@cepseudo/adonis-audit-log 1.0.0 → 1.2.0

package/LICENSE.md

@@ -1,9 +1,9 @@
-# The MIT License
-
-Copyright (c) 2023
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+# The MIT License
+
+Copyright (c) 2023
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md

@@ -1,190 +1,201 @@
-# @cepseudo/adonis-audit-log
-
-Simple audit logging package for AdonisJS 6.
-
-## Features
-
-- Custom audit logs for tracking user actions and business events
-- Automatic HTTP request logging via middleware
-- Error logging with exception handler integration
-- Configurable field sanitization for sensitive data
-- Retention settings for log cleanup
-
-## Installation
-
-```bash
-npm install @cepseudo/adonis-audit-log
-```
-
-## Configuration
-
-```bash
-node ace configure @cepseudo/adonis-audit-log
-```
-
-This will:
-
-1. Publish migrations to `database/migrations/`
-2. Publish config to `config/audit.ts`
-3. Register the provider in `adonisrc.ts`
-
-Then run the migrations:
-
-```bash
-node ace migration:run
-```
-
-## Configuration Options
-
-```typescript
-// config/audit.ts
-import { defineConfig } from '@cepseudo/adonis-audit-log'
-
-export default defineConfig({
-  enabled: true,
-
-  requestLog: {
-    enabled: true,
-    excludeRoutes: ['/health', '/metrics'],
-    excludeMethods: ['OPTIONS'],
-    logBody: false,
-    logQuery: true,
-    sanitizeFields: ['password', 'token', 'secret'],
-  },
-
-  errorLog: {
-    enabled: true,
-    excludeStatusCodes: [404],
-    includeStack: true,
-  },
-
-  auditLog: {
-    enabled: true,
-  },
-
-  retention: {
-    requestLogs: 30,
-    errorLogs: 90,
-    auditLogs: 365,
-  },
-})
-```
-
-## Usage
-
-### Custom Audit Logs
-
-```typescript
-import audit from '@cepseudo/adonis-audit-log/services/main'
-
-// Simple log
-await audit.log('user.login', { user_id: 1 })
-
-// With metadata
-await audit.log('submission.create', {
-  user_id: auth.user.id,
-  submission_id: submission.id,
-  project_acronym: submission.projectAcronym,
-})
-
-// Track changes
-await audit.logChange('user.update', {
-  userId: auth.user.id,
-  targetId: targetUser.id,
-  changes: {
-    email: { from: 'old@example.com', to: 'new@example.com' },
-  },
-})
-```
-
-### Request Logging (Middleware)
-
-Add the middleware to your router in `start/kernel.ts`:
-
-```typescript
-router.use([() => import('@cepseudo/adonis-audit-log/middleware/request_logger')])
-```
-
-### Error Logging (Exception Handler)
-
-Integrate with your exception handler in `app/exceptions/handler.ts`:
-
-```typescript
-import { AuditErrorLogger } from '@cepseudo/adonis-audit-log'
-
-export default class HttpExceptionHandler extends ExceptionHandler {
-  async report(error: unknown, ctx: HttpContext) {
-    await AuditErrorLogger.log(error, ctx)
-    return super.report(error, ctx)
-  }
-}
-```
-
-## Database Schema
-
-The package creates three tables:
-
-### audit_logs
-
-- `id` - Primary key
-- `action_type` - Event type (e.g., 'user.login', 'submission.create')
-- `metadata` - JSON object with additional data
-- `user_id` - Optional reference to users table
-- `created_at` - Timestamp
-
-### request_logs
-
-- `id` - Primary key
-- `method` - HTTP method
-- `url` - Request URL
-- `route_name` - Named route if available
-- `status_code` - HTTP response status
-- `response_time_ms` - Response time in milliseconds
-- `ip` - Client IP address
-- `user_agent` - Browser/client user agent
-- `user_id` - Optional reference to users table
-- `request_body` - Sanitized request body (optional)
-- `request_query` - Query parameters
-- `created_at` - Timestamp
-
-### error_logs
-
-- `id` - Primary key
-- `error_type` - Error class name
-- `message` - Error message
-- `stack` - Stack trace (optional)
-- `url` - URL where error occurred
-- `method` - HTTP method
-- `status_code` - HTTP status returned
-- `user_id` - Optional reference to users table
-- `context` - Additional context (params, query)
-- `created_at` - Timestamp
-
-## Development
-
-```bash
-# Install dependencies
-npm install
-
-# Run tests
-npm run test
-
-# Run tests without linting
-npm run quick:test
-
-# Build
-npm run build
-
-# Type check
-npm run typecheck
-
-# Lint
-npm run lint
-
-# Format
-npm run format
-```
-
