Merge pull request #52 from Aayush0966/develop

adgator101 · web-flow · commit 3e54f09a8855 · 2025-09-27T11:33:18.000+05:45
fix(audit): resolve middleware execution issues and prevent recursion
diff --git a/src/controllers/audit.controller.ts b/src/controllers/audit.controller.ts
@@ -0,0 +1,21 @@
+import { ErrorResponse, SuccessResponse } from "@/dtos";
+import auditService from "@/services/audit.service"
+import { HTTP } from "@/utils/constants";
+import type { Request, Response } from "express";
+
+class AuditController {
+  async getAudits(_: Request, res: Response) {
+    try {
+      const result = await auditService.getAllAudits();
+      if (!result.success) return res.status(HTTP.BAD_REQUEST).json(ErrorResponse(HTTP.BAD_REQUEST, result.error))
+      return res.status(HTTP.OK).json(SuccessResponse(HTTP.OK, "Successfully fetched.", result.data))
+    } catch (error) {
+      console.log("Error while fetching auditsLogs: ", error)
+      return res.status(HTTP.INTERNAL).json(ErrorResponse(HTTP.INTERNAL, "Internal Server Error"))
+
+    }
+  }
+};
+
+const auditController = new AuditController();
+export default auditController;
diff --git a/src/middleware/audit.middleware.ts b/src/middleware/audit.middleware.ts
@@ -1,60 +1,157 @@
 import type { ActionType, Models } from "@prisma/client";
 import type { PrismaClient } from "@prisma/client/extension";
+import { requestContext } from "@/context/request.context";
 
+type AuditOperation = "create" | "update" | "delete";
 
-import type { Prisma } from "@prisma/client";
-import { requestContext } from "@/context/request.context";
+type QueryContext = {
+    model: string; 
+    operation: string; 
+    args: any;
+    query: (args: any) => Promise<any>;
+};
+
+// List of operations
+const actionsToAudit: AuditOperation[] = ["create", "update", "delete"];
+
+// Map model names to their values
+const modelToEnumMap: Record<string, Models> = {
+    User: "USER",
+    user: "USER",
+    member: "MEMBER",
+    Member: "MEMBER",
+    Events: "EVENT",
+    events: "EVENT",
+    EventSchedule: "EVENTSCHEDULE",
+    eventSchedule: "EVENTSCHEDULE",
+    Project: "PROJECT",
+    project: "PROJECT",
+    ProjectContributors: "PROJECTCONTRIBUTORS",
+    projectContributors: "PROJECTCONTRIBUTORS",
+    Contributor: "CONTRIBUTOR",
+    contributor: "CONTRIBUTOR",
+    Tag: "TAG",
+    tag: "TAG",
+};
+
+const resolveDelegate = (client: PrismaClient, model: string) => {
+    // Checking if the provided model exist on the prisma client
+    const exact = (client as any)[model];
+    if (exact) {
+        // if the model exist, then return it 
+        return exact;
+    }
+    // if the model name doesn't exit, try using the camelCase version.
+    const camel = model.charAt(0).toLowerCase() + model.slice(1);
+    return (client as any)[camel];
+};
+
+// finds the enum value for the given model name by capitalizing the first letter of the model name
+// or converting the entire model name to upper case
+const resolveEntity = (model: string): Models | undefined => {
+    return modelToEnumMap[model] ?? modelToEnumMap[model.charAt(0).toUpperCase() + model.slice(1)] ?? (model.toUpperCase() as Models);
+};
 
+
+const shouldDebug = () => process.env.AUDIT_DEBUG === "true" || process.env.NODE_ENV === "development";
+
+// Middleware to handle auditing
 export const auditMiddleware = (prisma: PrismaClient) => {
     return prisma.$extends({
-        model: {
+        query: {
             $allModels: {
-                async execute(args: any, next: (args: any) => Promise<any>) {
-                    const actionsToAudit = ["create", "update", "delete"];
+                async $allOperations({ model, operation, args, query }: QueryContext) {
+                    const op = operation as AuditOperation;
+
+                    // Skip if db transaction is about AuditLogs or models which doesnt need to be audited
+                    if (model === "AuditLogs" || !actionsToAudit.includes(op)) {
+                        return query(args);
+                    }
 
-                    // Only track the defined actions.
-                    if (!actionsToAudit.includes(args.action)) return next(args);
+                    const debug = shouldDebug();
+                    if (debug) {
+                        console.debug(`[AUDIT] ${model}.${operation} intercepted`);
+                    }
 
