Implement Phase 2: Refresh tokens, 2FA, password reset, and audit logging

Co-authored-by: mblanke <9078342+mblanke@users.noreply.github.com>
2026-03-01 14:00:20 -05:00 · 2025-12-09 17:30:12 +00:00
parent ddf287cde7
commit c8c0c762c5
15 changed files with 716 additions and 9 deletions
--- a/backend/app/core/audit.py
+++ b/backend/app/core/audit.py
@@ -0,0 +1,52 @@
+from typing import Optional, Dict, Any
+from sqlalchemy.orm import Session
+from fastapi import Request
+
+from app.models.audit_log import AuditLog
+
+
+def log_action(
+    db: Session,
+    user_id: Optional[int],
+    tenant_id: int,
+    action: str,
+    resource_type: str,
+    resource_id: Optional[int] = None,
+    details: Optional[Dict[str, Any]] = None,
+    request: Optional[Request] = None
+):
+    """
+    Log an action to the audit log
+    
+    Args:
+        db: Database session
+        user_id: ID of user performing action (None for system actions)
+        tenant_id: Tenant ID
+        action: Action type (CREATE, READ, UPDATE, DELETE, LOGIN, etc.)
+        resource_type: Type of resource (user, host, case, etc.)
+        resource_id: ID of the resource (if applicable)
+        details: Additional details as JSON
+        request: FastAPI request object (for IP and user agent)
+    """
+    ip_address = None
+    user_agent = None
+    
+    if request:
+        ip_address = request.client.host if request.client else None
+        user_agent = request.headers.get("user-agent")
+    
+    audit_log = AuditLog(
+        user_id=user_id,
+        tenant_id=tenant_id,
+        action=action,
+        resource_type=resource_type,
+        resource_id=resource_id,
+        details=details,
+        ip_address=ip_address,
+        user_agent=user_agent
+    )
+    
+    db.add(audit_log)
+    db.commit()
+    
+    return audit_log