-## License
-
-MIT
+# @cepseudo/adonis-audit-log
+
+Simple audit logging package for AdonisJS 6.
+
+## Features
+
+- Custom audit logs for tracking user actions and business events
+- Automatic HTTP request logging via middleware
+- Error logging with exception handler integration
+- Configurable field sanitization for sensitive data
+- Retention settings for log cleanup
+
+## Installation
+
+```bash
+npm install @cepseudo/adonis-audit-log
+```
+
+## Configuration
+
+```bash
+node ace configure @cepseudo/adonis-audit-log
+```
+
+This will:
+
+1. Publish migrations to `database/migrations/`
+2. Publish config to `config/audit.ts`
+3. Register the provider and command in `adonisrc.ts`
+
+Then run the migrations:
+
+```bash
+node ace migration:run
+```
+
+## Configuration Options
+
+```typescript
+// config/audit.ts
+import { defineConfig } from '@cepseudo/adonis-audit-log'
+
+export default defineConfig({
+  enabled: true,
+
+  requestLog: {
+    enabled: true,
+    excludeRoutes: ['/health', '/metrics'],
+    excludeMethods: ['OPTIONS'],
+    logBody: false,
+    logQuery: true,
+    sanitizeFields: ['password', 'token', 'secret'],
+  },
+
+  errorLog: {
+    enabled: true,
+    excludeStatusCodes: [404],
+    includeStack: true,
+  },
+
+  auditLog: {
+    enabled: true,
+  },
+
+  // Retention in days (0 = unlimited)
+  retention: {
+    requestLogs: 30,
+    errorLogs: 90,
+    auditLogs: 0, // Keep forever
+  },
+})
+```
+
+## Usage
+
+### Custom Audit Logs
+
+```typescript
+import audit from '@cepseudo/adonis-audit-log/services/main'
+
+// Simple log
+await audit.log('user.login', { user_id: 1 })
+
+// With metadata
+await audit.log('submission.create', {
+  user_id: auth.user.id,
+  submission_id: submission.id,
+  project_acronym: submission.projectAcronym,
+})
+
+// Track changes
+await audit.logChange('user.update', {
+  userId: auth.user.id,
+  targetId: targetUser.id,
+  changes: {
+    email: { from: 'old@example.com', to: 'new@example.com' },
+  },
+})
+```
+
+### Request Logging (Middleware)
+
+Add the middleware to your router in `start/kernel.ts`:
+
+```typescript
+router.use([() => import('@cepseudo/adonis-audit-log/middleware/request_logger')])
+```
+
+### Error Logging (Exception Handler)
+
+Integrate with your exception handler in `app/exceptions/handler.ts`:
+
+```typescript
+import { AuditErrorLogger } from '@cepseudo/adonis-audit-log'
+
+export default class HttpExceptionHandler extends ExceptionHandler {
+  async report(error: unknown, ctx: HttpContext) {
+    await AuditErrorLogger.log(error, ctx)
+    return super.report(error, ctx)
+  }
+}
+```
+
+### Log Cleanup
+
+Delete old logs based on retention configuration:
+
+```bash
+node ace audit:cleanup
+```
+
+Set retention to `0` for unlimited retention (logs won't be deleted).
+
+## Database Schema
+
+The package creates three tables:
+
+### audit_logs
+
+- `id` - Primary key
+- `action_type` - Event type (e.g., 'user.login', 'submission.create')
+- `metadata` - JSON object with additional data
+- `user_id` - Optional reference to users table
+- `created_at` - Timestamp
+
+### request_logs
+
+- `id` - Primary key
+- `method` - HTTP method
+- `url` - Request URL
+- `route_name` - Named route if available
+- `status_code` - HTTP response status
+- `response_time_ms` - Response time in milliseconds
+- `ip` - Client IP address
+- `user_agent` - Browser/client user agent
+- `user_id` - Optional reference to users table
+- `request_body` - Sanitized request body (optional)
+- `request_query` - Query parameters
+- `created_at` - Timestamp
+
+### error_logs
+
+- `id` - Primary key
+- `error_type` - Error class name
+- `message` - Error message
+- `stack` - Stack trace (optional)
+- `url` - URL where error occurred
+- `method` - HTTP method
+- `status_code` - HTTP status returned
+- `user_id` - Optional reference to users table
+- `context` - Additional context (params, query)
+- `created_at` - Timestamp
+
+## Development
+
+```bash
+# Install dependencies
+npm install
+
+# Run tests
+npm run test
+
+# Run tests without linting
+npm run quick:test
+
+# Build
+npm run build
+
+# Type check
+npm run typecheck
+
+# Lint
+npm run lint
+
+# Format
+npm run format
+```
+
+## License
+
+MIT

