Skip to content

Commit c5bfc23

Browse files
authored
Merge pull request #177 from Nanfe01/confiq
feat: add on-chain config registry (Solidity+Soroban) + integration and tests
2 parents 6e2cae0 + 9b73244 commit c5bfc23

20 files changed

Lines changed: 4344 additions & 13 deletions

apps/api-service/src/audit/entities/audit-log.entity.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,11 @@ export enum EventType {
77
API_KEY_REVOKED = 'KeyRevoked',
88
GAS_TRANSACTION = 'GasTransaction',
99
GAS_SUBMISSION = 'GasSubmission',
10+
// Admin action events
11+
CONFIG_UPDATE = 'ConfigUpdate',
12+
ROLE_CHANGE = 'RoleChange',
13+
TREASURY_OPERATION = 'TreasuryOperation',
14+
SYSTEM_ADMIN = 'SystemAdmin',
1015
}
1116

1217
export enum OutcomeStatus {

apps/api-service/src/audit/services/audit-event-emitter.ts

Lines changed: 90 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,4 +91,94 @@ export class AuditEventEmitter {
9191
details: {},
9292
});
9393
}
94+
95+
/**
96+
* Emit configuration update event
97+
*/
98+
emitConfigUpdateEvent(
99+
adminUser: string,
100+
configType: string,
101+
changes: Record<string, any>,
102+
target?: string, // e.g., chain ID, global, etc.
103+
): void {
104+
this.emitAuditEvent({
105+
eventType: EventType.CONFIG_UPDATE,
106+
user: adminUser,
107+
details: {
108+
configType,
109+
changes,
110+
target,
111+
},
112+
outcome: OutcomeStatus.SUCCESS,
113+
});
114+
}
115+
116+
/**
117+
* Emit role change event
118+
*/
119+
emitRoleChangeEvent(
120+
adminUser: string,
121+
targetUser: string,
122+
action: 'grant' | 'revoke' | 'update',
123+
role: string,
124+
previousRole?: string,
125+
): void {
126+
this.emitAuditEvent({
127+
eventType: EventType.ROLE_CHANGE,
128+
user: adminUser,
129+
details: {
130+
targetUser,
131+
action,
132+
role,
133+
previousRole,
134+
},
135+
outcome: OutcomeStatus.SUCCESS,
136+
});
137+
}
138+
139+
/**
140+
* Emit treasury operation event
141+
*/
142+
emitTreasuryOperationEvent(
143+
adminUser: string,
144+
operation: string,
145+
amount?: string,
146+
asset?: string,
147+
recipient?: string,
148+
details?: Record<string, any>,
149+
): void {
150+
this.emitAuditEvent({
151+
eventType: EventType.TREASURY_OPERATION,
152+
user: adminUser,
153+
details: {
154+
operation,
155+
amount,
156+
asset,
157+
recipient,
158+
...details,
159+
},
160+
outcome: OutcomeStatus.SUCCESS,
161+
});
162+
}
163+
164+
/**
165+
* Emit system administration event
166+
*/
167+
emitSystemAdminEvent(
168+
adminUser: string,
169+
action: string,
170+
target: string,
171+
details?: Record<string, any>,
172+
): void {
173+
this.emitAuditEvent({
174+
eventType: EventType.SYSTEM_ADMIN,
175+
user: adminUser,
176+
details: {
177+
action,
178+
target,
179+
...details,
180+
},
181+
outcome: OutcomeStatus.SUCCESS,
182+
});
183+
}
94184
}

apps/api-service/src/audit/services/audit-log.service.ts

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -196,4 +196,62 @@ export class AuditLogService {
196196
details,
197197
);
198198
}
199+
200+
/**
201+
* Emit configuration update event
202+
*/
203+
emitConfigUpdate(
204+
adminUser: string,
205+
configType: string,
206+
changes: Record<string, any>,
207+
target?: string,
208+
): void {
209+
this.auditEventEmitter.emitConfigUpdateEvent(adminUser, configType, changes, target);
210+
}
211+
212+
/**
213+
* Emit role change event
214+
*/
215+
emitRoleChange(
216+
adminUser: string,
217+
targetUser: string,
218+
action: 'grant' | 'revoke' | 'update',
219+
role: string,
220+
previousRole?: string,
221+
): void {
222+
this.auditEventEmitter.emitRoleChangeEvent(adminUser, targetUser, action, role, previousRole);
223+
}
224+
225+
/**
226+
* Emit treasury operation event
227+
*/
228+
emitTreasuryOperation(
229+
adminUser: string,
230+
operation: string,
231+
amount?: string,
232+
asset?: string,
233+
recipient?: string,
234+
details?: Record<string, any>,
235+
): void {
236+
this.auditEventEmitter.emitTreasuryOperationEvent(
237+
adminUser,
238+
operation,
239+
amount,
240+
asset,
241+
recipient,
242+
details,
243+
);
244+
}
245+
246+
/**
247+
* Emit system administration event
248+
*/
249+
emitSystemAdmin(
250+
adminUser: string,
251+
action: string,
252+
target: string,
253+
details?: Record<string, any>,
254+
): void {
255+
this.auditEventEmitter.emitSystemAdminEvent(adminUser, action, target, details);
256+
}
199257
}

