m/KanzlAI-mGMT
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: append-only audit trail for all mutations (P0)

Browse Source 
- Database: kanzlai.audit_log table with RLS, append-only policies
  (no UPDATE/DELETE), indexes for entity, user, and time queries
- Backend: AuditService.Log() with context-based tenant/user/IP/UA
  extraction, wired into all 7 services (case, deadline, appointment,
  document, note, party, tenant)
- API: GET /api/audit-log with entity_type, entity_id, user_id,
  from/to date, and pagination filters
- Frontend: Protokoll tab on case detail page with chronological
  audit entries, diff preview, and pagination

Required by § 50 BRAO and DSGVO Art. 5(2).
This commit is contained in:
m
2026-03-30 11:02:28 +02:00
parent 82878dffd5
commit b36247dfb9
17 changed files with 533 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/internal/auth/middleware.go
View File

@@ -46,6 +46,13 @@ func (m *Middleware) RequireAuth(next http.Handler) http.Handler {
}
ctx = ContextWithTenantID(ctx, tenantID)
// Capture IP and user-agent for audit logging
ip := r.Header.Get("X-Forwarded-For")
if ip == "" {
ip = r.RemoteAddr
}
ctx = ContextWithRequestInfo(ctx, ip, r.UserAgent())
next.ServeHTTP(w, r.WithContext(ctx))
})
}