feat: Audit log

API/Controller/Account/Authenticated/ChangeEmail.cs

@@ -3,7 +3,10 @@
 using Microsoft.AspNetCore.Mvc;
 using OpenShock.API.Models.Requests;
 using OpenShock.Common.Errors;
+using OpenShock.Common.Extensions;
+using OpenShock.Common.Models;
 using OpenShock.Common.Problems;
+using OpenShock.Common.Services.Audit;
 using OpenShock.Common.Utils;
 
 namespace OpenShock.API.Controller.Account.Authenticated;
@@ -24,7 +27,9 @@
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status409Conflict, MediaTypeNames.Application.ProblemJson)] // EmailChangeAlreadyInUse
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status429TooManyRequests, MediaTypeNames.Application.ProblemJson)] // EmailChangeTooMany
     // notActivated / deactivated / notFound are blocked by UserSessionAuthentication before reaching this controller.
-    public async Task<IActionResult> ChangeEmail([FromBody] ChangeEmailRequest body)
+    public async Task<IActionResult> ChangeEmail(
+        [FromBody] ChangeEmailRequest body,
+        [FromServices] IAuditService auditService)
     {
         if (string.IsNullOrEmpty(CurrentUser.PasswordHash))
         {
@@ -38,11 +43,20 @@
 
         var result = await _accountService.CreateEmailChangeFlowAsync(CurrentUser.Id, body.Email);
 
-        return result.Match<IActionResult>(
-            success => Ok(),
-            alreadyInUse => Problem(AccountError.EmailChangeAlreadyInUse),
-            unchanged => Problem(AccountError.EmailChangeUnchanged),
-            tooMany => Problem(AccountError.EmailChangeTooMany),
+        return await result.Match<Task<IActionResult>>(
+            async success =>
+            {
+                await auditService.LogAsync(
+                    CurrentUser.Id,
+                    AuditAction.EmailChangeRequested,
+                    ipAddress: HttpContext.GetRemoteIP(),
+                    userAgent: HttpContext.GetUserAgent(),
+                    metadata: new EmailChangeRequestedMetadata(body.Email));
+                return Ok();
+            },
+            alreadyInUse => Task.FromResult<IActionResult>(Problem(AccountError.EmailChangeAlreadyInUse)),
+            unchanged => Task.FromResult<IActionResult>(Problem(AccountError.EmailChangeUnchanged)),
+            tooMany => Task.FromResult<IActionResult>(Problem(AccountError.EmailChangeTooMany)),
             notActivated => throw new UnreachableException("Authenticated user is not activated"),
             deactivated => throw new UnreachableException("Authenticated user is deactivated"),
             notFound => throw new UnreachableException("Authenticated user not found in database"));

API/Controller/Account/Authenticated/ChangePassword.cs

@@ -3,7 +3,10 @@
 using Microsoft.AspNetCore.Mvc;
 using OpenShock.API.Models.Requests;
 using OpenShock.Common.Errors;
+using OpenShock.Common.Extensions;
+using OpenShock.Common.Models;
 using OpenShock.Common.Problems;
+using OpenShock.Common.Services.Audit;
 using OpenShock.Common.Utils;
 
 namespace OpenShock.API.Controller.Account.Authenticated;
@@ -22,7 +25,9 @@
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status403Forbidden, MediaTypeNames.Application.ProblemJson)] // PasswordChangeInvalidPassword
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status409Conflict, MediaTypeNames.Application.ProblemJson)] // PasswordNotSet
     // notActivated / deactivated / notFound are blocked by UserSessionAuthentication before reaching this controller.
-    public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordRequest body)
+    public async Task<IActionResult> ChangePassword(
+        [FromBody] ChangePasswordRequest body,
+        [FromServices] IAuditService auditService)
     {
         // OAuth-only accounts that have never set a password must go through the email-confirmed
         // /password/set flow rather than silently setting one through this endpoint.
@@ -38,8 +43,16 @@
 
         var result = await _accountService.ChangePasswordAsync(CurrentUser.Id, body.NewPassword);
 
-        return result.Match<IActionResult>(
-            success => Ok(),
+        return await result.Match<Task<IActionResult>>(
+            async success =>
+            {
+                await auditService.LogAsync(
+                    CurrentUser.Id,
+                    AuditAction.PasswordChanged,
+                    ipAddress: HttpContext.GetRemoteIP(),
+                    userAgent: HttpContext.GetUserAgent());
+                return Ok();
+            },
             notActivated => throw new UnreachableException("Authenticated user is not activated"),
             deactivated => throw new UnreachableException("Authenticated user is deactivated"),
             notFound => throw new UnreachableException("Authenticated user not found in database"));

