33927b150b
- All 16 route files now import pool from ../db directly
- Removed db parameter from all factory functions
- All callbacks replaced with async/await pool.query()
- All ? placeholders converted to $1, $2... numbered params
- datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING
- LIKE → ILIKE for case-insensitive searches
- Error detection: err.code === '23505' for unique violations
- server.js no longer passes pool/db/requireAuth to route factories
- Only ivantiFindings.js still receives pool (pending task 8 rewrite)
100 lines
3.1 KiB
JavaScript
100 lines
3.1 KiB
JavaScript
// Audit Log Routes (Admin only)
|
|
const express = require('express');
|
|
const pool = require('../db');
|
|
const { requireAuth, requireGroup } = require('../middleware/auth');
|
|
|
|
function createAuditLogRouter() {
|
|
const router = express.Router();
|
|
|
|
// All routes require Admin group
|
|
router.use(requireAuth(), requireGroup('Admin'));
|
|
|
|
// Get paginated audit logs with filters
|
|
router.get('/', async (req, res) => {
|
|
const {
|
|
page = 1,
|
|
limit = 25,
|
|
user,
|
|
action,
|
|
entityType,
|
|
startDate,
|
|
endDate
|
|
} = req.query;
|
|
|
|
const offset = (Math.max(1, parseInt(page)) - 1) * parseInt(limit);
|
|
const pageSize = Math.min(100, Math.max(1, parseInt(limit)));
|
|
|
|
let where = [];
|
|
let params = [];
|
|
let paramIndex = 1;
|
|
|
|
if (user) {
|
|
where.push(`username ILIKE $${paramIndex++}`);
|
|
params.push(`%${user}%`);
|
|
}
|
|
if (action) {
|
|
where.push(`action = $${paramIndex++}`);
|
|
params.push(action);
|
|
}
|
|
if (entityType) {
|
|
where.push(`entity_type = $${paramIndex++}`);
|
|
params.push(entityType);
|
|
}
|
|
if (startDate) {
|
|
where.push(`created_at >= $${paramIndex++}`);
|
|
params.push(startDate);
|
|
}
|
|
if (endDate) {
|
|
where.push(`created_at <= $${paramIndex++}`);
|
|
params.push(endDate + ' 23:59:59');
|
|
}
|
|
|
|
const whereClause = where.length > 0 ? 'WHERE ' + where.join(' AND ') : '';
|
|
|
|
try {
|
|
// Get total count
|
|
const countResult = await pool.query(
|
|
`SELECT COUNT(*) as total FROM audit_logs ${whereClause}`,
|
|
params
|
|
);
|
|
const total = parseInt(countResult.rows[0].total);
|
|
|
|
// Get paginated results
|
|
const dataResult = await pool.query(
|
|
`SELECT * FROM audit_logs ${whereClause} ORDER BY created_at DESC LIMIT $${paramIndex++} OFFSET $${paramIndex++}`,
|
|
[...params, pageSize, offset]
|
|
);
|
|
|
|
res.json({
|
|
logs: dataResult.rows,
|
|
pagination: {
|
|
page: parseInt(page),
|
|
limit: pageSize,
|
|
total: total,
|
|
totalPages: Math.ceil(total / pageSize)
|
|
}
|
|
});
|
|
} catch (err) {
|
|
console.error('Audit log query error:', err);
|
|
res.status(500).json({ error: 'Failed to fetch audit logs' });
|
|
}
|
|
});
|
|
|
|
// Get distinct action types for filter dropdown
|
|
router.get('/actions', async (req, res) => {
|
|
try {
|
|
const { rows } = await pool.query(
|
|
'SELECT DISTINCT action FROM audit_logs ORDER BY action'
|
|
);
|
|
res.json(rows.map(r => r.action));
|
|
} catch (err) {
|
|
console.error('Audit log actions error:', err);
|
|
res.status(500).json({ error: 'Failed to fetch actions' });
|
|
}
|
|
});
|
|
|
|
return router;
|
|
}
|
|
|
|
module.exports = createAuditLogRouter;
|