@hacimertgokhan/next-audit 1.0.0 → 1.0.2

package/.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/next-audit.iml" filepath="$PROJECT_DIR$/.idea/next-audit.iml" />
+    </modules>
+  </component>
+</project>

package/.idea/next-audit.iml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
+      <excludeFolder url="file://$MODULE_DIR$/temp" />
+      <excludeFolder url="file://$MODULE_DIR$/tmp" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

package/README.md

@@ -0,0 +1,58 @@
+# @hacimertgokhan/next-audit
+
+A lightweight TypeScript library for Next.js to audit backend requests automatically using decorators.
+
+## Features
+- **Easy Integration**: Simply add the `@Audit()` decorator to your controller methods.
+- **Automated Logging**: Captures method, URL, status code, execution duration, and IP.
+- **Data Tracking**: Automatically records `old_value` (for DELETE) and `new_value` (for POST/PUT/PATCH).
+- **MySQL Support**: Built-in adapter for MySQL storage.
+
+## Installation
+
+```bash
+npm install @hacimertgokhan/next-audit mysql2 reflect-metadata
+```
+
+## Configuration
+
+Create a `audit.conf.ts` file in your project root:
+
+```typescript
+export default {
+  database: {
+    url: process.env.DATABASE_URL, 
+  },
+  
+  tableName: 'audit_logs', 
+  debug: false
+};
+```
+
+## Usage
+
+Use the decorator in your Next.js API route class methods:
+
+```typescript
+import { Audit } from '@hacimertgokhan/next-audit';
+import { NextRequest, NextResponse } from 'next/server';
+
+class UserController {
+  
+  @Audit()
+  async createUser(req: NextRequest) {
+    const data = await req.json();
+    
+    return NextResponse.json({ id: 1, ...data });
+  }
+
+  @Audit()
+  async deleteUser(req: NextRequest) {
+    
+    return NextResponse.json({ success: true });
+  }
+}
+```
+
+## License
+ISC

package/dist/config.d.ts

@@ -1,2 +1,11 @@
 import { AuditConfig } from './types';
+/**
+ * Manually set the audit configuration.
+ * This is useful if you want to load config from a different source.
+ */
+export declare function setAuditConfig(config: AuditConfig): void;
+/**
+ * Loads the configuration from audit.conf.js or audit.conf.ts in the project root.
+ * Falls back to environment variables if no config file is found.
+ */
 export declare function loadConfig(): AuditConfig;

package/dist/config.js

@@ -3,10 +3,22 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.setAuditConfig = setAuditConfig;
 exports.loadConfig = loadConfig;
 const path_1 = __importDefault(require("path"));
 const fs_1 = __importDefault(require("fs"));
 let cachedConfig = null;
+/**
+ * Manually set the audit configuration.
+ * This is useful if you want to load config from a different source.
+ */
+function setAuditConfig(config) {
+    cachedConfig = config;
+}
+/**
+ * Loads the configuration from audit.conf.js or audit.conf.ts in the project root.
+ * Falls back to environment variables if no config file is found.
+ */
 function loadConfig() {
     if (cachedConfig)
         return cachedConfig;
@@ -14,42 +26,55 @@ function loadConfig() {
     const configPathTs = path_1.default.resolve(process.cwd(), 'audit.conf.ts');
     const configPathJs = path_1.default.resolve(process.cwd(), 'audit.conf.js');
     try {
-        // Note: In a real compiled node_modules scenario, requiring a .ts file from cwd at runtime
-        // requires ts-node or similar. We will assume the user has a setup that handles this,
-        // or they compile it to .js. For this MVP, we try to require it.
-        // If it fails, we look for defaults or env vars.
+        // Use eval('require') to bypass Webpack's static analysis in Next.js
+        // This allows loading a file from the disk at runtime.
+        const safeRequire = (p) => {
+            try {
+                // eslint-disable-next-line no-eval
+                return eval('require')(p);
+            }
+            catch (e) {
+                // Fallback for non-webpack environments
+                if (typeof require !== 'undefined') {
+                    // eslint-disable-next-line @typescript-eslint/no-var-requires
+                    return require(p);
+                }
+                throw e;
+            }
+        };
         if (fs_1.default.existsSync(configPathJs)) {
-            // eslint-disable-next-line @typescript-eslint/no-var-requires
-            const userConfig = require(configPathJs);
+            const userConfig = safeRequire(configPathJs);
             cachedConfig = userConfig.default || userConfig;
         }
         else if (fs_1.default.existsSync(configPathTs)) {
-            // Only works if running via ts-node or if we invoke a transpiler on fly
-            // For now, we warn or rely on an environment that supports it.
             try {
-                // eslint-disable-next-line @typescript-eslint/no-var-requires
-                require('ts-node/register'); // Try to register if possible? Risky for a lib.
-                // eslint-disable-next-line @typescript-eslint/no-var-requires
-                const userConfig = require(configPathTs);
+                // Try to register ts-node if it's available for .ts config files
+                try {
+                    safeRequire('ts-node/register');
+                }
+                catch (e) {
+                    // ts-node not available, hope for the best or it might already be registered
+                }
+                const userConfig = safeRequire(configPathTs);
                 cachedConfig = userConfig.default || userConfig;
             }
             catch (e) {
-                console.warn('[Next-Audit] Found audit.conf.ts but could not load it directly (ts-node missing?). Please ensure it is compiled to js or use audit.conf.js');
+                console.warn('[Next-Audit] Found audit.conf.ts but could not load it directly. Please ensure it is compiled to js or use audit.conf.js');
             }
         }
     }
     catch (error) {
+        // Only log if it's not a "module not found" error for the config files themselves
+        // but wait, we already check fs.existsSync, so any error here is likely real.
         console.error('[Next-Audit] Error loading config:', error);
     }
     if (!cachedConfig) {
-        // Fallback: minimal valid config or throw
-        // For MVP we assume environment variables might also be used
+        // Fallback: environment variables
         cachedConfig = {
             database: {
                 url: process.env.DATABASE_URL
-                // default to local if nothing found?
             },
-            debug: true
+            debug: !!process.env.AUDIT_DEBUG
         };
         if (!process.env.DATABASE_URL) {
             console.warn('[Next-Audit] No config file found and DATABASE_URL not set. Audit might fail.');

