mongoid-auditor 0.1.0

data/lib/mongoid/auditor/helpers/controller_helpers/init_audit_log.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    module InitAuditLog
+      extend ActiveSupport::Concern
+
+      MUTATION_METHODS = %w[POST PUT PATCH DELETE].freeze
+      included do
+        prepend_before_action :init_audit_store, if: -> { MUTATION_METHODS.include?(request.method) }
+        include ControllerAuditHelper
+      end
+
+      def init_audit_store
+        return unless ::Mongoid::Auditor.config.enabled && ::Mongoid::Auditor.config.log_models
+
+        set_current(:request_id, request.request_id)
+        set_current(:actor_id, current_user&.id&.to_s)
+        set_current(:path, "#{request.method} #{request.fullpath}")
+        set_current(:request_params, filter_sensitive_params(request.filtered_parameters))
+        set_current(:audit_logs, [])
+        set_current(:audit_sequence, 0)
+      end
+
+      def filter_sensitive_params(params)
+        skip_fields = ::Mongoid::Auditor.config.skip_password_fields || []
+        params.except(*skip_fields)
+      end
+
+      def set_current(key, value)
+        Mongoid::Auditor::Current.send("#{key}=", value)
+      end
+    end
+  end
+end

data/lib/mongoid/auditor/helpers/jobs/auditor_job.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    class AuditorJob < ActiveJob::Base
+      class_attribute :skip_audit, default: false
+
+      self.skip_audit = true
+
+      queue_as :default
+
+      def perform(state, exception = nil, entry = nil)
+        return unless config.enabled
+
+        case state.to_sym
+        when :model
+          log_model(entry)
+        when :controller
+          log_controller_error(exception, entry)
+        else
+          log_unknown_state(state)
+        end
+      rescue StandardError => e
+        log_failure(e)
+        raise
+      end
+
+      private
+
+      def config
+        ::Mongoid::Auditor.config
+      end
+
+      def log_model(entry)
+        Audit.log(entry) if config.log_models
+      end
+
+      def log_controller_error(exception, entry)
+        return unless config.log_controllers
+
+        Audit.send(:log_error, exception, entry)
+      end
+
+      def log_unknown_state(state)
+        logger&.error("AuditorJob unknown state: #{state}")
+      end
+
+      def log_failure(error)
+        logger&.error(
+          "AuditorJob failed: #{error.class} #{error.message}\n" \
+          "#{error.backtrace&.take(5)&.join("\n")}"
+        )
+      end
+    end
+  end
+end

data/lib/mongoid/auditor/helpers/jobs/concerns/auditable_job_error.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    module AuditableJobError
+      def audit_job_exceptions(job)
+        @current_job = job
+        yield
+      rescue StandardError => e
+        audit_job_error(e)
+        raise
+      end
+
+      private
+
+      def audit_job_error(exception)
+        return unless ::Mongoid::Auditor.config.enabled
+
+        data = build_job_entry(exception)
+        ::Mongoid::Auditor::AuditorJob.perform_later(:controller, data[:error], data[:entry])
+      rescue StandardError => e
+        Rails.logger&.error("AuditableJobError failed: #{e.class} #{e.message}\n#{e.backtrace&.take(5)&.join("\n")}")
+      end
+
+      def build_job_entry(exception)
+        request_id  = set_request_id
+        actor       = 'BackgroundJobError'
+
+        {
+          entry: {
+            request_id: request_id,
+            actor: actor,
+            path: "Job #{@current_job.class.name}",
+            params: @current_job.arguments,
+            model_type: @current_job.class.name,
+            model_id: nil,
+            has_error: true,
+            event: 'perform',
+            dirties: {},
+            sequence: ::Mongoid::Auditor::Current.audit_sequence.to_i + 1
+          },
+          error: {
+            class: exception.class.to_s,
+            message: exception.message,
+            backtrace: exception.backtrace&.take(5)
+          }
+        }
+      end
+
+      def set_request_id
+        return unless @current_job
+
+        context = ::Mongoid::Auditor::RequestContext.find_by(job_id: @current_job.job_id)
+        context&.request_id || "#{@current_job.class.name}-#{@current_job.job_id}"
+      end
+    end
+  end
+end

