feat: append-only audit trail for all mutations (P0)

2026-03-30 11:08:41 +02:00
parent c324a2b5c7 b36247dfb9
commit 5e88384fab
17 changed files with 568 additions and 36 deletions
--- a/backend/internal/auth/context.go
+++ b/backend/internal/auth/context.go
@@ -9,8 +9,10 @@ import (
 type contextKey string

 const (
-	userIDKey   contextKey = "user_id"
-	tenantIDKey contextKey = "tenant_id"
+	userIDKey    contextKey = "user_id"
+	tenantIDKey  contextKey = "tenant_id"
+	ipKey        contextKey = "ip_address"
+	userAgentKey contextKey = "user_agent"
 )

 func ContextWithUserID(ctx context.Context, userID uuid.UUID) context.Context {
@@ -30,3 +32,23 @@ func TenantFromContext(ctx context.Context) (uuid.UUID, bool) {
 	id, ok := ctx.Value(tenantIDKey).(uuid.UUID)
 	return id, ok
 }
+
+func ContextWithRequestInfo(ctx context.Context, ip, userAgent string) context.Context {
+	ctx = context.WithValue(ctx, ipKey, ip)
+	ctx = context.WithValue(ctx, userAgentKey, userAgent)
+	return ctx
+}
+
+func IPFromContext(ctx context.Context) *string {
+	if v, ok := ctx.Value(ipKey).(string); ok && v != "" {
+		return &v
+	}
+	return nil
+}
+
+func UserAgentFromContext(ctx context.Context) *string {
+	if v, ok := ctx.Value(userAgentKey).(string); ok && v != "" {
+		return &v
+	}
+	return nil
+}
--- a/backend/internal/auth/middleware.go
+++ b/backend/internal/auth/middleware.go
@@ -35,8 +35,41 @@ func (m *Middleware) RequireAuth(next http.Handler) http.Handler {
 		}

 		ctx := ContextWithUserID(r.Context(), userID)
+<<<<<<< HEAD
 		// Tenant resolution is handled by TenantResolver middleware for scoped routes.
 		// Tenant management routes handle their own access control.
+||||||| 82878df
+
+		// Resolve tenant from user_tenants
+		var tenantID uuid.UUID
+		err = m.db.GetContext(r.Context(), &tenantID,
+			"SELECT tenant_id FROM user_tenants WHERE user_id = $1 LIMIT 1", userID)
+		if err != nil {
+			http.Error(w, "no tenant found for user", http.StatusForbidden)
+			return
+		}
+		ctx = ContextWithTenantID(ctx, tenantID)
+
+=======
+
+		// Resolve tenant from user_tenants
+		var tenantID uuid.UUID
+		err = m.db.GetContext(r.Context(), &tenantID,
+			"SELECT tenant_id FROM user_tenants WHERE user_id = $1 LIMIT 1", userID)
+		if err != nil {
+			http.Error(w, "no tenant found for user", http.StatusForbidden)
+			return
+		}
+		ctx = ContextWithTenantID(ctx, tenantID)
+
+		// Capture IP and user-agent for audit logging
+		ip := r.Header.Get("X-Forwarded-For")
+		if ip == "" {
+			ip = r.RemoteAddr
+		}
+		ctx = ContextWithRequestInfo(ctx, ip, r.UserAgent())
+
+>>>>>>> mai/knuth/p0-audit-trail-append
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }