egg/OCR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bbd68a21626c7ed94455c9ae7b930fbfdec2abad
OCR/openspec/changes/enable-audit-logging/proposal.md
egg bbd68a2162 feat: enable audit logging for authentication and task operations 
Add audit_service.log_event() calls to track key user activities:
- auth_login: successful and failed login attempts with IP/user agent
- auth_logout: single session and all sessions logout
- task_delete: task deletion with user context
- file_upload: file upload with filename, size, and type
- admin_cleanup: manual cleanup trigger with statistics

Each event captures client IP (from X-Forwarded-For/X-Real-IP headers),
user agent, and relevant metadata for compliance and debugging.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-14 12:46:20 +08:00

2.2 KiB
Raw Blame History

Enable Audit Logging

Summary

Activate the existing audit logging infrastructure by adding audit_service.log_event() calls to key system operations. The audit log table and service already exist but are not being used.

Motivation

  • Audit logs page exists but shows no data because events are not being recorded
  • Security compliance requires tracking of authentication and administrative actions
  • Administrators need visibility into system usage and potential security issues

Current State

  • AuditLog model exists in backend/app/models/audit_log.py
  • AuditService with log_event() method exists in backend/app/services/audit_service.py
  • AuditLogsPage frontend exists at /admin/audit-logs
  • Admin API endpoint GET /api/v2/admin/audit-logs exists
  • Problem: No code calls audit_service.log_event() - logs are always empty

Proposed Changes

Events to Log

Event Type Category Location Description
auth_login authentication auth.py User login (success/failure)
auth_logout authentication auth.py User logout
auth_token_refresh authentication auth.py Token refresh
task_create task tasks.py Task created
task_process task tasks.py Task processing started
task_complete task tasks.py Task completed
task_delete task tasks.py Task deleted
admin_cleanup admin admin.py Manual cleanup triggered
admin_view_users admin admin.py Admin viewed user list
file_upload file main.py File uploaded

Implementation Approach

  1. Add helper function to extract client info (IP, user agent) from Request
  2. Add audit_service.log_event() calls to each operation point
  3. Ensure all events capture: user_id, IP address, user agent, resource info

Non-Goals

  • Creating new audit log model (already exists)
  • Changing audit log API endpoints (already work)
  • Modifying frontend audit logs page (already complete)

Affected Specs

  • None (infrastructure already in place)

Testing

  • Verify audit logs appear after login/logout
  • Verify task operations are logged
  • Verify admin actions are logged
  • Check audit logs page displays new entries