hobbyhimmel/Project-Image-Uploader
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cedc1380dd
Project-Image-Uploader/backend/src/middlewares/auditLog.js
matthias.lotz 0f77db6f02 feat(phase2): Implement Management Audit-Log (Task 10) 
Audit-Logging System:
- Migration 007: management_audit_log table with indexes
- Tracks all management portal actions
- IP address, user-agent, request data logging
- Token masking (only first 8 chars stored)
- Success/failure tracking with error messages

ManagementAuditLogRepository:
- logAction() - Log management actions
- getRecentLogs() - Get last N logs
- getLogsByGroupId() - Get logs for specific group
- getFailedActionsByIP() - Security monitoring
- getStatistics() - Overview statistics
- cleanupOldLogs() - Maintenance (90 days retention)

Audit-Log Middleware:
- Adds res.auditLog() helper function
- Auto-captures IP, User-Agent
- Integrated into all management routes
- Non-blocking (errors don't fail main operation)

Admin API Endpoints:
- GET /api/admin/management-audit?limit=N
- GET /api/admin/management-audit/stats
- GET /api/admin/management-audit/group/:groupId

Tested:
 Migration executed successfully
 Audit logs written on token validation
 Admin API returns logs with stats
 Token masking working
 Statistics accurate
2025-11-11 21:12:07 +01:00

48 lines
1.5 KiB
JavaScript
Raw Blame History

/**
* Audit-Log Middleware für Management Routes
* Loggt alle Aktionen im Management Portal für Security & Compliance
*/
const auditLogRepository = require('../repositories/ManagementAuditLogRepository');
/**
* Middleware zum Loggen von Management-Aktionen
* Fügt res.auditLog() Funktion hinzu
*/
const auditLogMiddleware = (req, res, next) => {
// Extrahiere Client-Informationen
const ipAddress = req.ip || req.connection.remoteAddress || 'unknown';
const userAgent = req.get('user-agent') || 'unknown';
const managementToken = req.params.token || null;
/**
* Log-Funktion für Controllers
* @param {string} action - Aktion (z.B. 'validate_token', 'revoke_consent')
* @param {boolean} success - Erfolg
* @param {string} groupId - Gruppen-ID (optional)
* @param {string} errorMessage - Fehlermeldung (optional)
* @param {Object} requestData - Request-Daten (optional)
*/
res.auditLog = async (action, success, groupId = null, errorMessage = null, requestData = null) => {
try {
await auditLogRepository.logAction({
groupId,
managementToken,
action,
success,
errorMessage,
ipAddress,
userAgent,
requestData
});
} catch (error) {
console.error('Failed to write audit log:', error);
// Audit-Log-Fehler sollen die Hauptoperation nicht blockieren
}
};
next();
};
module.exports = auditLogMiddleware;
Reference in New Issue View Git Blame Copy Permalink