package/dist/decorators/audit.js

@@ -11,39 +11,30 @@ function Audit(options) {
             const startTime = Date.now();
             let req;
             let context;
-            // Try to find NextRequest in arguments
             for (const arg of args) {
                 if (arg instanceof Request || (arg && arg.constructor && arg.constructor.name === 'NextRequest')) {
                     req = arg;
                     break;
                 }
             }
-            // Capture inputs
             const url = req?.url || '';
             const method = req?.method || 'UNKNOWN';
             const userAgent = req?.headers.get('user-agent') || '';
-            // TODO: Extract user ID from session/token if available in headers or args
-            let oldData = null; // For delete operations, we hope to capture this
+            let oldData = null;
             let newData = null;
-            // Execute original method
             let result;
             let status = 200;
             let errorOccurred = false;
             try {
                 result = await originalMethod.apply(this, args);
-                // Analyze Result
                 if (result instanceof Response) {
                     status = result.status;
-                    // Clone to read body without consuming the original stream if possible, 
-                    // or assume we can't read it if it's a stream already locked.
-                    // For JSON responses, we might want to peek.
                     try {
                         const clone = result.clone();
                         const bodyText = await clone.text();
                         if (bodyText) {
                             try {
                                 const json = JSON.parse(bodyText);
-                                // If DELETE, assume result is the deleted data or confirmation
                                 if (method === 'DELETE') {
                                     oldData = json;
                                 }
@@ -52,16 +43,13 @@ function Audit(options) {
                                 }
                             }
                             catch (e) {
-                                // Not JSON
                             }
                         }
                     }
                     catch (e) {
-                        // Failed to read response body
                     }
                 }
                 else {
-                    // If the function returns a plain object (not a Response), treat it as data
                     if (method === 'DELETE') {
                         oldData = result;
                     }
@@ -73,7 +61,6 @@ function Audit(options) {
             catch (error) {
                 errorOccurred = true;
                 status = 500;
-                // Try to get status from error if available
                 if (error.status)
                     status = error.status;
                 if (error.statusCode)
@@ -94,12 +81,7 @@ function Audit(options) {
                         user_agent: userAgent,
                         old_value: oldData,
                         new_value: newData,
-                        // user_id, entity, entity_id need more specific logic or config to extract
                     };
-                    // Fire and forget audit log to not block response? 
-                    // Or await it? User might want reliability.
-                    // We'll await it for now to ensure it's logged, 
-                    // but catching errors so we don't break the app if logging fails.
                     (0, mysql_1.saveAuditLog)(entry, config).catch(e => console.error('Audit Log Error', e));
                 }
             }

