feat(audit-logging): Replace req.session with req.auth for audit logging in notes and projects

2025-07-10 00:08:59 +02:00
parent b1a78bf7a8
commit 38b0682d83
8 changed files with 423 additions and 8 deletions
--- a/test-current-audit-logs.mjs
+++ b/test-current-audit-logs.mjs
@@ -0,0 +1,124 @@
+import {
+	logAuditEvent,
+	getAuditLogs,
+	getAuditLogStats,
+	AUDIT_ACTIONS,
+	RESOURCE_TYPES,
+} from "./src/lib/auditLog.js";
+
+// Test audit logging functionality
+console.log("Testing Audit Logging System...\n");
+
+async function testAuditLogging() {
+	try {
+		// Test 1: Check existing audit logs
+		console.log("1. Checking existing audit logs...");
+		const existingLogs = await getAuditLogs({ limit: 10 });
+		console.log(`Found ${existingLogs.length} existing audit events`);
+
+		if (existingLogs.length > 0) {
+			console.log("\nLatest audit events:");
+			existingLogs.slice(0, 5).forEach((log, index) => {
+				console.log(
+					`${index + 1}. ${log.timestamp} - ${log.action} by user ${
+						log.user_id || "NULL"
+					} on ${log.resource_type}:${log.resource_id || "N/A"}`
+				);
+				if (log.details) {
+					console.log(
+						`   Details: ${JSON.stringify(JSON.parse(log.details), null, 2)}`
+					);
+				}
+			});
+		}
+
+		// Check for null userIds
+		const nullUserIdLogs = await getAuditLogs();
+		const nullUserCount = nullUserIdLogs.filter(
+			(log) => log.user_id === null
+		).length;
+		console.log(
+			`\nFound ${nullUserCount} audit events with NULL user_id out of ${nullUserIdLogs.length} total`
+		);
+
+		// Test 2: Log some sample events with different user scenarios
+		console.log("\n2. Creating sample audit events...");
+
+		await logAuditEvent({
+			action: AUDIT_ACTIONS.LOGIN,
+			userId: "user123",
+			resourceType: RESOURCE_TYPES.SESSION,
+			ipAddress: "192.168.1.100",
+			userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+			details: {
+				email: "test@example.com",
+				role: "user",
+			},
+		});
+
+		await logAuditEvent({
+			action: AUDIT_ACTIONS.PROJECT_CREATE,
+			userId: "user123",
+			resourceType: RESOURCE_TYPES.PROJECT,
+			resourceId: "proj-456",
+			ipAddress: "192.168.1.100",
+			userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+			details: {
+				project_name: "Test Project",
+				project_number: "TP-001",
+			},
+		});
+
+		// Test null userId scenario
+		await logAuditEvent({
+			action: AUDIT_ACTIONS.LOGIN_FAILED,
+			userId: null,
+			resourceType: RESOURCE_TYPES.SESSION,
+			ipAddress: "192.168.1.102",
+			userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+			details: {
+				email: "hacker@evil.com",
+				reason: "invalid_password",
+				failed_attempts: 3,
+			},
+		});
+
+		console.log("Sample events created!\n");
+
+		// Test 3: Check new logs
+		console.log("3. Checking audit logs after test events...");
+		const newLogs = await getAuditLogs({ limit: 5 });
+		console.log(`Latest 5 audit events:`);
+		newLogs.forEach((log, index) => {
+			console.log(
+				`${index + 1}. ${log.timestamp} - ${log.action} by user ${
+					log.user_id || "NULL"
+				} on ${log.resource_type}:${log.resource_id || "N/A"}`
+			);
+		});
+
+		// Test 4: Statistics
+		console.log("\n4. Getting audit log statistics...");
+		const stats = await getAuditLogStats();
+		console.log(`Total events: ${stats.total}`);
+
+		console.log("\nAction breakdown:");
+		stats.actionBreakdown.forEach((item) => {
+			console.log(`  ${item.action}: ${item.count}`);
+		});
+
+		console.log("\nUser breakdown:");
+		stats.userBreakdown.slice(0, 5).forEach((item) => {
+			console.log(
+				`  ${item.user_id || "NULL"} (${item.user_name || "Unknown"}): ${
+					item.count
+				}`
+			);
+		});
+	} catch (error) {
+		console.error("Test failed:", error);
+	}
+}
+
+// Run the test
+testAuditLogging();