package/build/commands/audit_cleanup.d.ts

@@ -0,0 +1,8 @@
+import { BaseCommand } from '@adonisjs/core/ace';
+import { CommandOptions } from '@adonisjs/core/types/ace';
+export default class AuditCleanup extends BaseCommand {
+    static commandName: string;
+    static description: string;
+    static options: CommandOptions;
+    run(): Promise<void>;
+}

package/build/commands/audit_cleanup.js

@@ -0,0 +1,64 @@
+/*
+|--------------------------------------------------------------------------
+| Audit Cleanup Command
+|--------------------------------------------------------------------------
+|
+| Command to delete old audit logs based on retention configuration.
+| Run with: node ace audit:cleanup
+|
+*/
+import { BaseCommand } from '@adonisjs/core/ace';
+import { DateTime } from 'luxon';
+export default class AuditCleanup extends BaseCommand {
+    static commandName = 'audit:cleanup';
+    static description = 'Delete old audit logs based on retention configuration';
+    static options = {
+        startApp: true,
+    };
+    async run() {
+        const { default: AuditLog } = await import('../src/models/audit_log.js');
+        const { default: RequestLog } = await import('../src/models/request_log.js');
+        const { default: ErrorLog } = await import('../src/models/error_log.js');
+        const config = this.app.config.get('audit');
+        if (!config) {
+            this.logger.error('Audit config not found. Make sure config/audit.ts exists.');
+            return;
+        }
+        const retention = config.retention;
+        let totalDeleted = 0;
+        // Cleanup audit logs
+        if (retention.auditLogs > 0) {
+            const cutoff = DateTime.now().minus({ days: retention.auditLogs });
+            const deleted = await AuditLog.query().where('createdAt', '<', cutoff.toJSDate()).delete();
+            const count = Array.isArray(deleted) ? deleted.length : deleted;
+            this.logger.info(`Deleted ${count} audit logs older than ${retention.auditLogs} days`);
+            totalDeleted += count;
+        }
+        else {
+            this.logger.info('Audit logs: retention unlimited (skipped)');
+        }
+        // Cleanup request logs
+        if (retention.requestLogs > 0) {
+            const cutoff = DateTime.now().minus({ days: retention.requestLogs });
+            const deleted = await RequestLog.query().where('createdAt', '<', cutoff.toJSDate()).delete();
+            const count = Array.isArray(deleted) ? deleted.length : deleted;
+            this.logger.info(`Deleted ${count} request logs older than ${retention.requestLogs} days`);
+            totalDeleted += count;
+        }
+        else {
+            this.logger.info('Request logs: retention unlimited (skipped)');
+        }
+        // Cleanup error logs
+        if (retention.errorLogs > 0) {
+            const cutoff = DateTime.now().minus({ days: retention.errorLogs });
+            const deleted = await ErrorLog.query().where('createdAt', '<', cutoff.toJSDate()).delete();
+            const count = Array.isArray(deleted) ? deleted.length : deleted;
+            this.logger.info(`Deleted ${count} error logs older than ${retention.errorLogs} days`);
+            totalDeleted += count;
+        }
+        else {
+            this.logger.info('Error logs: retention unlimited (skipped)');
+        }
+        this.logger.success(`Cleanup complete. Total deleted: ${totalDeleted}`);
+    }
+}

package/build/commands/commands.json

@@ -0,0 +1,18 @@
+{
+  "commands": [
+    {
+      "commandName": "audit:cleanup",
+      "description": "Delete old audit logs based on retention configuration",
+      "help": "",
+      "namespace": "audit",
+      "aliases": [],
+      "flags": [],
+      "args": [],
+      "options": {
+        "startApp": true
+      },
+      "filePath": "./audit_cleanup.js"
+    }
+  ],
+  "version": 1
+}

package/build/commands/main.d.ts

@@ -0,0 +1,9 @@
+import type { CommandMetaData } from '@adonisjs/core/types/ace';
+/**
+ * Reads the commands from the "./commands.json" file.
+ */
+export declare function getMetaData(): Promise<CommandMetaData[]>;
+/**
+ * Imports the command by looking up its path from the commands metadata
+ */
+export declare function getCommand(metaData: CommandMetaData): Promise<typeof import('./audit_cleanup.js').default | null>;

package/build/commands/main.js

@@ -0,0 +1,37 @@
+/*
+|--------------------------------------------------------------------------
+| Commands Loader
+|--------------------------------------------------------------------------
+|
+| This file exports the getMetaData and getCommand functions required
+| by AdonisJS to load commands from packages.
+|
+*/
+import { readFile } from 'node:fs/promises';
+/**
+ * In-memory cache of commands after they have been loaded
+ */
+let commandsMetaData;
+/**
+ * Reads the commands from the "./commands.json" file.
+ */
+export async function getMetaData() {
+    if (commandsMetaData) {
+        return commandsMetaData;
+    }
+    const commandsIndex = await readFile(new URL('./commands.json', import.meta.url), 'utf-8');
+    commandsMetaData = JSON.parse(commandsIndex).commands;
+    return commandsMetaData;
+}
+/**
+ * Imports the command by looking up its path from the commands metadata
+ */
+export async function getCommand(metaData) {
+    const commands = await getMetaData();
+    const command = commands.find(({ commandName }) => metaData.commandName === commandName);
+    if (!command) {
+        return null;
+    }
+    const { default: commandConstructor } = await import(new URL(command.filePath, import.meta.url).href);
+    return commandConstructor;
+}