package/dist/index.js

@@ -17,4 +17,3 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./decorators/audit"), exports);
 __exportStar(require("./types"), exports);
 __exportStar(require("./config"), exports);
-// We might not export lib/mysql directly unless user needs custom access

package/dist/lib/mysql.js

@@ -35,8 +35,6 @@ async function saveAuditLog(entry, config) {
         }
         const db = await getDbConnection(config);
         const tableName = config.tableName || 'audit_logs';
-        // Simple table check/creation (naive implementation for MVP)
-        // In production, migrations are preferred.
         await db.query(`
       CREATE TABLE IF NOT EXISTS \`${tableName}\` (
         id INT AUTO_INCREMENT PRIMARY KEY,

package/dist/types.d.ts

@@ -7,17 +7,8 @@ export interface AuditConfig {
         password?: string;
         database?: string;
     };
-    /**
-     * Table name to store audit logs. Default: 'audit_logs'
-     */
     tableName?: string;
-    /**
-     * Enable console logging for debugging
-     */
     debug?: boolean;
-    /**
-     * If true, database writes are skipped (for testing)
-     */
     testMode?: boolean;
 }
 export type AuditLogEntry = {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hacimertgokhan/next-audit",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "Next.js backend audit system with @Audit decorator",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -28,4 +28,4 @@
     "next": "^16.1.3",
     "typescript": "^5.5.0"
   }
-}
+}

package/src/config.ts

@@ -4,6 +4,18 @@ import { AuditConfig } from './types';
 
 let cachedConfig: AuditConfig | null = null;
 
+/**
+ * Manually set the audit configuration. 
+ * This is useful if you want to load config from a different source.
+ */
+export function setAuditConfig(config: AuditConfig) {
+    cachedConfig = config;
+}
+
+/**
+ * Loads the configuration from audit.conf.js or audit.conf.ts in the project root.
+ * Falls back to environment variables if no config file is found.
+ */
 export function loadConfig(): AuditConfig {
     if (cachedConfig) return cachedConfig;
 
@@ -12,42 +24,54 @@ export function loadConfig(): AuditConfig {
     const configPathJs = path.resolve(process.cwd(), 'audit.conf.js');
 
     try {
-        // Note: In a real compiled node_modules scenario, requiring a .ts file from cwd at runtime
-        // requires ts-node or similar. We will assume the user has a setup that handles this,
-        // or they compile it to .js. For this MVP, we try to require it.
-        // If it fails, we look for defaults or env vars.
+        // Use eval('require') to bypass Webpack's static analysis in Next.js
+        // This allows loading a file from the disk at runtime.
+        const safeRequire = (p: string) => {
+            try {
+                // eslint-disable-next-line no-eval
+                return eval('require')(p);
+            } catch (e) {
+                // Fallback for non-webpack environments
+                if (typeof require !== 'undefined') {
+                    // eslint-disable-next-line @typescript-eslint/no-var-requires
+                    return require(p);
+                }
+                throw e;
+            }
+        };
 
         if (fs.existsSync(configPathJs)) {
-            // eslint-disable-next-line @typescript-eslint/no-var-requires
-            const userConfig = require(configPathJs);
+            const userConfig = safeRequire(configPathJs);
             cachedConfig = userConfig.default || userConfig;
         } else if (fs.existsSync(configPathTs)) {
-            // Only works if running via ts-node or if we invoke a transpiler on fly
-            // For now, we warn or rely on an environment that supports it.
             try {
-                // eslint-disable-next-line @typescript-eslint/no-var-requires
-                require('ts-node/register'); // Try to register if possible? Risky for a lib.
-                // eslint-disable-next-line @typescript-eslint/no-var-requires
-                const userConfig = require(configPathTs);
+                // Try to register ts-node if it's available for .ts config files
+                try {
+                    safeRequire('ts-node/register');
+                } catch (e) {
+                    // ts-node not available, hope for the best or it might already be registered
+                }
+                const userConfig = safeRequire(configPathTs);
                 cachedConfig = userConfig.default || userConfig;
             } catch (e) {
-                console.warn('[Next-Audit] Found audit.conf.ts but could not load it directly (ts-node missing?). Please ensure it is compiled to js or use audit.conf.js');
+                console.warn('[Next-Audit] Found audit.conf.ts but could not load it directly. Please ensure it is compiled to js or use audit.conf.js');
             }
         }
     } catch (error) {
+        // Only log if it's not a "module not found" error for the config files themselves
+        // but wait, we already check fs.existsSync, so any error here is likely real.
         console.error('[Next-Audit] Error loading config:', error);
     }
 
