1.3 KiB
1.3 KiB
Audit Log
Tujuan
- Menyimpan jejak request API dan event penting service ke tabel
audit_logs. - Bersifat append-only.
- Tidak menyimpan secret sensitif (password, raw token).
Desain
- Semua route di bawah
/api/*dicatat otomatis oleh middlewareAuditMiddleware. - Penyimpanan ke DB dilakukan async melalui
AuditLogService(buffered queue + worker) agar request API tetap cepat. - Jika queue penuh, request tetap lanjut (fail-open) dan sistem menulis warning log.
Schema Ringkas (audit_logs)
id(BINARY(16), PK)request_id(indexed)actor_user_id(nullable, indexed)layer(api/service)action(indexed)method,path,status_code,successip,user_agentmessagemetadata(JSON)created_at
Helper Pemakaian di Service
Gunakan helper yang sudah ada di AuthService:
s.logServiceAudit(ctx, "auth.reset_password.consume", userID, true, "password_reset_success", map[string]any{
"reason": "manual_reset",
})
Untuk service lain, inject *service.AuditLogService lalu panggil:
auditSvc.Log(ctx, service.AuditLogInput{
Layer: "service",
Action: "your.service.action",
ActorUserID: userID,
Success: true,
Message: "done",
Metadata: map[string]any{"key": "value"},
})