Assist_Design/apps/bff/src/infra/audit/audit.service.ts

import { Injectable, Inject } from "@nestjs/common";
import { Prisma } from "@prisma/client";
import { PrismaService } from "../database/prisma.service.js";
import { getErrorMessage } from "@bff/core/utils/error.util.js";
import { Logger } from "nestjs-pino";

export enum AuditAction {
  LOGIN_SUCCESS = "LOGIN_SUCCESS",
  LOGIN_FAILED = "LOGIN_FAILED",
  LOGOUT = "LOGOUT",
  SIGNUP = "SIGNUP",
  PASSWORD_RESET = "PASSWORD_RESET",
  PASSWORD_CHANGE = "PASSWORD_CHANGE",
  ACCOUNT_LOCKED = "ACCOUNT_LOCKED",
  ACCOUNT_UNLOCKED = "ACCOUNT_UNLOCKED",
  PROFILE_UPDATE = "PROFILE_UPDATE",
  MFA_ENABLED = "MFA_ENABLED",
  MFA_DISABLED = "MFA_DISABLED",
  API_ACCESS = "API_ACCESS",
  SYSTEM_MAINTENANCE = "SYSTEM_MAINTENANCE",
}

export interface AuditLogData {
  userId?: string;
  action: AuditAction;
  resource?: string;
  details?: Record<string, unknown> | string | number | boolean | null;
  ipAddress?: string;
  userAgent?: string;
  success?: boolean;
  error?: string;
}

@Injectable()
export class AuditService {
  constructor(
    private readonly prisma: PrismaService,
    @Inject(Logger) private readonly logger: Logger
  ) {}

  async log(data: AuditLogData): Promise<void> {
    try {
      await this.prisma.auditLog.create({
        data: {
          userId: data.userId,
          action: data.action,
          resource: data.resource,
          details:
            data.details === undefined
              ? undefined
              : data.details === null
                ? Prisma.JsonNull
                : (JSON.parse(JSON.stringify(data.details)) as Prisma.InputJsonValue),
          ipAddress: data.ipAddress,
          userAgent: data.userAgent,
          success: data.success ?? true,
          error: data.error,
        },
      });
    } catch (error) {
      this.logger.error("Audit logging failed", {
        errorType: error instanceof Error ? error.constructor.name : "Unknown",
        message: getErrorMessage(error),
      });
    }
  }

  async logAuthEvent(
    action: AuditAction,
    userId?: string,
    details?: Record<string, unknown> | string | number | boolean | null,
    request?: {
      headers?: Record<string, string | string[] | undefined>;
      ip?: string;
      connection?: { remoteAddress?: string };
      socket?: { remoteAddress?: string };
    },
    success: boolean = true,
    error?: string
  ): Promise<void> {
    const ipAddress = this.extractIpAddress(request);
    const uaHeader = request?.headers?.["user-agent"];
    const userAgent = Array.isArray(uaHeader) ? uaHeader[0] : uaHeader;

    await this.log({
      userId,
      action,
      resource: "auth",
      details,
      ipAddress,
      userAgent,
      success,
      error,
    });
  }

  private extractIpAddress(request?: {
    headers?: Record<string, string | string[] | undefined>;
    connection?: { remoteAddress?: string };
    socket?: { remoteAddress?: string };
    ip?: string;
  }): string | undefined {
    if (!request) return undefined;

    return (
      (typeof request.headers?.["x-forwarded-for"] === "string"
        ? request.headers["x-forwarded-for"].split(",")[0]?.trim()
        : Array.isArray(request.headers?.["x-forwarded-for"]) &&
            request.headers?.["x-forwarded-for"][0]
          ? request.headers["x-forwarded-for"][0]
          : undefined) ||
      (typeof request.headers?.["x-real-ip"] === "string"
        ? request.headers["x-real-ip"]
        : undefined) ||
      request.connection?.remoteAddress ||
      request.socket?.remoteAddress ||
      request.ip
    );
  }

  async getAuditLogs({
    page,
    limit,
    action,
    userId,
  }: {
    page: number;
    limit: number;
    action?: AuditAction;
    userId?: string;
  }) {
    const skip = (page - 1) * limit;
    const where: Prisma.AuditLogWhereInput = {};
    if (action) where.action = action;
    if (userId) where.userId = userId;

    const [logs, total] = await Promise.all([
      this.prisma.auditLog.findMany({
        where,
        include: {
          user: {
            select: {
              id: true,
              email: true,
            },
          },
        },
        orderBy: { createdAt: "desc" },
        skip,
        take: limit,
      }),
      this.prisma.auditLog.count({ where }),
    ]);

    return { logs, total };
  }

  async getSecurityStats() {
    const today = new Date(new Date().setHours(0, 0, 0, 0));

    const [totalUsers, lockedAccounts, failedLoginsToday, successfulLoginsToday] =
      await Promise.all([
        this.prisma.user.count(),
        this.prisma.user.count({
          where: {
            lockedUntil: {
              gt: new Date(),
            },
          },
        }),
        this.prisma.auditLog.count({
          where: {
            action: AuditAction.LOGIN_FAILED,
            createdAt: {
              gte: today,
            },
          },
        }),
        this.prisma.auditLog.count({
          where: {
            action: AuditAction.LOGIN_SUCCESS,
            createdAt: {
              gte: today,
            },
          },
        }),
      ]);

    return {
      totalUsers,
      lockedAccounts,
      failedLoginsToday,
      successfulLoginsToday,
      securityEventsToday: failedLoginsToday + successfulLoginsToday,
    };
  }
}
clean up 2025-08-22 17:02:49 +09:00			`import { Injectable, Inject } from "@nestjs/common";`
order fix 2025-08-27 10:54:05 +09:00			`import { Prisma } from "@prisma/client";`
Update TypeScript configurations, improve module imports, and clean up Dockerfiles - Adjusted TypeScript settings in tsconfig files for better alignment with ESNext standards. - Updated pnpm-lock.yaml to reflect dependency changes and improve package management. - Cleaned up Dockerfiles for both BFF and Portal applications to enhance build processes. - Modified import statements across various modules to include file extensions for consistency. - Removed outdated SHA256 files for backend and frontend tarballs to streamline project structure. - Enhanced health check mechanisms in Dockerfiles for improved application startup reliability. 2025-12-10 16:08:34 +09:00			`import { PrismaService } from "../database/prisma.service.js";`
			`import { getErrorMessage } from "@bff/core/utils/error.util.js";`
clean up 2025-08-22 17:02:49 +09:00			`import { Logger } from "nestjs-pino";`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00
			`export enum AuditAction {`
structure changes 2025-08-21 15:24:40 +09:00			`LOGIN_SUCCESS = "LOGIN_SUCCESS",`
			`LOGIN_FAILED = "LOGIN_FAILED",`
			`LOGOUT = "LOGOUT",`
			`SIGNUP = "SIGNUP",`
			`PASSWORD_RESET = "PASSWORD_RESET",`
			`PASSWORD_CHANGE = "PASSWORD_CHANGE",`
			`ACCOUNT_LOCKED = "ACCOUNT_LOCKED",`
			`ACCOUNT_UNLOCKED = "ACCOUNT_UNLOCKED",`
			`PROFILE_UPDATE = "PROFILE_UPDATE",`
			`MFA_ENABLED = "MFA_ENABLED",`
			`MFA_DISABLED = "MFA_DISABLED",`
			`API_ACCESS = "API_ACCESS",`
Remove deprecated environment configuration files and clean up documentation related to Zod implementation. Update pnpm-lock.yaml for consistency in package versions. Refactor BFF and portal components to enhance type consistency, error handling, and maintainability across various services. Streamline import paths and remove unused code to improve overall project organization. 2025-09-26 18:28:47 +09:00			`SYSTEM_MAINTENANCE = "SYSTEM_MAINTENANCE",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`

			`export interface AuditLogData {`
			`userId?: string;`
			`action: AuditAction;`
			`resource?: string;`
order fix 2025-08-27 10:54:05 +09:00			`details?: Record<string, unknown> \| string \| number \| boolean \| null;`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`ipAddress?: string;`
			`userAgent?: string;`
			`success?: boolean;`
			`error?: string;`
			`}`

			`@Injectable()`
			`export class AuditService {`
clean up 2025-08-22 17:02:49 +09:00			`constructor(`
			`private readonly prisma: PrismaService,`
			`@Inject(Logger) private readonly logger: Logger`
			`) {}`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00
			`async log(data: AuditLogData): Promise<void> {`
			`try {`
			`await this.prisma.auditLog.create({`
			`data: {`
			`userId: data.userId,`
			`action: data.action,`
			`resource: data.resource,`
order fix 2025-08-27 10:54:05 +09:00			`details:`
			`data.details === undefined`
			`? undefined`
			`: data.details === null`
			`? Prisma.JsonNull`
			`: (JSON.parse(JSON.stringify(data.details)) as Prisma.InputJsonValue),`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`ipAddress: data.ipAddress,`
			`userAgent: data.userAgent,`
			`success: data.success ?? true,`
			`error: data.error,`
			`},`
			`});`
			`} catch (error) {`
clean up 2025-08-22 17:02:49 +09:00			`this.logger.error("Audit logging failed", {`
			`errorType: error instanceof Error ? error.constructor.name : "Unknown",`
			`message: getErrorMessage(error),`
			`});`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`}`
			`}`