data/lib/mongoid/auditor/helpers/jobs/concerns/init_job_audit_log.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    module InitJobAuditLog
+      extend ActiveSupport::Concern
+
+      included do
+        include AuditableJobError
+
+        before_enqueue do |job|
+          store_request_context(job)
+        end
+
+        before_perform do |job|
+          ::Mongoid::Auditor::Current.reset_all
+
+          request_id_from_context(job)
+          init_job_audit_store(job) unless job.class.skip_audit
+        end
+
+        around_perform do |job, block|
+          audit_job_exceptions(job, &block)
+          clear_request_context(job)
+        end
+      end
+
+      private
+
+      def store_request_context(job)
+        return if job.class.skip_audit
+
+        request_id = ::Mongoid::Auditor::Current.request_id
+        ::Mongoid::Auditor::RequestContext.create!(job_id: job.job_id, request_id: request_id)
+      rescue StandardError => e
+        Rails.logger&.error("Failed to store request context: #{e.class} #{e.message}")
+      end
+
+      def request_id_from_context(job)
+        context = ::Mongoid::Auditor::RequestContext.find_by(job_id: job.job_id)
+        ::Mongoid::Auditor::Current.request_id = context&.request_id
+      end
+
+      def init_job_audit_store(job)
+        set_current(:request_id, ::Mongoid::Auditor::Current.request_id || "Job #{job.class.name}-#{job.job_id}")
+        set_current(:actor_id, 'Background Job')
+
+        set_current(:path, "Job #{job.class.name}")
+        set_current(:request_params, job.arguments || [])
+
+        set_current(:audit_logs, [])
+        set_current(:audit_sequence, 0)
+      end
+
+      def set_current(key, value)
+        ::Mongoid::Auditor::Current.public_send("#{key}=", value)
+      end
+
+      def clear_request_context(job)
+        return if job.nil?
+
+        ::Mongoid::Auditor::RequestContext.where(job_id: job.job_id).delete_all
+      rescue StandardError => e
+        Rails.logger&.error("Failed to clear request context: #{e.class} #{e.message}")
+      end
+    end
+  end
+end

data/lib/mongoid/auditor/helpers/models/audit_log.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    class AuditLog
+      include Mongoid::Document
+      include Mongoid::Timestamps
+      include Mongoid::Auditor::AuditLogHelpers
+
+      field :request_id, type: String
+      field :actor, type: String
+
+      field :path, type: String
+      field :params, type: Hash, default: {}
+
+      field :model_type, type: String
+      field :model_id, type: String
+      field :has_error, type: Boolean, default: false
+      field :event, type: String
+      field :dirties, type: Hash, default: {}
+
+      # optional ordering/consistency helpers
+      field :sequence, type: Integer
+
+      field :error, type: Hash, default: nil
+      field :model_error, type: Hash, default: nil
+
+      # Indexes for performance
+      index({ request_id: 1 })
+      index({ model_type: 1, model_id: 1 })
+      index({ model_type: 1, model_id: 1, event: 1 })
+      index({ actor: 1 })
+      index({ has_error: 1, created_at: -1 })
+      index({ created_at: -1 })
+      index({ request_id: 1, sequence: 1 })
+
+      # Validations
+      validates :request_id, presence: true
+      validates :event, presence: true, inclusion: { in: %w[create update destroy error] }
+      validates :sequence, presence: true, numericality: { only_integer: true }
+
+      def model
+        return if model_type.blank? || model_id.blank?
+
+        model_type.constantize.find(model_id)
+      rescue StandardError
+        nil
+      end
+
+      # Prevent destructive operations in production - don't allow erasing audit history
+      if defined?(Rails) && Rails.env.production?
+        %w[destroy destroy! delete delete!].each do |method_name|
+          define_method(method_name) do
+            raise 'AuditLog is immutable in production. You cannot rewrite history!'
+          end
+        end
+
+        def self.delete_all(*)
+          raise 'AuditLog is immutable in production. You cannot rewrite history!'
+        end
+      end
+    end
+  end
+end

data/lib/mongoid/auditor/helpers/models/concerns/audit_log_helpers.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    module AuditLogHelpers
+      extend ActiveSupport::Concern
+
+      included do
+        # Ensure we're using the namespaced AuditLog
+      end
+
+      class_methods do
+        # All audit logs that represent errors
+        def errors
+          where(has_error: true)
+        end
+
+        def record_logs(request_id)
+          where(request_id: request_id)
+        end
+
+        def created_errors_today
+          event_errors('create')
+        end
+
+        def updated_errors_today
+          event_errors('update')
+        end
+
+        def deleted_errors_today
+          event_errors('destroy')
+        end
+
+        def event_errors(event)
+          where(created_at: Time.current.all_day, has_error: true, event: event)
+        end
+
+        # Errors created today
+        def errors_today
+          errors.where(created_at: Time.current.all_day)
+        end
+
+        # Errors created in last N days
+        def errors_last(days)
+          errors.where(:created_at.gte => days.days.ago)
+        end
+
+        # Errors by specific actor
+        def errors_by(actor_id)
+          errors.where(actor: actor_id)
+        end
+
+        # Quick summary: class names and counts
+        def error_summary
+          errors.group_by { |log| log.error&.dig('class') || 'Unknown' }.transform_values(&:count)
+        end
+
+        def error_summary_today
+          errors_today.group_by { |log| log.error&.dig('class') || 'Unknown' }.transform_values(&:count)
+        end
+
+        def error_summary_last(days)
+          errors_last(days).group_by { |log| log.error&.dig('class') || 'Unknown' }.transform_values(&:count)
+        end
+      end
+    end
+  end
+end

data/lib/mongoid/auditor/helpers/models/concerns/auditable.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    module Auditable
+      extend ActiveSupport::Concern
+
+      included do
+        include Mongoid::Auditor::ModelLogsHelper
+
+        after_create :audit_create
+        after_update :audit_update
+        before_destroy :audit_destroy
+      end
+
+      MODEL_AUDIT = :model
+
+      private
+
+      def audit_create
+        before_attrs = {}
+        after_attrs  = attributes.deep_stringify_keys
+        append_audit_entry('create', before_attrs, after_attrs)
+      end
+
+      def audit_update
+        return if previous_changes.blank?
+
+        before_attrs = previous_changes.transform_values(&:first).deep_stringify_keys
+        after_attrs  = previous_changes.transform_values(&:last).deep_stringify_keys
+        append_audit_entry('update', before_attrs, after_attrs)
+      end
+
+      def audit_destroy
+        before_attrs = attributes.deep_stringify_keys
+        after_attrs  = nil
+        append_audit_entry('destroy', before_attrs, after_attrs)
+      end
+
+      def append_audit_entry(event, before_attrs, after_attrs)
+        return unless ::Mongoid::Auditor.config.enabled && ::Mongoid::Auditor.config.log_models
+        return if ::Mongoid::Auditor::Current.path.nil?
+
+        entry = build_entry(event, before_attrs, after_attrs)
+        ::Mongoid::Auditor::AuditorJob.perform_later(MODEL_AUDIT, nil, entry)
+      rescue StandardError => e
+        logger&.error("Auditable#append_audit_entry failed for #{self.class.name}(#{id}): #{e.class} #{e.message}")
+      end
+
+      def logger
+        defined?(Rails) ? Rails.logger : nil
+      end
+
+      def build_entry(event, before_attrs, after_attrs)
+        ::Mongoid::Auditor::Current.audit_sequence ||= 0
+        seq = ::Mongoid::Auditor::Current.audit_sequence + 1
+        ::Mongoid::Auditor::Current.audit_sequence = seq
+
+        # Transform before/after attrs into { attribute: [before_value, after_value] } format
+        dirties = build_dirties_hash(before_attrs, after_attrs)
+
+        {
+          request_id: ::Mongoid::Auditor::Current.request_id,
+          actor: ::Mongoid::Auditor::Current.actor_id,
+          path: ::Mongoid::Auditor::Current.path,
+          params: ::Mongoid::Auditor::Current.request_params,
+          model_type: self.class.name,
+          model_id: id.to_s,
+          event: event,
+          dirties: dirties,
+          sequence: seq
+        }
+      end
+
+      def build_dirties_hash(before_attrs, after_attrs)
+        before_attrs ||= {}
+        after_attrs ||= {}
+
+        all_keys = (before_attrs.keys + after_attrs.keys).uniq
+
+        all_keys.each_with_object({}) do |key, result|
+          before_value = before_attrs[key]
+          after_value = after_attrs[key]
+          result[key] = [before_value, after_value]
+        end
+      end
+    end
+  end
+end

