feat: append-only audit trail for all mutations (P0)

2026-03-30 11:08:41 +02:00
parent c324a2b5c7 b36247dfb9
commit 5e88384fab
17 changed files with 568 additions and 36 deletions
--- a/backend/internal/auth/middleware.go
+++ b/backend/internal/auth/middleware.go
@@ -35,8 +35,41 @@ func (m *Middleware) RequireAuth(next http.Handler) http.Handler {
 		}

 		ctx := ContextWithUserID(r.Context(), userID)
+<<<<<<< HEAD
 		// Tenant resolution is handled by TenantResolver middleware for scoped routes.
 		// Tenant management routes handle their own access control.
+||||||| 82878df
+
+		// Resolve tenant from user_tenants
+		var tenantID uuid.UUID
+		err = m.db.GetContext(r.Context(), &tenantID,
+			"SELECT tenant_id FROM user_tenants WHERE user_id = $1 LIMIT 1", userID)
+		if err != nil {
+			http.Error(w, "no tenant found for user", http.StatusForbidden)
+			return
+		}
+		ctx = ContextWithTenantID(ctx, tenantID)
+
+=======
+
+		// Resolve tenant from user_tenants
+		var tenantID uuid.UUID
+		err = m.db.GetContext(r.Context(), &tenantID,
+			"SELECT tenant_id FROM user_tenants WHERE user_id = $1 LIMIT 1", userID)
+		if err != nil {
+			http.Error(w, "no tenant found for user", http.StatusForbidden)
+			return
+		}
+		ctx = ContextWithTenantID(ctx, tenantID)
+
+		// Capture IP and user-agent for audit logging
+		ip := r.Header.Get("X-Forwarded-For")
+		if ip == "" {
+			ip = r.RemoteAddr
+		}
+		ctx = ContextWithRequestInfo(ctx, ip, r.UserAgent())
+
+>>>>>>> mai/knuth/p0-audit-trail-append
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }