sourcebot/packages/web/src/ee/features/audit/actions.ts

"use server";

import { prisma } from "@/prisma";
import { ErrorCode } from "@/lib/errorCodes";
import { StatusCodes } from "http-status-codes";
import { sew, withAuth, withOrgMembership } from "@/actions";
import { OrgRole } from "@sourcebot/db";
import { createLogger } from "@sourcebot/logger";
import { ServiceError } from "@/lib/serviceError";
import { getAuditService } from "@/ee/features/audit/factory";
import { AuditEvent } from "./types";

const auditService = getAuditService();
const logger = createLogger('audit-utils');

export const createAuditAction = async (event: Omit<AuditEvent, 'sourcebotVersion' | 'orgId' | 'actor' | 'target'>, domain: string) => sew(async () =>
  withAuth((userId) =>
    withOrgMembership(userId, domain, async ({ org }) => {
      await auditService.createAudit({ ...event, orgId: org.id, actor: { id: userId, type: "user" }, target: { id: org.id.toString(), type: "org" } })
    }, /* minRequiredRole = */ OrgRole.MEMBER), /* allowAnonymousAccess = */ true)
);

export const fetchAuditRecords = async (domain: string, apiKey: string | undefined = undefined) => sew(() =>
  withAuth((userId) =>
    withOrgMembership(userId, domain, async ({ org }) => {
      try {
        const auditRecords = await prisma.audit.findMany({
          where: {
            orgId: org.id,
          },
          orderBy: {
            timestamp: 'desc'
          }
        });

        await auditService.createAudit({
          action: "audit.fetch",
          actor: {
            id: userId,
            type: "user"
          },
          target: {
            id: org.id.toString(),
            type: "org"
          },
          orgId: org.id
        })

        return auditRecords;
      } catch (error) {
        logger.error('Error fetching audit logs', { error });
        return {
            statusCode: StatusCodes.INTERNAL_SERVER_ERROR,
            errorCode: ErrorCode.UNEXPECTED_ERROR,
            message: "Failed to fetch audit logs",
        } satisfies ServiceError;
      }
    }, /* minRequiredRole = */ OrgRole.OWNER), /* allowAnonymousAccess = */ true, apiKey ? { apiKey, domain } : undefined)
);
feat(analytics): Adds analytics dashboard (#358) * add deps * hook up dau from audit table to analytics page * add audit event for code nav * analytics dashboard * add changelog entry * add news entry * smaller video and news data nit * feedback 2025-06-20 21:57:05 +00:00			`"use server";`

feat(audit-logging): Adds audit logging support (#355) * add audit factory skeleton * add additional audit events * add more audit logs * delete account join request when redeeming an invite * add audit event for account request removed * wip api to fetch audits * add check for audit with public access and entitlement * fix issues with merge * add docs for audit logs * add proper audit log for audit fetch and proper handling of api key hash in audit * format nit * feedback 2025-06-18 17:50:36 +00:00			`import { prisma } from "@/prisma";`
			`import { ErrorCode } from "@/lib/errorCodes";`
			`import { StatusCodes } from "http-status-codes";`
			`import { sew, withAuth, withOrgMembership } from "@/actions";`
			`import { OrgRole } from "@sourcebot/db";`
			`import { createLogger } from "@sourcebot/logger";`
			`import { ServiceError } from "@/lib/serviceError";`
			`import { getAuditService } from "@/ee/features/audit/factory";`
feat(analytics): Adds analytics dashboard (#358) * add deps * hook up dau from audit table to analytics page * add audit event for code nav * analytics dashboard * add changelog entry * add news entry * smaller video and news data nit * feedback 2025-06-20 21:57:05 +00:00			`import { AuditEvent } from "./types";`
feat(audit-logging): Adds audit logging support (#355) * add audit factory skeleton * add additional audit events * add more audit logs * delete account join request when redeeming an invite * add audit event for account request removed * wip api to fetch audits * add check for audit with public access and entitlement * fix issues with merge * add docs for audit logs * add proper audit log for audit fetch and proper handling of api key hash in audit * format nit * feedback 2025-06-18 17:50:36 +00:00
			`const auditService = getAuditService();`
			`const logger = createLogger('audit-utils');`

