egullickson/motovaultpro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Centralized audit logging admin interface (refs #10) #22

Merged
egullickson merged 6 commits from issue-10-centralized-audit-logging into main 2026-01-11 18:41:16 +00:00
Conversation 0 Commits 6 Files Changed 38 +3070 -30
egullickson commented 2026-01-11 17:09:49 +00:00
Owner
Copy Link

Summary

  • Implements new centralized audit_logs table with categories (auth, vehicle, user, system, admin) and severities (info, warning, error)
  • Creates AuditLogService with cross-feature logging capability via singleton instance
  • Adds REST API at /api/admin/audit-logs with search, filters, pagination, and CSV export
  • Wires audit logging into auth, vehicles, admin, and backup features
  • Adds desktop AdminLogsPage and mobile AdminLogsMobileScreen
  • Implements 90-day retention with daily cleanup job (3 AM)
  • Removes old AuditLogPanel from AdminCatalogPage

Security improvements:

  • Escapes LIKE special characters to prevent pattern injection
  • Limits CSV export to 5000 records with truncation warning headers

Test plan

  • Verify database migration runs successfully
  • Test audit log creation from vehicle CRUD operations
  • Test audit log creation from admin actions
  • Test search and filter functionality on desktop
  • Test mobile card layout and collapsible filters
  • Test CSV export with various filter combinations
  • Verify 90-day cleanup job runs without errors
  • Confirm AuditLogPanel removed from Vehicle Catalog page

🤖 Generated with Claude Code

## Summary - Implements new centralized `audit_logs` table with categories (auth, vehicle, user, system, admin) and severities (info, warning, error) - Creates `AuditLogService` with cross-feature logging capability via singleton instance - Adds REST API at `/api/admin/audit-logs` with search, filters, pagination, and CSV export - Wires audit logging into auth, vehicles, admin, and backup features - Adds desktop `AdminLogsPage` and mobile `AdminLogsMobileScreen` - Implements 90-day retention with daily cleanup job (3 AM) - Removes old `AuditLogPanel` from `AdminCatalogPage` Security improvements: - Escapes LIKE special characters to prevent pattern injection - Limits CSV export to 5000 records with truncation warning headers ## Test plan - [ ] Verify database migration runs successfully - [ ] Test audit log creation from vehicle CRUD operations - [ ] Test audit log creation from admin actions - [ ] Test search and filter functionality on desktop - [ ] Test mobile card layout and collapsible filters - [ ] Test CSV export with various filter combinations - [ ] Verify 90-day cleanup job runs without errors - [ ] Confirm AuditLogPanel removed from Vehicle Catalog page 🤖 Generated with [Claude Code](https://claude.com/claude-code)
egullickson added 1 commit 2026-01-11 17:09:50 +00:00
feat: Implement centralized audit logging admin interface (refs #10)
Some checks failed
Deploy to Staging / Build Images (pull_request) Successful in 4m42s
Details
Deploy to Staging / Deploy to Staging (pull_request) Successful in 37s
Details
Deploy to Staging / Verify Staging (pull_request) Failing after 6s
Details
Deploy to Staging / Notify Staging Ready (pull_request) Has been skipped
Details
Deploy to Staging / Notify Staging Failure (pull_request) Successful in 6s
Details
c98211f4a2 
- Add audit_logs table with categories, severities, and indexes
- Create AuditLogService and AuditLogRepository
- Add REST API endpoints for viewing and exporting logs
- Wire audit logging into auth, vehicles, admin, and backup features
- Add desktop AdminLogsPage with filters and CSV export
- Add mobile AdminLogsMobileScreen with card layout
- Implement 90-day retention cleanup job
- Remove old AuditLogPanel from AdminCatalogPage

Security fixes:
- Escape LIKE special characters to prevent pattern injection
- Limit CSV export to 5000 records to prevent memory exhaustion
- Add truncation warning headers for large exports

