[BE-API-034] be-api: Implement audit log search improvements

- Added additional filters: resource_id, ip_address, user_agent - Added page-based pagination support in addition to offset-based - Added CountLogs method to get total count for pagination - Standardized SearchLogs handler to use RespondSuccess/RespondWithAppError - Replaced c.Get with GetUserIDUUID helper - Improved validation for query parameters - Response includes total count, page, total_pages, and offset metadata Phase: PHASE-2 Priority: P2 Progress: 41/267 (15.4%)
2025-12-24 11:56:57 +01:00 · 2025-12-24 11:56:57 +01:00 · 4d21cb08be
commit 4d21cb08be
parent dc2015575f
3 changed files with 161 additions and 24 deletions
--- a/VEZA_COMPLETE_MVP_TODOLIST.json
+++ b/VEZA_COMPLETE_MVP_TODOLIST.json
@ -2586,7 +2586,18 @@
      "description": "Enhance GET /api/v1/audit/logs with better filtering and pagination",
      "owner": "backend",
      "estimated_hours": 4,
-      "status": "todo",
+      "status": "completed",
+      "completion": {
+        "completed_at": "2025-12-24T10:54:12Z",
+        "actual_hours": 2.0,
+        "commits": [],
+        "files_changed": [
+          "veza-backend-api/internal/handlers/audit.go",
+          "veza-backend-api/internal/services/audit_service.go"
+        ],
+        "notes": "Enhanced audit log search with additional filters (resource_id, ip_address, user_agent). Added page-based pagination support in addition to offset-based. Added CountLogs method to get total count for pagination. Standardized SearchLogs handler to use RespondSuccess and RespondWithAppError. Replaced c.Get with GetUserIDUUID helper. Improved validation for query parameters. Response includes total count, page, total_pages, and offset metadata.",
+        "issues_encountered": []
+      },
      "files_involved": [],
      "implementation_steps": [
        {
--- a/veza-backend-api/internal/handlers/audit.go
+++ b/veza-backend-api/internal/handlers/audit.go
@ -5,6 +5,7 @@ import (
 	"strconv"
 	"time"

+	apperrors "veza-backend-api/internal/errors"
 	"veza-backend-api/internal/services"

 	"github.com/gin-gonic/gin"
@ -30,19 +31,14 @@ func NewAuditHandler(
 }

 // SearchLogs recherche des logs d'audit
+// GET /api/v1/audit/logs
+// BE-API-034: Enhanced with better filtering and pagination
 func (ah *AuditHandler) SearchLogs() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// Récupérer l'ID utilisateur depuis le contexte
-		userIDInterface, exists := c.Get("user_id")
-		if !exists {
-			c.JSON(http.StatusUnauthorized, gin.H{"error": "User not authenticated"})
-			return
-		}
-
-		userID, ok := userIDInterface.(uuid.UUID)
+		userID, ok := GetUserIDUUID(c)
 		if !ok {
-			c.JSON(http.StatusInternalServerError, gin.H{"error": "Invalid user ID type"})
-			return
+			return // Erreur déjà envoyée par GetUserIDUUID
 		}

 		// Parser les paramètres de recherche
@ -50,35 +46,69 @@ func (ah *AuditHandler) SearchLogs() gin.HandlerFunc {
 			UserID: &userID, // Par défaut, chercher les logs de l'utilisateur
 		}

-		// Paramètres optionnels
+		// Paramètres optionnels de filtrage
 		if action := c.Query("action"); action != "" {
 			req.Action = action
 		}
 		if resource := c.Query("resource"); resource != "" {
 			req.Resource = resource
 		}
+		// BE-API-034: Added resource_id filter
+		if resourceIDStr := c.Query("resource_id"); resourceIDStr != "" {
+			if resourceID, err := uuid.Parse(resourceIDStr); err == nil {
+				req.ResourceID = &resourceID
+			}
+		}
+		// BE-API-034: Added IP address filter
+		if ipAddress := c.Query("ip_address"); ipAddress != "" {
+			req.IPAddress = ipAddress
+		}
+		// BE-API-034: Added user_agent filter
+		if userAgent := c.Query("user_agent"); userAgent != "" {
+			req.UserAgent = userAgent
+		}
 		if startDateStr := c.Query("start_date"); startDateStr != "" {
 			if startDate, err := time.Parse("2006-01-02", startDateStr); err == nil {
 				req.StartDate = &startDate
+			} else {
+				RespondWithAppError(c, apperrors.NewValidationError("Invalid start_date format. Use YYYY-MM-DD"))
+				return
 			}
 		}
 		if endDateStr := c.Query("end_date"); endDateStr != "" {
 			if endDate, err := time.Parse("2006-01-02", endDateStr); err == nil {
 				req.EndDate = &endDate
+			} else {
+				RespondWithAppError(c, apperrors.NewValidationError("Invalid end_date format. Use YYYY-MM-DD"))
+				return
+			}
+		}
+
+		// BE-API-034: Improved pagination - support both page/limit and offset/limit
+		if pageStr := c.Query("page"); pageStr != "" {
+			if page, err := strconv.Atoi(pageStr); err == nil && page > 0 {
+				req.Page = page
+			} else {
+				RespondWithAppError(c, apperrors.NewValidationError("Invalid page number. Must be a positive integer"))
+				return
 			}
 		}
 		if limitStr := c.Query("limit"); limitStr != "" {
 			if limit, err := strconv.Atoi(limitStr); err == nil && limit > 0 && limit <= 100 {
 				req.Limit = limit
 			} else {
-				req.Limit = 50 // Limite par défaut
+				RespondWithAppError(c, apperrors.NewValidationError("Invalid limit. Must be between 1 and 100"))
+				return
 			}
 		} else {
-			req.Limit = 50
+			req.Limit = 50 // Limite par défaut
 		}
 		if offsetStr := c.Query("offset"); offsetStr != "" {
 			if offset, err := strconv.Atoi(offsetStr); err == nil && offset >= 0 {
 				req.Offset = offset
+			} else {
+				RespondWithAppError(c, apperrors.NewValidationError("Invalid offset. Must be a non-negative integer"))
+				return
 			}
 		}

