Project-Image-Uploader

hobbyhimmel/Project-Image-Uploader

Fork 0

Commit Graph

Author	SHA1	Message	Date
matthias.lotz	0f77db6f02	feat(phase2): Implement Management Audit-Log (Task 10) Audit-Logging System: - Migration 007: management_audit_log table with indexes - Tracks all management portal actions - IP address, user-agent, request data logging - Token masking (only first 8 chars stored) - Success/failure tracking with error messages ManagementAuditLogRepository: - logAction() - Log management actions - getRecentLogs() - Get last N logs - getLogsByGroupId() - Get logs for specific group - getFailedActionsByIP() - Security monitoring - getStatistics() - Overview statistics - cleanupOldLogs() - Maintenance (90 days retention) Audit-Log Middleware: - Adds res.auditLog() helper function - Auto-captures IP, User-Agent - Integrated into all management routes - Non-blocking (errors don't fail main operation) Admin API Endpoints: - GET /api/admin/management-audit?limit=N - GET /api/admin/management-audit/stats - GET /api/admin/management-audit/group/:groupId Tested: ✅ Migration executed successfully ✅ Audit logs written on token validation ✅ Admin API returns logs with stats ✅ Token masking working ✅ Statistics accurate	2025-11-11 21:12:07 +01:00

Author

SHA1

Message

Date

matthias.lotz

0f77db6f02

feat(phase2): Implement Management Audit-Log (Task 10)

Audit-Logging System:
- Migration 007: management_audit_log table with indexes
- Tracks all management portal actions
- IP address, user-agent, request data logging
- Token masking (only first 8 chars stored)
- Success/failure tracking with error messages

ManagementAuditLogRepository:
- logAction() - Log management actions
- getRecentLogs() - Get last N logs
- getLogsByGroupId() - Get logs for specific group
- getFailedActionsByIP() - Security monitoring
- getStatistics() - Overview statistics
- cleanupOldLogs() - Maintenance (90 days retention)

Audit-Log Middleware:
- Adds res.auditLog() helper function
- Auto-captures IP, User-Agent
- Integrated into all management routes
- Non-blocking (errors don't fail main operation)

Admin API Endpoints:
- GET /api/admin/management-audit?limit=N
- GET /api/admin/management-audit/stats
- GET /api/admin/management-audit/group/:groupId

Tested:
✅ Migration executed successfully
✅ Audit logs written on token validation
✅ Admin API returns logs with stats
✅ Token masking working
✅ Statistics accurate

2025-11-11 21:12:07 +01:00

1 Commits