BillTracker/services/auditService.js

const { getDb } = require('../db/database');

/**
 * Log a security-sensitive action to the audit_log table.
 * @param {Object} params
 * @param {number|null} params.user_id - User ID (null for anonymous/failed attempts)
 * @param {string} params.action - Action type (e.g., 'login.success', 'login.failure', 'password.change', 'role.change', 'session.invalidate')
 * @param {string} [params.entity_type] - Entity type (e.g., 'user', 'session', 'bill')
 * @param {number} [params.entity_id] - Entity ID
 * @param {Object} [params.details] - Additional details (stored as JSON)
 * @param {string} [params.ip_address] - Request IP
 * @param {string} [params.user_agent] - Request user-agent
 */
function logAudit({ user_id, action, entity_type, entity_id, details, ip_address, user_agent }) {
  const db = getDb();
  try {
    db.prepare(
      `INSERT INTO audit_log (user_id, action, entity_type, entity_id, details_json, ip_address, user_agent)
       VALUES (?, ?, ?, ?, ?, ?, ?)`
    ).run(
      user_id || null,
      action,
      entity_type || null,
      entity_id || null,
      details ? JSON.stringify(details) : null,
      ip_address || null,
      user_agent || null
    );
  } catch (err) {
    // Audit logging should never crash the app
    console.error('[audit-error] Failed to log audit event:', err.message);
  }
}

module.exports = { logAudit };
v0.20.6: Audit logging for critical operations - New audit_log table (migration v0.45) with indexes - logAudit() service with try/catch safety (never crashes app) - Audit events: login.success, login.failure, logout, password.change, role.change, csrf.failure, profile.update, profile.settings.update - All events include ip_address and user_agent - No passwords, tokens, or session IDs logged - Hudson security audit: 7/7 PASS 2026-05-10 00:03:12 -05:00			`const { getDb } = require('../db/database');`

			`/**`
			`* Log a security-sensitive action to the audit_log table.`
			`* @param {Object} params`
			`* @param {number\|null} params.user_id - User ID (null for anonymous/failed attempts)`
			`* @param {string} params.action - Action type (e.g., 'login.success', 'login.failure', 'password.change', 'role.change', 'session.invalidate')`
			`* @param {string} [params.entity_type] - Entity type (e.g., 'user', 'session', 'bill')`
			`* @param {number} [params.entity_id] - Entity ID`
			`* @param {Object} [params.details] - Additional details (stored as JSON)`
			`* @param {string} [params.ip_address] - Request IP`
			`* @param {string} [params.user_agent] - Request user-agent`
			`*/`
			`function logAudit({ user_id, action, entity_type, entity_id, details, ip_address, user_agent }) {`
			`const db = getDb();`
			`try {`
			`db.prepare(`
			`INSERT INTO audit_log (user_id, action, entity_type, entity_id, details_json, ip_address, user_agent)
			VALUES (?, ?, ?, ?, ?, ?, ?)`
			`).run(`
			`user_id \|\| null,`
			`action,`
			`entity_type \|\| null,`
			`entity_id \|\| null,`
			`details ? JSON.stringify(details) : null,`
			`ip_address \|\| null,`
			`user_agent \|\| null`
			`);`
			`} catch (err) {`
			`// Audit logging should never crash the app`
			`console.error('[audit-error] Failed to log audit event:', err.message);`
			`}`
			`}`

			`module.exports = { logAudit };`