Audit logging feature files

2026-01-29 15:10:29 -07:00
parent 41c8a1ef27
commit 1a578b23c1
11 changed files with 964 additions and 21 deletions
--- a/backend/routes/users.js
+++ b/backend/routes/users.js
@@ -2,7 +2,7 @@
 const express = require('express');
 const bcrypt = require('bcryptjs');

-function createUsersRouter(db, requireAuth, requireRole) {
+function createUsersRouter(db, requireAuth, requireRole, logAudit) {
    const router = express.Router();

    // All routes require admin role
@@ -81,6 +81,16 @@ function createUsersRouter(db, requireAuth, requireRole) {
                );
            });

+            logAudit(db, {
+                userId: req.user.id,
+                username: req.user.username,
+                action: 'user_create',
+                entityType: 'user',
+                entityId: String(result.id),
+                details: { created_username: username, role: role || 'viewer' },
+                ipAddress: req.ip
+            });
+
            res.status(201).json({
                message: 'User created successfully',
                user: {
@@ -160,6 +170,23 @@ function createUsersRouter(db, requireAuth, requireRole) {
                );
            });

+            const updatedFields = {};
+            if (username) updatedFields.username = username;
+            if (email) updatedFields.email = email;
+            if (role) updatedFields.role = role;
+            if (typeof is_active === 'boolean') updatedFields.is_active = is_active;
+            if (password) updatedFields.password_changed = true;
+
+            logAudit(db, {
+                userId: req.user.id,
+                username: req.user.username,
+                action: 'user_update',
+                entityType: 'user',
+                entityId: String(userId),
+                details: updatedFields,
+                ipAddress: req.ip
+            });
+
            // If user was deactivated, delete their sessions
            if (is_active === false) {
                await new Promise((resolve) => {
@@ -187,6 +214,14 @@ function createUsersRouter(db, requireAuth, requireRole) {
        }

        try {
+            // Look up the user before deleting
+            const targetUser = await new Promise((resolve, reject) => {
+                db.get('SELECT username FROM users WHERE id = ?', [userId], (err, row) => {
+                    if (err) reject(err);
+                    else resolve(row);
+                });
+            });
+
            // Delete sessions first (foreign key)
            await new Promise((resolve) => {
                db.run('DELETE FROM sessions WHERE user_id = ?', [userId], () => resolve());
@@ -204,6 +239,16 @@ function createUsersRouter(db, requireAuth, requireRole) {
                return res.status(404).json({ error: 'User not found' });
            }

+            logAudit(db, {
+                userId: req.user.id,
+                username: req.user.username,
+                action: 'user_delete',
+                entityType: 'user',
+                entityId: String(userId),
+                details: { deleted_username: targetUser ? targetUser.username : 'unknown' },
+                ipAddress: req.ip
+            });
+
            res.json({ message: 'User deleted successfully' });
        } catch (err) {
            console.error('Delete user error:', err);