add audit logs

Author: rawdaGastan

server/app/app.go

@@ -118,6 +118,7 @@ func (a *App) registerHandlers() {
 	userRouter := authRouter.PathPrefix("/user").Subrouter()
 	invoiceRouter := authRouter.PathPrefix("/invoice").Subrouter()
 	cardRouter := userRouter.PathPrefix("/card").Subrouter()
+	logRouter := userRouter.PathPrefix("/log").Subrouter()
 	notificationRouter := authRouter.PathPrefix("/notification").Subrouter()
 	vmRouter := authRouter.PathPrefix("/vm").Subrouter()
 	k8sRouter := authRouter.PathPrefix("/k8s").Subrouter()
@@ -156,6 +157,8 @@ func (a *App) registerHandlers() {
 	cardRouter.HandleFunc("", WrapFunc(a.ListCardHandler)).Methods("GET", "OPTIONS")
 	cardRouter.HandleFunc("/default", WrapFunc(a.SetDefaultCardHandler)).Methods("PUT", "OPTIONS")
 
+	logRouter.HandleFunc("", WrapFunc(a.ListLogsHandler)).Methods("GET", "OPTIONS")
+
 	invoiceRouter.HandleFunc("", WrapFunc(a.ListInvoicesHandler)).Methods("GET", "OPTIONS")
 	invoiceRouter.HandleFunc("/{id}", WrapFunc(a.GetInvoiceHandler)).Methods("GET", "OPTIONS")
 	invoiceRouter.HandleFunc("/download/{id}", WrapFunc(a.DownloadInvoiceHandler)).Methods("GET", "OPTIONS")
@@ -204,10 +207,10 @@ func (a *App) registerHandlers() {
 	voucherRouter.HandleFunc("/all/reset", WrapFunc(a.ResetUsersVoucherBalanceHandler)).Methods("PUT", "OPTIONS")
 
 	// middlewares
-	r.Use(middlewares.LoggingMW)
 	r.Use(middlewares.EnableCors)
 
 	authRouter.Use(middlewares.Authorization(a.db, a.config.Token.Secret, a.config.Token.Timeout))
+	authRouter.Use(middlewares.AuditLogMiddleware(a.db))
 	adminRouter.Use(middlewares.AdminAccess(a.db))
 
 	// prometheus registration

server/app/audit_handler.go

@@ -0,0 +1,44 @@
+package app
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/codescalers/cloud4students/middlewares"
+	"github.com/rs/zerolog/log"
+	"gorm.io/gorm"
+)
+
+// Example endpoint: List user's logs
+// @Summary List user's logs
+// @Description List user's logs
+// @Tags Audit
+// @Accept  json
+// @Produce  json
+// @Security BearerAuth
+// @Success 200 {object} []models.AuditLog
+// @Failure 400 {object} Response
+// @Failure 401 {object} Response
+// @Failure 404 {object} Response
+// @Failure 500 {object} Response
+// @Router /user/log [get]
+func (a *App) ListLogsHandler(req *http.Request) (interface{}, Response) {
+	userID := req.Context().Value(middlewares.UserIDKey("UserID")).(string)
+
+	logs, err := a.db.GetUserLogs(userID)
+	if err == gorm.ErrRecordNotFound || len(logs) == 0 {
+		return ResponseMsg{
+			Message: "no logs found",
+			Data:    logs,
+		}, Ok()
+	}
+	if err != nil {
+		log.Error().Err(err).Send()
+		return nil, InternalServerError(errors.New(internalServerErrorMsg))
+	}
+
+	return ResponseMsg{
+		Message: "Logs are found",
+		Data:    logs,
+	}, Ok()
+}

server/docs/docs.go

@@ -1937,6 +1937,53 @@ const docTemplate = `{
                 }
             }
         },
+        "/user/log": {
+            "get": {
+                "security": [
+                    {
+                        "BearerAuth": []
+                    }
+                ],
+                "description": "List user's logs",
+                "consumes": [
+                    "application/json"
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Audit"
+                ],
+                "summary": "List user's logs",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/models.AuditLog"
+                            }
+                        }
+                    },
+                    "400": {
+                        "description": "Bad Request",
+                        "schema": {}
+                    },
+                    "401": {
+                        "description": "Unauthorized",
+                        "schema": {}
+                    },
+                    "404": {
+                        "description": "Not Found",
+                        "schema": {}
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {}
+                    }
+                }
+            }
+        },
         "/user/refresh_token": {
             "post": {
                 "security": [
@@ -3095,6 +3142,32 @@ const docTemplate = `{
                 "voucherAndBalanceAndCard"
             ]
         },
+        "models.AuditLog": {
+            "type": "object",
+            "properties": {
+                "id": {
+                    "type": "integer"
+                },
+                "method": {
+                    "type": "string"
+                },
+                "status_code": {
+                    "type": "integer"
+                },
+                "success": {
+                    "type": "boolean"
+                },
+                "timestamp": {
+                    "type": "string"
+                },
+                "url": {
+                    "type": "string"
+                },
+                "user_id": {
+                    "type": "string"
+                }
+            }
+        },
         "models.Card": {
             "type": "object",
             "required": [