     if (!cachedConfig) {
-        // Fallback: minimal valid config or throw
-        // For MVP we assume environment variables might also be used
+        // Fallback: environment variables
         cachedConfig = {
             database: {
                 url: process.env.DATABASE_URL
-                // default to local if nothing found?
             },
-            debug: true
+            debug: !!process.env.AUDIT_DEBUG
         };
+
         if (!process.env.DATABASE_URL) {
             console.warn('[Next-Audit] No config file found and DATABASE_URL not set. Audit might fail.');
         }

package/src/decorators/audit.ts

@@ -17,7 +17,7 @@ export function Audit(options?: { actionType?: string }) {
             let req: NextRequest | undefined;
             let context: any;
 
-            // Try to find NextRequest in arguments
+            
             for (const arg of args) {
                 if (arg instanceof Request || (arg && arg.constructor && arg.constructor.name === 'NextRequest')) {
                     req = arg as NextRequest;
@@ -25,16 +25,16 @@ export function Audit(options?: { actionType?: string }) {
                 }
             }
 
-            // Capture inputs
+            
             const url = req?.url || '';
             const method = req?.method || 'UNKNOWN';
             const userAgent = req?.headers.get('user-agent') || '';
-            // TODO: Extract user ID from session/token if available in headers or args
+            
 
-            let oldData = null; // For delete operations, we hope to capture this
+            let oldData = null; 
             let newData = null;
 
-            // Execute original method
+            
             let result;
             let status = 200;
             let errorOccurred = false;
@@ -42,33 +42,33 @@ export function Audit(options?: { actionType?: string }) {
             try {
                 result = await originalMethod.apply(this, args);
 
-                // Analyze Result
+                
                 if (result instanceof Response) {
                     status = result.status;
-                    // Clone to read body without consuming the original stream if possible, 
-                    // or assume we can't read it if it's a stream already locked.
-                    // For JSON responses, we might want to peek.
+                    
+                    
+                    
                     try {
                         const clone = result.clone();
                         const bodyText = await clone.text();
                         if (bodyText) {
                             try {
                                 const json = JSON.parse(bodyText);
-                                // If DELETE, assume result is the deleted data or confirmation
+                                
                                 if (method === 'DELETE') {
                                     oldData = json;
                                 } else if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
                                     newData = json;
                                 }
                             } catch (e) {
-                                // Not JSON
+                                
                             }
                         }
                     } catch (e) {
-                        // Failed to read response body
+                        
                     }
                 } else {
-                    // If the function returns a plain object (not a Response), treat it as data
+                    
                     if (method === 'DELETE') {
                         oldData = result;
                     } else {
@@ -79,7 +79,7 @@ export function Audit(options?: { actionType?: string }) {
             } catch (error: any) {
                 errorOccurred = true;
                 status = 500;
-                // Try to get status from error if available
+                
                 if (error.status) status = error.status;
                 if (error.statusCode) status = error.statusCode;
                 throw error;
@@ -98,13 +98,9 @@ export function Audit(options?: { actionType?: string }) {
                         user_agent: userAgent,
                         old_value: oldData,
                         new_value: newData,
-                        // user_id, entity, entity_id need more specific logic or config to extract
+                        
                     };
 
-                    // Fire and forget audit log to not block response? 
-                    // Or await it? User might want reliability.
-                    // We'll await it for now to ensure it's logged, 
-                    // but catching errors so we don't break the app if logging fails.
                     saveAuditLog(entry, config).catch(e => console.error('Audit Log Error', e));
                 }
             }

package/src/index.ts

@@ -1,4 +1,4 @@
 export * from './decorators/audit';
 export * from './types';
 export * from './config';
-// We might not export lib/mysql directly unless user needs custom access
+

package/src/lib/mysql.ts

@@ -36,8 +36,8 @@ export async function saveAuditLog(entry: AuditLogEntry, config: AuditConfig) {
         const db = await getDbConnection(config);
         const tableName = config.tableName || 'audit_logs';
 
-        // Simple table check/creation (naive implementation for MVP)
-        // In production, migrations are preferred.
+        
+        
         await db.query(`
       CREATE TABLE IF NOT EXISTS \`${tableName}\` (
         id INT AUTO_INCREMENT PRIMARY KEY,

package/src/types.ts

@@ -7,17 +7,8 @@ export interface AuditConfig {
         password?: string;
         database?: string;
     };
-    /**
-     * Table name to store audit logs. Default: 'audit_logs'
-     */
     tableName?: string;
-    /**
-     * Enable console logging for debugging
-     */
     debug?: boolean;
-    /**
-     * If true, database writes are skipped (for testing)
-     */
     testMode?: boolean;
 }
 

package/test/manual_verification_draft.ts

@@ -1,5 +1,5 @@
 import { Audit } from '../src/index';
-// Mock NextRequest and NextResponse for testing
+
 class MockNextRequest {
     public url: string;
     public method: string;
@@ -11,15 +11,15 @@ class MockNextRequest {
     }
 }
 
