feat(ops-api/audit): annotate audit log IP with region lookup

Add an IPRegionResolver wrapping the ip2region xdb library and attach it
to AuditService so each appended event records both the raw IP and a
resolved region in a new ops.audit_logs.ip_region column. Loopback and
private addresses short-circuit to local labels; missing xdb data or
lookup errors degrade silently so auditing keeps working without it.
The ops console audit view shows the region beneath the IP. Bundle the
v4/v6 xdb data under internal/ops/app/ipregiondata so the resolver works
out of the box, with config paths/env overrides for swapping in updated
data sets.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-29 00:46:37 +08:00
parent 5a9d80c518
commit 3480d04ec3
17 changed files with 344 additions and 11 deletions
@@ -82,6 +82,7 @@ type auditLogDTO struct {
TargetID *string `json:"target_id"`
Metadata map[string]any `json:"metadata"`
IP *string `json:"ip"`
IPRegion *string `json:"ip_region"`
UserAgent *string `json:"user_agent"`
RequestID *string `json:"request_id"`
CreatedAt time.Time `json:"created_at"`
@@ -97,6 +98,7 @@ func toAuditLogDTO(l domain.AuditLog) auditLogDTO {
TargetID: l.TargetID,
Metadata: l.Metadata,
IP: l.IP,
IPRegion: l.IPRegion,
UserAgent: l.UserAgent,
RequestID: l.RequestID,
CreatedAt: l.CreatedAt,