diff --git a/api/src/routes/applications.ts b/api/src/routes/applications.ts index 5f3f90c..f76570f 100644 --- a/api/src/routes/applications.ts +++ b/api/src/routes/applications.ts @@ -12,6 +12,7 @@ import { Request, response, Response } from 'express'; import { getUserRoles } from '../services/db/rolesService'; import { requireLogin, requireRole } from '../middleware/auth'; import { logger } from '../services/logging/logger'; +import { audit, AuditContext } from '../services/logging/auditLog'; import { bus } from '../services/events/eventBus'; //get CoC @@ -58,6 +59,8 @@ router.post('/', [requireLogin], async (req: Request, res: Response) => { res.sendStatus(201); + audit.application('created', { actorId: memberID, targetId: appID }); + bus.emit("application.create", { application: appID, member_name: req.user.name, member_discord_id: req.user.discord_id || null }) logger.info('app', 'Application Posted', { @@ -228,31 +231,26 @@ router.post('/approve/:id', [requireLogin, requireRole("Recruiter")], async (req const app = await getApplicationByID(appID); try { - console.log("HELLO MFS") var con = await pool.getConnection(); - console.log("START") con.beginTransaction(); - console.log("APPROVE") await approveApplication(appID, approved_by, con); - console.log("STATE") //update user profile await setUserState(app.member_id, MemberState.Member, "Application Accepted", approved_by, con); - console.log("SP") - await con.query('CALL sp_accept_new_recruit_validation(?, ?, ?, ?)', [Number(process.env.CONFIG_ID), app.member_id, approved_by, approved_by]) - console.log("COMMIT") - con.commit(); logger.info('app', "Member application approved", { application: app.id, applicant: app.member_id, approver: approved_by }) + + audit.application('approved', { actorId: approved_by, targetId: appID }, { applicantId: app.member_id }); + res.sendStatus(200); } catch (error) { @@ -288,6 +286,7 @@ router.post('/deny/:id', [requireLogin, requireRole("Recruiter")], async (req: R applicant: app.member_id, approver: approver }) + audit.application('denied', { actorId: approver, targetId: appID }, { applicantId: app.member_id }); res.sendStatus(200); } catch (error) { logger.error( @@ -305,7 +304,7 @@ router.post('/deny/:id', [requireLogin, requireRole("Recruiter")], async (req: R // POST /application/:id/comment router.post('/:id/comment', [requireLogin], async (req: Request, res: Response) => { - const appID = req.params.id; + const appID = Number(req.params.id); const data = req.body.message; const user = req.user; @@ -337,10 +336,12 @@ VALUES(?, ?, ?);` WHERE app.id = ?; `; const comment = await conn.query(getSQL, [result.insertId]) + audit.record('application', 'comment_added', { actorId: user.id, targetId: appID }, { commentId: Number(result.insertId) }); + logger.info('app', "Application comment posted", { application: appID, poster: user.id, - comment: result.insertId, + comment: Number(result.insertId), }) res.status(201).json(comment[0]); @@ -363,7 +364,7 @@ VALUES(?, ?, ?);` // POST /application/:id/comment router.post('/:id/adminComment', [requireLogin, requireRole("Recruiter")], async (req: Request, res: Response) => { - const appID = req.params.id; + const appID = Number(req.params.id); const data = req.body.message; const user = req.user; @@ -395,7 +396,7 @@ VALUES(?, ?, ?, 1);` INNER JOIN members AS member ON member.id = app.poster_id WHERE app.id = ?; `; const comment = await conn.query(getSQL, [result.insertId]) - + audit.record('application', 'comment_added', { actorId: user.id, targetId: appID }, { commentId: result.insertId }); logger.info('app', "Admin application comment posted", { application: appID, poster: user.id, @@ -424,6 +425,7 @@ router.post('/restart', async (req: Request, res: Response) => { try { await setUserState(user, MemberState.Guest, "Restarted Application", user); + audit.application('restarted', { actorId: user, targetId: user }); logger.info('app', "Member restarted application", { user: user })