SynLotto/website
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects 5 Releases Wiki Activity

Centralize audit SQL + writers

Browse Source
This commit is contained in:
Ross Healy
2025-10-28 15:26:43 +00:00
parent aa20652abc
commit e1fa6c502e
1 changed files with 45 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
internal/storage/auditlog/create.go
View File

@@ -1,4 +1,4 @@
package storage package auditlogStorage
import ( import (
"context" "context"
@@ -8,25 +8,48 @@ import (
"synlotto-website/internal/logging" "synlotto-website/internal/logging"
) )
const insertAdminAccessSQL = `
INSERT INTO admin_access_log
(user_id, path, ip, user_agent, accessed_at)
VALUES (?, ?, ?, ?, ?)
`
const insertLoginSQL = `
INSERT INTO audit_login
(user_id, username, success, ip, user_agent, timestamp)
VALUES (?, ?, ?, ?, ?, ?)
`
const insertRegistrationSQL = ` const insertRegistrationSQL = `
INSERT INTO audit_registration INSERT INTO audit_registration
(user_id, username, email, ip, user_agent, timestamp) (user_id, username, email, ip, user_agent, timestamp)
VALUES (?, ?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?, ?)
` `
// Todo has to add in - db *sql.DB to make this work should this not be an import as all functions use it, more importantly no functions in storage just sql? // LogLoginAttempt stores a login attempt. Pass userID if known; otherwise it's NULL.
// Handler Call - auditlogStorage.LogLoginAttempt(db, r.RemoteAddr, r.UserAgent(), username, ok) func LogLoginAttempt(db *sql.DB, ip, userAgent, username string, success bool, userID ...int64) {
func LogLoginAttempt(db *sql.DB, rIP, rUA, username string, success bool) { ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
_, err := db.Exec( defer cancel()
`INSERT INTO audit_login (username, success, ip, user_agent, timestamp)
VALUES ($1, $2, $3, $4, $5)`, var uid sql.NullInt64
username, success, rIP, rUA, time.Now().UTC(), if len(userID) > 0 {
uid.Valid = true
uid.Int64 = userID[0]
}
_, err := db.ExecContext(ctx, insertLoginSQL,
uid,
username,
success,
ip,
userAgent,
time.Now().UTC(),
) )
if err != nil { if err != nil {
logging.Info("❌ Failed to log login:", err) logging.Info("❌ Failed to log login: %v", err)
} }
} }
// LogSignup stores a registration event.
func LogSignup(db *sql.DB, userID int64, username, email, ip, userAgent string) { func LogSignup(db *sql.DB, userID int64, username, email, ip, userAgent string) {
ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second) ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
defer cancel() defer cancel()
@@ -38,3 +61,16 @@ func LogSignup(db *sql.DB, userID int64, username, email, ip, userAgent string)
logging.Info("❌ Failed to log registration: %v", err) logging.Info("❌ Failed to log registration: %v", err)
} }
} }
// LogAdminAccess stores an admin access record.
func LogAdminAccess(db *sql.DB, userID int64, path, ip, userAgent string, at time.Time) {
ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
defer cancel()
_, err := db.ExecContext(ctx, insertAdminAccessSQL,
userID, path, ip, userAgent, at,
)
if err != nil {
logging.Info("❌ Failed to log admin access: %v", err)
}
}