egg/OCR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
858d93155fb594a4229c9254f1200bd0bd83af65
OCR/openspec/changes/archive/2025-12-14-enable-audit-logging/proposal.md
egg 858d93155f chore: archive completed proposals 
Archive two completed proposals:
- enable-audit-logging: Added audit logging for auth, task, and admin events
- simplify-frontend-add-billing: Removed Export/Settings pages, added translation stats

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-14 12:50:04 +08:00

2.2 KiB
Raw Blame History

Enable Audit Logging

Summary

Activate the existing audit logging infrastructure by adding audit_service.log_event() calls to key system operations. The audit log table and service already exist but are not being used.

Motivation

  • Audit logs page exists but shows no data because events are not being recorded
  • Security compliance requires tracking of authentication and administrative actions
  • Administrators need visibility into system usage and potential security issues

Current State

  • AuditLog model exists in backend/app/models/audit_log.py
  • AuditService with log_event() method exists in backend/app/services/audit_service.py
  • AuditLogsPage frontend exists at /admin/audit-logs
  • Admin API endpoint GET /api/v2/admin/audit-logs exists
  • Problem: No code calls audit_service.log_event() - logs are always empty

Proposed Changes

Events to Log

Event Type Category Location Description
auth_login authentication auth.py User login (success/failure)
auth_logout authentication auth.py User logout
auth_token_refresh authentication auth.py Token refresh
task_create task tasks.py Task created
task_process task tasks.py Task processing started
task_complete task tasks.py Task completed
task_delete task tasks.py Task deleted
admin_cleanup admin admin.py Manual cleanup triggered
admin_view_users admin admin.py Admin viewed user list
file_upload file main.py File uploaded

Implementation Approach

  1. Add helper function to extract client info (IP, user agent) from Request
  2. Add audit_service.log_event() calls to each operation point
  3. Ensure all events capture: user_id, IP address, user agent, resource info

Non-Goals

  • Creating new audit log model (already exists)
  • Changing audit log API endpoints (already work)
  • Modifying frontend audit logs page (already complete)

Affected Specs

  • None (infrastructure already in place)

Testing

  • Verify audit logs appear after login/logout
  • Verify task operations are logged
  • Verify admin actions are logged
  • Check audit logs page displays new entries