backend/internal/service/audit_log_service.go

package service

import (
	"fmt"
	"log"

	userAgentParser "github.com/mileusna/useragent"
	"github.com/pocket-id/pocket-id/backend/internal/dto"
	"github.com/pocket-id/pocket-id/backend/internal/model"
	"github.com/pocket-id/pocket-id/backend/internal/utils"
	"github.com/pocket-id/pocket-id/backend/internal/utils/email"
	"gorm.io/gorm"
)

type AuditLogService struct {
	db               *gorm.DB
	appConfigService *AppConfigService
	emailService     *EmailService
	geoliteService   *GeoLiteService
}

func NewAuditLogService(db *gorm.DB, appConfigService *AppConfigService, emailService *EmailService, geoliteService *GeoLiteService) *AuditLogService {
	return &AuditLogService{db: db, appConfigService: appConfigService, emailService: emailService, geoliteService: geoliteService}
}

// Create creates a new audit log entry in the database
func (s *AuditLogService) Create(event model.AuditLogEvent, ipAddress, userAgent, userID string, data model.AuditLogData) model.AuditLog {
	country, city, err := s.geoliteService.GetLocationByIP(ipAddress)
	if err != nil {
		log.Printf("Failed to get IP location: %v\n", err)
	}

	auditLog := model.AuditLog{
		Event:     event,
		IpAddress: ipAddress,
		Country:   country,
		City:      city,
		UserAgent: userAgent,
		UserID:    userID,
		Data:      data,
	}

	// Save the audit log in the database
	if err := s.db.Create(&auditLog).Error; err != nil {
		log.Printf("Failed to create audit log: %v\n", err)
		return model.AuditLog{}
	}

	return auditLog
}

// CreateNewSignInWithEmail creates a new audit log entry in the database and sends an email if the device hasn't been used before
func (s *AuditLogService) CreateNewSignInWithEmail(ipAddress, userAgent, userID string) model.AuditLog {
	createdAuditLog := s.Create(model.AuditLogEventSignIn, ipAddress, userAgent, userID, model.AuditLogData{})

	// Count the number of times the user has logged in from the same device
	var count int64
	err := s.db.Model(&model.AuditLog{}).Where("user_id = ? AND ip_address = ? AND user_agent = ?", userID, ipAddress, userAgent).Count(&count).Error
	if err != nil {
		log.Printf("Failed to count audit logs: %v\n", err)
		return createdAuditLog
	}

	// If the user hasn't logged in from the same device before and email notifications are enabled, send an email
	if s.appConfigService.DbConfig.EmailLoginNotificationEnabled.IsTrue() && count <= 1 {
		go func() {
			var user model.User
			s.db.Where("id = ?", userID).First(&user)

			err := SendEmail(s.emailService, email.Address{
				Name:  user.Username,
				Email: user.Email,
			}, NewLoginTemplate, &NewLoginTemplateData{
				IPAddress: ipAddress,
				Country:   createdAuditLog.Country,
				City:      createdAuditLog.City,
				Device:    s.DeviceStringFromUserAgent(userAgent),
				DateTime:  createdAuditLog.CreatedAt.UTC(),
			})
			if err != nil {
				log.Printf("Failed to send email to '%s': %v\n", user.Email, err)
			}
		}()
	}

	return createdAuditLog
}

// ListAuditLogsForUser retrieves all audit logs for a given user ID
func (s *AuditLogService) ListAuditLogsForUser(userID string, sortedPaginationRequest utils.SortedPaginationRequest) ([]model.AuditLog, utils.PaginationResponse, error) {
	var logs []model.AuditLog
	query := s.db.Model(&model.AuditLog{}).Where("user_id = ?", userID)

	pagination, err := utils.PaginateAndSort(sortedPaginationRequest, query, &logs)
	return logs, pagination, err
}

func (s *AuditLogService) DeviceStringFromUserAgent(userAgent string) string {
	ua := userAgentParser.Parse(userAgent)
	return ua.Name + " on " + ua.OS + " " + ua.OSVersion
}