@ -89,15 +119,35 @@ func (ah *AuditHandler) SearchLogs() gin.HandlerFunc {
 				zap.Error(err),
 				zap.String("user_id", userID.String()),
 			)
-			c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to search audit logs"})
+			RespondWithAppError(c, apperrors.Wrap(apperrors.ErrCodeInternal, "Failed to search audit logs", err))
 			return
 		}

-		c.JSON(http.StatusOK, gin.H{
+		// BE-API-034: Get total count for pagination
+		total, err := ah.auditService.CountLogs(c.Request.Context(), req)
+		if err != nil {
+			ah.logger.Warn("Failed to count audit logs, continuing without total",
+				zap.Error(err),
+			)
+			total = int64(len(logs)) // Fallback to current count
+		}
+
+		// BE-API-034: Standardize response format with pagination metadata
+		response := gin.H{
 			"logs":  logs,
 			"count": len(logs),
-			"query": req,
-		})
+			"total": total,
+			"limit": req.Limit,
+		}
+
+		if req.Page > 0 {
+			response["page"] = req.Page
+			response["total_pages"] = (int(total) + req.Limit - 1) / req.Limit
+		} else {
+			response["offset"] = req.Offset
+		}
+
+		RespondSuccess(c, http.StatusOK, response)
 	}
 }

--- a/veza-backend-api/internal/services/audit_service.go
+++ b/veza-backend-api/internal/services/audit_service.go
@ -43,14 +43,19 @@ type AuditLogCreateRequest struct {
 }

 // AuditLogSearchRequest paramètres de recherche
+// BE-API-034: Enhanced with better filtering and pagination
 type AuditLogSearchRequest struct {
-	UserID    *uuid.UUID `json:"user_id"`
-	Action    string     `json:"action"`
-	Resource  string     `json:"resource"`
-	StartDate *time.Time `json:"start_date"`
-	EndDate   *time.Time `json:"end_date"`
-	Limit     int        `json:"limit"`
-	Offset    int        `json:"offset"`
+	UserID     *uuid.UUID `json:"user_id"`
+	Action     string     `json:"action"`
+	Resource   string     `json:"resource"`
+	ResourceID *uuid.UUID `json:"resource_id"`
+	IPAddress  string     `json:"ip_address"`
+	UserAgent  string     `json:"user_agent"`
+	StartDate  *time.Time `json:"start_date"`
+	EndDate    *time.Time `json:"end_date"`
+	Limit      int        `json:"limit"`
+	Offset     int        `json:"offset"`
+	Page       int        `json:"page"` // Alternative to offset (page-based pagination)
 }

 // AuditStats statistiques d'audit
@ -300,6 +305,77 @@ func (as *AuditService) SearchLogs(ctx context.Context, req *AuditLogSearchReque
 	return logs, nil
 }

+// CountLogs compte le nombre total de logs correspondant aux critères de recherche
+// BE-API-034: Added total count for pagination
+func (as *AuditService) CountLogs(ctx context.Context, req *AuditLogSearchRequest) (int64, error) {
+	query := `
+		SELECT COUNT(*)
+		FROM audit_logs
+		WHERE 1=1
+	`
+	args := []interface{}{}
+	argIndex := 1
+
+	if req.UserID != nil {
+		query += fmt.Sprintf(" AND user_id = $%d", argIndex)
+		args = append(args, *req.UserID)
+		argIndex++
+	}
+
+	if req.Action != "" {
+		query += fmt.Sprintf(" AND action = $%d", argIndex)
+		args = append(args, req.Action)
+		argIndex++
+	}
+
+	if req.Resource != "" {
+		query += fmt.Sprintf(" AND resource = $%d", argIndex)
+		args = append(args, req.Resource)
+		argIndex++
+	}
+
+	if req.ResourceID != nil {
+		query += fmt.Sprintf(" AND resource_id = $%d", argIndex)
+		args = append(args, *req.ResourceID)
+		argIndex++
+	}
+
+	if req.IPAddress != "" {
+		query += fmt.Sprintf(" AND ip_address = $%d", argIndex)
+		args = append(args, req.IPAddress)
+		argIndex++
+	}
+
+	if req.UserAgent != "" {
+		query += fmt.Sprintf(" AND user_agent LIKE $%d", argIndex)
+		args = append(args, "%"+req.UserAgent+"%")
+		argIndex++
+	}
+
+	if req.StartDate != nil {
+		query += fmt.Sprintf(" AND timestamp >= $%d", argIndex)
+		args = append(args, *req.StartDate)
+		argIndex++
+	}
+
+	if req.EndDate != nil {
+		query += fmt.Sprintf(" AND timestamp <= $%d", argIndex)
+		args = append(args, *req.EndDate)
+		argIndex++
+	}
+
+	var count int64
+	err := as.db.QueryRowContext(ctx, query, args...).Scan(&count)
+	if err != nil {
+		as.logger.Error("Failed to count audit logs",
+			zap.Error(err),
+		)
+		return 0, fmt.Errorf("failed to count audit logs: %w", err)
+	}
+
+	return count, nil
+}
+
 // GetStats récupère les statistiques d'audit
 func (as *AuditService) GetStats(ctx context.Context, startDate, endDate time.Time) ([]*AuditStats, error) {
 	query := `