API/Controller/Account/Authenticated/ChangeUsername.cs

@@ -1,8 +1,11 @@
 using Microsoft.AspNetCore.Mvc;
 using OpenShock.API.Models.Requests;
 using OpenShock.Common.Errors;
+using OpenShock.Common.Extensions;
+using OpenShock.Common.Utils;
 using OpenShock.Common.Models;
 using OpenShock.Common.Problems;
+using OpenShock.Common.Services.Audit;
 using System.Net.Mime;
 
 namespace OpenShock.API.Controller.Account.Authenticated;
@@ -21,17 +24,29 @@
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status409Conflict, MediaTypeNames.Application.ProblemJson)] // UsernameTaken
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status400BadRequest, MediaTypeNames.Application.ProblemJson)] // UsernameInvalid
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status403Forbidden, MediaTypeNames.Application.ProblemJson)] // UsernameRecentlyChanged
-    public async Task<IActionResult> ChangeUsername([FromBody] ChangeUsernameRequest body)
+    public async Task<IActionResult> ChangeUsername(
+        [FromBody] ChangeUsernameRequest body,
+        [FromServices] IAuditService auditService)
     {
+        var oldUsername = CurrentUser.Name;
         var result = await _accountService.ChangeUsernameAsync(CurrentUser.Id, body.Username,
             CurrentUser.Roles.Any(r => r is RoleType.Staff or RoleType.Admin or RoleType.System));
 
-        return result.Match<IActionResult>(
-            success => Ok(),
-            usernametaken => Problem(AccountError.UsernameTaken),
-            usernameerror => Problem(AccountError.UsernameInvalid(usernameerror)),
-            recentlychanged => Problem(AccountError.UsernameRecentlyChanged),
-            accountdeactivated => Problem(AccountError.AccountDeactivated),
+        return await result.Match<Task<IActionResult>>(
+            async success =>
+            {
+                await auditService.LogAsync(
+                    CurrentUser.Id,
+                    AuditAction.UsernameChanged,
+                    ipAddress: HttpContext.GetRemoteIP(),
+                    userAgent: HttpContext.GetUserAgent(),
+                    metadata: new UsernameChangedMetadata(oldUsername, body.Username));
+                return Ok();
+            },
+            usernametaken => Task.FromResult<IActionResult>(Problem(AccountError.UsernameTaken)),
+            usernameerror => Task.FromResult<IActionResult>(Problem(AccountError.UsernameInvalid(usernameerror))),
+            recentlychanged => Task.FromResult<IActionResult>(Problem(AccountError.UsernameRecentlyChanged)),
+            accountdeactivated => Task.FromResult<IActionResult>(Problem(AccountError.AccountDeactivated)),
             notfound => throw new Exception("Unexpected result, apparently our current user does not exist..."));
     }
 }

API/Controller/Account/Authenticated/Deactivate.cs

@@ -1,7 +1,11 @@
 using Microsoft.AspNetCore.Mvc;
 using System.Net.Mime;
 using OpenShock.Common.Errors;
+using OpenShock.Common.Extensions;
+using OpenShock.Common.Utils;
+using OpenShock.Common.Models;
 using OpenShock.Common.Problems;
+using OpenShock.Common.Services.Audit;
 
 namespace OpenShock.API.Controller.Account.Authenticated;
 
@@ -14,14 +18,23 @@ public sealed partial class AuthenticatedAccountController
     [HttpDelete]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status403Forbidden, MediaTypeNames.Application.ProblemJson)] // CannotDeactivatePrivledgedAccount
-    public async Task<IActionResult> Deactivate()
+    public async Task<IActionResult> Deactivate([FromServices] IAuditService auditService)
     {
         var deactivationResult = await _accountService.DeactivateAccountAsync(CurrentUser.Id, CurrentUser.Id, deleteLater: true);
-        return deactivationResult.Match<IActionResult>(
-            success => NoContent(),
-            cannotDeactivatePrivledged => Problem(AccountActivationError.CannotDeactivateOrDeletePrivledgedAccount),
-            alreadyDeactivated => Problem(AccountActivationError.AlreadyDeactivated),
-            unauthorized => Problem(AccountActivationError.Unauthorized),
+        return await deactivationResult.Match<Task<IActionResult>>(
+            async success =>
+            {
+                await auditService.LogAsync(
+                    CurrentUser.Id,
+                    AuditAction.AccountDeactivated,
+                    ipAddress: HttpContext.GetRemoteIP(),
+                    userAgent: HttpContext.GetUserAgent(),
+                    metadata: new AccountDeactivatedMetadata(DeleteLater: true));
+                return NoContent();
+            },
+            cannotDeactivatePrivledged => Task.FromResult<IActionResult>(Problem(AccountActivationError.CannotDeactivateOrDeletePrivledgedAccount)),
+            alreadyDeactivated => Task.FromResult<IActionResult>(Problem(AccountActivationError.AlreadyDeactivated)),
+            unauthorized => Task.FromResult<IActionResult>(Problem(AccountActivationError.Unauthorized)),
             notFound => throw new Exception("This is not supposed to happen, wtf?")
         );
     }

API/Controller/Account/Authenticated/GetAuditLog.cs

@@ -0,0 +1,49 @@
+using System.Net.Mime;
+using Microsoft.AspNetCore.Mvc;
+using OpenShock.API.Models.Response;
+using OpenShock.Common.OpenShockDb;
+using OpenShock.Common.Services.Audit;
+using OpenShock.Common.Utils.Pagination;
+
+namespace OpenShock.API.Controller.Account.Authenticated;
+
+public sealed partial class AuthenticatedAccountController
+{
+    /// <summary>
+    /// Get the audit log for the current user's account.
+    /// </summary>
+    /// <param name="pagination">Page, sort, and search parameters.</param>
+    /// <param name="auditService"></param>
+    /// <param name="cancellationToken"></param>
+    /// <response code="200">A page of audit log entries.</response>
+    [HttpGet("audit-log")]
+    [ProducesResponseType<PagedResult<AuditLogEntryResponse>>(StatusCodes.Status200OK, MediaTypeNames.Application.Json)]
+    public async Task<PagedResult<AuditLogEntryResponse>> GetAuditLog(
+        [FromQuery] PaginationQuery pagination,
+        [FromServices] IAuditService auditService,
+        CancellationToken cancellationToken)
+    {
+        var paged = await auditService.GetPagedForUserAsync(CurrentUser.Id, pagination, cancellationToken);
+        return MapPaged(paged);
+    }
+
+    internal static PagedResult<AuditLogEntryResponse> MapPaged(PagedResult<UserAuditLog> paged) => new()
+    {
+        Items = paged.Items.Select(MapEntry).ToArray(),
+        Page = paged.Page,
+        PageSize = paged.PageSize,
+        TotalCount = paged.TotalCount,
+    };
+
+    private static AuditLogEntryResponse MapEntry(UserAuditLog x) => new()
+    {
+        Id = x.Id,
+        UserId = x.UserId,
+        ActorId = x.ActorId,
+        Action = x.Action,
+        IpAddress = x.IpAddress,
+        UserAgent = x.UserAgent,
+        Metadata = x.Metadata,
+        CreatedAt = x.CreatedAt,
+    };
+}

API/Controller/Account/Authenticated/OAuthConnectionRemove.cs

@@ -1,5 +1,9 @@
 using Microsoft.AspNetCore.Mvc;
 using OpenShock.API.Services.OAuthConnection;
+using OpenShock.Common.Extensions;
+using OpenShock.Common.Utils;
+using OpenShock.Common.Models;
+using OpenShock.Common.Services.Audit;
 
 namespace OpenShock.API.Controller.Account.Authenticated;
 
@@ -10,19 +14,31 @@ public sealed partial class AuthenticatedAccountController
     /// </summary>
     /// <param name="provider">Provider key (e.g. <c>discord</c>).</param>
     /// <param name="connectionService"></param>
+    /// <param name="auditService"></param>
     /// <param name="cancellationToken"></param>
     /// <response code="204">Connection removed.</response>
     /// <response code="404">No connection found for this provider.</response>
     [HttpDelete("connections/{provider}")]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
-    public async Task<IActionResult> RemoveOAuthConnection([FromRoute] string provider, [FromServices] IOAuthConnectionService connectionService, CancellationToken cancellationToken)
+    public async Task<IActionResult> RemoveOAuthConnection(
+        [FromRoute] string provider,
+        [FromServices] IOAuthConnectionService connectionService,
+        [FromServices] IAuditService auditService,
+        CancellationToken cancellationToken)
     {
         var deleted = await connectionService.TryRemoveConnectionAsync(CurrentUser.Id, provider, cancellationToken);
 
         if (!deleted)
             return NotFound();
 
+        await auditService.LogAsync(
+            CurrentUser.Id,
+            AuditAction.OAuthDisconnected,
+            ipAddress: HttpContext.GetRemoteIP(),
+            userAgent: HttpContext.GetUserAgent(),
+            metadata: new OAuthDisconnectedMetadata(provider));
+
         return NoContent();
     }
 }

API/Controller/Account/Logout.cs

@@ -1,6 +1,9 @@
 using Asp.Versioning;
 using Microsoft.AspNetCore.Mvc;
 using OpenShock.Common.Extensions;
+using OpenShock.Common.Utils;
+using OpenShock.Common.Models;
+using OpenShock.Common.Services.Audit;
 using OpenShock.Common.Services.Session;
 
 namespace OpenShock.API.Controller.Account;
@@ -10,12 +13,22 @@ public sealed partial class AccountController
     [HttpPost("logout")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [MapToApiVersion("1")]
-    public async Task<IActionResult> Logout([FromServices] ISessionService sessionService)
+    public async Task<IActionResult> Logout(
+        [FromServices] ISessionService sessionService,
+        [FromServices] IAuditService auditService)
     {
-        // Remove session if valid
         if (HttpContext.TryGetUserSessionToken(out var sessionToken))
         {
-            await sessionService.DeleteSessionByTokenAsync(sessionToken);
+            var session = await sessionService.GetSessionByTokenAsync(sessionToken);
+            if (session is not null)
+            {
+                await sessionService.DeleteSessionAsync(session);
+                await auditService.LogAsync(
+                    session.UserId,
+                    AuditAction.Logout,
+                    ipAddress: HttpContext.GetRemoteIP(),
+                    userAgent: HttpContext.GetUserAgent());
+            }
         }
 
         // Make sure cookie is removed, no matter if authenticated or not

API/Controller/Account/VerifyEmail.cs

@@ -3,7 +3,11 @@
 using Microsoft.AspNetCore.Mvc;
 using Asp.Versioning;
 using OpenShock.Common.Errors;
+using OpenShock.Common.Extensions;
+using OpenShock.Common.Utils;
+using OpenShock.Common.Models;
 using OpenShock.Common.Problems;
+using OpenShock.Common.Services.Audit;
 
 namespace OpenShock.API.Controller.Account;
 
@@ -20,8 +24,8 @@ public sealed partial class AccountController
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status400BadRequest, MediaTypeNames.Application.ProblemJson)]
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status409Conflict, MediaTypeNames.Application.ProblemJson)]
     [MapToApiVersion("1")]
-    public Task<IActionResult> EmailVerify([FromQuery(Name = "token")] string token, CancellationToken cancellationToken)
-        => VerifyPendingEmailChange(token, cancellationToken);
+    public Task<IActionResult> EmailVerify([FromQuery(Name = "token")] string token, [FromServices] IAuditService auditService, CancellationToken cancellationToken)
+        => VerifyPendingEmailChange(token, auditService, cancellationToken);
 
     /// <summary>
     /// Verify a pending email change. Deprecated: use POST /email-change/verify instead.
@@ -35,16 +39,25 @@ public Task<IActionResult> EmailVerify([FromQuery(Name = "token")] string token,
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status400BadRequest, MediaTypeNames.Application.ProblemJson)]
     [ProducesResponseType<OpenShockProblem>(StatusCodes.Status409Conflict, MediaTypeNames.Application.ProblemJson)]
     [MapToApiVersion("1")]
-    public Task<IActionResult> EmailVerifyLegacy([FromQuery(Name = "token")] string token, CancellationToken cancellationToken)
-        => VerifyPendingEmailChange(token, cancellationToken);
+    public Task<IActionResult> EmailVerifyLegacy([FromQuery(Name = "token")] string token, [FromServices] IAuditService auditService, CancellationToken cancellationToken)
+        => VerifyPendingEmailChange(token, auditService, cancellationToken);
 
-    private async Task<IActionResult> VerifyPendingEmailChange(string token, CancellationToken cancellationToken)
+    private async Task<IActionResult> VerifyPendingEmailChange(string token, IAuditService auditService, CancellationToken cancellationToken)
     {
         var result = await _accountService.TryVerifyEmailAsync(token, cancellationToken);
 
-        return result.Match<IActionResult>(
-            success => Ok(),
-            notFound => Problem(AccountError.EmailChangeNotFound),
-            emailTaken => Problem(AccountError.EmailChangeAlreadyInUse));
+        return await result.Match<Task<IActionResult>>(
+            async success =>
+            {
+                await auditService.LogAsync(
+                    success.Value.UserId,
+                    AuditAction.EmailChanged,
+                    ipAddress: HttpContext.GetRemoteIP(),
+                    userAgent: HttpContext.GetUserAgent(),
+                    metadata: new EmailChangedMetadata(success.Value.OldEmail, success.Value.NewEmail));
+                return Ok();
+            },
+            notFound => Task.FromResult<IActionResult>(Problem(AccountError.EmailChangeNotFound)),
+            emailTaken => Task.FromResult<IActionResult>(Problem(AccountError.EmailChangeAlreadyInUse)));
     }
 }