server/docs/swagger.yaml

@@ -302,6 +302,23 @@ definitions:
     - voucherAndCard
     - balanceAndCard
     - voucherAndBalanceAndCard
+  models.AuditLog:
+    properties:
+      id:
+        type: integer
+      method:
+        type: string
+      status_code:
+        type: integer
+      success:
+        type: boolean
+      timestamp:
+        type: string
+      url:
+        type: string
+      user_id:
+        type: string
+    type: object
   models.Card:
     properties:
       brand:
@@ -1918,6 +1935,37 @@ paths:
       summary: Send code to forget password email for verification
       tags:
       - User
+  /user/log:
+    get:
+      consumes:
+      - application/json
+      description: List user's logs
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            items:
+              $ref: '#/definitions/models.AuditLog'
+            type: array
+        "400":
+          description: Bad Request
+          schema: {}
+        "401":
+          description: Unauthorized
+          schema: {}
+        "404":
+          description: Not Found
+          schema: {}
+        "500":
+          description: Internal Server Error
+          schema: {}
+      security:
+      - BearerAuth: []
+      summary: List user's logs
+      tags:
+      - Audit
   /user/refresh_token:
     post:
       consumes:

server/go.mod

@@ -23,6 +23,7 @@ require (
 	github.com/swaggo/swag v1.16.4
 	github.com/threefoldtech/tfgrid-sdk-go/grid-client v0.16.0
 	github.com/threefoldtech/tfgrid-sdk-go/grid-proxy v0.16.0
+	github.com/urfave/negroni/v3 v3.1.1
 	golang.org/x/crypto v0.30.0
 	golang.org/x/text v0.21.0
 	gopkg.in/validator.v2 v2.0.1

server/go.sum

@@ -204,6 +204,8 @@ github.com/tklauser/go-sysconf v0.3.12 h1:0QaGUFOdQaIVdPgfITYzaTegZvdCjmYO52cSFA
 github.com/tklauser/go-sysconf v0.3.12/go.mod h1:Ho14jnntGE1fpdOqQEEaiKRpvIavV0hSfmBq8nJbHYI=
 github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk=
 github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY=
+github.com/urfave/negroni/v3 v3.1.1 h1:6MS4nG9Jk/UuCACaUlNXCbiKa0ywF9LXz5dGu09v8hw=
+github.com/urfave/negroni/v3 v3.1.1/go.mod h1:jWvnX03kcSjDBl/ShB0iHvx5uOs7mAzZXW+JvJ5XYAs=
 github.com/vedhavyas/go-subkey v1.0.3 h1:iKR33BB/akKmcR2PMlXPBeeODjWLM90EL98OrOGs8CA=
 github.com/vedhavyas/go-subkey v1.0.3/go.mod h1:CloUaFQSSTdWnINfBRFjVMkWXZANW+nd8+TI5jYcl6Y=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=

server/middlewares/logging.go

@@ -3,14 +3,35 @@ package middlewares
 
 import (
 	"net/http"
+	"time"
 
+	"github.com/codescalers/cloud4students/models"
 	"github.com/rs/zerolog/log"
+	"github.com/urfave/negroni/v3"
 )
 
-// LoggingMW logs all information of every request
-func LoggingMW(h http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		log.Info().Timestamp().Str("method", r.Method).Str("uri", r.RequestURI).Send()
-		h.ServeHTTP(w, r)
-	})
+func AuditLogMiddleware(db models.DB) func(http.Handler) http.Handler {
+	return func(h http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			userID := r.Context().Value(UserIDKey("UserID")).(string)
+
+			lrw := negroni.NewResponseWriter(w)
+			h.ServeHTTP(lrw, r)
+
+			statusCode := lrw.Status()
+
+			l := models.AuditLog{
+				UserID:     userID,
+				Method:     r.Method,
+				URL:        r.URL.Path,
+				Timestamp:  time.Now(),
+				Success:    statusCode >= 200 && statusCode < 300,
+				StatusCode: statusCode,
+			}
+
+			if err := db.CreateAuditLog(&l); err != nil {
+				log.Error().Err(err).Msg("logging audit failed")
+			}
+		})
+	}
 }

server/models/audit_log.go

@@ -0,0 +1,26 @@
+package models
+
+import (
+	"time"
+)
+
+// Struct to represent audit log details
+type AuditLog struct {
+	ID         uint      `gorm:"primaryKey"`
+	UserID     string    `json:"user_id" gorm:"not null"`
+	Method     string    `json:"method"`
+	URL        string    `json:"url"`
+	Timestamp  time.Time `json:"timestamp"`
+	Success    bool      `json:"success"`
+	StatusCode int       `json:"status_code"`
+}
+
+func (d *DB) CreateAuditLog(l *AuditLog) error {
+	return d.db.Create(&l).Error
+}
+
+// GetUserLogs gets user logs
+func (d *DB) GetUserLogs(userID string) ([]AuditLog, error) {
+	var res []AuditLog
+	return res, d.db.Find(&res, "user_id = ?", userID).Error
+}

server/models/database.go

@@ -32,6 +32,7 @@ func (d *DB) Migrate() error {
 	err := d.db.AutoMigrate(
 		&User{}, &State{}, &Card{}, &Invoice{}, &VM{}, &K8sCluster{}, &Master{}, &Worker{},
 		&Voucher{}, &Maintenance{}, &Notification{}, &NextLaunch{}, &DeploymentItem{}, &PaymentDetails{},
+		AuditLog{},
 	)
 	if err != nil {
 		return err