feat: structured audit logging system#537
Merged
lakhansamani merged 7 commits intomainfrom Apr 3, 2026
Merged
Conversation
* feat: add structured audit log schema and storage layer Add AuditLog schema with support for all 6 database providers (SQL/GORM, MongoDB, ArangoDB, Cassandra, DynamoDB, Couchbase). Includes AddAuditLog, ListAuditLogs (with filtering by actor_id, action, resource_type, etc), and DeleteAuditLogsBefore for log retention. Ref: RFC #505. * chore: add more auditlog events
Add AuditLog type, AuditLogs response, and ListAuditLogRequest input to the GraphQL schema. Supports filtering by action, actor_id, resource_type, resource_id, organization_id, and timestamp range. - Add AsAPIAuditLog() conversion method to schemas - Create audit_logs.go handler with admin-only access control - Add AuditLogs method to graphql Provider interface - Wire resolver in schema.resolvers.go
Create logAuditEvent() helper on graphqlProvider that extracts request info (IP, UserAgent) before spawning a fire-and-forget goroutine for safe async audit logging. Instrument all user-facing auth operations: - login (success + failed), signup, logout - verify_email, verify_otp (email vs phone conditional) - magic_link_login, forgot_password, reset_password - resend_otp, resend_verify_email - deactivate_account, update_profile
* feat: add audit log helper and instrument user auth flows Create logAuditEvent() helper on graphqlProvider that extracts request info (IP, UserAgent) before spawning a fire-and-forget goroutine for safe async audit logging. Instrument all user-facing auth operations: - login (success + failed), signup, logout - verify_email, verify_otp (email vs phone conditional) - magic_link_login, forgot_password, reset_password - resend_otp, resend_verify_email - deactivate_account, update_profile * feat: instrument admin operations with audit logging Add audit events to all admin GraphQL mutations: - admin_login (success + failed), admin_logout - delete_user, update_user, enable_access, revoke_access - invite_members - add/update/delete webhook - add/update/delete email_template * fix: address review findings in admin audit instrumentation - Remove incorrect ActorEmail from delete_user (was logging deleted user's email as actor's email, but admin has no email) - Capture ResourceID from AddWebhook return value for audit log - Capture ResourceID from AddEmailTemplate return value for audit log
* feat: add audit log helper and instrument user auth flows Create logAuditEvent() helper on graphqlProvider that extracts request info (IP, UserAgent) before spawning a fire-and-forget goroutine for safe async audit logging. Instrument all user-facing auth operations: - login (success + failed), signup, logout - verify_email, verify_otp (email vs phone conditional) - magic_link_login, forgot_password, reset_password - resend_otp, resend_verify_email - deactivate_account, update_profile * feat: instrument admin operations with audit logging Add audit events to all admin GraphQL mutations: - admin_login (success + failed), admin_logout - delete_user, update_user, enable_access, revoke_access - invite_members - add/update/delete webhook - add/update/delete email_template * fix: address review findings in admin audit instrumentation - Remove incorrect ActorEmail from delete_user (was logging deleted user's email as actor's email, but admin has no email) - Capture ResourceID from AddWebhook return value for audit log - Capture ResourceID from AddEmailTemplate return value for audit log * feat: instrument OAuth/HTTP handlers with audit logging Create logAuditEvent() helper for httpProvider with safe goroutine pattern (extracts IP/UserAgent before spawn, uses context.Background). Instrument HTTP handlers: - oauth_callback: AuditOAuthCallbackSuccessEvent with provider metadata - token: AuditTokenIssuedEvent / AuditTokenRefreshedEvent by grant type - revoke_refresh_token: AuditTokenRevokedEvent after session deletion - logout: AuditSessionTerminatedEvent after session cleanup
Schema cleanup: - Remove OrganizationID field (no org ID exists in config) - Remove Timestamp field (duplicated CreatedAt) - Remove UpdatedAt field (audit logs are immutable) - Update all 6 DB providers, GraphQL schema, helpers, and conversion - Fix Cassandra CREATE TABLE to match new schema - Fix CreatedAt handling: all providers now conditionally set it (preserves caller-supplied values for retention testing) String literal constants: - Add AuditActorTypeUser, AuditActorTypeAdmin constants - Add AuditResourceTypeUser, AuditResourceTypeSession, AuditResourceTypeAdminSession, AuditResourceTypeWebhook, AuditResourceTypeEmailTemplate, AuditResourceTypeToken constants - Replace all inline string literals across 30 files Test improvements: - Migrate audit_logs_test.go to runForEachDB pattern - Add resource_type filter test - Add timestamp range filter test - Add round-trip field preservation test - Use constants throughout all test files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Complete audit logging system for Authorizer — tracks all security-relevant events across user authentication, admin operations, OAuth flows, and token lifecycle.
What's included
_audit_logsadmin query with filtering by action, actor_id, resource_type, resource_id, and timestamp rangeuser,admin) and resource types (user,session,admin_session,webhook,email_template,token)context.Background()for DB writesrunForEachDBpattern covering CRUD, filtering, timestamp range, and field round-tripArchitecture
internal/constants/audit_event.go— Event, actor type, and resource type constantsinternal/storage/schemas/audit_log.go— Schema +AsAPIAuditLog()conversioninternal/graphql/audit_log_helper.go— Fire-and-forget helper for GraphQL handlersinternal/http_handlers/audit_log_helper.go— Fire-and-forget helper for HTTP handlersinternal/graphql/audit_logs.go—_audit_logsadmin query handlerFollow-up items (separate issues)
Test plan
go build ./...passesTEST_DBS=sqlite— 8/8 audit log tests passmake test— full Postgres validationmake test-all-db— cross-DB validation_audit_logsvia GraphQL playground