Assist_Design/apps/bff/src/infra/audit/audit.service.ts

import { Injectable, Inject } from "@nestjs/common";
import { Prisma } from "@prisma/client";
import { PrismaService } from "../database/prisma.service";
import { getErrorMessage } from "@bff/core/utils/error.util";
import { Logger } from "nestjs-pino";

export enum AuditAction {
  LOGIN_SUCCESS = "LOGIN_SUCCESS",
  LOGIN_FAILED = "LOGIN_FAILED",
  LOGOUT = "LOGOUT",
  SIGNUP = "SIGNUP",
  PASSWORD_RESET = "PASSWORD_RESET",
  PASSWORD_CHANGE = "PASSWORD_CHANGE",
  ACCOUNT_LOCKED = "ACCOUNT_LOCKED",
  ACCOUNT_UNLOCKED = "ACCOUNT_UNLOCKED",
  PROFILE_UPDATE = "PROFILE_UPDATE",
  MFA_ENABLED = "MFA_ENABLED",
  MFA_DISABLED = "MFA_DISABLED",
  API_ACCESS = "API_ACCESS",
}

export interface AuditLogData {
  userId?: string;
  action: AuditAction;
  resource?: string;
  details?: Record<string, unknown> | string | number | boolean | null;
  ipAddress?: string;
  userAgent?: string;
  success?: boolean;
  error?: string;
}

@Injectable()
export class AuditService {
  constructor(
    private readonly prisma: PrismaService,
    @Inject(Logger) private readonly logger: Logger
  ) {}

  get prismaClient() {
    return this.prisma;
  }

  async log(data: AuditLogData): Promise<void> {
    try {
      await this.prisma.auditLog.create({
        data: {
          userId: data.userId,
          action: data.action,
          resource: data.resource,
          details:
            data.details === undefined
              ? undefined
              : data.details === null
                ? Prisma.JsonNull
                : (JSON.parse(JSON.stringify(data.details)) as Prisma.InputJsonValue),
          ipAddress: data.ipAddress,
          userAgent: data.userAgent,
          success: data.success ?? true,
          error: data.error,
        },
      });
    } catch (error) {
      this.logger.error("Audit logging failed", {
        errorType: error instanceof Error ? error.constructor.name : "Unknown",
        message: getErrorMessage(error),
      });
    }
  }

  async logAuthEvent(
    action: AuditAction,
    userId?: string,
    details?: Record<string, unknown> | string | number | boolean | null,
    request?: { headers?: Record<string, string | string[] | undefined> },
    success: boolean = true,
    error?: string
  ): Promise<void> {
    const ipAddress = this.extractIpAddress(request);
    const uaHeader = request?.headers?.["user-agent"];
    const userAgent = Array.isArray(uaHeader) ? uaHeader[0] : uaHeader;

    await this.log({
      userId,
      action,
      resource: "auth",
      details,
      ipAddress,
      userAgent,
      success,
      error,
    });
  }

  private extractIpAddress(request?: {
    headers?: Record<string, string | string[] | undefined>;
    connection?: { remoteAddress?: string };
    socket?: { remoteAddress?: string };
    ip?: string;
  }): string | undefined {
    if (!request) return undefined;

    return (
      (typeof request.headers?.["x-forwarded-for"] === "string"
        ? request.headers["x-forwarded-for"].split(",")[0]?.trim()
        : Array.isArray(request.headers?.["x-forwarded-for"]) &&
            request.headers?.["x-forwarded-for"][0]
          ? request.headers["x-forwarded-for"][0]
          : undefined) ||
      (typeof request.headers?.["x-real-ip"] === "string"
        ? request.headers["x-real-ip"]
        : undefined) ||
      request.connection?.remoteAddress ||
      request.socket?.remoteAddress ||
      request.ip
    );
  }
}
clean up 2025-08-22 17:02:49 +09:00			`import { Injectable, Inject } from "@nestjs/common";`
order fix 2025-08-27 10:54:05 +09:00			`import { Prisma } from "@prisma/client";`
Refactor address management and update related services for improved clarity and functionality - Updated address retrieval in user service to replace billing info with a dedicated address method. - Adjusted API endpoints to use `PATCH /api/me/address` for address updates instead of billing updates. - Enhanced documentation to reflect changes in address management processes and API usage. - Removed deprecated types and services related to billing address handling, streamlining the codebase. 2025-09-17 18:43:43 +09:00			`import { PrismaService } from "../database/prisma.service";`
			`import { getErrorMessage } from "@bff/core/utils/error.util";`
clean up 2025-08-22 17:02:49 +09:00			`import { Logger } from "nestjs-pino";`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00
			`export enum AuditAction {`
structure changes 2025-08-21 15:24:40 +09:00			`LOGIN_SUCCESS = "LOGIN_SUCCESS",`
			`LOGIN_FAILED = "LOGIN_FAILED",`
			`LOGOUT = "LOGOUT",`
			`SIGNUP = "SIGNUP",`
			`PASSWORD_RESET = "PASSWORD_RESET",`
			`PASSWORD_CHANGE = "PASSWORD_CHANGE",`
			`ACCOUNT_LOCKED = "ACCOUNT_LOCKED",`
			`ACCOUNT_UNLOCKED = "ACCOUNT_UNLOCKED",`
			`PROFILE_UPDATE = "PROFILE_UPDATE",`
			`MFA_ENABLED = "MFA_ENABLED",`
			`MFA_DISABLED = "MFA_DISABLED",`
			`API_ACCESS = "API_ACCESS",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`

