50 lines
1.3 KiB
Markdown
50 lines
1.3 KiB
Markdown
# Audit Log
|
|
|
|
## Tujuan
|
|
|
|
- Menyimpan jejak request API dan event penting service ke tabel `audit_logs`.
|
|
- Bersifat append-only.
|
|
- Tidak menyimpan secret sensitif (password, raw token).
|
|
|
|
## Desain
|
|
|
|
- Semua route di bawah `/api/*` dicatat otomatis oleh middleware `AuditMiddleware`.
|
|
- Penyimpanan ke DB dilakukan async melalui `AuditLogService` (buffered queue + worker) agar request API tetap cepat.
|
|
- Jika queue penuh, request tetap lanjut (fail-open) dan sistem menulis warning log.
|
|
|
|
## Schema Ringkas (`audit_logs`)
|
|
|
|
- `id` (BINARY(16), PK)
|
|
- `request_id` (indexed)
|
|
- `actor_user_id` (nullable, indexed)
|
|
- `layer` (`api` / `service`)
|
|
- `action` (indexed)
|
|
- `method`, `path`, `status_code`, `success`
|
|
- `ip`, `user_agent`
|
|
- `message`
|
|
- `metadata` (JSON)
|
|
- `created_at`
|
|
|
|
## Helper Pemakaian di Service
|
|
|
|
Gunakan helper yang sudah ada di `AuthService`:
|
|
|
|
```go
|
|
s.logServiceAudit(ctx, "auth.reset_password.consume", userID, true, "password_reset_success", map[string]any{
|
|
"reason": "manual_reset",
|
|
})
|
|
```
|
|
|
|
Untuk service lain, inject `*service.AuditLogService` lalu panggil:
|
|
|
|
```go
|
|
auditSvc.Log(ctx, service.AuditLogInput{
|
|
Layer: "service",
|
|
Action: "your.service.action",
|
|
ActorUserID: userID,
|
|
Success: true,
|
|
Message: "done",
|
|
Metadata: map[string]any{"key": "value"},
|
|
})
|
|
```
|