Skip to main content

Audit Module

Logs security-relevant events for compliance and debugging. Provides both self-service endpoints (users can view their own audit trail) and admin endpoints.

Features​

  • Automatic event logging via hooks (auth, user, admin, security events)
  • Configurable event categories
  • Per-severity retention policies
  • Sampling support for high-traffic events
  • User self-service audit endpoints

Registration​

import "github.com/bete7512/goauth/internal/modules/audit"

a.Use(audit.New(&audit.Config{
TrackAuthEvents: true,
TrackUserEvents: true,
TrackAdminEvents: true,
TrackSecurityEvents: true,
RetentionDays: map[string]int{
"info": 30,
"warning": 90,
"critical": 365,
},
SampleRate: 1.0, // 1.0 = log everything, 0.5 = 50%
}))

Configuration​

type Config struct {
AuditLogRepository models.AuditLogRepository // Custom repo (optional)
RetentionDays map[string]int // Per-severity retention
TrackAuthEvents bool // Login, logout, signup
TrackUserEvents bool // Profile, password changes
TrackAdminEvents bool // Admin CRUD operations
TrackSecurityEvents bool // 2FA, suspicious activity
SampleRate float64 // 0.0–1.0 sampling rate
}

Endpoints​

User Self-Service​

MethodPathAuthDescription
GET/me/audit✓Get your audit logs
GET/me/audit/logins✓Get your login history
GET/me/audit/changes✓Get your profile changes
GET/me/audit/security✓Get your security events

Admin​

MethodPathAuthDescription
GET/admin/auditAdminList all audit logs
GET/admin/audit/users/{id}AdminGet audit logs for a user
GET/admin/audit/actions/{action}AdminGet logs by action type

Tracked Events​

When enabled, the module automatically subscribes to:

  • Auth: EventAfterSignup, EventAfterLogin, EventAfterLogout, EventAuthLoginFailed
  • User: EventAfterProfileUpdate, EventAfterPasswordChange, EventAfterEmailVerification
  • Admin: EventAdminAction, EventAdminUserUpdate, EventAdminUserDelete
  • Security: EventAfter2FASetup, EventAfter2FADisable