init push

This commit is contained in:
2026-07-16 22:16:45 +07:00
commit 8b068bdb10
1021 changed files with 332816 additions and 0 deletions

49
docs/audit-log.md Normal file
View File

@@ -0,0 +1,49 @@
# Audit Log
## Tujuan
- Menyimpan jejak request API dan event penting service ke tabel `audit_logs`.
- Bersifat append-only.
- Tidak menyimpan secret sensitif (password, raw token).
## Desain
- Semua route di bawah `/api/*` dicatat otomatis oleh middleware `AuditMiddleware`.
- Penyimpanan ke DB dilakukan async melalui `AuditLogService` (buffered queue + worker) agar request API tetap cepat.
- Jika queue penuh, request tetap lanjut (fail-open) dan sistem menulis warning log.
## Schema Ringkas (`audit_logs`)
- `id` (BINARY(16), PK)
- `request_id` (indexed)
- `actor_user_id` (nullable, indexed)
- `layer` (`api` / `service`)
- `action` (indexed)
- `method`, `path`, `status_code`, `success`
- `ip`, `user_agent`
- `message`
- `metadata` (JSON)
- `created_at`
## Helper Pemakaian di Service
Gunakan helper yang sudah ada di `AuthService`:
```go
s.logServiceAudit(ctx, "auth.reset_password.consume", userID, true, "password_reset_success", map[string]any{
"reason": "manual_reset",
})
```
Untuk service lain, inject `*service.AuditLogService` lalu panggil:
```go
auditSvc.Log(ctx, service.AuditLogInput{
Layer: "service",
Action: "your.service.action",
ActorUserID: userID,
Success: true,
Message: "done",
Metadata: map[string]any{"key": "value"},
})
```