egg/OCR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
86a66330006ab45b981033bf4856e9e3e2b65c6e
OCR/openspec/changes/archive/2025-12-14-enable-audit-logging/proposal.md
egg 858d93155f chore: archive completed proposals 
Archive two completed proposals:
- enable-audit-logging: Added audit logging for auth, task, and admin events
- simplify-frontend-add-billing: Removed Export/Settings pages, added translation stats

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-14 12:50:04 +08:00

53 lines
2.2 KiB
Markdown
Raw Blame History

# Enable Audit Logging
## Summary
Activate the existing audit logging infrastructure by adding `audit_service.log_event()` calls to key system operations. The audit log table and service already exist but are not being used.
## Motivation
- Audit logs page exists but shows no data because events are not being recorded
- Security compliance requires tracking of authentication and administrative actions
- Administrators need visibility into system usage and potential security issues
## Current State
- `AuditLog` model exists in `backend/app/models/audit_log.py`
- `AuditService` with `log_event()` method exists in `backend/app/services/audit_service.py`
- `AuditLogsPage` frontend exists at `/admin/audit-logs`
- Admin API endpoint `GET /api/v2/admin/audit-logs` exists
- **Problem**: No code calls `audit_service.log_event()` - logs are always empty
## Proposed Changes
### Events to Log
| Event Type | Category | Location | Description |
|------------|----------|----------|-------------|
| `auth_login` | authentication | auth.py | User login (success/failure) |
| `auth_logout` | authentication | auth.py | User logout |
| `auth_token_refresh` | authentication | auth.py | Token refresh |
| `task_create` | task | tasks.py | Task created |
| `task_process` | task | tasks.py | Task processing started |
| `task_complete` | task | tasks.py | Task completed |
| `task_delete` | task | tasks.py | Task deleted |
| `admin_cleanup` | admin | admin.py | Manual cleanup triggered |
| `admin_view_users` | admin | admin.py | Admin viewed user list |
| `file_upload` | file | main.py | File uploaded |
### Implementation Approach
1. Add helper function to extract client info (IP, user agent) from Request
2. Add `audit_service.log_event()` calls to each operation point
3. Ensure all events capture: user_id, IP address, user agent, resource info
## Non-Goals
- Creating new audit log model (already exists)
- Changing audit log API endpoints (already work)
- Modifying frontend audit logs page (already complete)
## Affected Specs
- None (infrastructure already in place)
## Testing
- Verify audit logs appear after login/logout
- Verify task operations are logged
- Verify admin actions are logged
- Check audit logs page displays new entries
Reference in New Issue View Git Blame Copy Permalink