-// Mock Config Loading
+
 jest.mock('../src/config', () => ({
     loadConfig: () => ({
-        database: {}, // Won't connect in test unless we mock db too
+        database: {}, 
         debug: true
     })
 }));
 
-// Mock DB to avoid connection errors
+
 jest.mock('../src/lib/mysql', () => ({
     saveAuditLog: async (entry: any) => {
         console.log('MOCK DB SAVE:', JSON.stringify(entry, null, 2));
@@ -45,15 +45,15 @@ async function runTest() {
 
     console.log('--- Test 1: DELETE ---');
     const req1 = new MockNextRequest('http://localhost:3000/api/users/123', 'DELETE');
-    // @ts-ignore
+    
     await controller.deleteUser(req1);
 
     console.log('\n--- Test 2: POST (Response object) ---');
     const req2 = new MockNextRequest('http://localhost:3000/api/posts', 'POST');
-    // @ts-ignore
+    
     await controller.createPost(req2);
 }
 
-// runTest();
-// We can't easily run this with ts-node because we are mocking modules via jest logic which isn't present
-// We will just do a simple run script without jest mocks, but manual overrides if possible.
+
+
+

package/test/verify_dist.ts

@@ -1,9 +1,9 @@
 
 import { Audit } from '../dist/index';
-// Usage of dist means we should build again before running this.
-// But technically in node we can import src if we use ts-node, but I am forcing dist usage to match real world.
 
-// Mock NextRequest and NextResponse for testing behavior
+
+
+
 class NextRequest {
     public url: string;
     public method: string;
@@ -15,10 +15,10 @@ class NextRequest {
     }
 }
 
-// We need to Mock the config loader behavior because we don't have audit.conf.ts
-// effectively we can set a global or mock the module if possible.
-// Since we are running a script, we can rely on `loadConfig` behavior fallback
-// or creating a dummy audit.conf.js in cwd.
+
+
+
+
 
 import fs from 'fs';
 import path from 'path';
@@ -28,7 +28,7 @@ const dummyConfigPath = path.resolve(process.cwd(), 'audit.conf.js');
 class TestController {
 
     @Audit()
-    async deleteUser(req: any) { // req type is any here to pass mock
+    async deleteUser(req: any) { 
         console.log('  -> Controller: deleteUser called');
         return { success: true, deletedId: 101, name: 'Deleted User' };
     }
@@ -36,15 +36,15 @@ class TestController {
     @Audit()
     async createPost(req: any) {
         console.log('  -> Controller: createPost called');
-        // Simulate a response object
+        
         return { status: 201, json: () => ({ id: 202, title: 'New Post' }) };
-        // Note: Real Response object logic in decorator uses .clone(), so this mock is imperfect 
-        // but sufficient if we just want to see if it runs without crashing.
+        
+        
     }
 }
 
 async function runTest() {
-    // 1. Create dummy config
+    
     fs.writeFileSync(dummyConfigPath, `
         module.exports = {
             database: { url: 'mysql://mock:3306/db' },
@@ -59,23 +59,23 @@ async function runTest() {
 
         console.log('\n--- Test 1: DELETE ---');
         const req1 = new NextRequest('http://api.test/users/101', 'DELETE');
-        // @ts-ignore
+        
         await controller.deleteUser(req1);
 
         console.log('\n--- Test 2: POST ---');
         const req2 = new NextRequest('http://api.test/posts', 'POST');
-        // @ts-ignore
+        
         await controller.createPost(req2);
 
         console.log('\n--- Test 3: PATCH ---');
         const req3 = new NextRequest('http://api.test/users/101', 'PATCH');
-        // @ts-ignore
-        await controller.createPost(req3); // Reuse createPost for simplicity as it returns data
+        
+        await controller.createPost(req3); 
 
     } catch (e) {
         console.error('Test Failed:', e);
     } finally {
-        // Cleanup
+        
         if (fs.existsSync(dummyConfigPath)) {
             fs.unlinkSync(dummyConfigPath);
             console.log('Removed dummy audit.conf.js');