func (s *AuditLogService) ListAllAuditLogs(sortedPaginationRequest utils.SortedPaginationRequest, filters dto.AuditLogFilterDto) ([]model.AuditLog, utils.PaginationResponse, error) {
	var logs []model.AuditLog

	query := s.db.Preload("User").Model(&model.AuditLog{})

	if filters.UserID != "" {
		query = query.Where("user_id = ?", filters.UserID)
	}
	if filters.Event != "" {
		query = query.Where("event = ?", filters.Event)
	}
	if filters.ClientName != "" {
		dialect := s.db.Name()
		switch dialect {
		case "sqlite":
			query = query.Where("json_extract(data, '$.clientName') = ?", filters.ClientName)
		case "postgres":
			query = query.Where("data->>'clientName' = ?", filters.ClientName)
		default:
			return nil, utils.PaginationResponse{}, fmt.Errorf("unsupported database dialect: %s", dialect)
		}
	}

	pagination, err := utils.PaginateAndSort(sortedPaginationRequest, query, &logs)
	if err != nil {
		return nil, pagination, err
	}

	return logs, pagination, nil
}

func (s *AuditLogService) ListUsernamesWithIds() (users map[string]string, err error) {
	query := s.db.Joins("User").Model(&model.AuditLog{}).
		Select("DISTINCT User.id, User.username").
		Where("User.username IS NOT NULL")

	type Result struct {
		ID       string `gorm:"column:id"`
		Username string `gorm:"column:username"`
	}

	var results []Result
	if err := query.Find(&results).Error; err != nil {
		return nil, fmt.Errorf("failed to query user IDs: %w", err)
	}

	users = make(map[string]string)
	for _, result := range results {
		users[result.ID] = result.Username
	}

	return users, nil
}

func (s *AuditLogService) ListClientNames() (clientNames []string, err error) {
	dialect := s.db.Name()
	var query *gorm.DB

	switch dialect {
	case "sqlite":
		query = s.db.Model(&model.AuditLog{}).
			Select("DISTINCT json_extract(data, '$.clientName') as clientName").
			Where("json_extract(data, '$.clientName') IS NOT NULL")
	case "postgres":
		query = s.db.Model(&model.AuditLog{}).
			Select("DISTINCT data->>'clientName' as clientName").
			Where("data->>'clientName' IS NOT NULL")
	default:
		return nil, fmt.Errorf("unsupported database dialect: %s", dialect)
	}

	type Result struct {
		ClientName string `gorm:"column:clientName"`
	}

	var results []Result
	if err := query.Find(&results).Error; err != nil {
		return nil, fmt.Errorf("failed to query client IDs: %w", err)
	}

	for _, result := range results {
		clientNames = append(clientNames, result.ClientName)

	}

	return clientNames, nil
}
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`package service`

			`import (`
feat: global audit log (#320) Co-authored-by: Elias Schneider <login@eliasschneider.com> 2025-04-03 10:11:49 -05:00			`"fmt"`
chore: replace `stonith404` with `pocket-id` after org migration 2025-02-05 18:08:01 +01:00			`"log"`

feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`userAgentParser "github.com/mileusna/useragent"`
feat: global audit log (#320) Co-authored-by: Elias Schneider <login@eliasschneider.com> 2025-04-03 10:11:49 -05:00			`"github.com/pocket-id/pocket-id/backend/internal/dto"`
chore: replace `stonith404` with `pocket-id` after org migration 2025-02-05 18:08:01 +01:00			`"github.com/pocket-id/pocket-id/backend/internal/model"`
			`"github.com/pocket-id/pocket-id/backend/internal/utils"`
			`"github.com/pocket-id/pocket-id/backend/internal/utils/email"`
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`"gorm.io/gorm"`
			`)`

			`type AuditLogService struct {`
			`db *gorm.DB`
			`appConfigService *AppConfigService`
			`emailService *EmailService`
feat!: add option to specify the Max Mind license key for the Geolite2 db 2024-11-26 20:14:31 +01:00			`geoliteService *GeoLiteService`
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`}`

feat!: add option to specify the Max Mind license key for the Geolite2 db 2024-11-26 20:14:31 +01:00			`func NewAuditLogService(db gorm.DB, appConfigService AppConfigService, emailService EmailService, geoliteService GeoLiteService) *AuditLogService {`
			`return &AuditLogService{db: db, appConfigService: appConfigService, emailService: emailService, geoliteService: geoliteService}`
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`}`

			`// Create creates a new audit log entry in the database`
			`func (s *AuditLogService) Create(event model.AuditLogEvent, ipAddress, userAgent, userID string, data model.AuditLogData) model.AuditLog {`
feat!: add option to specify the Max Mind license key for the Geolite2 db 2024-11-26 20:14:31 +01:00			`country, city, err := s.geoliteService.GetLocationByIP(ipAddress)`
feat: add location based on ip to the audit log 2024-10-04 12:11:10 +02:00			`if err != nil {`
			`log.Printf("Failed to get IP location: %v\n", err)`
			`}`

feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`auditLog := model.AuditLog{`
			`Event: event,`
			`IpAddress: ipAddress,`
feat: add location based on ip to the audit log 2024-10-04 12:11:10 +02:00			`Country: country,`
			`City: city,`
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`UserAgent: userAgent,`
			`UserID: userID,`
			`Data: data,`
			`}`

			`// Save the audit log in the database`
			`if err := s.db.Create(&auditLog).Error; err != nil {`
			`log.Printf("Failed to create audit log: %v\n", err)`
			`return model.AuditLog{}`
			`}`

			`return auditLog`
			`}`

			`// CreateNewSignInWithEmail creates a new audit log entry in the database and sends an email if the device hasn't been used before`
feat: add audit log event for one time access token sign in 2024-11-11 18:25:57 +01:00			`func (s *AuditLogService) CreateNewSignInWithEmail(ipAddress, userAgent, userID string) model.AuditLog {`
			`createdAuditLog := s.Create(model.AuditLogEventSignIn, ipAddress, userAgent, userID, model.AuditLogData{})`
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00
			`// Count the number of times the user has logged in from the same device`
			`var count int64`
			`err := s.db.Model(&model.AuditLog{}).Where("user_id = ? AND ip_address = ? AND user_agent = ?", userID, ipAddress, userAgent).Count(&count).Error`
			`if err != nil {`
			`log.Printf("Failed to count audit logs: %v\n", err)`
			`return createdAuditLog`
			`}`

feat: allow sign in with email (#100) 2025-01-19 15:30:31 +01:00			`// If the user hasn't logged in from the same device before and email notifications are enabled, send an email`
feat: add support for ECDSA and EdDSA keys (#359) Co-authored-by: Elias Schneider <login@eliasschneider.com> 2025-03-27 10:20:39 -07:00			`if s.appConfigService.DbConfig.EmailLoginNotificationEnabled.IsTrue() && count <= 1 {`
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`go func() {`
			`var user model.User`
			`s.db.Where("id = ?", userID).First(&user)`

feat(email): improve email templating (#27) 2024-09-16 23:10:08 +02:00			`err := SendEmail(s.emailService, email.Address{`
			`Name: user.Username,`
			`Email: user.Email,`
			`}, NewLoginTemplate, &NewLoginTemplateData{`
			`IPAddress: ipAddress,`
feat: add location based on ip to the audit log 2024-10-04 12:11:10 +02:00			`Country: createdAuditLog.Country,`
			`City: createdAuditLog.City,`
feat(email): improve email templating (#27) 2024-09-16 23:10:08 +02:00			`Device: s.DeviceStringFromUserAgent(userAgent),`
			`DateTime: createdAuditLog.CreatedAt.UTC(),`
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`})`
			`if err != nil {`
feat(email): improve email templating (#27) 2024-09-16 23:10:08 +02:00			`log.Printf("Failed to send email to '%s': %v\n", user.Email, err)`
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`}`
			`}()`
			`}`

			`return createdAuditLog`
			`}`

			`// ListAuditLogsForUser retrieves all audit logs for a given user ID`
feat: add sorting for tables 2025-01-11 20:14:12 +01:00			`func (s *AuditLogService) ListAuditLogsForUser(userID string, sortedPaginationRequest utils.SortedPaginationRequest) ([]model.AuditLog, utils.PaginationResponse, error) {`
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`var logs []model.AuditLog`
feat: add sorting for tables 2025-01-11 20:14:12 +01:00			`query := s.db.Model(&model.AuditLog{}).Where("user_id = ?", userID)`
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00
feat: add sorting for tables 2025-01-11 20:14:12 +01:00			`pagination, err := utils.PaginateAndSort(sortedPaginationRequest, query, &logs)`
feat: add audit log with email notification (#26) 2024-09-09 10:29:41 +02:00			`return logs, pagination, err`
			`}`

			`func (s *AuditLogService) DeviceStringFromUserAgent(userAgent string) string {`
			`ua := userAgentParser.Parse(userAgent)`
			`return ua.Name + " on " + ua.OS + " " + ua.OSVersion`
			`}`
feat: global audit log (#320) Co-authored-by: Elias Schneider <login@eliasschneider.com> 2025-04-03 10:11:49 -05:00
			`func (s *AuditLogService) ListAllAuditLogs(sortedPaginationRequest utils.SortedPaginationRequest, filters dto.AuditLogFilterDto) ([]model.AuditLog, utils.PaginationResponse, error) {`
			`var logs []model.AuditLog`

			`query := s.db.Preload("User").Model(&model.AuditLog{})`

			`if filters.UserID != "" {`
			`query = query.Where("user_id = ?", filters.UserID)`
			`}`
			`if filters.Event != "" {`
			`query = query.Where("event = ?", filters.Event)`
			`}`
			`if filters.ClientName != "" {`
			`dialect := s.db.Name()`
			`switch dialect {`
			`case "sqlite":`
			`query = query.Where("json_extract(data, '$.clientName') = ?", filters.ClientName)`
			`case "postgres":`
			`query = query.Where("data->>'clientName' = ?", filters.ClientName)`
			`default:`
			`return nil, utils.PaginationResponse{}, fmt.Errorf("unsupported database dialect: %s", dialect)`
			`}`
			`}`

			`pagination, err := utils.PaginateAndSort(sortedPaginationRequest, query, &logs)`
			`if err != nil {`
			`return nil, pagination, err`
			`}`

			`return logs, pagination, nil`
			`}`

			`func (s *AuditLogService) ListUsernamesWithIds() (users map[string]string, err error) {`
			`query := s.db.Joins("User").Model(&model.AuditLog{}).`
			`Select("DISTINCT User.id, User.username").`
			`Where("User.username IS NOT NULL")`

			`type Result struct {`
			ID string `gorm:"column:id"`
			Username string `gorm:"column:username"`
			`}`

			`var results []Result`
			`if err := query.Find(&results).Error; err != nil {`
			`return nil, fmt.Errorf("failed to query user IDs: %w", err)`
			`}`

			`users = make(map[string]string)`
			`for _, result := range results {`
			`users[result.ID] = result.Username`
			`}`

			`return users, nil`
			`}`

			`func (s *AuditLogService) ListClientNames() (clientNames []string, err error) {`
			`dialect := s.db.Name()`
			`var query *gorm.DB`

			`switch dialect {`
			`case "sqlite":`
			`query = s.db.Model(&model.AuditLog{}).`
			`Select("DISTINCT json_extract(data, '$.clientName') as clientName").`
			`Where("json_extract(data, '$.clientName') IS NOT NULL")`
			`case "postgres":`
			`query = s.db.Model(&model.AuditLog{}).`
			`Select("DISTINCT data->>'clientName' as clientName").`
			`Where("data->>'clientName' IS NOT NULL")`
			`default:`
			`return nil, fmt.Errorf("unsupported database dialect: %s", dialect)`
			`}`

			`type Result struct {`
			ClientName string `gorm:"column:clientName"`
			`}`

			`var results []Result`
			`if err := query.Find(&results).Error; err != nil {`
			`return nil, fmt.Errorf("failed to query client IDs: %w", err)`
			`}`

			`for _, result := range results {`
			`clientNames = append(clientNames, result.ClientName)`

			`}`

			`return clientNames, nil`
			`}`