add some audit logging statements parseable in cloudwatch

devksingh4 · devksingh4 · commit ad2bb02cfbe4 · 2025-01-13T23:59:22.000-06:00
diff --git a/src/api/index.ts b/src/api/index.ts
@@ -72,7 +72,7 @@ async function init() {
     req.startTime = now();
     const hostname = req.hostname;
     const url = req.raw.url;
-    req.log.info({ hostname, url }, "received request");
+    req.log.info({ hostname, url, method: req.method }, "received request");
     done();
   });
 
diff --git a/src/api/plugins/auth.ts b/src/api/plugins/auth.ts
@@ -222,6 +222,10 @@ const authPlugin: FastifyPluginAsync = async (fastify, _options) => {
           message: "Invalid token.",
         });
       }
+      request.log.info(
+        { type: "audit", actor: request.username },
+        "authenticated request",
+      );
       return userRoles;
     },
   );
diff --git a/src/api/routes/events.ts b/src/api/routes/events.ts
@@ -134,7 +134,10 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
             Item: marshall(entry),
           }),
         );
-
+        let verb = "created";
+        if (userProvidedId && userProvidedId === entryUUID) {
+          verb = "modified";
+        }
         try {
           if (request.body.featured && !request.body.repeats) {
             await updateDiscord(entry, false, request.log);
@@ -157,18 +160,21 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
           }
 
           if (e instanceof Error) {
-            request.log.error(`Failed to publish event to Discord: ${e}`);
+            request.log.error(`Failed to publish event to Discord: ${e} `);
           }
           if (e instanceof BaseError) {
             throw e;
           }
           throw new DiscordEventError({});
         }
-
         reply.send({
           id: entryUUID,
           resource: `/api/v1/events/${entryUUID}`,
         });
+        request.log.info(
+          { type: "audit", actor: request.username, target: entryUUID },
+          `${verb} event "${entryUUID}"`,
+        );
       } catch (e: unknown) {
         if (e instanceof Error) {
           request.log.error("Failed to insert to DynamoDB: " + e.toString());
@@ -254,6 +260,10 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
           message: "Failed to delete event from Dynamo table.",
         });
       }
+      request.log.info(
+        { type: "audit", actor: request.username, target: id },
+        `deleted event "${id}"`,
+      );
     },
   );
   type EventsGetRequest = {
@@ -306,7 +316,7 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
               );
             } catch (e: unknown) {
               request.log.warn(
-                `Could not compute upcoming event status for event ${item.title}: ${e instanceof Error ? e.toString() : e}`,
+                `Could not compute upcoming event status for event ${item.title}: ${e instanceof Error ? e.toString() : e} `,
               );
               return false;
             }
@@ -322,7 +332,7 @@ const eventsPlugin: FastifyPluginAsync = async (fastify, _options) => {
         if (e instanceof Error) {
           request.log.error("Failed to get from DynamoDB: " + e.toString());
         } else {
-          request.log.error(`Failed to get from DynamoDB. ${e}`);
+          request.log.error(`Failed to get from DynamoDB.${e} `);
         }
         throw new DatabaseFetchError({
           message: "Failed to get events from Dynamo table.",
diff --git a/src/api/routes/iam.ts b/src/api/routes/iam.ts
@@ -15,18 +15,13 @@ import {
   EntraInvitationError,
   InternalServerError,
   NotFoundError,
-  ValidationError,
 } from "../../common/errors/index.js";
 import {
   DynamoDBClient,
   GetItemCommand,
   PutItemCommand,
 } from "@aws-sdk/client-dynamodb";
-import {
-  execCouncilGroupId,
-  execCouncilTestingGroupId,
-  genericConfig,
-} from "../../common/config.js";
+import { genericConfig } from "../../common/config.js";
 import { marshall, unmarshall } from "@aws-sdk/util-dynamodb";
 import {
   InviteUserPostRequest,
@@ -143,6 +138,10 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
         });
       }
       reply.send({ message: "OK" });
+      request.log.info(
+        { type: "audit", actor: request.username, target: groupId },
+        `set group ID roles to ${request.body.roles.toString()}`,
+      );
     },
   );
   fastify.post<{ Body: InviteUserPostRequest }>(
@@ -178,13 +177,26 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
       for (let i = 0; i < results.length; i++) {
         const result = results[i];
         if (result.status === "fulfilled") {
+          request.log.info(
+            { type: "audit", actor: request.username, target: emails[i] },
+            "invited user to Entra ID tenant.",
+          );
           response.success.push({ email: emails[i] });
         } else {
+          request.log.info(
+            { type: "audit", actor: request.username, target: emails[i] },
+            "failed to invite user to Entra ID tenant.",
+          );
           if (result.reason instanceof EntraInvitationError) {
             response.failure.push({
               email: emails[i],
               message: result.reason.message,
             });
+          } else {
+            response.failure.push({
+              email: emails[i],
+              message: "An unknown error occurred.",
+            });
           }
         }
       }
@@ -254,7 +266,23 @@ const iamRoutes: FastifyPluginAsync = async (fastify, _options) => {
         const result = addResults[i];
         if (result.status === "fulfilled") {
           response.success.push({ email: request.body.add[i] });
+          request.log.info(
+            {
+              type: "audit",
+              actor: request.username,
+              target: request.body.add[i],
+            },
+            `added target to group ID ${groupId}`,
+          );
         } else {
+          request.log.info(
+            {
+              type: "audit",
+              actor: request.username,
+              target: request.body.add[i],
+            },
+            `failed to add added target to group ID ${groupId}`,
+          );
           if (result.reason instanceof EntraGroupError) {
             response.failure.push({
               email: request.body.add[i],
diff --git a/src/api/routes/tickets.ts b/src/api/routes/tickets.ts
@@ -438,6 +438,10 @@ const ticketsPlugin: FastifyPluginAsync = async (fastify, _options) => {
       }
       await dynamoClient.send(command);
       reply.send(response);
+      request.log.info(
+        { type: "audit", actor: request.username, target: ticketId },
+        `checked in ticket of type "${request.body.type}" ${request.body.type === "merch" ? `purchased by email ${request.body.email}.` : "."}`,
+      );
     },
   );
 };
