feat(ops-api/audit): annotate audit log IP with region lookup
Add an IPRegionResolver wrapping the ip2region xdb library and attach it to AuditService so each appended event records both the raw IP and a resolved region in a new ops.audit_logs.ip_region column. Loopback and private addresses short-circuit to local labels; missing xdb data or lookup errors degrade silently so auditing keeps working without it. The ops console audit view shows the region beneath the IP. Bundle the v4/v6 xdb data under internal/ops/app/ipregiondata so the resolver works out of the box, with config paths/env overrides for swapping in updated data sets. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -48,7 +48,13 @@ func main() {
|
||||
adminUsersRepo := repository.NewAdminUserRepository(pool)
|
||||
auditsRepo := repository.NewAuditRepository(pool)
|
||||
|
||||
auditSvc := app.NewAuditService(auditsRepo, logger)
|
||||
ipRegionResolver, err := app.NewIPRegionResolver(cfg.IPRegion.V4XDBPath, cfg.IPRegion.V6XDBPath, logger)
|
||||
if err != nil {
|
||||
logger.Sugar().Warnf("ops-api ip2region disabled: %v", err)
|
||||
}
|
||||
defer ipRegionResolver.Close()
|
||||
|
||||
auditSvc := app.NewAuditService(auditsRepo, logger).WithIPRegionResolver(ipRegionResolver)
|
||||
issuer := app.NewTokenIssuer(cfg.JWT.Secret, cfg.JWT.AccessTTL)
|
||||
authSvc := app.NewAuthService(accountsRepo, auditSvc, issuer)
|
||||
accountSvc := app.NewAccountService(accountsRepo, auditSvc)
|
||||
|
||||
Reference in New Issue
Block a user