ChrisChen/ROLAC
1
0
Fork 0
Code Issues 66 Pull Requests Actions Packages Projects Releases Wiki Activity

Add audit logs.
ci-cd-vm / ci-cd (push) Successful in 4m2s
Details

Browse Source
This commit is contained in:
Chris Chen
2026-06-23 12:13:47 -07:00
parent 870eeec82a
commit 62592c29ae
106 changed files with 2522 additions and 311 deletions
Download Patch File Download Diff File Expand all files Collapse all files
API/ROLAC.API/Authorization/Modules.cs
+4
View File
@@ -21,6 +21,8 @@ public static class Modules
public const string Disbursements = "Disbursements";
public const string MealAttendance = "MealAttendance";
public const string Permissions = "Permissions";
public const string SystemLogs = "SystemLogs";
public const string AuditLogs = "AuditLogs";
/// <summary>All modules, in display order — drives the admin matrix UI.</summary>
public static readonly IReadOnlyList<string> All =
@@ -39,6 +41,8 @@ public static class Modules
Disbursements,
MealAttendance,
Permissions,
SystemLogs,
AuditLogs,
];
public static bool IsValid(string module) => All.Contains(module);
API/ROLAC.API/Controllers/AuditLogsController.cs
+34
View File
@@ -0,0 +1,34 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using ROLAC.API.Authorization;
using ROLAC.API.DTOs.Logging;
using ROLAC.API.Services.Logging;
namespace ROLAC.API.Controllers;
[ApiController]
[Route("api/audit-logs")]
[Authorize]
public class AuditLogsController : ControllerBase
{
private readonly IAuditLogQueryService _svc;
public AuditLogsController(IAuditLogQueryService svc) => _svc = svc;
[HttpGet]
[HasPermission(Modules.AuditLogs, PermissionActions.Read)]
public async Task<IActionResult> GetPaged([FromQuery] AuditLogQuery query)
=> Ok(await _svc.GetPagedAsync(query));
[HttpGet("{id:long}")]
[HasPermission(Modules.AuditLogs, PermissionActions.Read)]
public async Task<IActionResult> GetById(long id)
{
var dto = await _svc.GetByIdAsync(id);
return dto is null ? NotFound() : Ok(dto);
}
/// <summary>Category / action / level option lists for the filter UI.</summary>
[HttpGet("catalog")]
[HasPermission(Modules.AuditLogs, PermissionActions.Read)]
public IActionResult GetCatalog() => Ok(_svc.GetCatalog());
}
API/ROLAC.API/Controllers/SystemLogsController.cs
+35
View File
@@ -0,0 +1,35 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using ROLAC.API.Authorization;
using ROLAC.API.DTOs.Logging;
using ROLAC.API.Entities.Logging;
using ROLAC.API.Services.Logging;
namespace ROLAC.API.Controllers;
[ApiController]
[Route("api/system-logs")]
[Authorize]
public class SystemLogsController : ControllerBase
{
private readonly ISystemLogQueryService _svc;
public SystemLogsController(ISystemLogQueryService svc) => _svc = svc;
[HttpGet]
[HasPermission(Modules.SystemLogs, PermissionActions.Read)]
public async Task<IActionResult> GetPaged([FromQuery] SystemLogQuery query)
=> Ok(await _svc.GetPagedAsync(query));
[HttpGet("{id:long}")]
[HasPermission(Modules.SystemLogs, PermissionActions.Read)]
public async Task<IActionResult> GetById(long id)
{
var dto = await _svc.GetByIdAsync(id);
return dto is null ? NotFound() : Ok(dto);
}
/// <summary>All six severities, so the UI can offer every filter option regardless of data.</summary>
[HttpGet("levels")]
[HasPermission(Modules.SystemLogs, PermissionActions.Read)]
public IActionResult GetLevels() => Ok(Enum.GetNames<LogLevelEnum>());
}
API/ROLAC.API/DTOs/Logging/AuditLogDtos.cs
+50
View File
@@ -0,0 +1,50 @@
using ROLAC.API.Entities.Logging;
namespace ROLAC.API.DTOs.Logging;
/// <summary>Row shape for the Audit Logs grid (no heavy Changes JSON).</summary>
public class AuditLogListItemDto
{
public long Id { get; set; }
public DateTimeOffset Timestamp { get; set; }
public string Level { get; set; } = null!;
public string Action { get; set; } = null!;
public string Category { get; set; } = null!;
public string? EntityName { get; set; }
public string? EntityId { get; set; }
public string? Summary { get; set; }
public string? UserId { get; set; }
public string? UserEmail { get; set; }
}
/// <summary>Full detail for the Audit Log dialog, including the before→after JSON.</summary>
public class AuditLogDetailDto : AuditLogListItemDto
{
public string? Changes { get; set; }
public string? IpAddress { get; set; }
public string? CorrelationId { get; set; }
}
/// <summary>Filters for the paged Audit Logs query.</summary>
public class AuditLogQuery
{
public int Page { get; set; } = 1;
public int PageSize { get; set; } = 20;
public DateTimeOffset? From { get; set; }
public DateTimeOffset? To { get; set; }
public string? Category { get; set; }
public string? Action { get; set; }
public string? EntityName { get; set; }
public string? EntityId { get; set; }
public string? UserId { get; set; }
public LogLevelEnum? MinLevel { get; set; }
public string? Search { get; set; }
}
/// <summary>Option lists for the Audit Logs filter UI.</summary>
public class AuditCatalogDto
{
public IReadOnlyList<string> Categories { get; set; } = [];
public IReadOnlyList<string> Actions { get; set; } = [];
public IReadOnlyList<string> Levels { get; set; } = [];
}
API/ROLAC.API/DTOs/Logging/SystemLogDtos.cs
+43
View File
@@ -0,0 +1,43 @@
using ROLAC.API.Entities.Logging;
namespace ROLAC.API.DTOs.Logging;
/// <summary>Row shape for the System Logs grid (no heavy exception text).</summary>
public class SystemLogListItemDto
{
public long Id { get; set; }
public DateTimeOffset Timestamp { get; set; }
public string Level { get; set; } = null!;
public string Category { get; set; } = null!;
public string Message { get; set; } = null!;
public bool HasException { get; set; }
public int? StatusCode { get; set; }
public string? RequestPath { get; set; }
public string? HttpMethod { get; set; }
public string? UserId { get; set; }
public string? CorrelationId { get; set; }
}
/// <summary>Full detail for the System Log dialog, including the stack trace.</summary>
public class SystemLogDetailDto : SystemLogListItemDto
{
public int? EventId { get; set; }
public string? Exception { get; set; }
public string? IpAddress { get; set; }
}
/// <summary>Filters for the paged System Logs query.</summary>
public class SystemLogQuery
{
public int Page { get; set; } = 1;
public int PageSize { get; set; } = 20;
public DateTimeOffset? From { get; set; }
public DateTimeOffset? To { get; set; }
/// <summary>Lower bound on severity (inclusive).</summary>
public LogLevelEnum? MinLevel { get; set; }
/// <summary>Exact severity match (takes precedence over MinLevel when set).</summary>
public LogLevelEnum? Level { get; set; }
public string? Search { get; set; }
public string? UserId { get; set; }
public string? CorrelationId { get; set; }
}
API/ROLAC.API/Data/AppDbContext.cs
+8
View File
@@ -1,5 +1,6 @@
using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore;
using ROLAC.API.Data.Logging;
using ROLAC.API.Entities;
namespace ROLAC.API.Data;
@@ -324,5 +325,12 @@ public class AppDbContext : IdentityDbContext<AppUser, AppRole, string>
entity.Property(e => e.UpdatedBy).HasMaxLength(450);
entity.HasIndex(e => new { e.Year, e.Month }).IsUnique();
});
// ── SystemLog / AuditLog (append-only) ───────────────────────────────
// Mapped here for SCHEMA only — there are deliberately no DbSets on this
// context, so business code can't write logs through the audited context.
// Runtime reads/writes go through the dedicated LogDbContext. Including
// them in the model lets the single startup migration create the tables.
LogModelConfiguration.Configure(builder);
}
}
API/ROLAC.API/Data/DbSeeder.cs
+7
View File
@@ -87,6 +87,13 @@ public static class DbSeeder
("finance", Modules.MonthlyStatements, true, true, false, true),
("finance", Modules.ChurchProfile, true, true, false, false),
("finance", Modules.Disbursements, true, true, true, true),
// Logs — read-only. System logs are technical (pastor only); audit logs have
// governance value, so finance and board members can read them too.
("pastor", Modules.SystemLogs, true, false, false, false),
("pastor", Modules.AuditLogs, true, false, false, false),
("finance", Modules.AuditLogs, true, false, false, false),
("board_member", Modules.AuditLogs, true, false, false, false),
];
public static async Task SeedRolePermissionsAsync(AppDbContext db)
API/ROLAC.API/Data/Interceptors/AuditLogInterceptor.cs
+177
View File
@@ -0,0 +1,177 @@
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.ChangeTracking;
using Microsoft.EntityFrameworkCore.Diagnostics;
using ROLAC.API.Entities.Base;
using ROLAC.API.Entities.Logging;
using ROLAC.API.Services.Logging;
namespace ROLAC.API.Data.Interceptors;
/// <summary>
/// Writes a before→after <see cref="AuditLog"/> row for every Create/Update/Delete of an
/// <see cref="IAuditable"/> entity. Two-phase: snapshot changed values BEFORE save (while
/// original values are still available), then — AFTER save succeeds — read DB-generated keys and
/// enqueue the rows. Enqueuing (rather than inserting here) avoids a second SaveChanges, can't
/// fail the user's transaction, and never recurses through AppDbContext.