-                    let before: any = null;
+                    let before: Record<string, unknown> | null = null;
+                    const delegate = resolveDelegate(prisma, model);
 
-                    if (args.action === "update" || args.action === "delete") {
-                        before = await next({ ...args, action: "findUnique" })
+                    // Fetch the current state of the entity which will be needed when returing before and after
+                    if ((op === "update" || op === "delete") && delegate && args?.where) {
+                        try {
+                            before = await delegate.findUnique({ where: args.where });
+                            if (debug) {
+                                console.debug(`[AUDIT] Loaded before state for ${model}.${operation}`);
+                            }
+                        } catch (error) {
+                            if (debug) {
+                                console.debug(`[AUDIT] Failed to load before state for ${model}.${operation}`, error);
+                            }
+                        }
                     }
 
-                    let result: any = null;
                     const userId = requestContext.getStore()?.userId ?? "UNKNOWN";
 
+                    let result: any;
                     try {
-                        const result = await next(args)
-                    } catch (error: any) {
-                        throw new Error("Error while performing database query: ", error)
+                        // Executing the original query
+                        result = await query(args);
+                        if (debug) {
+                            console.debug(`[AUDIT] ${model}.${operation} executed successfully (id: ${result?.id ?? "n/a"})`);
+                        }
+                    } catch (error) {
+                        if (debug) {
+                            console.error(`[AUDIT] ${model}.${operation} failed`, error);
+                        }
+                        throw error;
                     }
 
-                    let changes: Record<string, { before: any, after: any }> = {};
-                    if (args.action === "update" && before) {
-                        for (const key in args.data) {
-                            if (before[key] !== result[key]) {
-                                changes[key] = { before: before[key], after: result[key] }
+                    // On update operaiton, tracking changes of which field changed and what changed.
+                    const changes: Record<string, { before: unknown; after: unknown }> = {};
+                    if (op === "update" && before && args?.data) {
+                        for (const key of Object.keys(args.data)) {
+                            const beforeValue = (before as any)[key];
+                            const afterValue = result?.[key];
+                            if (!Object.is(beforeValue, afterValue)) {
+                                changes[key] = {
+                                    before: beforeValue,
+                                    after: afterValue,
+                                };
                             }
                         }
+                        if (debug) {
+                            console.debug(`[AUDIT] Change set for ${model}.${operation}:`, changes);
+                        }
                     }
 
+                    
+                    const entity = resolveEntity(model);
 
+                    if (!entity) {
+                        if (debug) {
+                            console.debug(`[AUDIT] Skipping audit log for model ${model}; no enum mapping found.`);
+                        }
+                        return result;
+                    }
+
+                    // Create an audit log 
                     await prisma.auditLogs.create({
                         data: {
-                            action: args.action.toUpperCase() as ActionType,
-                            userId: userId,
-                            entity: args.model.toUpperCase() as Models,
-                            entitiyId: result.id,
-                            changes: Object.keys(changes).length ? changes : null
+                            action: op.toUpperCase() as ActionType,
+                            userId,
+                            entity,
+                            entityId: result?.id ?? args?.where?.id ?? "UNKNOWN",
+                            changes: Object.keys(changes).length ? changes : null,
+                        },
+                    });
 
-                        }
-                    })
+                    if (debug) {
+                        console.debug(`[AUDIT] Audit log written for ${model}.${operation}`);
+                    }
 
                     return result;
-
-                }
-            }
-        }
-    })
-}
+                },
+            },
+        },
+    });
+};
diff --git a/src/services/audit.service.ts b/src/services/audit.service.ts
@@ -0,0 +1,24 @@
+import prisma from "@/db/prisma";
+import { prismaSafe } from "@/lib/prismaSafe";
+
+
+class AuditService {
+  async getAllAudits() {
+    try {
+      const [error, audits] = await prismaSafe(
+        prisma.auditLogs.findMany({
+          take: 10
+        })
+      )
+      if (error) return { success: false, error }
+      if (!audits) return { success: false, error: "No audits found" }
+      return { success: true, data: audits }
+    } catch (error: any) {
+      console.log("Error while fetching auditLogs: ", error)
+      return { success: false, error: "Internal Server Error" }
+    }
+  }
+}
+
+const auditService = new AuditService();
+export default auditService;
