feat: initial sqs audit logging

Author: JayDwee

Cargo.lock

@@ -0,0 +1,45 @@
+[workspace]
+members = ["common", "api", "consumer", "gateway"]
+resolver = "2"
+
+[workspace.package]
+version = "2.0.0"
+edition = "2024"
+
+[workspace.dependencies]
+lambda_http = { version = "0.17.0" }
+tokio = { version = "1", features = ["macros"] }
+tower-http = { version = "0.6", features = ["cors", "auth"] }
+axum = "0.8.4"
+http = "1.3.1"
+serde = { version = "1.0.223", features = ["derive"] }
+serde_json = "1.0.145"
+tower = "0.5.2"
+twilight = "0.16.0"
+twilight-http = "0.16.0"
+twilight-model = "0.16.0"
+twilight-gateway = "0.16.0"
+aws-sdk-sesv2 = "1.98.0"
+aws-sdk-scheduler = "1.84.0"
+aws-sdk-sqs = "1.92.0"
+aws-config = "1.8.6"
+reqwest = { version = "0.12.23", features = ["json", "native-tls-vendored"] }
+chrono = {  version = "0.4.42", features = ["serde"] }
+ed25519-dalek = "2.2.0"
+once_cell = "1.21.3"
+hex = "0.4.3"
+http-body-util = "0.1.3"
+regex = "1.11.2"
+cached = { version = "0.56.0", features = ["async"] }
+hmac = "0.12.1"
+sha2 = "0.10.9"
+jwt = "0.16.0"
+sqlx = { version = "0.8", features = [ "runtime-tokio", "tls-rustls" , "postgres", "uuid", "bigdecimal"] }
+aws-sdk-dsql = "1.1"
+anyhow = { version = "1", features = ["backtrace"] }
+bigdecimal = "0.4" # Use the latest version
+tracing = "0.1.41"
+tracing-subscriber = "0.3.20"
+aws_lambda_events = "1.0.3"
+lambda_runtime = "1.0.2"
+uuid = "1.20.0"

Cargo.toml

@@ -1,35 +1,33 @@
 [package]
 name = "api"
-version = "2.0.1"
-edition = "2024"
+version.workspace = true
+edition.workspace = true
 
 [dependencies]
-lambda_http = { version = "0.17.0" }
-tokio = { version = "1", features = ["macros"] }
-tower-http = { version = "0.6", features = ["cors", "auth"] }
-axum = "0.8.4"
-http = "1.3.1"
-serde = { version = "1.0.223", features = ["derive"] }
-serde_json = "1.0.145"
-tower = "0.5.2"
-twilight = "0.16.0"
-twilight-http = "0.16.0"
-twilight-model = "0.16.0"
-aws-sdk-sesv2 = "1.98.0"
-aws-sdk-scheduler = "1.84.0"
-aws-config = "1.8.6"
-reqwest = { version = "0.12.23", features = ["json", "native-tls-vendored"] }
-chrono = {  version = "0.4.42", features = ["serde"] }
-ed25519-dalek = "2.2.0"
-once_cell = "1.21.3"
-hex = "0.4.3"
-http-body-util = "0.1.3"
-regex = "1.11.2"
-cached = { version = "0.56.0", features = ["async"] }
-hmac = "0.12.1"
-sha2 = "0.10.9"
-jwt = "0.16.0"
-sqlx = { version = "0.8", features = [ "runtime-tokio", "tls-rustls" , "postgres", "uuid", "bigdecimal"] }
-aws-sdk-dsql = "1.1"
-anyhow = { version = "1", features = ["backtrace"] }
-bigdecimal = "0.4" # Use the latest version
+lambda_http = { workspace = true }
+tokio = { workspace = true, features = ["macros"] }
+tower-http = { workspace = true, features = ["cors", "auth"] }
+axum = { workspace = true }
+http = { workspace = true }
+serde = { workspace = true, features = ["derive"] }
+serde_json = { workspace = true }
+twilight-http = { workspace = true }
+twilight-model = { workspace = true }
+aws-sdk-sesv2 = { workspace = true }
+aws-sdk-scheduler = { workspace = true }
+aws-config = { workspace = true }
+reqwest = { workspace = true, features = ["json", "native-tls-vendored"] }
+chrono = { workspace = true, features = ["serde"] }
+ed25519-dalek = { workspace = true }
+once_cell = { workspace = true }
+hex = { workspace = true }
+http-body-util = { workspace = true }
+regex = { workspace = true }
+cached = { workspace = true, features = ["async"] }
+hmac = { workspace = true }
+sha2 = { workspace = true }
+jwt = { workspace = true }
+sqlx = { workspace = true, features = [ "runtime-tokio", "tls-rustls" , "postgres", "uuid", "bigdecimal"] }
+bigdecimal = { workspace = true }
+common = { path = "../common", version = "2.0.0"}
+aws-sdk-sqs = { workspace = true }

api/Cargo.toml

@@ -11,29 +11,7 @@ CREATE TABLE IF NOT EXISTS users(
 
 -- Future Use Case
 --
--- CREATE TABLE users(
---     id NUMERIC(20, 0) NOT NULL PRIMARY KEY, -- u64
---     created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
---     updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
--- );
---
--- INSERT INTO users(id) VALUES (228541431483072513); -- Insert JayDwee
 --
--- CREATE TABLE guilds(
---     id NUMERIC(20, 0) NOT NULL PRIMARY KEY, -- u64
---     created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
---     updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
--- );
---
--- CREATE TABLE audit(
---     id UUID NOT NULL PRIMARY KEY DEFAULT gen_random_uuid(),
---     user_id NUMERIC(20, 0) NOT NULL, -- u64
---     guild_id NUMERIC(20, 0), -- u64
---     action VARCHAR,
---     data VARCHAR,
---     created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
---     updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
--- );
 --
 --
 -- CREATE TABLE feature_flags(