data/lib/mongoid/auditor/helpers/models/concerns/model_logs_helper.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    module ModelLogsHelper
+      extend ActiveSupport::Concern
+
+      def logs
+        ::Mongoid::Auditor::AuditLog.where(model_id: id.to_s, model_type: self.class.name)
+      end
+
+      def create_errors_today
+        error_events('create')
+      end
+
+      def update_errors_today
+        error_events('update')
+      end
+
+      def destroy_errors_today
+        error_events('destroy')
+      end
+
+      def created_today
+        audit_events('create')
+      end
+
+      def updated_today
+        audit_events('update')
+      end
+
+      def deleted_today
+        audit_events('destroy')
+      end
+
+      def error_events(event)
+        ::Mongoid::Auditor::AuditLog.where(model_type: self.class.name, has_error: true, event: event, created_at: today_time)
+      end
+
+      def audit_events(event)
+        ::Mongoid::Auditor::AuditLog.where(model_type: self.class.name, event: event, created_at: today_time)
+      end
+
+      def error
+        ::Mongoid::Auditor::AuditLog.where(model_id: id.to_s, model_type: self.class.name, has_error: true)
+      end
+
+      def today_time
+        @today_time ||= Time.current.all_day
+      end
+    end
+  end
+end

data/lib/mongoid/auditor/helpers/models/current.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    class Current < ActiveSupport::CurrentAttributes
+      attribute :request_id, :actor_id,
+                :path, :request_params, :audit_logs, :audit_sequence
+    end
+  end
+end

data/lib/mongoid/auditor/helpers/models/request_context.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    class RequestContext
+      include Mongoid::Document
+      include Mongoid::Timestamps
+
+      field :job_id, type: String
+      field :request_id, type: String
+
+      index({ job_id: 1 }, { unique: true })
+      index({ request_id: 1 })
+      index({ created_at: 1 }, { expire_after_seconds: 86_400 }) # Auto-delete after 24 hours
+
+      validates :request_id, presence: true
+    end
+  end
+end

data/lib/mongoid/auditor/railtie.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    class Railtie < Rails::Railtie
+      initializer 'mongoid_auditor.load_app' do
+        require 'mongoid/auditor/generators/install_generator' if defined?(Rails::Generators)
+        # Load controller concerns
+        ActiveSupport.on_load(:action_controller) do
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/controller_helpers/init_audit_log', __dir__)
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/controller_helpers/audit_controller_error_log', __dir__)
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/controller_helpers/controller_audit_helper', __dir__)
+        end
+
+        # Load job concerns
+        ActiveSupport.on_load(:active_job) do
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/jobs/concerns/init_job_audit_log', __dir__)
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/jobs/concerns/auditable_job_error', __dir__)
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/jobs/auditor_job', __dir__)
+        end
+
+        # Load models and model concerns
+        ActiveSupport.on_load(:mongoid) do
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/models/concerns/audit_log_helpers', __dir__)
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/models/concerns/auditable', __dir__)
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/models/concerns/model_logs_helper', __dir__)
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/models/audit_log', __dir__)
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/models/request_context', __dir__)
+          require File.expand_path('../../../lib/mongoid/auditor/helpers/models/current', __dir__)
+        end
+      end
+    end
+  end
+end

data/lib/mongoid/auditor/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Mongoid
+  module Auditor
+    VERSION = '0.1.0'
+  end
+end

data/lib/mongoid/auditor.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'mongoid/auditor/version'
+require 'mongoid/auditor/configuration'
+
+require 'active_support/current_attributes'
+require 'mongoid/auditor/audit'
+require 'mongoid/auditor/railtie' if defined?(Rails)
+
+module Mongoid
+  module Auditor
+    class << self
+      attr_accessor :config
+
+      def configure
+        self.config ||= Configuration.new
+        yield(config)
+      end
+    end
+  end
+end

data/sig/mongoid/auditor.rbs

@@ -0,0 +1,6 @@
+module Mongoid
+  module Auditor
+    VERSION: String
+    # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+  end
+end