[Sudo] Audit Logs

[supun-io]

Basically, we want to know who did what in sudo.

• sudo_audit_logs table

id
created_at, updated_at
user_id bigint
action string
payload json

(add SQL here: https://github.com/hyvor/internal?tab=readme-ov-file#sudo-setup)

• Service in the internal library

class SudoAuditLogService
{
         // add record to DB
         // get the current user from https://github.com/hyvor/core/issues/377 if null, a custom user can also be set
         // add comment to use snake case action ('cancel_subscription')
         // payload: array<string, scalar>
         public function log(string $action, array $payload, ?AuthUser $user = null): void;
}

This can then be used in our controllers:

public function __construct(private SudoAuditLogService $sudoAuditLog);

public function cancelSubscription(): JsonResponse
{

      $this->sudoAuditLog('cancel_subscription', [
              'subscription_id' => $subscriptionId,
      ]);

}

• Create a testing trait with one function: assertSudoLogged(string $action, array $payload);
• Sudo API to get logs

GET /api/sudo/audit-logs

limit: int
offset: int
user_id: int | null
action: string | null
date_start: int | null (unix timestamp)
date_end: int | null
payload_param: filter by payload key (requires payload_value)
payload_value: value for above

response

$logs = getAuditLogs();
$users = AuthInterface::fromIds($userIds);

return mixThose();