/// </summary>
public sealed class AuditLogInterceptor : SaveChangesInterceptor
{
private readonly SystemLogQueue _queue;
private readonly CurrentUserAccessor _currentUser;
private readonly List<PendingAudit> _pending = [];
public AuditLogInterceptor(SystemLogQueue queue, CurrentUserAccessor currentUser)
{
_queue = queue;
_currentUser = currentUser;
}
public override InterceptionResult<int> SavingChanges(
DbContextEventData eventData, InterceptionResult<int> result)
{
Capture(eventData.Context);
return base.SavingChanges(eventData, result);
}
public override ValueTask<InterceptionResult<int>> SavingChangesAsync(
DbContextEventData eventData, InterceptionResult<int> result,
CancellationToken cancellationToken = default)
{
Capture(eventData.Context);
return base.SavingChangesAsync(eventData, result, cancellationToken);
}
public override int SavedChanges(SaveChangesCompletedEventData eventData, int result)
{
Flush();
return base.SavedChanges(eventData, result);
}
public override ValueTask<int> SavedChangesAsync(
SaveChangesCompletedEventData eventData, int result, CancellationToken cancellationToken = default)
{
Flush();
return base.SavedChangesAsync(eventData, result, cancellationToken);
}
public override void SaveChangesFailed(DbContextErrorEventData eventData) => _pending.Clear();
public override Task SaveChangesFailedAsync(
DbContextErrorEventData eventData, CancellationToken cancellationToken = default)
{
_pending.Clear();
return Task.CompletedTask;
}
// ── Phase 1: snapshot before save ─────────────────────────────────────────
private void Capture(DbContext? db)
{
if (db is null)
return;
foreach (var entry in db.ChangeTracker.Entries())
{
if (entry.Entity is not IAuditable)
continue;
switch (entry.State)
{
case EntityState.Added:
_pending.Add(new PendingAudit(entry, AuditActions.Create, null, BuildValues(entry, current: true)));
break;
case EntityState.Deleted:
_pending.Add(new PendingAudit(entry, AuditActions.Delete, BuildValues(entry, current: false), null));
break;
case EntityState.Modified:
var before = new Dictionary<string, object?>();
var after = new Dictionary<string, object?>();
foreach (var property in entry.Properties)
{
if (!property.IsModified)
continue;
var name = property.Metadata.Name;
before[name] = Read(name, property.OriginalValue);
after[name] = Read(name, property.CurrentValue);
}
if (after.Count == 0)
break; // no real change (e.g. only audit timestamps touched on a no-op)
// A soft-delete (IsDeleted false→true) reads more naturally as a Delete.
var action = IsSoftDelete(after) ? AuditActions.Delete : AuditActions.Update;
_pending.Add(new PendingAudit(entry, action, before, after));
break;
}
}
}
// ── Phase 2: keys exist, enqueue ──────────────────────────────────────────
private void Flush()
{
if (_pending.Count == 0)
return;
var userId = _currentUser.UserId;
var userEmail = _currentUser.Email;
var ip = _currentUser.IpAddress;
var corr = _currentUser.CorrelationId;
foreach (var item in _pending)
{
_queue.TryEnqueue(new AuditLog
{
Timestamp = DateTimeOffset.UtcNow,
Level = LogLevelEnum.Information,
Action = item.Action,
Category = AuditCategories.DataChange,
EntityName = item.Entry.Metadata.ClrType.Name,
EntityId = ReadKey(item.Entry),
Changes = AuditChangeSerializer.BuildChanges(item.Before, item.After),
UserId = userId,
UserEmail = userEmail,
IpAddress = ip,
CorrelationId = corr,
});
}
_pending.Clear();
}
private static Dictionary<string, object?> BuildValues(EntityEntry entry, bool current)
{
var values = new Dictionary<string, object?>();
foreach (var property in entry.Properties)
{
if (property.Metadata.IsPrimaryKey())
continue;
var name = property.Metadata.Name;
values[name] = Read(name, current ? property.CurrentValue : property.OriginalValue);
}
return values;
}
private static object? Read(string propertyName, object? value) =>
AuditChangeSerializer.IsSensitive(propertyName) ? AuditChangeSerializer.MaskValue : value;
private static bool IsSoftDelete(Dictionary<string, object?> after) =>
after.TryGetValue("IsDeleted", out var value) && value is true;
private static string? ReadKey(EntityEntry entry)
{
var key = entry.Metadata.FindPrimaryKey();
if (key is null)
return null;
var parts = key.Properties
.Select(p => entry.Property(p.Name).CurrentValue?.ToString())
.Where(v => v is not null);
return string.Join(",", parts);
}
private sealed record PendingAudit(
EntityEntry Entry,
string Action,
Dictionary<string, object?>? Before,
Dictionary<string, object?>? After);
}
API/ROLAC.API/Data/Interceptors/AuditSaveChangesInterceptor.cs
+4 -5
View File
@@ -1,15 +1,15 @@
using System.Security.Claims;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Diagnostics;
using ROLAC.API.Entities.Base;
using ROLAC.API.Services.Logging;
namespace ROLAC.API.Data.Interceptors;
public class AuditSaveChangesInterceptor : SaveChangesInterceptor
{
private readonly IHttpContextAccessor _http;
private readonly CurrentUserAccessor _currentUser;
public AuditSaveChangesInterceptor(IHttpContextAccessor http) => _http = http;
public AuditSaveChangesInterceptor(CurrentUserAccessor currentUser) => _currentUser = currentUser;
public override InterceptionResult<int> SavingChanges(
DbContextEventData eventData, InterceptionResult<int> result)
@@ -30,8 +30,7 @@ public class AuditSaveChangesInterceptor : SaveChangesInterceptor
{
if (db is null) return;
var userId = _http.HttpContext?.User
.FindFirstValue(ClaimTypes.NameIdentifier) ?? "system";
var userId = _currentUser.UserIdOrSystem;
var now = DateTimeOffset.UtcNow;
foreach (var entry in db.ChangeTracker.Entries())
API/ROLAC.API/Data/Logging/LogDbContext.cs
+26
View File
@@ -0,0 +1,26 @@
using Microsoft.EntityFrameworkCore;
using ROLAC.API.Entities.Logging;
namespace ROLAC.API.Data.Logging;
/// <summary>
/// A minimal, write-mostly context dedicated to the SystemLog / AuditLog tables. It is the
/// structural break that prevents log-storms: it is registered WITHOUT the audit interceptors
/// and with a silent logger factory (see Program.cs), so persisting a log row produces no log
/// events that the DB sink would pick up. It shares the same physical database/connection as
/// AppDbContext, but the tables themselves are created by AppDbContext's migration — they are
/// only mapped here so this context can read/write them.
/// </summary>
public class LogDbContext : DbContext
{
public LogDbContext(DbContextOptions<LogDbContext> options) : base(options) { }
public DbSet<SystemLog> SystemLogs => Set<SystemLog>();
public DbSet<AuditLog> AuditLogs => Set<AuditLog>();
protected override void OnModelCreating(ModelBuilder builder)
{
base.OnModelCreating(builder);
LogModelConfiguration.Configure(builder);
}
}
API/ROLAC.API/Data/Logging/LogModelConfiguration.cs
+57
View File
@@ -0,0 +1,57 @@
using Microsoft.EntityFrameworkCore;
using ROLAC.API.Entities.Logging;
namespace ROLAC.API.Data.Logging;
/// <summary>
/// Single source of truth for the SystemLog / AuditLog table schema. Applied by
/// <see cref="AppDbContext"/> (so the startup migration creates the tables) AND by
/// <see cref="LogDbContext"/> (so runtime reads/writes map to the same shape).
/// </summary>
public static class LogModelConfiguration
{
public static void Configure(ModelBuilder builder)
{
builder.Entity<SystemLog>(entity =>
{
entity.ToTable("SystemLogs");
entity.HasKey(e => e.Id);
entity.Property(e => e.Level).HasConversion<byte>();
entity.Property(e => e.Category).HasMaxLength(256).IsRequired();
entity.Property(e => e.Message).IsRequired(); // text
entity.Property(e => e.RequestPath).HasMaxLength(2048);
entity.Property(e => e.HttpMethod).HasMaxLength(10);
entity.Property(e => e.UserId).HasMaxLength(450);
entity.Property(e => e.IpAddress).HasMaxLength(45);
entity.Property(e => e.CorrelationId).HasMaxLength(64);
entity.HasIndex(e => e.Timestamp);
entity.HasIndex(e => e.Level);
entity.HasIndex(e => new { e.Timestamp, e.Level });
entity.HasIndex(e => e.UserId).HasFilter("\"UserId\" IS NOT NULL");
});
builder.Entity<AuditLog>(entity =>
{
entity.ToTable("AuditLogs");
entity.HasKey(e => e.Id);
entity.Property(e => e.Level).HasConversion<byte>();
entity.Property(e => e.Action).HasMaxLength(40).IsRequired();
entity.Property(e => e.Category).HasMaxLength(40).IsRequired();
entity.Property(e => e.EntityName).HasMaxLength(128);
entity.Property(e => e.EntityId).HasMaxLength(64);
entity.Property(e => e.Changes).HasColumnType("jsonb");
entity.Property(e => e.Summary).HasMaxLength(512);
entity.Property(e => e.UserId).HasMaxLength(450);
entity.Property(e => e.UserEmail).HasMaxLength(256);
entity.Property(e => e.IpAddress).HasMaxLength(45);
entity.Property(e => e.CorrelationId).HasMaxLength(64);
entity.HasIndex(e => e.Timestamp);
entity.HasIndex(e => new { e.Category, e.Timestamp });
entity.HasIndex(e => new { e.EntityName, e.EntityId });
entity.HasIndex(e => e.Action);
entity.HasIndex(e => e.UserId).HasFilter("\"UserId\" IS NOT NULL");
});
}
}
API/ROLAC.API/Entities/Base/IAuditable.cs
+10
View File
@@ -0,0 +1,10 @@
namespace ROLAC.API.Entities.Base;
/// <summary>
/// Opt-in marker: entities implementing this are diffed by <c>AuditLogInterceptor</c>, which
/// writes a before→after AuditLog row on every Create/Update/Delete. Applied only to business
/// entities the church cares about — not to internal/high-churn rows (RefreshToken, log tables).