			`export interface AuditLogData {`
			`userId?: string;`
			`action: AuditAction;`
			`resource?: string;`
order fix 2025-08-27 10:54:05 +09:00			`details?: Record<string, unknown> \| string \| number \| boolean \| null;`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`ipAddress?: string;`
			`userAgent?: string;`
			`success?: boolean;`
			`error?: string;`
			`}`

			`@Injectable()`
			`export class AuditService {`
clean up 2025-08-22 17:02:49 +09:00			`constructor(`
			`private readonly prisma: PrismaService,`
			`@Inject(Logger) private readonly logger: Logger`
			`) {}`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00
			`get prismaClient() {`
			`return this.prisma;`
			`}`

			`async log(data: AuditLogData): Promise<void> {`
			`try {`
			`await this.prisma.auditLog.create({`
			`data: {`
			`userId: data.userId,`
			`action: data.action,`
			`resource: data.resource,`
order fix 2025-08-27 10:54:05 +09:00			`details:`
			`data.details === undefined`
			`? undefined`
			`: data.details === null`
			`? Prisma.JsonNull`
			`: (JSON.parse(JSON.stringify(data.details)) as Prisma.InputJsonValue),`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`ipAddress: data.ipAddress,`
			`userAgent: data.userAgent,`
			`success: data.success ?? true,`
			`error: data.error,`
			`},`
			`});`
			`} catch (error) {`
clean up 2025-08-22 17:02:49 +09:00			`this.logger.error("Audit logging failed", {`
			`errorType: error instanceof Error ? error.constructor.name : "Unknown",`
			`message: getErrorMessage(error),`
			`});`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`
			`}`

			`async logAuthEvent(`
			`action: AuditAction,`
			`userId?: string,`
order fix 2025-08-27 10:54:05 +09:00			`details?: Record<string, unknown> \| string \| number \| boolean \| null,`
			`request?: { headers?: Record<string, string \| string[] \| undefined> },`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`success: boolean = true,`
clean up 2025-08-22 17:02:49 +09:00			`error?: string`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`): Promise<void> {`
			`const ipAddress = this.extractIpAddress(request);`
order fix 2025-08-27 10:54:05 +09:00			`const uaHeader = request?.headers?.["user-agent"];`
			`const userAgent = Array.isArray(uaHeader) ? uaHeader[0] : uaHeader;`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00
			`await this.log({`
			`userId,`
			`action,`
structure changes 2025-08-21 15:24:40 +09:00			`resource: "auth",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`details,`
			`ipAddress,`
			`userAgent,`
			`success,`
			`error,`
			`});`
			`}`

order fix 2025-08-27 10:54:05 +09:00			`private extractIpAddress(request?: {`
			`headers?: Record<string, string \| string[] \| undefined>;`
			`connection?: { remoteAddress?: string };`
			`socket?: { remoteAddress?: string };`
			`ip?: string;`
			`}): string \| undefined {`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`if (!request) return undefined;`
structure changes 2025-08-21 15:24:40 +09:00
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`return (`
order fix 2025-08-27 10:54:05 +09:00			`(typeof request.headers?.["x-forwarded-for"] === "string"`
			`? request.headers["x-forwarded-for"].split(",")[0]?.trim()`
			`: Array.isArray(request.headers?.["x-forwarded-for"]) &&`
			`request.headers?.["x-forwarded-for"][0]`
			`? request.headers["x-forwarded-for"][0]`
			`: undefined) \|\|`
			`(typeof request.headers?.["x-real-ip"] === "string"`
			`? request.headers["x-real-ip"]`
			`: undefined) \|\|`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`request.connection?.remoteAddress \|\|`
			`request.socket?.remoteAddress \|\|`
			`request.ip`
			`);`
			`}`
			`}`
Refactor address management and update related services for improved clarity and functionality - Updated address retrieval in user service to replace billing info with a dedicated address method. - Adjusted API endpoints to use `PATCH /api/me/address` for address updates instead of billing updates. - Enhanced documentation to reflect changes in address management processes and API usage. - Removed deprecated types and services related to billing address handling, streamlining the codebase. 2025-09-17 18:43:43 +09:00