feat(activity-log): integrate logging across all endpoints (Phase 3)

Added comprehensive activity logging to 14 integration points: Auth Controller (4 actions): - AUTH_REGISTER: User registration - AUTH_LOGIN: User login - AUTH_VERIFY_EMAIL: Email verification (token & code) - AUTH_PASSWORD_RESET: Password reset Events Routes (2 actions): - EVENT_CHECKIN: User checks into event - EVENT_LEAVE: User leaves event Socket Handlers (3 actions): - EVENT_JOIN_CHAT: User joins event chat room - EVENT_LEAVE_CHAT: User leaves event chat room - CHAT_JOIN_ROOM: User joins private match chat Matches Routes (3 actions): - MATCH_CREATE: Match request created - MATCH_ACCEPT: Match request accepted - MATCH_REJECT: Match request rejected/cancelled Admin Routes (1 action + security): - ADMIN_MATCHING_RUN: Admin runs matching algorithm - Added requireAdmin middleware to all admin routes All logs include: - User ID and username (denormalized) - IP address (X-Forwarded-For aware) - Action type and resource ID - HTTP method and path (or SOCKET for WebSocket) - Contextual metadata (event slugs, match IDs, etc.) Fire-and-forget pattern ensures logging never blocks requests.
2025-12-02 20:07:10 +01:00
parent 0466ef9e5c
commit d83e4163e5
5 changed files with 217 additions and 3 deletions
--- a/backend/src/routes/events.js
+++ b/backend/src/routes/events.js
@@ -4,6 +4,8 @@ const { authenticate } = require('../middleware/auth');
 const { getIO } = require('../socket');
 const matchingService = require('../services/matching');
 const { SUGGESTION_STATUS, MATCH_STATUS } = require('../constants');
+const { ACTIONS, log: activityLog } = require('../services/activityLog');
+const { getClientIP } = require('../utils/request');

 const router = express.Router();

@@ -319,6 +321,21 @@ router.post('/checkin/:token', authenticate, async (req, res, next) => {
      },
    });

+    // Log checkin activity
+    activityLog({
+      userId: req.user.id,
+      username: req.user.username,
+      ipAddress: getClientIP(req),
+      action: ACTIONS.EVENT_CHECKIN,
+      resource: `event:${event.id}`,
+      method: req.method,
+      path: req.path,
+      metadata: {
+        eventSlug: event.slug,
+        eventName: event.name,
+      },
+    });
+
    res.json({
      success: true,
      alreadyCheckedIn: false,
@@ -491,6 +508,21 @@ router.delete('/:slug/leave', authenticate, async (req, res, next) => {
      },
    });

+    // Log leave event activity
+    activityLog({
+      userId: req.user.id,
+      username: req.user.username,
+      ipAddress: getClientIP(req),
+      action: ACTIONS.EVENT_LEAVE,
+      resource: `event:${event.id}`,
+      method: req.method,
+      path: req.path,
+      metadata: {
+        eventSlug: event.slug,
+        eventName: event.name,
+      },
+    });
+
    res.json({
      success: true,
      message: 'Successfully left the event',