Audit

server/app/admin_handler.go

@@ -204,6 +204,11 @@ func (a *App) SetPricesHandler(req *http.Request) (interface{}, Response) {
 		a.config.PricesPerMonth.PublicIP = input.PublicIP
 	}
 
+	if err := a.logVMsPriceUpdate(req, a.config.PricesPerMonth); err != nil {
+		log.Error().Err(err).Send()
+		return nil, InternalServerError(errors.New(internalServerErrorMsg))
+	}
+
 	return ResponseMsg{
 		Message: "New prices are set",
 		Data:    nil,
@@ -414,6 +419,11 @@ func (a *App) DeleteAllDeploymentsHandler(req *http.Request) (interface{}, Respo
 		}
 	}
 
+	if err := a.logAllDeploymentsDelete(req); err != nil {
+		log.Error().Err(err).Send()
+		return nil, InternalServerError(errors.New(internalServerErrorMsg))
+	}
+
 	return ResponseMsg{
 		Message: "Deployments are deleted successfully",
 	}, Ok()
@@ -452,6 +462,11 @@ func (a *App) UpdateMaintenanceHandler(req *http.Request) (interface{}, Response
 		return nil, InternalServerError(errors.New(internalServerErrorMsg))
 	}
 
+	if err := a.logMaintenanceUpdate(req, input.ON); err != nil {
+		log.Error().Err(err).Send()
+		return nil, InternalServerError(errors.New(internalServerErrorMsg))
+	}
+
 	return ResponseMsg{
 		Message: "Maintenance is updated successfully",
 		Data:    nil,
@@ -513,6 +528,11 @@ func (a *App) SetAdminHandler(req *http.Request) (interface{}, Response) {
 		return nil, InternalServerError(errors.New(internalServerErrorMsg))
 	}
 
+	if err := a.logAdminSet(req, user.ID.String(), input.Admin); err != nil {
+		log.Error().Err(err).Send()
+		return nil, InternalServerError(errors.New(internalServerErrorMsg))
+	}
+
 	return ResponseMsg{
 		Message: "User is updated successfully",
 	}, Ok()
@@ -573,6 +593,11 @@ func (a *App) CreateNewAnnouncementHandler(req *http.Request) (interface{}, Resp
 		}
 	}
 
+	if err := a.logAnnouncementCreate(req, adminAnnouncement.Subject); err != nil {
+		log.Error().Err(err).Send()
+		return nil, InternalServerError(errors.New(internalServerErrorMsg))
+	}
+
 	return ResponseMsg{
 		Message: "new announcement is sent successfully",
 	}, Created()
@@ -634,6 +659,11 @@ func (a *App) SendEmailHandler(req *http.Request) (interface{}, Response) {
 		return nil, InternalServerError(errors.New(internalServerErrorMsg))
 	}
 
+	if err := a.logEmailSent(req, user.ID.String(), emailUser.Subject); err != nil {
+		log.Error().Err(err).Send()
+		return nil, InternalServerError(errors.New(internalServerErrorMsg))
+	}
+
 	return ResponseMsg{
 		Message: "new email is sent successfully",
 	}, Created()
@@ -672,6 +702,11 @@ func (a *App) UpdateNextLaunchHandler(req *http.Request) (interface{}, Response)
 		return nil, InternalServerError(errors.New(internalServerErrorMsg))
 	}
 
+	if err := a.logNextLaunchUpdate(req, input.Launched); err != nil {
+		log.Error().Err(err).Send()
+		return nil, InternalServerError(errors.New(internalServerErrorMsg))
+	}
+
 	return ResponseMsg{
 		Message: "Next Launch is updated successfully",
 		Data:    nil,

server/app/app.go

@@ -118,6 +118,8 @@ func (a *App) registerHandlers() {
 	userRouter := authRouter.PathPrefix("/user").Subrouter()
 	invoiceRouter := authRouter.PathPrefix("/invoice").Subrouter()
 	cardRouter := userRouter.PathPrefix("/card").Subrouter()
+	logRouter := userRouter.PathPrefix("/log").Subrouter()
+	eventRouter := userRouter.PathPrefix("/event").Subrouter()
 	notificationRouter := authRouter.PathPrefix("/notification").Subrouter()
 	vmRouter := authRouter.PathPrefix("/vm").Subrouter()
 	k8sRouter := authRouter.PathPrefix("/k8s").Subrouter()
@@ -156,6 +158,10 @@ func (a *App) registerHandlers() {
 	cardRouter.HandleFunc("", WrapFunc(a.ListCardHandler)).Methods("GET", "OPTIONS")
 	cardRouter.HandleFunc("/default", WrapFunc(a.SetDefaultCardHandler)).Methods("PUT", "OPTIONS")
 
