shankar0123 fc237de357 feat(audit): close P-H2 — server-side since / until time-range filters ...

Closes frontend-design-audit finding P-H2 (High):

  AuditPage filters time-range *client-side*; comment says "server
  may not support time params" — fetches the entire event window,
  throws 99% away in JS

Ground-truth recon found the closure is much smaller than the
audit's "1 day backend + 2 hours frontend" estimate:

  • repository AuditFilter.From / .To: ALREADY exist in
    internal/repository/filters.go:57-58
  • postgres.AuditRepository.List: ALREADY pushes
    `timestamp >= since` + `timestamp <= until` predicates into the
    SQL query (internal/repository/postgres/audit.go:107-116)
  • Composite index idx_audit_events_category_timestamp on
    (event_category, timestamp DESC) added in migration 000032
    makes the new query hit an index scan
  • MCP `certctl_audit_list_with_category` tool's docstring already
    advertises `since` / `until` (internal/mcp/tools_audit_fix.go:174)
    — but the server silently ignored them, making the published
    contract a lie

The only missing piece was the handler exposing the params + the
frontend porting from client-side filtering. ~150 lines total.

═══════════════════════════ CHANGES ═══════════════════════════════

Service (internal/service/audit.go):
  • New ListAuditEventsByFilter(ctx, since, until, category, page,
    perPage) threads time bounds into the existing repository.
    AuditFilter.From / .To fields.
  • Existing ListAuditEvents + ListAuditEventsByCategory become
    thin wrappers around the new method with zero times.

Handler (internal/api/handler/audit.go):
  • Interface gains ListAuditEventsByFilter signature.
  • ListAuditEvents handler parses `since` + `until` RFC3339 query
    params; 400 on malformed input or `until` not after `since`.
  • Single dispatch via ListAuditEventsByFilter for ALL request
    shapes (with or without time bounds, with or without category).

Tests (internal/api/handler/audit_handler_test.go):
  • mockAuditService gains listByFiltFunc + lastFilterSince/Until/
    Category trace fields.
  • 5 new subtests:
    - TestListAuditEvents_WithSinceUntil — happy path, both bounds
    - TestListAuditEvents_SinceOnly — one-sided open-ended
    - TestListAuditEvents_InvalidSince — 400 on garbage
    - TestListAuditEvents_UntilBeforeSince — 400 on reversed range
    - TestListAuditEvents_TimeRangePlusCategory — composes with
      auditor-role category=auth filter

Frontend (web/src/pages/AuditPage.tsx):
  • TIME_RANGES dropdown now sends `since` as RFC3339 (now − N hours)
    via the existing useQuery params object instead of filtering
    client-side after the fact.
  • Pre-P-H2 `filtered = data.data.filter(e => now-ts<N)` block
    deleted (replaced by `filtered = data?.data || []`); comment
    documents why for the diff reader.

OpenAPI (api/openapi.yaml):
  • listAuditEvents gains `since` + `until` query-param specs
    (format: date-time, description, P-H2 closure date).
  • Description block explains the `since`/`until` vs `from`/`to`
    naming divergence from the sibling /audit/export endpoint
    (different param semantics: list = open-ended bounds, export =
    required ≤ 90-day compliance window).

═══════════════════════════ VERIFICATION ═══════════════════════════

Backend (Go toolchain now wired in sandbox — go1.25.10 ARM64 from
.gomodcache, GOCACHE on /tmp partition):
  • gofmt -l on all touched files: clean
  • go vet ./... — exit 0
  • go test -short -count=1 ./internal/api/handler/... — ok 4.195s
    (existing 14 subtests + 5 new = 19/19 pass)
  • go test -short -count=1 ./internal/service/... — ok 4.733s
  • staticcheck ./internal/api/handler/... ./internal/service/...:
    zero findings

Frontend:
  • npm ci — 634 packages, exit 0 (resolves cleanly post-Hotfix #9)
  • npx tsc --noEmit — exit 0
  • npx vitest run src/pages/AuditPage.test.tsx — 4/4 pass
  • npx vite build — built in 3.49s

Ground-truth: origin/master tip b22cdb3 verified via GitHub API
BEFORE commit per the operating rule.

═══════════════════════════ RELATED NOTES ════════════════════════

  • AuditPage's `resource_type` / `actor` / `action` query params
    are ALSO silently ignored by the server today — the handler
    doesn't parse them. That's a separate latent gap (the audit
    only flagged the time filter); tracked as a follow-up for the
    next audit-handler pass. Not scope-creeping into this commit.
  • The `total` returned by ListAuditEventsByFilter is len(result),
    not a separate COUNT(*) query — same limitation as before;
    when the page ports to server-side cursoring the repository
    will need a CountAuditEvents(filter) method. Documented in
    the service comment.

2026-05-14 19:35:51 +00:00

267 KiB

Raw Blame History