feat(audit-logging): Replace req.session with req.auth for audit logging in notes and projects

2025-07-10 00:08:59 +02:00
parent b1a78bf7a8
commit 38b0682d83
8 changed files with 423 additions and 8 deletions
--- a/verify-audit-fix.mjs
+++ b/verify-audit-fix.mjs
@@ -0,0 +1,101 @@
+import {
+	logAuditEvent,
+	getAuditLogs,
+	AUDIT_ACTIONS,
+	RESOURCE_TYPES,
+} from "./src/lib/auditLog.js";
+
+console.log("=== FINAL AUDIT LOGGING VERIFICATION ===\n");
+
+async function verifyAuditLogging() {
+	try {
+		// 1. Check recent audit logs
+		console.log("1. Checking recent audit logs for user ID issues...");
+		const recentLogs = await getAuditLogs({ limit: 10 });
+
+		console.log(`Found ${recentLogs.length} recent audit events:`);
+		recentLogs.forEach((log, index) => {
+			const userDisplay = log.user_id ? `user ${log.user_id}` : "NULL USER ID";
+			console.log(
+				`${index + 1}. ${log.timestamp} - ${log.action} by ${userDisplay} on ${
+					log.resource_type
+				}:${log.resource_id || "N/A"}`
+			);
+		});
+
+		// 2. Count null user IDs
+		const allLogs = await getAuditLogs();
+		const nullUserCount = allLogs.filter((log) => log.user_id === null).length;
+		const totalCount = allLogs.length;
+		const nullPercentage = ((nullUserCount / totalCount) * 100).toFixed(2);
+
+		console.log(`\n2. Audit Log Statistics:`);
+		console.log(`   Total audit logs: ${totalCount}`);
+		console.log(`   Logs with NULL user_id: ${nullUserCount}`);
+		console.log(`   Percentage with NULL user_id: ${nullPercentage}%`);
+
+		// 3. Check distribution by action type
+		console.log(`\n3. Action distribution for NULL user_id logs:`);
+		const nullUserLogs = allLogs.filter((log) => log.user_id === null);
+		const actionCounts = {};
+		nullUserLogs.forEach((log) => {
+			actionCounts[log.action] = (actionCounts[log.action] || 0) + 1;
+		});
+
+		Object.entries(actionCounts).forEach(([action, count]) => {
+			console.log(`   ${action}: ${count} events`);
+		});
+
+		// 4. Test new audit event with valid user ID
+		console.log(`\n4. Testing new audit event with valid user ID...`);
+		await logAuditEvent({
+			action: AUDIT_ACTIONS.LOGIN,
+			userId: "test-user-123",
+			resourceType: RESOURCE_TYPES.SESSION,
+			ipAddress: "127.0.0.1",
+			userAgent: "Test Agent",
+			details: {
+				test: "verification",
+				timestamp: new Date().toISOString(),
+			},
+		});
+
+		// Verify the new event was logged correctly
+		const verificationLogs = await getAuditLogs({ limit: 1 });
+		const latestLog = verificationLogs[0];
+
+		if (latestLog && latestLog.user_id === "test-user-123") {
+			console.log("✅ SUCCESS: New audit event logged with correct user ID");
+		} else {
+			console.log(
+				"❌ FAILED: New audit event has incorrect user ID:",
+				latestLog?.user_id
+			);
+		}
+
+		// 5. Summary
+		console.log(`\n5. SUMMARY:`);
+		if (nullPercentage < 10) {
+			console.log("✅ EXCELLENT: Very few NULL user IDs detected");
+		} else if (nullPercentage < 30) {
+			console.log("⚠️  GOOD: Some NULL user IDs but manageable");
+		} else {
+			console.log("❌ NEEDS ATTENTION: High percentage of NULL user IDs");
+		}
+
+		console.log(`\n6. RECOMMENDATIONS:`);
+		if (nullUserCount > 0) {
+			console.log(
+				"   - The NULL user IDs are likely from before the fix was applied"
+			);
+			console.log("   - New audit events should now log user IDs correctly");
+			console.log("   - Monitor future logs to ensure the fix is working");
+		} else {
+			console.log("   - All audit events have valid user IDs!");
+		}
+	} catch (error) {
+		console.error("Verification failed:", error);
+	}
+}
+
+verifyAuditLogging();