/// </summary>
public interface IAuditable
{
}
API/ROLAC.API/Entities/Check.cs
+1 -1
View File
@@ -6,7 +6,7 @@ namespace ROLAC.API.Entities;
/// expenses (its <see cref="Lines"/>). The payee name/address are snapshotted at
/// issue time so the printed check is reproducible even if member data later changes.
/// </summary>
public class Check : SoftDeleteEntity
public class Check : SoftDeleteEntity, IAuditable
{
public int Id { get; set; }
public string CheckNumber { get; set; } = null!;
API/ROLAC.API/Entities/ChurchProfile.cs
+1 -1
View File
@@ -5,7 +5,7 @@ namespace ROLAC.API.Entities;
/// Singleton (Id == 1) holding the issuing church's identity, bank details, and the
/// running check-number counter used when disbursing checks. Seeded on startup.
/// </summary>
public class ChurchProfile : AuditableEntity
public class ChurchProfile : AuditableEntity, IAuditable
{
public int Id { get; set; }
public string Name { get; set; } = null!;
API/ROLAC.API/Entities/Expense.cs
+1 -1
View File
@@ -1,7 +1,7 @@
using ROLAC.API.Entities.Base;
namespace ROLAC.API.Entities;
public class Expense : SoftDeleteEntity
public class Expense : SoftDeleteEntity, IAuditable
{
public int Id { get; set; }
public int MinistryId { get; set; }
API/ROLAC.API/Entities/ExpenseCategoryGroup.cs
+1 -1
View File
@@ -1,7 +1,7 @@
using ROLAC.API.Entities.Base;
namespace ROLAC.API.Entities;
public class ExpenseCategoryGroup : AuditableEntity
public class ExpenseCategoryGroup : AuditableEntity, IAuditable
{
public int Id { get; set; }
public string Name_en { get; set; } = null!;
API/ROLAC.API/Entities/ExpenseSubCategory.cs
+1 -1
View File
@@ -1,7 +1,7 @@
using ROLAC.API.Entities.Base;
namespace ROLAC.API.Entities;
public class ExpenseSubCategory : AuditableEntity
public class ExpenseSubCategory : AuditableEntity, IAuditable
{
public int Id { get; set; }
public int GroupId { get; set; }
API/ROLAC.API/Entities/Giving.cs
+1 -1
View File
@@ -2,7 +2,7 @@ using ROLAC.API.Entities.Base;
namespace ROLAC.API.Entities;
public class Giving : AuditableEntity
public class Giving : AuditableEntity, IAuditable
{
public int Id { get; set; }
public int? MemberId { get; set; }
API/ROLAC.API/Entities/GivingCategory.cs
+1 -1
View File
@@ -2,7 +2,7 @@ using ROLAC.API.Entities.Base;
namespace ROLAC.API.Entities;
public class GivingCategory : AuditableEntity
public class GivingCategory : AuditableEntity, IAuditable
{
public int Id { get; set; }
public string Name_en { get; set; } = null!;
API/ROLAC.API/Entities/Logging/AuditLog.cs
+71
View File
@@ -0,0 +1,71 @@
namespace ROLAC.API.Entities.Logging;
/// <summary>
/// An append-only audit row recording a meaningful action: a data change (Create/Update/
/// Delete with before→after values), a security event (login, role/permission change), or a
/// key business action (check issued, expense approved, ...). Does NOT inherit AuditableEntity.
/// </summary>
public class AuditLog
{
public long Id { get; set; }
public DateTimeOffset Timestamp { get; set; }
public LogLevelEnum Level { get; set; } = LogLevelEnum.Information;
/// <summary>One of <see cref="AuditActions"/>.</summary>
public string Action { get; set; } = null!;
/// <summary>One of <see cref="AuditCategories"/> — drives the UI grouping.</summary>
public string Category { get; set; } = null!;
public string? EntityName { get; set; }
/// <summary>String to cover int, Guid and string primary keys uniformly.</summary>
public string? EntityId { get; set; }
/// <summary>JSON <c>{ "before": {...}, "after": {...} }</c> (jsonb column); sensitive fields masked.</summary>
public string? Changes { get; set; }
/// <summary>Human-readable one-liner, e.g. "Check #1042 issued to Acme — $1,200.00".</summary>
public string? Summary { get; set; }
public string? UserId { get; set; }
/// <summary>Denormalized actor email — survives user deletion and avoids a join in the grid.</summary>
public string? UserEmail { get; set; }
public string? IpAddress { get; set; }
public string? CorrelationId { get; set; }
}
/// <summary>Canonical audit action names (stored verbatim in <see cref="AuditLog.Action"/>).</summary>
public static class AuditActions
{
public const string Create = "Create";
public const string Update = "Update";
public const string Delete = "Delete";
public const string Login = "Login";
public const string Logout = "Logout";
public const string LoginFailed = "LoginFailed";
public const string RoleChanged = "RoleChanged";
public const string UserDeactivated = "UserDeactivated";
public const string PermissionChanged = "PermissionChanged";
public const string CheckIssued = "CheckIssued";
public const string CheckVoided = "CheckVoided";
public const string ExpenseApproved = "ExpenseApproved";
public const string StatementFinalized = "StatementFinalized";
public static readonly IReadOnlyList<string> All =
[
Create, Update, Delete, Login, Logout, LoginFailed, RoleChanged,
UserDeactivated, PermissionChanged, CheckIssued, CheckVoided,
ExpenseApproved, StatementFinalized,
];
}
/// <summary>Top-level audit grouping (stored verbatim in <see cref="AuditLog.Category"/>).</summary>
public static class AuditCategories
{
public const string DataChange = "DataChange";
public const string Security = "Security";
public const string Business = "Business";
public static readonly IReadOnlyList<string> All = [DataChange, Security, Business];
}
API/ROLAC.API/Entities/Logging/LogLevelEnum.cs
+38
View File
@@ -0,0 +1,38 @@
using MsLogLevel = Microsoft.Extensions.Logging.LogLevel;
namespace ROLAC.API.Entities.Logging;
/// <summary>
/// Persisted severity for system and audit logs. Byte-backed so it stores compactly
/// as <c>smallint</c> and sorts/filters by ordinal. Deliberately omits the
/// <see cref="MsLogLevel.None"/> sentinel (value 6) — "None" means "log nothing" and
/// is meaningless once a row already exists.
/// </summary>
public enum LogLevelEnum : byte
{
Trace = 0,
Debug = 1,
Information = 2,
Warning = 3,
Error = 4,
Critical = 5,
}
public static class LogLevelMap
{
/// <summary>
/// Maps a framework <see cref="MsLogLevel"/> to our persisted enum.
/// <see cref="MsLogLevel.None"/> falls through to <see cref="LogLevelEnum.Critical"/>
/// (it never reaches the sink because the floor filter drops it first).
/// </summary>
public static LogLevelEnum FromMs(MsLogLevel level) => level switch
{
MsLogLevel.Trace => LogLevelEnum.Trace,
MsLogLevel.Debug => LogLevelEnum.Debug,
MsLogLevel.Information => LogLevelEnum.Information,
MsLogLevel.Warning => LogLevelEnum.Warning,
MsLogLevel.Error => LogLevelEnum.Error,
MsLogLevel.Critical => LogLevelEnum.Critical,
_ => LogLevelEnum.Critical,
};
}
API/ROLAC.API/Entities/Logging/SystemLog.cs
+31
View File
@@ -0,0 +1,31 @@
namespace ROLAC.API.Entities.Logging;
/// <summary>
/// An append-only operational log row — one per persisted framework/app log event,
/// including every unhandled API exception captured by ExceptionHandlingMiddleware.
/// Intentionally does NOT inherit AuditableEntity: these rows are never updated and
/// must not be re-stamped or re-audited (that would recurse through the log pipeline).
/// </summary>
public class SystemLog
{
public long Id { get; set; }
public DateTimeOffset Timestamp { get; set; }
public LogLevelEnum Level { get; set; }
/// <summary>The ILogger category (source), e.g. "ROLAC.API.Controllers.GivingsController".</summary>
public string Category { get; set; } = null!;
public int? EventId { get; set; }
public string Message { get; set; } = null!;
/// <summary>Full <c>exception.ToString()</c> (type + message + stack), when present.</summary>
public string? Exception { get; set; }
public string? RequestPath { get; set; }
public string? HttpMethod { get; set; }
public int? StatusCode { get; set; }
/// <summary>The acting user id ("sub" claim), or null for background/system events.</summary>
public string? UserId { get; set; }
public string? IpAddress { get; set; }
public string? CorrelationId { get; set; }
}
API/ROLAC.API/Entities/Member.cs
+1 -1
View File
@@ -2,7 +2,7 @@ using ROLAC.API.Entities.Base;
namespace ROLAC.API.Entities;
public class Member : SoftDeleteEntity
public class Member : SoftDeleteEntity, IAuditable
{
public int Id { get; set; }
public string FirstName_en { get; set; } = null!;
API/ROLAC.API/Entities/Ministry.cs
+3 -1
View File
@@ -1,6 +1,8 @@
using ROLAC.API.Entities.Base;
namespace ROLAC.API.Entities;
public class Ministry
public class Ministry : IAuditable
{
public int Id { get; set; }
public string Name_en { get; set; } = null!;
API/ROLAC.API/Entities/MonthlyStatement.cs
+1 -1
View File
@@ -1,7 +1,7 @@
using ROLAC.API.Entities.Base;
namespace ROLAC.API.Entities;
public class MonthlyStatement : AuditableEntity
public class MonthlyStatement : AuditableEntity, IAuditable
{
public int Id { get; set; }
public int Year { get; set; }
API/ROLAC.API/Entities/OfferingSession.cs
+1 -1
View File
@@ -2,7 +2,7 @@ using ROLAC.API.Entities.Base;
namespace ROLAC.API.Entities;
public class OfferingSession : AuditableEntity
public class OfferingSession : AuditableEntity, IAuditable
{
public int Id { get; set; }
public DateOnly SessionDate { get; set; }
API/ROLAC.API/Middleware/ExceptionHandlingMiddleware.cs
+78
View File
@@ -0,0 +1,78 @@
using System.Text.Json;
using Microsoft.AspNetCore.Mvc;
namespace ROLAC.API.Middleware;
/// <summary>
/// Catches any unhandled exception from the downstream pipeline, logs it (which flows through
/// the DB sink into SystemLogs at Error level with full stack + StatusCode 500), and returns a
/// clean RFC7807 problem+json response. Stack traces are never leaked to the client outside
/// Development. Registered as the FIRST middleware so it also catches auth/authorization faults.
/// </summary>
public sealed class ExceptionHandlingMiddleware
{
private readonly RequestDelegate _next;
private readonly ILogger<ExceptionHandlingMiddleware> _logger;
private readonly IHostEnvironment _env;
public ExceptionHandlingMiddleware(
RequestDelegate next, ILogger<ExceptionHandlingMiddleware> logger, IHostEnvironment env)
{
_next = next;
_logger = logger;
_env = env;
}
public async Task InvokeAsync(HttpContext context)
{
try
{
await _next(context);
}
catch (OperationCanceledException) when (context.RequestAborted.IsCancellationRequested)
{
// The client went away — not a server error; don't log as 500.
return;
}
catch (Exception ex)
{
await HandleAsync(context, ex);
}
}
private async Task HandleAsync(HttpContext context, Exception exception)
{
// Logged here → picked up by the DB sink (Error ≥ Warning floor) with full ex.ToString().
_logger.LogError(
exception,
"Unhandled exception for {Method} {Path} (traceId {TraceId})",
context.Request.Method, context.Request.Path, context.TraceIdentifier);
if (context.Response.HasStarted)
{
// Too late to write a clean body; the log row above is still captured.
return;
}
var problem = new ProblemDetails
{
Status = StatusCodes.Status500InternalServerError,
Title = "An unexpected error occurred.",
Type = "https://tools.ietf.org/html/rfc7231#section-6.6.1",
};
problem.Extensions["traceId"] = context.TraceIdentifier;
if (_env.IsDevelopment())
problem.Detail = exception.ToString();
context.Response.Clear();
context.Response.StatusCode = StatusCodes.Status500InternalServerError;
context.Response.ContentType = "application/problem+json";
await context.Response.WriteAsync(JsonSerializer.Serialize(problem, JsonSerializerOptions));
}
private static readonly JsonSerializerOptions JsonSerializerOptions = new()
{
PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
};
}
API/ROLAC.API/Migrations/AppDbContextModelSnapshot.cs
+137
View File
@@ -885,6 +885,143 @@ namespace ROLAC.API.Migrations
b.ToTable("GivingCategories");
});
modelBuilder.Entity("ROLAC.API.Entities.Logging.AuditLog", b =>
{
b.Property<long>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("bigint");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<long>("Id"));
b.Property<string>("Action")
.IsRequired()
.HasMaxLength(40)
.HasColumnType("character varying(40)");
b.Property<string>("Category")
.IsRequired()
.HasMaxLength(40)
.HasColumnType("character varying(40)");
b.Property<string>("Changes")
.HasColumnType("jsonb");
b.Property<string>("CorrelationId")
.HasMaxLength(64)
.HasColumnType("character varying(64)");
b.Property<string>("EntityId")
.HasMaxLength(64)
.HasColumnType("character varying(64)");
b.Property<string>("EntityName")
.HasMaxLength(128)
.HasColumnType("character varying(128)");
b.Property<string>("IpAddress")
.HasMaxLength(45)
.HasColumnType("character varying(45)");
b.Property<byte>("Level")
.HasColumnType("smallint");
b.Property<string>("Summary")
.HasMaxLength(512)
.HasColumnType("character varying(512)");
b.Property<DateTimeOffset>("Timestamp")
.HasColumnType("timestamp with time zone");
b.Property<string>("UserEmail")
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("UserId")
.HasMaxLength(450)
.HasColumnType("character varying(450)");
b.HasKey("Id");
b.HasIndex("Action");
b.HasIndex("Timestamp");
b.HasIndex("UserId")
.HasFilter("\"UserId\" IS NOT NULL");
b.HasIndex("Category", "Timestamp");
b.HasIndex("EntityName", "EntityId");
b.ToTable("AuditLogs", (string)null);
});
modelBuilder.Entity("ROLAC.API.Entities.Logging.SystemLog", b =>
{
b.Property<long>("Id")
.ValueGeneratedOnAdd()
.HasColumnType("bigint");
NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<long>("Id"));
b.Property<string>("Category")
.IsRequired()
.HasMaxLength(256)
.HasColumnType("character varying(256)");
b.Property<string>("CorrelationId")
.HasMaxLength(64)
.HasColumnType("character varying(64)");
b.Property<int?>("EventId")
.HasColumnType("integer");
b.Property<string>("Exception")
.HasColumnType("text");
b.Property<string>("HttpMethod")
.HasMaxLength(10)
.HasColumnType("character varying(10)");
b.Property<string>("IpAddress")
.HasMaxLength(45)
.HasColumnType("character varying(45)");
b.Property<byte>("Level")
.HasColumnType("smallint");
b.Property<string>("Message")
.IsRequired()
.HasColumnType("text");
b.Property<string>("RequestPath")
.HasMaxLength(2048)
.HasColumnType("character varying(2048)");
b.Property<int?>("StatusCode")
.HasColumnType("integer");
b.Property<DateTimeOffset>("Timestamp")
.HasColumnType("timestamp with time zone");
b.Property<string>("UserId")
.HasMaxLength(450)
.HasColumnType("character varying(450)");
b.HasKey("Id");
b.HasIndex("Level");
b.HasIndex("Timestamp");
b.HasIndex("UserId")
.HasFilter("\"UserId\" IS NOT NULL");
b.HasIndex("Timestamp", "Level");
b.ToTable("SystemLogs", (string)null);
});
modelBuilder.Entity("ROLAC.API.Entities.MealAttendance", b =>
{
b.Property<int>("Id")
API/ROLAC.API/Program.cs
+30 -1
View File
@@ -6,11 +6,15 @@ using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Extensions.Logging.Abstractions;
using ROLAC.API.Data;
using ROLAC.API.Data.Interceptors;
using ROLAC.API.Data.Logging;
using ROLAC.API.Entities;
using ROLAC.API.Json;
using ROLAC.API.Middleware;
using ROLAC.API.Services;
using ROLAC.API.Services.Logging;
var builder = WebApplication.CreateBuilder(args);
var config = builder.Configuration;
@@ -19,10 +23,31 @@ var config = builder.Configuration;
// Database
// ---------------------------------------------------------------------------
builder.Services.AddHttpContextAccessor();
builder.Services.AddScoped<CurrentUserAccessor>();
builder.Services.AddScoped<AuditSaveChangesInterceptor>();
builder.Services.AddScoped<AuditLogInterceptor>();
builder.Services.AddDbContext<AppDbContext>((sp, opt) =>
opt.UseNpgsql(config.GetConnectionString("DefaultConnection"))
.AddInterceptors(sp.GetRequiredService<AuditSaveChangesInterceptor>()));
.AddInterceptors(
sp.GetRequiredService<AuditSaveChangesInterceptor>(),
sp.GetRequiredService<AuditLogInterceptor>()));
// Dedicated context for log writes — NO interceptors and a silent logger factory, so persisting
// a log row produces no log events the DB sink would pick up (breaks recursion / log-storms).
builder.Services.AddDbContext<LogDbContext>(opt =>
opt.UseNpgsql(config.GetConnectionString("DefaultConnection"))
.UseLoggerFactory(NullLoggerFactory.Instance));
// ---------------------------------------------------------------------------
// System + audit logging (custom EF DB sink)
// ---------------------------------------------------------------------------
builder.Services.Configure<DatabaseLoggerOptions>(config.GetSection("Logging:Database"));
builder.Services.AddSingleton<SystemLogQueue>();
builder.Services.AddSingleton<ILoggerProvider, DbLoggerProvider>();
builder.Services.AddHostedService<LogWriterBackgroundService>();
builder.Services.AddScoped<IAuditLogger, AuditLogger>();
builder.Services.AddScoped<ISystemLogQueryService, SystemLogQueryService>();
builder.Services.AddScoped<IAuditLogQueryService, AuditLogQueryService>();
// ---------------------------------------------------------------------------
// Identity (API-only — no cookie auth; JWT is the default scheme)
@@ -200,6 +225,10 @@ app.UseForwardedHeaders(new ForwardedHeadersOptions
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
// First in the pipeline: catch every unhandled exception, log it to SystemLogs, and return
// a clean problem+json. Placed after UseForwardedHeaders so the logged client IP is correct.
app.UseMiddleware<ExceptionHandlingMiddleware>();
// Apply migrations + seed on startup
using (var scope = app.Services.CreateScope())
{
API/ROLAC.API/Services/AuthService.cs
+32
View File
@@ -4,6 +4,8 @@ using Microsoft.Extensions.Configuration;
using ROLAC.API.Data;
using ROLAC.API.DTOs.Auth;
using ROLAC.API.Entities;
using ROLAC.API.Entities.Logging;
using ROLAC.API.Services.Logging;
namespace ROLAC.API.Services;
@@ -13,6 +15,7 @@ public class AuthService : IAuthService
private readonly ITokenService _tokenService;
private readonly AppDbContext _db;
private readonly IPermissionService _permissions;
private readonly IAuditLogger _audit;
private readonly int _refreshTokenExpiryDays;
public AuthService(
@@ -20,12 +23,14 @@ public class AuthService : IAuthService
ITokenService tokenService,
AppDbContext db,
IPermissionService permissions,
IAuditLogger audit,
IConfiguration config)
{
_userManager = userManager;
_tokenService = tokenService;
_db = db;
_permissions = permissions;
_audit = audit;
_refreshTokenExpiryDays = int.Parse(config["Jwt:RefreshTokenExpiryDays"] ?? "30");
}
@@ -38,13 +43,22 @@ public class AuthService : IAuthService
{
var user = await _userManager.FindByEmailAsync(request.Email);
if (user is null)
{
AuditLoginFailed(request.Email, "Unknown email", ipAddress);
throw new UnauthorizedAccessException("Invalid credentials.");
}
if (!await _userManager.CheckPasswordAsync(user, request.Password))
{
AuditLoginFailed(request.Email, "Wrong password", ipAddress, user.Id);
throw new UnauthorizedAccessException("Invalid credentials.");
}
if (!user.IsActive)
{
AuditLoginFailed(request.Email, "Account inactive", ipAddress, user.Id);
throw new UnauthorizedAccessException("Account is inactive.");
}
var roles = await _userManager.GetRolesAsync(user);
var accessToken = _tokenService.GenerateAccessToken(user, roles);
@@ -65,9 +79,22 @@ public class AuthService : IAuthService
await _userManager.UpdateAsync(user);
await _db.SaveChangesAsync();
_audit.Write(
AuditActions.Login, AuditCategories.Security, LogLevelEnum.Information,
entityName: nameof(AppUser), entityId: user.Id,
summary: $"Login succeeded: {user.Email}",
userId: user.Id, userEmail: user.Email, ipAddress: ipAddress);
return (await BuildResponseAsync(accessToken, user, roles), rawRefresh);
}
private void AuditLoginFailed(string email, string reason, string? ipAddress, string? userId = null)
=> _audit.Write(
AuditActions.LoginFailed, AuditCategories.Security, LogLevelEnum.Warning,
entityName: nameof(AppUser), entityId: userId,
summary: $"Login failed ({reason}): {email}",
userId: userId, userEmail: email, ipAddress: ipAddress);
// -------------------------------------------------------------------------
// Refresh
// -------------------------------------------------------------------------
@@ -124,6 +151,11 @@ public class AuthService : IAuthService
{
token.RevokedAt = DateTime.UtcNow;
await _db.SaveChangesAsync();
_audit.Write(
AuditActions.Logout, AuditCategories.Security, LogLevelEnum.Information,
entityName: nameof(AppUser), entityId: token.UserId,
summary: "Logout", userId: token.UserId);
}
}
API/ROLAC.API/Services/DisbursementService.cs
+15 -2
View File
@@ -4,7 +4,9 @@ using ROLAC.API.Data;
using ROLAC.API.DTOs.Disbursement;
using ROLAC.API.DTOs.Shared;
using ROLAC.API.Entities;
using ROLAC.API.Entities.Logging;
using ROLAC.API.Services.Disbursement;
using ROLAC.API.Services.Logging;
using ROLAC.API.Services.Storage;
namespace ROLAC.API.Services;
@@ -15,10 +17,11 @@ public class DisbursementService : IDisbursementService
private readonly IHttpContextAccessor _http;
private readonly IFileStorage _storage;
private readonly ICheckPrintService _print;
private readonly IAuditLogger _audit;
public DisbursementService(AppDbContext db, IHttpContextAccessor http,
IFileStorage storage, ICheckPrintService print)
{ _db = db; _http = http; _storage = storage; _print = print; }
IFileStorage storage, ICheckPrintService print, IAuditLogger audit)
{ _db = db; _http = http; _storage = storage; _print = print; _audit = audit; }
// The JWT carries the user id in the "sub" claim (NameClaimType="sub"); NameIdentifier
// is absent at runtime. Check NameIdentifier first (tests), then "sub" (real tokens).
@@ -157,6 +160,11 @@ public class DisbursementService : IDisbursementService
result.Created.Add(new IssuedCheckDto
{ CheckId = check.Id, CheckNumber = checkNumber, PayeeName = p.PayeeName, Amount = amount });
_audit.Write(
AuditActions.CheckIssued, AuditCategories.Business, LogLevelEnum.Information,
entityName: nameof(Check), entityId: check.Id.ToString(),
summary: $"Check #{checkNumber} issued to {p.PayeeName} — {amount:C}");
}
await tx.CommitAsync();
@@ -227,6 +235,11 @@ public class DisbursementService : IDisbursementService
}
await _db.SaveChangesAsync();
await tx.CommitAsync();
_audit.Write(
AuditActions.CheckVoided, AuditCategories.Business, LogLevelEnum.Warning,
entityName: nameof(Check), entityId: c.Id.ToString(),
summary: $"Check #{c.CheckNumber} voided ({reason})");
}
// ── Receipt e-signature ─────────────────────────────────────────────────────
API/ROLAC.API/Services/ExpenseService.cs
+10 -2
View File
@@ -4,6 +4,8 @@ using ROLAC.API.Data;
using ROLAC.API.DTOs.Expense;
using ROLAC.API.DTOs.Shared;
using ROLAC.API.Entities;
using ROLAC.API.Entities.Logging;
using ROLAC.API.Services.Logging;
using ROLAC.API.Services.Storage;
namespace ROLAC.API.Services;
@@ -13,9 +15,10 @@ public class ExpenseService : IExpenseService
private readonly AppDbContext _db;
private readonly IHttpContextAccessor _http;
private readonly IFileStorage _storage;
private readonly IAuditLogger _audit;
public ExpenseService(AppDbContext db, IHttpContextAccessor http, IFileStorage storage)
{ _db = db; _http = http; _storage = storage; }
public ExpenseService(AppDbContext db, IHttpContextAccessor http, IFileStorage storage, IAuditLogger audit)
{ _db = db; _http = http; _storage = storage; _audit = audit; }
// The JWT carries the user id in the "sub" claim (NameClaimType="sub", MapInboundClaims=false),
// so ClaimTypes.NameIdentifier is absent at runtime. Check NameIdentifier first (unit tests set it),
@@ -211,6 +214,11 @@ public class ExpenseService : IExpenseService
if (e.Status != "PendingApproval") throw new InvalidOperationException($"Cannot approve from status '{e.Status}'.");
e.Status = "Approved"; e.ReviewedBy = CurrentUserId; e.ReviewedAt = DateTimeOffset.UtcNow;
await _db.SaveChangesAsync();
_audit.Write(
AuditActions.ExpenseApproved, AuditCategories.Business, LogLevelEnum.Information,
entityName: nameof(Expense), entityId: e.Id.ToString(),
summary: $"Expense #{e.Id} approved: {e.Description} — {e.Amount:C}");
}
public async Task RejectAsync(int id, string? reviewNotes)
API/ROLAC.API/Services/Logging/AuditChangeSerializer.cs
+71
View File
@@ -0,0 +1,71 @@
using System.Text.Json;
namespace ROLAC.API.Services.Logging;
/// <summary>
/// Serializes audit before/after payloads to JSON and masks sensitive property names.
/// Shared by <see cref="AuditLogger"/> and the EF audit interceptor so masking is consistent.
/// </summary>
public static class AuditChangeSerializer
{
private static readonly JsonSerializerOptions JsonOptions = new()
{
PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
DefaultIgnoreCondition = System.Text.Json.Serialization.JsonIgnoreCondition.WhenWritingNull,
};
/// <summary>Property names whose values are replaced with <see cref="MaskValue"/> wherever they appear.</summary>
private static readonly HashSet<string> SensitiveNames = new(StringComparer.OrdinalIgnoreCase)
{
"BankAccountNumber",
"BankRoutingNumber",
"PasswordHash",
"Password",
"SecurityStamp",
"ConcurrencyStamp",
};
public const string MaskValue = "***";
public static bool IsSensitive(string propertyName) => SensitiveNames.Contains(propertyName);
/// <summary>Builds the <c>{ before, after }</c> JSON; returns null when both sides are empty.</summary>
public static string? BuildChanges(object? before, object? after)
{
if (before is null && after is null)
return null;
var payload = new Dictionary<string, object?>();
if (before is not null) payload["before"] = MaskObject(before);
if (after is not null) payload["after"] = MaskObject(after);
return JsonSerializer.Serialize(payload, JsonOptions);
}
/// <summary>Serializes a value (e.g. a property dictionary built by the interceptor) to JSON.</summary>
public static string Serialize(object value) => JsonSerializer.Serialize(value, JsonOptions);
/// <summary>
/// Masks a free-form object by reflecting over its public properties. Used for the explicit
/// IAuditLogger.Write path (the interceptor masks per-property as it builds its dictionary).
/// </summary>
private static object MaskObject(object value)
{
if (value is IDictionary<string, object?> dict)
{
var masked = new Dictionary<string, object?>();
foreach (var (key, val) in dict)
masked[key] = IsSensitive(key) ? MaskValue : val;
return masked;
}
var result = new Dictionary<string, object?>();
foreach (var prop in value.GetType().GetProperties())
{
if (!prop.CanRead || prop.GetIndexParameters().Length > 0)
continue;
result[prop.Name] = IsSensitive(prop.Name) ? MaskValue : prop.GetValue(value);
}
return result;
}
}
API/ROLAC.API/Services/Logging/AuditLogQueryService.cs
+101
View File
@@ -0,0 +1,101 @@
using Microsoft.EntityFrameworkCore;
using ROLAC.API.Data.Logging;
using ROLAC.API.DTOs.Logging;
using ROLAC.API.DTOs.Shared;
using ROLAC.API.Entities.Logging;
namespace ROLAC.API.Services.Logging;
public interface IAuditLogQueryService
{
Task<PagedResult<AuditLogListItemDto>> GetPagedAsync(AuditLogQuery query);
Task<AuditLogDetailDto?> GetByIdAsync(long id);
AuditCatalogDto GetCatalog();
}
/// <summary>Read-only, paged access to the AuditLogs table via the dedicated LogDbContext.</summary>
public sealed class AuditLogQueryService : IAuditLogQueryService
{
private readonly LogDbContext _db;
public AuditLogQueryService(LogDbContext db) => _db = db;
public async Task<PagedResult<AuditLogListItemDto>> GetPagedAsync(AuditLogQuery query)
{
var page = Math.Max(1, query.Page);
var pageSize = Math.Clamp(query.PageSize, 1, 200);
var rows = _db.AuditLogs.AsNoTracking().AsQueryable();
if (query.From is not null) rows = rows.Where(l => l.Timestamp >= query.From);
if (query.To is not null) rows = rows.Where(l => l.Timestamp <= query.To);
if (query.MinLevel is not null) rows = rows.Where(l => l.Level >= query.MinLevel);
if (!string.IsNullOrWhiteSpace(query.Category)) rows = rows.Where(l => l.Category == query.Category);
if (!string.IsNullOrWhiteSpace(query.Action)) rows = rows.Where(l => l.Action == query.Action);
if (!string.IsNullOrWhiteSpace(query.EntityName)) rows = rows.Where(l => l.EntityName == query.EntityName);
if (!string.IsNullOrWhiteSpace(query.EntityId)) rows = rows.Where(l => l.EntityId == query.EntityId);
if (!string.IsNullOrWhiteSpace(query.UserId)) rows = rows.Where(l => l.UserId == query.UserId);
if (!string.IsNullOrWhiteSpace(query.Search))
{
var term = query.Search.Trim().ToLower();
rows = rows.Where(l =>
(l.Summary != null && l.Summary.ToLower().Contains(term)) ||
(l.EntityName != null && l.EntityName.ToLower().Contains(term)) ||
(l.UserEmail != null && l.UserEmail.ToLower().Contains(term)));
}
var total = await rows.CountAsync();
var items = await rows
.OrderByDescending(l => l.Timestamp)
.Skip((page - 1) * pageSize).Take(pageSize)
.Select(l => new AuditLogListItemDto
{
Id = l.Id,
Timestamp = l.Timestamp,
Level = l.Level.ToString(),
Action = l.Action,
Category = l.Category,
EntityName = l.EntityName,
EntityId = l.EntityId,
Summary = l.Summary,
UserId = l.UserId,
UserEmail = l.UserEmail,
})
.ToListAsync();
return new PagedResult<AuditLogListItemDto>
{
Items = items, TotalCount = total, Page = page, PageSize = pageSize,
};
}
public async Task<AuditLogDetailDto?> GetByIdAsync(long id)
{
return await _db.AuditLogs.AsNoTracking()
.Where(l => l.Id == id)
.Select(l => new AuditLogDetailDto
{
Id = l.Id,
Timestamp = l.Timestamp,
Level = l.Level.ToString(),
Action = l.Action,
Category = l.Category,
EntityName = l.EntityName,
EntityId = l.EntityId,
Summary = l.Summary,
UserId = l.UserId,
UserEmail = l.UserEmail,
Changes = l.Changes,
IpAddress = l.IpAddress,
CorrelationId = l.CorrelationId,
})
.FirstOrDefaultAsync();
}
public AuditCatalogDto GetCatalog() => new()
{
Categories = AuditCategories.All,
Actions = AuditActions.All,
Levels = Enum.GetNames<LogLevelEnum>(),
};
}
API/ROLAC.API/Services/Logging/AuditLogger.cs
+52
View File
@@ -0,0 +1,52 @@
using ROLAC.API.Entities.Logging;
namespace ROLAC.API.Services.Logging;
/// <summary>
/// Scoped <see cref="IAuditLogger"/>: fills actor/request context from
/// <see cref="CurrentUserAccessor"/> and enqueues the row onto the shared queue (no direct DB
/// write, so it can't fail a business transaction or recurse through AppDbContext).
/// </summary>
public sealed class AuditLogger : IAuditLogger
{
private readonly SystemLogQueue _queue;
private readonly CurrentUserAccessor _currentUser;
public AuditLogger(SystemLogQueue queue, CurrentUserAccessor currentUser)
{
_queue = queue;
_currentUser = currentUser;
}
public void Write(
string action,
string category,
LogLevelEnum level = LogLevelEnum.Information,
string? entityName = null,
string? entityId = null,
string? summary = null,
object? before = null,
object? after = null,
string? userId = null,
string? userEmail = null,
string? ipAddress = null)
{
var log = new AuditLog
{
Timestamp = DateTimeOffset.UtcNow,
Level = level,
Action = action,
Category = category,
EntityName = entityName,
EntityId = entityId,
Summary = summary,
Changes = AuditChangeSerializer.BuildChanges(before, after),
UserId = userId ?? _currentUser.UserId,
UserEmail = userEmail ?? _currentUser.Email,
IpAddress = ipAddress ?? _currentUser.IpAddress,
CorrelationId = _currentUser.CorrelationId,
};
_queue.TryEnqueue(log);
}
}
API/ROLAC.API/Services/Logging/CurrentUserAccessor.cs
+30
View File
@@ -0,0 +1,30 @@
using System.Security.Claims;
namespace ROLAC.API.Services.Logging;
/// <summary>
/// One place to resolve the acting user + request context from the current HttpContext, so the
/// "sub" claim quirk (JWT uses NameClaimType="sub" + MapInboundClaims=false, leaving
/// ClaimTypes.NameIdentifier null) lives in a single spot. Used by the audit interceptor,
/// IAuditLogger, the exception middleware, and the timestamp-stamping interceptor.
/// </summary>
public sealed class CurrentUserAccessor
{
private readonly IHttpContextAccessor _http;
public CurrentUserAccessor(IHttpContextAccessor http) => _http = http;
/// <summary>The acting user id, or null when unauthenticated / off the request thread.</summary>
public string? UserId =>
_http.HttpContext?.User.FindFirstValue(ClaimTypes.NameIdentifier)
?? _http.HttpContext?.User.FindFirstValue("sub");
/// <summary>The acting user id, or "system" for background/unauthenticated work.</summary>
public string UserIdOrSystem => UserId ?? "system";
public string? Email => _http.HttpContext?.User.FindFirstValue("email");
public string? IpAddress => _http.HttpContext?.Connection.RemoteIpAddress?.ToString();
public string? CorrelationId => _http.HttpContext?.TraceIdentifier;
}
API/ROLAC.API/Services/Logging/DatabaseLoggerOptions.cs
+27
View File
@@ -0,0 +1,27 @@
using MsLogLevel = Microsoft.Extensions.Logging.LogLevel;
namespace ROLAC.API.Services.Logging;
/// <summary>
/// Bound from configuration section <c>Logging:Database</c>. Controls what the DB sink persists.
/// </summary>
public sealed class DatabaseLoggerOptions
{
/// <summary>The minimum level actually written to the SystemLogs table. Default: Warning.</summary>
public MsLogLevel MinimumLevel { get; set; } = MsLogLevel.Warning;
/// <summary>
/// Category prefixes never persisted — prevents recursion and log-storms. The DB sink
/// excludes EF/Npgsql (their SQL firehose), the ASP.NET request firehose, and its own
/// writer namespace.
/// </summary>
public string[] ExcludedCategories { get; set; } =
[
"Microsoft.EntityFrameworkCore",
"Npgsql",
"Microsoft.AspNetCore.Hosting.Diagnostics",
"Microsoft.AspNetCore.Routing",
"ROLAC.API.Services.Logging",
"ROLAC.API.Data.Logging",
];
}
API/ROLAC.API/Services/Logging/DbLoggerProvider.cs
+87
View File
@@ -0,0 +1,87 @@
using System.Collections.Concurrent;
using Microsoft.Extensions.Options;
using ROLAC.API.Entities.Logging;
using MsLogLevel = Microsoft.Extensions.Logging.LogLevel;
namespace ROLAC.API.Services.Logging;
/// <summary>
/// A singleton <see cref="ILoggerProvider"/> that turns framework/app log events into
/// <see cref="SystemLog"/> rows enqueued onto <see cref="SystemLogQueue"/>. It depends only on
/// singletons (queue, options, IHttpContextAccessor) and NEVER touches a DbContext — that is
/// what makes the enqueue-only design safe from the singleton logging pipeline.
/// </summary>
[ProviderAlias("Database")]
public sealed class DbLoggerProvider : ILoggerProvider
{
private readonly SystemLogQueue _queue;
private readonly DatabaseLoggerOptions _options;
private readonly IHttpContextAccessor _http;
private readonly ConcurrentDictionary<string, DbLogger> _loggers = new();
public DbLoggerProvider(
SystemLogQueue queue, IOptions<DatabaseLoggerOptions> options, IHttpContextAccessor http)
{
_queue = queue;
_options = options.Value;
_http = http;
}
public ILogger CreateLogger(string categoryName) =>
_loggers.GetOrAdd(categoryName, name => new DbLogger(name, _queue, _options, _http));
public void Dispose() => _loggers.Clear();
}
/// <summary>The per-category logger. Drops events below the floor or in excluded categories.</summary>
internal sealed class DbLogger : ILogger
{
private readonly string _category;
private readonly SystemLogQueue _queue;
private readonly DatabaseLoggerOptions _options;
private readonly IHttpContextAccessor _http;
private readonly bool _excluded;
public DbLogger(
string category, SystemLogQueue queue, DatabaseLoggerOptions options, IHttpContextAccessor http)
{
_category = category;
_queue = queue;
_options = options;
_http = http;
_excluded = options.ExcludedCategories.Any(prefix =>
category.StartsWith(prefix, StringComparison.Ordinal));
}
public IDisposable? BeginScope<TState>(TState state) where TState : notnull => null;
public bool IsEnabled(MsLogLevel logLevel) =>
!_excluded && logLevel != MsLogLevel.None && logLevel >= _options.MinimumLevel;
public void Log<TState>(
MsLogLevel logLevel, EventId eventId, TState state, Exception? exception,
Func<TState, Exception?, string> formatter)
{
if (!IsEnabled(logLevel))
return;
var context = _http.HttpContext;
var log = new SystemLog
{
Timestamp = DateTimeOffset.UtcNow,
Level = LogLevelMap.FromMs(logLevel),
Category = _category,
EventId = eventId.Id == 0 ? null : eventId.Id,
Message = formatter(state, exception),
Exception = exception?.ToString(),
RequestPath = context?.Request.Path.Value,
HttpMethod = context?.Request.Method,
UserId = context?.User.FindFirst("sub")?.Value,
IpAddress = context?.Connection.RemoteIpAddress?.ToString(),
CorrelationId = context?.TraceIdentifier,
};
_queue.TryEnqueue(log);
}
}
API/ROLAC.API/Services/Logging/IAuditLogger.cs
+29
View File
@@ -0,0 +1,29 @@
using ROLAC.API.Entities.Logging;
namespace ROLAC.API.Services.Logging;
/// <summary>
/// Records audit events that don't flow through EF change tracking — security actions
/// (login/logout/role changes) and key business actions (check issued, expense approved, ...).
/// Data-change audits are produced automatically by <c>AuditLogInterceptor</c>; use this for the
/// semantic action + human summary the raw diff can't express.
/// </summary>
public interface IAuditLogger
{
/// <summary>
/// Build and enqueue an audit row. <paramref name="before"/>/<paramref name="after"/> are
/// serialized into the <c>Changes</c> JSON. Never throws — failures are dropped like all logs.
/// </summary>
void Write(
string action,
string category,
LogLevelEnum level = LogLevelEnum.Information,
string? entityName = null,
string? entityId = null,
string? summary = null,
object? before = null,
object? after = null,
string? userId = null,
string? userEmail = null,
string? ipAddress = null);
}
API/ROLAC.API/Services/Logging/LogWriterBackgroundService.cs
+102
View File
@@ -0,0 +1,102 @@
using Microsoft.EntityFrameworkCore;
using ROLAC.API.Data.Logging;
using ROLAC.API.Entities.Logging;
namespace ROLAC.API.Services.Logging;
/// <summary>
/// The single consumer that drains <see cref="SystemLogQueue"/> and batch-inserts rows through
/// the dedicated <see cref="LogDbContext"/> (a fresh DI scope per batch). Persistence failures
/// are swallowed to <c>Console.Error</c> only — they must never propagate back into the logging
/// pipeline or crash the host.
/// </summary>
public sealed class LogWriterBackgroundService : BackgroundService
{
private const int MaxBatchSize = 200;
private static readonly TimeSpan FlushInterval = TimeSpan.FromSeconds(1);
private readonly SystemLogQueue _queue;
private readonly IServiceScopeFactory _scopeFactory;
public LogWriterBackgroundService(SystemLogQueue queue, IServiceScopeFactory scopeFactory)
{
_queue = queue;
_scopeFactory = scopeFactory;
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
var systemBatch = new List<SystemLog>(MaxBatchSize);
var auditBatch = new List<AuditLog>(MaxBatchSize);
try
{
await foreach (var envelope in _queue.ReadAllAsync(stoppingToken))
{
if (envelope.System is not null) systemBatch.Add(envelope.System);
if (envelope.Audit is not null) auditBatch.Add(envelope.Audit);
// Coalesce a short burst into one round-trip; flush on size or a brief idle.
if (systemBatch.Count + auditBatch.Count >= MaxBatchSize)
{
await FlushAsync(systemBatch, auditBatch, stoppingToken);
continue;
}
if (!await WaitForMoreAsync(FlushInterval, stoppingToken))
await FlushAsync(systemBatch, auditBatch, stoppingToken);
}
}
catch (OperationCanceledException)
{
// Shutting down — drain whatever is buffered.
}
await FlushAsync(systemBatch, auditBatch, CancellationToken.None);
}
/// <summary>Brief debounce so bursts coalesce; returns false once the window elapses.</summary>
private static async Task<bool> WaitForMoreAsync(TimeSpan window, CancellationToken token)
{
try
{
await Task.Delay(window, token);
return false;
}
catch (OperationCanceledException)
{
return false;
}
}
private async Task FlushAsync(
List<SystemLog> systemBatch, List<AuditLog> auditBatch, CancellationToken token)
{
if (systemBatch.Count == 0 && auditBatch.Count == 0)
return;
try
{
using var scope = _scopeFactory.CreateScope();
var db = scope.ServiceProvider.GetRequiredService<LogDbContext>();
if (systemBatch.Count > 0) db.SystemLogs.AddRange(systemBatch);
if (auditBatch.Count > 0) db.AuditLogs.AddRange(auditBatch);
await db.SaveChangesAsync(token);
}
catch (Exception ex)
{
// Last resort: never throw out of the log writer. Include the inner exception —
// the EF wrapper message alone ("An error occurred while saving...") hides the cause.
var detail = ex.InnerException is null ? ex.Message : $"{ex.Message} -> {ex.InnerException.Message}";
await Console.Error.WriteLineAsync(
$"[LogWriter] Failed to persist {systemBatch.Count} system + {auditBatch.Count} audit rows: {detail}");
}
finally
{
systemBatch.Clear();
auditBatch.Clear();
}
}
}
API/ROLAC.API/Services/Logging/SystemLogQueryService.cs
+93
View File
@@ -0,0 +1,93 @@
using Microsoft.EntityFrameworkCore;
using ROLAC.API.Data.Logging;
using ROLAC.API.DTOs.Logging;
using ROLAC.API.DTOs.Shared;
using ROLAC.API.Entities.Logging;
namespace ROLAC.API.Services.Logging;
public interface ISystemLogQueryService
{
Task<PagedResult<SystemLogListItemDto>> GetPagedAsync(SystemLogQuery query);
Task<SystemLogDetailDto?> GetByIdAsync(long id);
}
/// <summary>Read-only, paged access to the SystemLogs table via the dedicated LogDbContext.</summary>
public sealed class SystemLogQueryService : ISystemLogQueryService
{
private readonly LogDbContext _db;
public SystemLogQueryService(LogDbContext db) => _db = db;
public async Task<PagedResult<SystemLogListItemDto>> GetPagedAsync(SystemLogQuery query)
{
var page = Math.Max(1, query.Page);
var pageSize = Math.Clamp(query.PageSize, 1, 200);
var rows = _db.SystemLogs.AsNoTracking().AsQueryable();
if (query.From is not null) rows = rows.Where(l => l.Timestamp >= query.From);
if (query.To is not null) rows = rows.Where(l => l.Timestamp <= query.To);
if (query.Level is not null) rows = rows.Where(l => l.Level == query.Level);
else if (query.MinLevel is not null) rows = rows.Where(l => l.Level >= query.MinLevel);
if (!string.IsNullOrWhiteSpace(query.UserId))
rows = rows.Where(l => l.UserId == query.UserId);
if (!string.IsNullOrWhiteSpace(query.CorrelationId))
rows = rows.Where(l => l.CorrelationId == query.CorrelationId);
if (!string.IsNullOrWhiteSpace(query.Search))
{
var term = query.Search.Trim().ToLower();
rows = rows.Where(l =>
l.Message.ToLower().Contains(term) || l.Category.ToLower().Contains(term));
}
var total = await rows.CountAsync();
var items = await rows
.OrderByDescending(l => l.Timestamp)
.Skip((page - 1) * pageSize).Take(pageSize)
.Select(l => new SystemLogListItemDto
{
Id = l.Id,
Timestamp = l.Timestamp,
Level = l.Level.ToString(),
Category = l.Category,
Message = l.Message,
HasException = l.Exception != null,
StatusCode = l.StatusCode,
RequestPath = l.RequestPath,
HttpMethod = l.HttpMethod,
UserId = l.UserId,
CorrelationId = l.CorrelationId,
})
.ToListAsync();
return new PagedResult<SystemLogListItemDto>
{
Items = items, TotalCount = total, Page = page, PageSize = pageSize,
};
}
public async Task<SystemLogDetailDto?> GetByIdAsync(long id)
{
return await _db.SystemLogs.AsNoTracking()
.Where(l => l.Id == id)
.Select(l => new SystemLogDetailDto
{
Id = l.Id,
Timestamp = l.Timestamp,
Level = l.Level.ToString(),
Category = l.Category,
Message = l.Message,
HasException = l.Exception != null,
StatusCode = l.StatusCode,
RequestPath = l.RequestPath,
HttpMethod = l.HttpMethod,
UserId = l.UserId,
CorrelationId = l.CorrelationId,
EventId = l.EventId,
Exception = l.Exception,
IpAddress = l.IpAddress,
})
.FirstOrDefaultAsync();
}
}
API/ROLAC.API/Services/Logging/SystemLogQueue.cs
+32
View File
@@ -0,0 +1,32 @@
using System.Threading.Channels;
using ROLAC.API.Entities.Logging;
namespace ROLAC.API.Services.Logging;
/// <summary>
/// A singleton, bounded in-memory queue decoupling log producers (the ILogger hot path, the
/// audit interceptor, singleton services) from the single background DB writer. Enqueue is a
/// non-blocking <c>TryWrite</c>; when full the OLDEST entry is dropped (DropWrite) rather than
/// blocking a request thread or throwing — logging must never throw or stall business code.
/// Carries both SystemLog and AuditLog rows via a small union envelope.
/// </summary>
public sealed class SystemLogQueue
{
private readonly Channel<LogEnvelope> _channel =
Channel.CreateBounded<LogEnvelope>(new BoundedChannelOptions(capacity: 4096)
{
FullMode = BoundedChannelFullMode.DropWrite,
SingleReader = true,
SingleWriter = false,
});
public bool TryEnqueue(SystemLog log) => _channel.Writer.TryWrite(new LogEnvelope(log, null));
public bool TryEnqueue(AuditLog log) => _channel.Writer.TryWrite(new LogEnvelope(null, log));
public IAsyncEnumerable<LogEnvelope> ReadAllAsync(CancellationToken cancellationToken) =>
_channel.Reader.ReadAllAsync(cancellationToken);
}
/// <summary>Either a SystemLog or an AuditLog — exactly one is non-null.</summary>
public sealed record LogEnvelope(SystemLog? System, AuditLog? Audit);
API/ROLAC.API/Services/MonthlyStatementService.cs
+10 -1
View File
@@ -3,6 +3,8 @@ using Microsoft.EntityFrameworkCore;
using ROLAC.API.Data;
using ROLAC.API.DTOs.Expense;
using ROLAC.API.Entities;
using ROLAC.API.Entities.Logging;
using ROLAC.API.Services.Logging;
namespace ROLAC.API.Services;
@@ -10,7 +12,9 @@ public class MonthlyStatementService : IMonthlyStatementService
{
private readonly AppDbContext _db;
private readonly IHttpContextAccessor _http;
public MonthlyStatementService(AppDbContext db, IHttpContextAccessor http) { _db = db; _http = http; }
private readonly IAuditLogger _audit;
public MonthlyStatementService(AppDbContext db, IHttpContextAccessor http, IAuditLogger audit)
{ _db = db; _http = http; _audit = audit; }
// See ExpenseService: the user id lives in the "sub" claim at runtime; NameIdentifier is for tests.
private string CurrentUserId =>
@@ -66,6 +70,11 @@ public class MonthlyStatementService : IMonthlyStatementService
?? throw new KeyNotFoundException($"MonthlyStatement {id} not found.");
s.IsFinalized = true; s.FinalizedAt = DateTimeOffset.UtcNow; s.FinalizedBy = CurrentUserId;
await _db.SaveChangesAsync();
_audit.Write(
AuditActions.StatementFinalized, AuditCategories.Business, LogLevelEnum.Information,
entityName: nameof(MonthlyStatement), entityId: s.Id.ToString(),
summary: $"Monthly statement {s.Year}-{s.Month:D2} finalized");
}
private async Task RecomputeAsync(MonthlyStatement s)
API/ROLAC.API/Services/PermissionService.cs
+30 -1
View File
@@ -1,9 +1,12 @@
using System.Security.Claims;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Caching.Memory;
using ROLAC.API.Authorization;
using ROLAC.API.Data;
using ROLAC.API.DTOs.Permissions;
using ROLAC.API.Entities;
using ROLAC.API.Entities.Logging;
using ROLAC.API.Services.Logging;
namespace ROLAC.API.Services;
@@ -36,11 +39,19 @@ public class PermissionService : IPermissionService
private readonly IServiceScopeFactory _scopeFactory;
private readonly IMemoryCache _cache;
private readonly SystemLogQueue _logQueue;
private readonly IHttpContextAccessor _http;
public PermissionService(IServiceScopeFactory scopeFactory, IMemoryCache cache)
public PermissionService(
IServiceScopeFactory scopeFactory,
IMemoryCache cache,
SystemLogQueue logQueue,
IHttpContextAccessor http)
{
_scopeFactory = scopeFactory;
_cache = cache;
_logQueue = logQueue;
_http = http;
}
public async Task<bool> HasPermissionAsync(IEnumerable<string> roles, string module, string action)
@@ -174,6 +185,24 @@ public class PermissionService : IPermissionService
await db.SaveChangesAsync();
Invalidate();
// Singleton service can't use the scoped IAuditLogger — enqueue directly.
var user = _http.HttpContext?.User;
_logQueue.TryEnqueue(new AuditLog
{
Timestamp = DateTimeOffset.UtcNow,
Level = LogLevelEnum.Warning,
Action = AuditActions.PermissionChanged,
Category = AuditCategories.Security,
EntityName = "Role",
EntityId = roleName,
Summary = $"Permissions updated for role '{roleName}'",
Changes = AuditChangeSerializer.BuildChanges(null, new { Role = roleName, Modules = rows }),
UserId = user?.FindFirstValue(ClaimTypes.NameIdentifier) ?? user?.FindFirstValue("sub"),
UserEmail = user?.FindFirstValue("email"),
IpAddress = _http.HttpContext?.Connection.RemoteIpAddress?.ToString(),
CorrelationId = _http.HttpContext?.TraceIdentifier,
});
}
public void Invalidate() => _cache.Remove(CacheKey);
API/ROLAC.API/Services/UserManagementService.cs
+23 -1
View File
@@ -5,6 +5,8 @@ using ROLAC.API.Data;
using ROLAC.API.DTOs.Shared;
using ROLAC.API.DTOs.Users;
using ROLAC.API.Entities;
using ROLAC.API.Entities.Logging;
using ROLAC.API.Services.Logging;
namespace ROLAC.API.Services;
@@ -12,11 +14,13 @@ public class UserManagementService : IUserManagementService
{
private readonly UserManager<AppUser> _userManager;
private readonly AppDbContext _db;
private readonly IAuditLogger _audit;
public UserManagementService(UserManager<AppUser> userManager, AppDbContext db)
public UserManagementService(UserManager<AppUser> userManager, AppDbContext db, IAuditLogger audit)
{
_userManager = userManager;
_db = db;
_audit = audit;
}
// ── GetPaged ─────────────────────────────────────────────────────────────
@@ -154,6 +158,12 @@ public class UserManagementService : IUserManagementService
await _userManager.AddToRolesAsync(user, request.Roles);
_audit.Write(
AuditActions.RoleChanged, AuditCategories.Security, LogLevelEnum.Warning,
entityName: nameof(AppUser), entityId: user.Id,
summary: $"User created: {user.Email} with roles [{string.Join(", ", request.Roles)}]",
after: new { user.Email, Roles = request.Roles });
return new CreateUserResult { UserId = user.Id, TempPassword = tempPassword };
}
@@ -182,6 +192,13 @@ public class UserManagementService : IUserManagementService
var toAdd = request.Roles.Except(currentRoles).ToList();
if (toRemove.Count > 0) await _userManager.RemoveFromRolesAsync(user, toRemove);
if (toAdd.Count > 0) await _userManager.AddToRolesAsync(user, toAdd);
if (toRemove.Count > 0 || toAdd.Count > 0)
_audit.Write(
AuditActions.RoleChanged, AuditCategories.Security, LogLevelEnum.Warning,
entityName: nameof(AppUser), entityId: user.Id,
summary: $"Roles changed for {user.Email}",
before: new { Roles = currentRoles }, after: new { Roles = request.Roles });
}
// ── Deactivate ───────────────────────────────────────────────────────────
@@ -193,6 +210,11 @@ public class UserManagementService : IUserManagementService
user.IsActive = false;
user.LockoutEnd = DateTimeOffset.MaxValue;
await _userManager.UpdateAsync(user);
_audit.Write(
AuditActions.UserDeactivated, AuditCategories.Security, LogLevelEnum.Warning,
entityName: nameof(AppUser), entityId: user.Id,
summary: $"User deactivated: {user.Email}");
}
// ── ResetPassword ────────────────────────────────────────────────────────
API/ROLAC.API/appsettings.json
+11
View File
@@ -3,6 +3,17 @@
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
},
"Database": {
"MinimumLevel": "Warning",
"ExcludedCategories": [
"Microsoft.EntityFrameworkCore",
"Npgsql",
"Microsoft.AspNetCore.Hosting.Diagnostics",
"Microsoft.AspNetCore.Routing",
"ROLAC.API.Services.Logging",
"ROLAC.API.Data.Logging"
]
}
},
"AllowedHosts": "*",