+	logRouter.HandleFunc("", WrapFunc(a.ListLogsHandler)).Methods("GET", "OPTIONS")
+
+	eventRouter.HandleFunc("", WrapFunc(a.ListEventsHandler)).Methods("GET", "OPTIONS")
+
 	invoiceRouter.HandleFunc("", WrapFunc(a.ListInvoicesHandler)).Methods("GET", "OPTIONS")
 	invoiceRouter.HandleFunc("/{id}", WrapFunc(a.GetInvoiceHandler)).Methods("GET", "OPTIONS")
 	invoiceRouter.HandleFunc("/download/{id}", WrapFunc(a.DownloadInvoiceHandler)).Methods("GET", "OPTIONS")
@@ -205,10 +211,10 @@ func (a *App) registerHandlers() {
 	voucherRouter.HandleFunc("/all/reset", WrapFunc(a.ResetUsersVoucherBalanceHandler)).Methods("PUT", "OPTIONS")
 
 	// middlewares
-	r.Use(middlewares.LoggingMW)
 	r.Use(middlewares.EnableCors)
 
 	authRouter.Use(middlewares.Authorization(a.db, a.config.Token.Secret, a.config.Token.Timeout))
+	authRouter.Use(middlewares.AuditLogMiddleware(a.db))
 	adminRouter.Use(middlewares.AdminAccess(a.db))
 
 	// prometheus registration

server/app/audit_handler.go

@@ -0,0 +1,78 @@
+package app
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/codescalers/cloud4students/middlewares"
+	"github.com/rs/zerolog/log"
+	"gorm.io/gorm"
+)
+
+// Example endpoint: List user's logs
+// @Summary List user's logs
+// @Description List user's logs
+// @Tags Audit
+// @Accept  json
+// @Produce  json
+// @Security BearerAuth
+// @Success 200 {object} []models.AuditLog
+// @Failure 400 {object} Response
+// @Failure 401 {object} Response
+// @Failure 404 {object} Response
+// @Failure 500 {object} Response
+// @Router /user/log [get]
+func (a *App) ListLogsHandler(req *http.Request) (interface{}, Response) {
+	userID := req.Context().Value(middlewares.UserIDKey("UserID")).(string)
+
+	logs, err := a.db.GetUserLogs(userID)
+	if err == gorm.ErrRecordNotFound || len(logs) == 0 {
+		return ResponseMsg{
+			Message: "no logs found",
+			Data:    logs,
+		}, Ok()
+	}
+	if err != nil {
+		log.Error().Err(err).Send()
+		return nil, InternalServerError(errors.New(internalServerErrorMsg))
+	}
+
+	return ResponseMsg{
+		Message: "Logs are found",
+		Data:    logs,
+	}, Ok()
+}
+
+// Example endpoint: List user's events
+// @Summary List user's events
+// @Description List user's events
+// @Tags Audit
+// @Accept  json
+// @Produce  json
+// @Security BearerAuth
+// @Success 200 {object} []models.AuditEvent
+// @Failure 400 {object} Response
+// @Failure 401 {object} Response
+// @Failure 404 {object} Response
+// @Failure 500 {object} Response
+// @Router /user/event [get]
+func (a *App) ListEventsHandler(req *http.Request) (interface{}, Response) {
+	userID := req.Context().Value(middlewares.UserIDKey("UserID")).(string)
+
+	events, err := a.db.GetUserEvents(userID)
+	if err == gorm.ErrRecordNotFound || len(events) == 0 {
+		return ResponseMsg{
+			Message: "no events found",
+			Data:    events,
+		}, Ok()
+	}
+	if err != nil {
+		log.Error().Err(err).Send()
+		return nil, InternalServerError(errors.New(internalServerErrorMsg))
+	}
+
+	return ResponseMsg{
+		Message: "Events are found",
+		Data:    events,
+	}, Ok()
+}