package/build/configure.js

@@ -12,47 +12,32 @@ export async function configure(command) {
     const codemods = await command.createCodemods();
     // Publish config file
     await codemods.makeUsingStub(stubsRoot, 'config.stub', {});
-    // Publish migrations
-    const now = new Date();
-    const timestamp = now
-        .toISOString()
-        .replace(/[-:]/g, '')
-        .replace('T', '_')
-        .replace(/\.\d{3}Z$/, '');
+    // Publish migrations using Unix timestamp in milliseconds (AdonisJS standard format)
+    const timestamp = Date.now();
     await codemods.makeUsingStub(stubsRoot, 'migrations/create_audit_logs_table.stub', {
         migration: {
             folder: 'database/migrations',
             fileName: `${timestamp}_create_audit_logs_table.ts`,
         },
     });
-    // Add 1 second to timestamp for ordering
-    const timestamp2 = new Date(now.getTime() + 1000)
-        .toISOString()
-        .replace(/[-:]/g, '')
-        .replace('T', '_')
-        .replace(/\.\d{3}Z$/, '');
     await codemods.makeUsingStub(stubsRoot, 'migrations/create_request_logs_table.stub', {
         migration: {
             folder: 'database/migrations',
-            fileName: `${timestamp2}_create_request_logs_table.ts`,
+            fileName: `${timestamp + 1}_create_request_logs_table.ts`,
         },
     });
-    // Add 2 seconds to timestamp for ordering
-    const timestamp3 = new Date(now.getTime() + 2000)
-        .toISOString()
-        .replace(/[-:]/g, '')
-        .replace('T', '_')
-        .replace(/\.\d{3}Z$/, '');
     await codemods.makeUsingStub(stubsRoot, 'migrations/create_error_logs_table.stub', {
         migration: {
             folder: 'database/migrations',
-            fileName: `${timestamp3}_create_error_logs_table.ts`,
+            fileName: `${timestamp + 2}_create_error_logs_table.ts`,
         },
     });
-    // Register provider in adonisrc.ts
+    // Register provider and command in adonisrc.ts
     await codemods.updateRcFile((rcFile) => {
         rcFile.addProvider('@cepseudo/adonis-audit-log/providers/audit_provider');
+        rcFile.addCommand('@cepseudo/adonis-audit-log/commands');
     });
     command.logger.success('Audit log package configured successfully!');
     command.logger.info('Run "node ace migration:run" to create the audit tables.');
+    command.logger.info('Use "node ace audit:cleanup" to delete old logs based on retention config.');
 }

package/build/middleware/request_logger.d.ts

@@ -1,5 +1,8 @@
 import type { HttpContext } from '@adonisjs/core/http';
 import type { NextFn } from '@adonisjs/core/types/http';
+import type { AuditConfig } from '../src/types.js';
 export default class RequestLoggerMiddleware {
+    #private;
+    constructor(config: AuditConfig);
     handle(ctx: HttpContext, next: NextFn): Promise<void>;
 }

package/build/middleware/request_logger.js

@@ -7,27 +7,20 @@
 | middleware stack in start/kernel.ts.
 |
 */
-import app from '@adonisjs/core/services/app';
 import { RequestLogger } from '../src/request_logger.js';
-let requestLogger = null;
 export default class RequestLoggerMiddleware {
+    #requestLogger;
+    constructor(config) {
+        this.#requestLogger = new RequestLogger(config);
+    }
     async handle(ctx, next) {
         const startTime = performance.now();
         // Execute the request
         await next();
         // Log the request after response (non-blocking)
         try {
-            if (!requestLogger) {
-                const config = app.config.get('audit');
-                if (config) {
-                    requestLogger = new RequestLogger(config);
-                }
-            }
-            if (requestLogger) {
-                const responseTimeMs = Math.round(performance.now() - startTime);
-                // Use async version to not block the response
-                requestLogger.logAsync(ctx, responseTimeMs);
-            }
+            const responseTimeMs = Math.round(performance.now() - startTime);
+            this.#requestLogger.logAsync(ctx, responseTimeMs);
         }
         catch (error) {
             console.error('[RequestLoggerMiddleware] Error:', error);