egg/OCR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bbd68a21626c7ed94455c9ae7b930fbfdec2abad
OCR/openspec/changes/enable-audit-logging/proposal.md
egg bbd68a2162 feat: enable audit logging for authentication and task operations 
Add audit_service.log_event() calls to track key user activities:
- auth_login: successful and failed login attempts with IP/user agent
- auth_logout: single session and all sessions logout
- task_delete: task deletion with user context
- file_upload: file upload with filename, size, and type
- admin_cleanup: manual cleanup trigger with statistics

Each event captures client IP (from X-Forwarded-For/X-Real-IP headers),
user agent, and relevant metadata for compliance and debugging.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-14 12:46:20 +08:00

53 lines
2.2 KiB
Markdown
Raw Blame History

# Enable Audit Logging
## Summary
Activate the existing audit logging infrastructure by adding `audit_service.log_event()` calls to key system operations. The audit log table and service already exist but are not being used.
## Motivation
- Audit logs page exists but shows no data because events are not being recorded
- Security compliance requires tracking of authentication and administrative actions
- Administrators need visibility into system usage and potential security issues
## Current State
- `AuditLog` model exists in `backend/app/models/audit_log.py`
- `AuditService` with `log_event()` method exists in `backend/app/services/audit_service.py`
- `AuditLogsPage` frontend exists at `/admin/audit-logs`
- Admin API endpoint `GET /api/v2/admin/audit-logs` exists
- **Problem**: No code calls `audit_service.log_event()` - logs are always empty
## Proposed Changes
### Events to Log
| Event Type | Category | Location | Description |
|------------|----------|----------|-------------|
| `auth_login` | authentication | auth.py | User login (success/failure) |
| `auth_logout` | authentication | auth.py | User logout |
| `auth_token_refresh` | authentication | auth.py | Token refresh |
| `task_create` | task | tasks.py | Task created |
| `task_process` | task | tasks.py | Task processing started |
| `task_complete` | task | tasks.py | Task completed |
| `task_delete` | task | tasks.py | Task deleted |
| `admin_cleanup` | admin | admin.py | Manual cleanup triggered |
| `admin_view_users` | admin | admin.py | Admin viewed user list |
| `file_upload` | file | main.py | File uploaded |
### Implementation Approach
1. Add helper function to extract client info (IP, user agent) from Request
2. Add `audit_service.log_event()` calls to each operation point
3. Ensure all events capture: user_id, IP address, user agent, resource info
## Non-Goals
- Creating new audit log model (already exists)
- Changing audit log API endpoints (already work)
- Modifying frontend audit logs page (already complete)
## Affected Specs
- None (infrastructure already in place)
## Testing
- Verify audit logs appear after login/logout
- Verify task operations are logged
- Verify admin actions are logged
- Check audit logs page displays new entries
Reference in New Issue View Git Blame Copy Permalink