Problem
Two observability gaps exist:
- There is no HTTP request logging middleware - no log of incoming requests, response status codes, or latency. Production debugging is blind.
src/modules/admin/admin.service.ts:283 defines a logAction() method with a complete AuditLog entity behind it, but logAction() is never called from any controller or service. Every admin mutation is untracked.
Proposed Solution
Request logging:
- Create
src/common/middleware/logger.middleware.ts that generates a UUID correlationId per request
- Log
method, url, correlationId on arrival and statusCode + duration on response finish
- Redact the
Authorization header from logs
AuditLog integration:
- Call
logAction() from: createUser, updateUserStatus, updateUserRole, deleteUser in AdminService
- Ensure
GET /api/admin/audit-logs supports filtering by action, startDate, endDate with pagination
Acceptance Criteria
Problem
Two observability gaps exist:
src/modules/admin/admin.service.ts:283defines alogAction()method with a completeAuditLogentity behind it, butlogAction()is never called from any controller or service. Every admin mutation is untracked.Proposed Solution
Request logging:
src/common/middleware/logger.middleware.tsthat generates a UUIDcorrelationIdper requestmethod,url,correlationIdon arrival andstatusCode+durationon response finishAuthorizationheader from logsAuditLog integration:
logAction()from:createUser,updateUserStatus,updateUserRole,deleteUserinAdminServiceGET /api/admin/audit-logssupports filtering byaction,startDate,endDatewith paginationAcceptance Criteria
correlationId, method, URL, status, and durationAuthorizationheader value is redacted in logsAuditLogrecordGET /api/admin/audit-logsreturns paginated results filterable by action and date rangecorrelationIdappears in both the request log and service-level logs within the same request