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
egullickson added 1 commit 2026-01-11 17:18:49 +00:00
fix: Remove duplicate audit-logs route from admin routes (refs #10)
All checks were successful
Deploy to Staging / Build Images (pull_request) Successful in 2m23s
Details
Deploy to Staging / Deploy to Staging (pull_request) Successful in 28s
Details
Deploy to Staging / Verify Staging (pull_request) Successful in 6s
Details
Deploy to Staging / Notify Staging Ready (pull_request) Successful in 6s
Details
Deploy to Staging / Notify Staging Failure (pull_request) Has been skipped
Details
80275c1670 
The old /api/admin/audit-logs route in admin.routes.ts conflicted with the
new centralized audit-log feature. Removed the old route since we're now
using the unified audit logging system.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
egullickson added 1 commit 2026-01-11 17:34:03 +00:00
fix: Add Audit Logs navigation to Admin Console settings (refs #10)
Some checks failed
Deploy to Staging / Deploy to Staging (push) Has been cancelled
Details
Deploy to Staging / Verify Staging (push) Has been cancelled
Details
Deploy to Staging / Notify Staging Ready (push) Has been cancelled
Details
Deploy to Staging / Notify Staging Failure (push) Has been cancelled
Details
Deploy to Staging / Build Images (push) Has been cancelled
Details
Deploy to Staging / Build Images (pull_request) Successful in 2m36s
Details
Deploy to Staging / Deploy to Staging (pull_request) Successful in 37s
Details
Deploy to Staging / Verify Staging (pull_request) Successful in 6s
Details
Deploy to Staging / Notify Staging Ready (pull_request) Successful in 5s
Details
Deploy to Staging / Notify Staging Failure (pull_request) Has been skipped
Details
6f2ac3e22b 
The routes and screen components for AdminLogsPage were implemented but
the navigation links to access them were missing from both desktop and
mobile Settings pages.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
egullickson added 1 commit 2026-01-11 17:42:50 +00:00
fix: Add audit-log to migration order (refs #10)
All checks were successful
Deploy to Staging / Build Images (pull_request) Successful in 2m23s
Details
Deploy to Staging / Deploy to Staging (pull_request) Successful in 28s
Details
Deploy to Staging / Verify Staging (pull_request) Successful in 7s
Details
Deploy to Staging / Notify Staging Ready (pull_request) Successful in 6s
Details
Deploy to Staging / Notify Staging Failure (pull_request) Has been skipped
Details
cdfba3c1a8 
The audit_logs table migration was not being executed because the
audit-log feature was missing from MIGRATION_ORDER in run-all.ts,
causing 500 errors when accessing the audit logs API.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
egullickson added 1 commit 2026-01-11 18:08:50 +00:00
feat: Add login/logout audit logging (refs #10)
All checks were successful
Deploy to Staging / Build Images (pull_request) Successful in 4m42s
Details
Deploy to Staging / Deploy to Staging (pull_request) Successful in 38s
Details
Deploy to Staging / Verify Staging (pull_request) Successful in 7s
Details
Deploy to Staging / Notify Staging Ready (pull_request) Successful in 6s
Details
Deploy to Staging / Notify Staging Failure (pull_request) Has been skipped
Details
fbde51b8fd 
Backend:
- Add login event logging to getUserStatus() controller method
- Create POST /auth/track-logout endpoint for logout tracking

Frontend:
- Create useLogout hook that wraps Auth0 logout with audit tracking
- Update all logout locations to use the new hook (SettingsPage,
  Layout, MobileSettingsScreen, useDeletion)

Login events are logged when the frontend calls /auth/user-status after
Auth0 callback. Logout events are logged via fire-and-forget call to
/auth/track-logout before Auth0 logout.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
egullickson added 1 commit 2026-01-11 18:31:06 +00:00
fix: Display user email instead of Auth0 UID in audit logs (refs #10)
All checks were successful
Deploy to Staging / Build Images (pull_request) Successful in 4m40s
Details
Deploy to Staging / Deploy to Staging (pull_request) Successful in 37s
Details
Deploy to Staging / Verify Staging (pull_request) Successful in 6s
Details
Deploy to Staging / Notify Staging Ready (pull_request) Successful in 5s
Details
Deploy to Staging / Notify Staging Failure (pull_request) Has been skipped
Details
911b7c0e3a 
- Add userEmail field to AuditLogEntry type in backend and frontend
- Update audit-log repository to LEFT JOIN with user_profiles table
- Update AdminLogsPage to show email with fallback to truncated userId
- Update AdminLogsMobileScreen with same display logic

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
egullickson merged commit 84baa755d9 into main 2026-01-11 18:41:16 +00:00
egullickson deleted branch issue-10-centralized-audit-logging 2026-01-11 18:41:16 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
status
backlog
status/blocked
status
done
status
in-progress
status
ready
status
review
type
bug
type
chore
type
docs
type
feature
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
egullickson
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: egullickson/motovaultpro#22
Delete Branch "issue-10-centralized-audit-logging"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?