Files
geo/server/internal/ops/app/audit.go
T
root 3480d04ec3 feat(ops-api/audit): annotate audit log IP with region lookup
Add an IPRegionResolver wrapping the ip2region xdb library and attach it
to AuditService so each appended event records both the raw IP and a
resolved region in a new ops.audit_logs.ip_region column. Loopback and
private addresses short-circuit to local labels; missing xdb data or
lookup errors degrade silently so auditing keeps working without it.
The ops console audit view shows the region beneath the IP. Bundle the
v4/v6 xdb data under internal/ops/app/ipregiondata so the resolver works
out of the box, with config paths/env overrides for swapping in updated
data sets.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-29 00:46:37 +08:00

44 lines
1.0 KiB
Go

package app
import (
"context"
"go.uber.org/zap"
"github.com/geo-platform/tenant-api/internal/ops/domain"
"github.com/geo-platform/tenant-api/internal/ops/repository"
)
type AuditService struct {
repo *repository.AuditRepository
logger *zap.Logger
ipRegions *IPRegionResolver
}
func NewAuditService(repo *repository.AuditRepository, logger *zap.Logger) *AuditService {
return &AuditService{repo: repo, logger: logger}
}
func (s *AuditService) WithIPRegionResolver(resolver *IPRegionResolver) *AuditService {
s.ipRegions = resolver
return s
}
func (s *AuditService) Append(ctx context.Context, e domain.AuditEvent) error {
if e.IPRegion == "" && s.ipRegions != nil {
e.IPRegion = s.ipRegions.Lookup(e.IP)
}
if err := s.repo.Append(ctx, e); err != nil {
s.logger.Warn("ops audit append failed",
zap.String("action", e.Action),
zap.Error(err),
)
return err
}
return nil
}
func (s *AuditService) List(ctx context.Context, f domain.AuditLogFilter) ([]domain.AuditLog, int64, error) {
return s.repo.List(ctx, f)
}