sourcebot/packages/web/src/ee/features/audit/actions.ts

import { prisma } from "@/prisma";
import { ErrorCode } from "@/lib/errorCodes";
import { StatusCodes } from "http-status-codes";
import { sew, withAuth, withOrgMembership } from "@/actions";
import { OrgRole } from "@sourcebot/db";
import { createLogger } from "@sourcebot/logger";
import { ServiceError } from "@/lib/serviceError";
import { getAuditService } from "@/ee/features/audit/factory";

const auditService = getAuditService();
const logger = createLogger('audit-utils');

export const fetchAuditRecords = async (domain: string, apiKey: string | undefined = undefined) => sew(() =>
  withAuth((userId) =>
    withOrgMembership(userId, domain, async ({ org }) => {
      try {
        const auditRecords = await prisma.audit.findMany({
          where: {
            orgId: org.id,
          },
          orderBy: {
            timestamp: 'desc'
          }
        });

        await auditService.createAudit({
          action: "audit.fetch",
          actor: {
            id: userId,
            type: "user"
          },
          target: {
            id: org.id.toString(),
            type: "org"
          },
          orgId: org.id
        })

        return auditRecords;
      } catch (error) {
        logger.error('Error fetching audit logs', { error });
        return {
            statusCode: StatusCodes.INTERNAL_SERVER_ERROR,
            errorCode: ErrorCode.UNEXPECTED_ERROR,
            message: "Failed to fetch audit logs",
        } satisfies ServiceError;
      }
    }, /* minRequiredRole = */ OrgRole.OWNER), /* allowSingleTenantUnauthedAccess = */ true, apiKey ? { apiKey, domain } : undefined)
);
feat(audit-logging): Adds audit logging support (#355) * add audit factory skeleton * add additional audit events * add more audit logs * delete account join request when redeeming an invite * add audit event for account request removed * wip api to fetch audits * add check for audit with public access and entitlement * fix issues with merge * add docs for audit logs * add proper audit log for audit fetch and proper handling of api key hash in audit * format nit * feedback 2025-06-18 17:50:36 +00:00			`import { prisma } from "@/prisma";`
			`import { ErrorCode } from "@/lib/errorCodes";`
			`import { StatusCodes } from "http-status-codes";`
			`import { sew, withAuth, withOrgMembership } from "@/actions";`
			`import { OrgRole } from "@sourcebot/db";`
			`import { createLogger } from "@sourcebot/logger";`
			`import { ServiceError } from "@/lib/serviceError";`
			`import { getAuditService } from "@/ee/features/audit/factory";`

			`const auditService = getAuditService();`
			`const logger = createLogger('audit-utils');`

			`export const fetchAuditRecords = async (domain: string, apiKey: string \| undefined = undefined) => sew(() =>`
			`withAuth((userId) =>`
			`withOrgMembership(userId, domain, async ({ org }) => {`
			`try {`
			`const auditRecords = await prisma.audit.findMany({`
			`where: {`
			`orgId: org.id,`
			`},`
			`orderBy: {`
			`timestamp: 'desc'`
			`}`
			`});`

			`await auditService.createAudit({`
			`action: "audit.fetch",`
			`actor: {`
			`id: userId,`
			`type: "user"`
			`},`
			`target: {`
			`id: org.id.toString(),`
			`type: "org"`
			`},`
			`orgId: org.id`
			`})`

			`return auditRecords;`
			`} catch (error) {`
			`logger.error('Error fetching audit logs', { error });`
			`return {`
			`statusCode: StatusCodes.INTERNAL_SERVER_ERROR,`
			`errorCode: ErrorCode.UNEXPECTED_ERROR,`
			`message: "Failed to fetch audit logs",`
			`} satisfies ServiceError;`
			`}`
			`}, /* minRequiredRole = / OrgRole.OWNER), / allowSingleTenantUnauthedAccess = */ true, apiKey ? { apiKey, domain } : undefined)`
			`);`