			`async logAuthEvent(`
			`action: AuditAction,`
			`userId?: string,`
order fix 2025-08-27 10:54:05 +09:00			`details?: Record<string, unknown> \| string \| number \| boolean \| null,`
Enhance AuditService request logging by adding IP and connection details. Remove deprecated getSubscriptionStats method from WhmcsService to streamline subscription handling. Update WhmcsInvoiceService imports for better organization. Refactor payment method checks in WhmcsOrderService for clarity and efficiency. Improve error handling in WhmcsPaymentService and WhmcsSubscriptionService. Adjust subscription statistics in SubscriptionsService to reflect completed status instead of suspended and pending. Update frontend components to align with new subscription status structure. 2025-10-03 11:29:59 +09:00			`request?: {`
			`headers?: Record<string, string \| string[] \| undefined>;`
			`ip?: string;`
			`connection?: { remoteAddress?: string };`
			`socket?: { remoteAddress?: string };`
			`},`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`success: boolean = true,`
clean up 2025-08-22 17:02:49 +09:00			`error?: string`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`): Promise<void> {`
			`const ipAddress = this.extractIpAddress(request);`
order fix 2025-08-27 10:54:05 +09:00			`const uaHeader = request?.headers?.["user-agent"];`
			`const userAgent = Array.isArray(uaHeader) ? uaHeader[0] : uaHeader;`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00
			`await this.log({`
			`userId,`
			`action,`
structure changes 2025-08-21 15:24:40 +09:00			`resource: "auth",`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`details,`
			`ipAddress,`
			`userAgent,`
			`success,`
			`error,`
			`});`
			`}`

order fix 2025-08-27 10:54:05 +09:00			`private extractIpAddress(request?: {`
			`headers?: Record<string, string \| string[] \| undefined>;`
			`connection?: { remoteAddress?: string };`
			`socket?: { remoteAddress?: string };`
			`ip?: string;`
			`}): string \| undefined {`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`if (!request) return undefined;`
structure changes 2025-08-21 15:24:40 +09:00
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`return (`
order fix 2025-08-27 10:54:05 +09:00			`(typeof request.headers?.["x-forwarded-for"] === "string"`
			`? request.headers["x-forwarded-for"].split(",")[0]?.trim()`
			`: Array.isArray(request.headers?.["x-forwarded-for"]) &&`
			`request.headers?.["x-forwarded-for"][0]`
			`? request.headers["x-forwarded-for"][0]`
			`: undefined) \|\|`
			`(typeof request.headers?.["x-real-ip"] === "string"`
			`? request.headers["x-real-ip"]`
			`: undefined) \|\|`
Initial Customer Portal setup - production ready 2025-08-20 18:02:50 +09:00			`request.connection?.remoteAddress \|\|`
			`request.socket?.remoteAddress \|\|`
			`request.ip`
			`);`
			`}`
Refactor address management and update related services for improved clarity and functionality - Updated address retrieval in user service to replace billing info with a dedicated address method. - Adjusted API endpoints to use `PATCH /api/me/address` for address updates instead of billing updates. - Enhanced documentation to reflect changes in address management processes and API usage. - Removed deprecated types and services related to billing address handling, streamlining the codebase. 2025-09-17 18:43:43 +09:00
Refactor AuditService and AuthAdminController to streamline audit log retrieval and security statistics. Introduce new methods in AuditService for fetching audit logs and security stats, and update AuthAdminController to utilize these methods. Remove redundant code and improve error handling in InvoicesService. Clean up unused DTOs and API routes in the portal. Enhance query keys for better organization in billing and catalog features. 2025-09-18 17:49:43 +09:00			`async getAuditLogs({`
			`page,`
			`limit,`
			`action,`
			`userId,`
			`}: {`
			`page: number;`
			`limit: number;`
			`action?: AuditAction;`
			`userId?: string;`
			`}) {`
			`const skip = (page - 1) * limit;`
			`const where: Prisma.AuditLogWhereInput = {};`
			`if (action) where.action = action;`
			`if (userId) where.userId = userId;`

			`const [logs, total] = await Promise.all([`
			`this.prisma.auditLog.findMany({`
			`where,`
			`include: {`
			`user: {`
			`select: {`
			`id: true,`
			`email: true,`
			`},`
			`},`
			`},`
			`orderBy: { createdAt: "desc" },`
			`skip,`
			`take: limit,`
			`}),`
			`this.prisma.auditLog.count({ where }),`
			`]);`

			`return { logs, total };`
			`}`

			`async getSecurityStats() {`
			`const today = new Date(new Date().setHours(0, 0, 0, 0));`

			`const [totalUsers, lockedAccounts, failedLoginsToday, successfulLoginsToday] =`
			`await Promise.all([`
			`this.prisma.user.count(),`
			`this.prisma.user.count({`
			`where: {`
			`lockedUntil: {`
			`gt: new Date(),`
			`},`
			`},`
			`}),`
			`this.prisma.auditLog.count({`
			`where: {`
			`action: AuditAction.LOGIN_FAILED,`
			`createdAt: {`
			`gte: today,`
			`},`
			`},`
			`}),`
			`this.prisma.auditLog.count({`
			`where: {`
			`action: AuditAction.LOGIN_SUCCESS,`
			`createdAt: {`
			`gte: today,`
			`},`
			`},`
			`}),`
			`]);`

			`return {`
			`totalUsers,`
			`lockedAccounts,`
			`failedLoginsToday,`
			`successfulLoginsToday,`
			`securityEventsToday: failedLoginsToday + successfulLoginsToday,`
			`};`
			`}`
			`}`