api/migrations/20260119010332_init.up.sql

@@ -0,0 +1 @@
+DROP TABLE audit;

api/migrations/20260126004140_audit.down.sql

@@ -0,0 +1,10 @@
+CREATE TABLE audit(
+    id UUID NOT NULL PRIMARY KEY DEFAULT gen_random_uuid(),
+    action VARCHAR,
+    user_id NUMERIC(20, 0) NOT NULL, -- u64
+    guild_id NUMERIC(20, 0), -- u64
+    old_data VARCHAR,
+    new_data VARCHAR,
+    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
+);

api/migrations/20260126004140_audit.up.sql

@@ -0,0 +1,35 @@
+use aws_sdk_sqs::types::MessageAttributeValue;
+use lambda_http::tracing::error;
+use serde::{Deserialize, Serialize};
+pub use common::audit::AuditMessage;
+
+pub async fn audit<T>(audit: &AuditMessage<T>, sqs: &aws_sdk_sqs::Client)
+where
+    T: Serialize + for<'de> Deserialize<'de>,
+{
+    let queue_url = std::env::var("SQS_URL").expect("SQS_URL must be set");
+
+    let mut attempts = 0;
+    
+    loop {
+        attempts += 1;
+
+        match sqs
+            .send_message()
+            .queue_url(&queue_url)
+            .message_attributes("kind", MessageAttributeValue::builder().string_value("audit").build().unwrap())
+            .message_body(serde_json::to_string(audit).unwrap())
+            .send()
+            .await {
+            Ok(_) => break,
+            Err(e) => {
+                if attempts >= 3 {
+                    error!("Failed to send audit to SQS after 3 attempts {}", audit);
+                    break;
+                } else {
+                    error!("Failed to send audit to SQS, retrying... {}", e);
+                }
+            }
+        }
+    }
+}

api/src/audit.rs

@@ -7,7 +7,7 @@ use bigdecimal::{BigDecimal, ToPrimitive};
 use sqlx::{Pool, Postgres, Row};
 use twilight_model::id::Id;
 use twilight_model::id::marker::GuildMarker;
-use crate::dsql::{bind_in_params, in_params};
+use common::dsql::{bind_in_params, in_params};
 
 #[derive(Clone, Serialize, Deserialize, PartialEq)]
 pub struct Guild {

api/src/guilds/models.rs

@@ -1,27 +1,28 @@
-use crate::dsql::establish_connection;
+use common::dsql::establish_connection;
 use aws_config::BehaviorVersion;
 use axum::body::Body;
-use axum::{Json, Router, http::StatusCode, routing::get};
+use axum::{http::StatusCode, routing::get, Json, Router};
 use http::Response;
-use lambda_http::{Error, run, tracing};
-use serde_json::{Value, json};
+use lambda_http::{run, tracing, Error};
+use serde_json::{json, Value};
 use sqlx::{Pool, Postgres};
 use std::sync::Arc;
 use tower_http::cors::CorsLayer;
 
 mod discord;
-mod dsql;
 mod guilds;
 mod interactions;
 mod meta;
 mod middleware;
 mod users;
 mod utils;
+mod audit;
 
 #[derive(Clone)]
 pub struct AppState {
     scheduler: aws_sdk_scheduler::Client,
     ses: aws_sdk_sesv2::Client,
+    sqs: aws_sdk_sqs::Client,
     pg_pool: Pool<Postgres>,
     discord_bot: Arc<twilight_http::Client>,
     reqwest: Arc<reqwest::Client>,
@@ -83,6 +84,7 @@ async fn main() -> Result<(), Error> {
     let app_state = AppState {
         scheduler: aws_sdk_scheduler::Client::new(&config),
         ses: aws_sdk_sesv2::Client::new(&config),
+        sqs: aws_sdk_sqs::Client::new(&config),
         pg_pool: pool,
         discord_bot,
         reqwest: Arc::new(reqwest::Client::new()),

api/src/main.rs

@@ -13,6 +13,8 @@ use tower_http::cors::CorsLayer;
 use twilight_model::id::Id;
 use twilight_model::id::marker::{GuildMarker, UserMarker};
 use twilight_model::user::CurrentUser;
+use common::audit::AuditMessage;
+use crate::audit::audit;
 
 pub fn router() -> axum::Router<AppState> {
     axum::Router::new()
@@ -41,6 +43,7 @@ async fn put_link_guilds_id(
     let mut user = User::from_db(user_id, &app_state.pg_pool)
         .await
         .unwrap();
+    let audit_old_data = user.link_guilds.clone();
     if user
         .link_guilds
         .iter()
@@ -51,6 +54,7 @@ async fn put_link_guilds_id(
     }
     user.link_guilds.retain(|g| g.guild_id != guild_id);
     user.link_guilds.push(new_link_guild.clone());
+    let audit_new_data = user.link_guilds.clone();
     user.save(&app_state.pg_pool).await;
 
     let mut guild = Guild::from_db(guild_id, &app_state.pg_pool).await.unwrap();
@@ -76,6 +80,11 @@ async fn put_link_guilds_id(
     }
 
     guild.save(&app_state.pg_pool).await;
+    
+    // write audit
+    audit(&AuditMessage::new("update_link_guilds".to_string(), user_id, Some(guild_id), 
+                             Some(audit_old_data), Some(audit_new_data)), &app_state.sqs).await;
+    
     Ok(Json(json!(new_link_guild)))
 }