feat(analytics): Adds analytics dashboard (#358) * add deps * hook up dau from audit table to analytics page * add audit event for code nav * analytics dashboard * add changelog entry * add news entry * smaller video and news data nit * feedback 2025-06-20 21:57:05 +00:00			`export const createAuditAction = async (event: Omit<AuditEvent, 'sourcebotVersion' \| 'orgId' \| 'actor' \| 'target'>, domain: string) => sew(async () =>`
			`withAuth((userId) =>`
			`withOrgMembership(userId, domain, async ({ org }) => {`
			`await auditService.createAudit({ ...event, orgId: org.id, actor: { id: userId, type: "user" }, target: { id: org.id.toString(), type: "org" } })`
Add anonymous access option to core (#385) * migrate anonymous access logic out of ee * add anonymous access toggle * handle anon toggle properly based on perms * add forceEnableAnonymousAccess setting * add docs for access settings * change forceEnableAnonymousAccess to be an env var * add FORCE_ENABLE_ANONYMOUS_ACCESS to list in docs * add back the enablePublicAccess setting as deprecated * add changelog entry * fix build errors * add news entry for anonymous access * feedback 2025-07-19 21:04:41 +00:00			`}, /* minRequiredRole = / OrgRole.MEMBER), / allowAnonymousAccess = */ true)`
feat(analytics): Adds analytics dashboard (#358) * add deps * hook up dau from audit table to analytics page * add audit event for code nav * analytics dashboard * add changelog entry * add news entry * smaller video and news data nit * feedback 2025-06-20 21:57:05 +00:00			`);`

feat(audit-logging): Adds audit logging support (#355) * add audit factory skeleton * add additional audit events * add more audit logs * delete account join request when redeeming an invite * add audit event for account request removed * wip api to fetch audits * add check for audit with public access and entitlement * fix issues with merge * add docs for audit logs * add proper audit log for audit fetch and proper handling of api key hash in audit * format nit * feedback 2025-06-18 17:50:36 +00:00			`export const fetchAuditRecords = async (domain: string, apiKey: string \| undefined = undefined) => sew(() =>`
			`withAuth((userId) =>`
			`withOrgMembership(userId, domain, async ({ org }) => {`
			`try {`
			`const auditRecords = await prisma.audit.findMany({`
			`where: {`
			`orgId: org.id,`
			`},`
			`orderBy: {`
			`timestamp: 'desc'`
			`}`
			`});`

			`await auditService.createAudit({`
			`action: "audit.fetch",`
			`actor: {`
			`id: userId,`
			`type: "user"`
			`},`
			`target: {`
			`id: org.id.toString(),`
			`type: "org"`
			`},`
			`orgId: org.id`
			`})`

			`return auditRecords;`
			`} catch (error) {`
			`logger.error('Error fetching audit logs', { error });`
			`return {`
			`statusCode: StatusCodes.INTERNAL_SERVER_ERROR,`
			`errorCode: ErrorCode.UNEXPECTED_ERROR,`
			`message: "Failed to fetch audit logs",`
			`} satisfies ServiceError;`
			`}`
Add anonymous access option to core (#385) * migrate anonymous access logic out of ee * add anonymous access toggle * handle anon toggle properly based on perms * add forceEnableAnonymousAccess setting * add docs for access settings * change forceEnableAnonymousAccess to be an env var * add FORCE_ENABLE_ANONYMOUS_ACCESS to list in docs * add back the enablePublicAccess setting as deprecated * add changelog entry * fix build errors * add news entry for anonymous access * feedback 2025-07-19 21:04:41 +00:00			`}, /* minRequiredRole = / OrgRole.OWNER), / allowAnonymousAccess = */ true, apiKey ? { apiKey, domain } : undefined)`
feat(audit-logging): Adds audit logging support (#355) * add audit factory skeleton * add additional audit events * add more audit logs * delete account join request when redeeming an invite * add audit event for account request removed * wip api to fetch audits * add check for audit with public access and entitlement * fix issues with merge * add docs for audit logs * add proper audit log for audit fetch and proper handling of api key hash in audit * format nit * feedback 2025-06-18 17:50:36 +00:00			`);`