Skip to content

[BE-10] Add request logging middleware and integrate the dormant AuditLog #268

Description

@Leothosine

Problem

Two observability gaps exist:

  1. There is no HTTP request logging middleware - no log of incoming requests, response status codes, or latency. Production debugging is blind.
  2. src/modules/admin/admin.service.ts:283 defines a logAction() method with a complete AuditLog entity behind it, but logAction() is never called from any controller or service. Every admin mutation is untracked.

Proposed Solution

Request logging:

  • Create src/common/middleware/logger.middleware.ts that generates a UUID correlationId per request
  • Log method, url, correlationId on arrival and statusCode + duration on response finish
  • Redact the Authorization header from logs

AuditLog integration:

  • Call logAction() from: createUser, updateUserStatus, updateUserRole, deleteUser in AdminService
  • Ensure GET /api/admin/audit-logs supports filtering by action, startDate, endDate with pagination

Acceptance Criteria

  • Every HTTP request produces a structured log line with correlationId, method, URL, status, and duration
  • Authorization header value is redacted in logs
  • All admin mutation endpoints create an AuditLog record
  • GET /api/admin/audit-logs returns paginated results filterable by action and date range
  • correlationId appears in both the request log and service-level logs within the same request

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions