feat: audit log

[TaduJR]

What does this PR do?

This change tries to resolve #1461 by adding audit logger on v1 api, v2 api and backend.
These are the list of events handled on Teams and Organizations

Event-Types
	- Modified
		Event Setup
			Title
			Duration
			Location
	- Created
	- Delete

Bookings
	- Modified
		Reschedule
		Edit Location
	- Created
	- Cancelled

Note

This PR needs frontend integration and audit log table data fetching based on logged team

Important

I already made the common local parser. It just needs integration with the frontend.

Tip

I have an idea on where to show the Logged Events. Check this the screenshot.

• Fixes [CAL-1710] Audit log #1461 (GitHub issue number)
• Fixes CAL-1461 (Linear issue number - should be visible at the bottom of the GitHub issue description)

Handling EventType Audit Logs
https://www.loom.com/share/07e24f0d6249494da1647ce4f9a82520

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected)
• I have added a Docs issue here if this PR makes changes that would require a documentation change
• I have added or modified automated tests that prove my fix is effective or that my feature works (PRs might be rejected if logical changes are not properly tested)

How should this be tested?

• Are there environment variables that should be set? No
• What are the minimal test data to have? Event Type, Team and User Entity Records
• What is expected (happy path) to have (input and output)?
• Any other important info that could help to test that PR? Yes, check the Highlighted Markdowns

Checklist

• I haven't commented my code, particularly in hard-to-understand areas
  /claim [CAL-1710] Audit log #1461

[vercel]

@TaduJR is attempting to deploy a commit to the cal Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

Thank you for following the naming conventions! 🙏 Feel free to join our discord and post your PR link.

[graphite-app]

Graphite Automations

"Add community label" took an action on this PR • (05/11/24)

1 label was added to this PR based on Keith Williams's automation.

"Add foundation team as reviewer" took an action on this PR • (05/11/24)

1 reviewer was added to this PR based on Keith Williams's automation.

"Add consumer team as reviewer" took an action on this PR • (05/11/24)

1 reviewer was added to this PR based on Keith Williams's automation.

[github-actions]

📦 Next.js Bundle Analysis for @calcom/web

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌

[zomars]

This PR has a lot of potential. Thank you for your contribution 🙏 I have some observations in order to ensure this is a top quality feature.

Delegate auditing logs to a background task

Since we're doing extra writing to the database for each action being taken. We should find a way to delegate all this logging off the main thread. It is expected that this will make all logged actions slower. But we should try to make this the least intrusive as possible. Some possible approaches that come to mind is using a prisma middleware to avoid polluting the code itself.

Make the feature opt-in by default

Since this codebase is shared with all self posters. We should try to make all these features opt-in by default. That way we don't suddenly introduce more unexpected DB load or side effect after an update. A possible approach would be using our current feature flags to toggle logging on or off and it is turned off by default. That way we can also switch it off without having to redeploy in case something wrong happens.

Use dependency injection pattern

This is so we can easily switch to a third party service if needed. We can disable it locally. We can unit test it. We can switch it with another one. I would try to come up with a AuditLogger abstraction and create an InternalAuditLogger as our first option. Here's a very nice video explaining the pattern if you want to dive into that.

Feel free to reach out with questions and more guidance.

​May you be well 🙏

[zomars]

Is the relationship needed at all? We can ditch the relationship and still query by teamId don't we?

[zomars]

Instead of Json can we turn this into actorId so we can query/join the user on query? We're trying to avoid Json fields as much as possible are these are harder to index and query.

[zomars]

Same here on target. We can have a targetId: 1 and targetType: "team" instead of a Json field.

[zomars]

This could/should be an enum:

enum Crud {
  CREATE
  READ
  UPDATE
  DELETE
}

[zomars]

/tip $25

[algora-pbc]

🎉🎈 @TaduJR has been awarded $25! 🎈🎊

• Share on socials
• Give feedback

[TaduJR]

Hello @zomars. I will look into and fix every changes you requested and thank you so much for the tip.

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub ↗︎

👍 No dependency changes detected in pull request