        fields: fieldsSchemaV1,
-    });
-    private static fieldsSchemaV1 = fieldsSchemaV1;
-    public static readonly latestFieldsSchema = fieldsSchemaV1;
-    // Union of all versions
-    public static readonly storedDataSchema = LocationChangedAuditActionService.dataSchemaV1;
-    // Union of all versions
-    public static readonly storedFieldsSchema = LocationChangedAuditActionService.fieldsSchemaV1;
-    private helper: AuditActionServiceHelper<
-        typeof LocationChangedAuditActionService.latestFieldsSchema,
-        typeof LocationChangedAuditActionService.storedDataSchema
-    >;
+  readonly VERSION = 1;
+  public static readonly TYPE = "LOCATION_CHANGED" as const;
+  private static dataSchemaV1 = z.object({
+    version: z.literal(1),
+    fields: fieldsSchemaV1,
+  });
+  private static fieldsSchemaV1 = fieldsSchemaV1;
+  public static readonly latestFieldsSchema = fieldsSchemaV1;
+  // Union of all versions
+  public static readonly storedDataSchema = LocationChangedAuditActionService.dataSchemaV1;
+  // Union of all versions
+  public static readonly storedFieldsSchema = LocationChangedAuditActionService.fieldsSchemaV1;
+  private helper: AuditActionServiceHelper<
+    typeof LocationChangedAuditActionService.latestFieldsSchema,
+    typeof LocationChangedAuditActionService.storedDataSchema
+  >;
 
-    constructor() {
-        this.helper = new AuditActionServiceHelper({
-            latestVersion: this.VERSION,
-            latestFieldsSchema: LocationChangedAuditActionService.latestFieldsSchema,
-            storedDataSchema: LocationChangedAuditActionService.storedDataSchema,
-        });
-    }
+  constructor() {
+    this.helper = new AuditActionServiceHelper({
+      latestVersion: this.VERSION,
+      latestFieldsSchema: LocationChangedAuditActionService.latestFieldsSchema,
+      storedDataSchema: LocationChangedAuditActionService.storedDataSchema,
+    });
+  }
 
-    getVersionedData(fields: unknown) {
-        return this.helper.getVersionedData(fields);
-    }
+  getVersionedData(fields: unknown) {
+    return this.helper.getVersionedData(fields);
+  }
 
-    parseStored(data: unknown) {
-        return this.helper.parseStored(data);
-    }
+  parseStored(data: unknown) {
+    return this.helper.parseStored(data);
+  }
 
-    getVersion(data: unknown): number {
-        return this.helper.getVersion(data);
-    }
+  getVersion(data: unknown): number {
+    return this.helper.getVersion(data);
+  }
 
-    migrateToLatest(data: unknown) {
-        // V1-only: validate and return as-is (no migration needed)
-        const validated = fieldsSchemaV1.parse(data);
-        return { isMigrated: false, latestData: validated };
-    }
+  migrateToLatest(data: unknown) {
+    // V1-only: validate and return as-is (no migration needed)
+    const validated = fieldsSchemaV1.parse(data);
+    return { isMigrated: false, latestData: validated };
+  }
 
-    async getDisplayTitle({ storedData }: GetDisplayTitleParams): Promise<TranslationWithParams> {
-        const { fields } = this.parseStored(storedData);
-        // TODO: Ideally we want to translate the location label to the user's locale
-        // We currently don't accept requesting user's translate fn here, fix it later.
-        const t = await getTranslation("en", "common");
+  async getDisplayTitle({ storedData }: GetDisplayTitleParams): Promise<TranslationWithParams> {
+    const { fields } = this.parseStored(storedData);
+    // TODO: Ideally we want to translate the location label to the user's locale
+    // We currently don't accept requesting user's translate fn here, fix it later.
+    const t = await getTranslation("en", "common");
 
-        const fromLocation = getHumanReadableLocationValue(fields.location.old, t);
-        const toLocation = getHumanReadableLocationValue(fields.location.new, t);
+    const fromLocation = getHumanReadableLocationValue(fields.location.old, t);
+    const toLocation = getHumanReadableLocationValue(fields.location.new, t);
 
-        return {
-            key: "booking_audit_action.location_changed_from_to",
-            params: { fromLocation, toLocation },
-        };
-    }
+    return {
+      key: "booking_audit_action.location_changed_from_to",
+      params: { fromLocation, toLocation },
+    };
+  }
 }
 
 export type LocationChangedAuditData = z.infer<typeof fieldsSchemaV1>;