docs/AUDIT_LOGGING_SYSTEM.md

Lines changed: 106 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,106 @@ Logged when gas is submitted for processing (e.g., via subsidy program).
153153
- `subsidyProgram`: Which subsidy program (if applicable)
154154
- `status`: Submission status
155155

156+
### 7. Configuration Update (`ConfigUpdate`)
157+
Logged when system configuration is updated by an administrator.
158+
159+
**Fields in details:**
160+
- `configType`: Type of configuration being updated (e.g., "rate-limits", "alert-thresholds", "rpc-providers")
161+
- `changes`: Object containing the configuration changes made
162+
- `target`: Target of the configuration change (e.g., chain ID, "global", specific component)
163+
164+
**Example:**
165+
```json
166+
{
167+
"eventType": "ConfigUpdate",
168+
"timestamp": "2024-02-23T14:30:00Z",
169+
"user": "admin_user_123",
170+
"outcome": "success",
171+
"details": {
172+
"configType": "alert-thresholds",
173+
"changes": {
174+
"gasSpikeThreshold": 150,
175+
"volatilityThreshold": 25
176+
},
177+
"target": "chain-1"
178+
}
179+
}
180+
```
181+
182+
### 8. Role Change (`RoleChange`)
183+
Logged when user roles are modified by an administrator.
184+
185+
**Fields in details:**
186+
- `targetUser`: User whose role is being changed
187+
- `action`: Type of role change ("grant", "revoke", "update")
188+
- `role`: The role being granted/revoked/updated
189+
- `previousRole`: Previous role (for updates)
190+
191+
**Example:**
192+
```json
193+
{
194+
"eventType": "RoleChange",
195+
"timestamp": "2024-02-23T15:45:00Z",
196+
"user": "admin_user_123",
197+
"outcome": "success",
198+
"details": {
199+
"targetUser": "user_456",
200+
"action": "grant",
201+
"role": "admin",
202+
"previousRole": "operator"
203+
}
204+
}
205+
```
206+
207+
### 9. Treasury Operation (`TreasuryOperation`)
208+
Logged for treasury-related operations performed by administrators.
209+
210+
**Fields in details:**
211+
- `operation`: Type of treasury operation (e.g., "withdraw", "deposit", "transfer")
212+
- `amount`: Amount involved in the operation
213+
- `asset`: Asset type (e.g., "ETH", "USDC", "gas-tokens")
214+
- `recipient`: Recipient address or identifier
215+
- Additional operation-specific details
216+
217+
**Example:**
218+
```json
219+
{
220+
"eventType": "TreasuryOperation",
221+
"timestamp": "2024-02-23T16:20:00Z",
222+
"user": "admin_user_123",
223+
"outcome": "success",
224+
"details": {
225+
"operation": "withdraw",
226+
"amount": "1000",
227+
"asset": "ETH",
228+
"recipient": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e"
229+
}
230+
}
231+
```
232+
233+
### 10. System Administration (`SystemAdmin`)
234+
Logged for general system administration actions.
235+
236+
**Fields in details:**
237+
- `action`: Administrative action performed (e.g., "force-refresh", "system-restart", "maintenance-mode")
238+
- `target`: Target of the administrative action
239+
- Additional action-specific details
240+
241+
**Example:**
242+
```json
243+
{
244+
"eventType": "SystemAdmin",
245+
"timestamp": "2024-02-23T17:00:00Z",
246+
"user": "admin_user_123",
247+
"outcome": "success",
248+
"details": {
249+
"action": "force-refresh",
250+
"target": "gas-price-data",
251+
"reason": "Manual data refresh requested"
252+
}
253+
}
254+
```
255+
156256
## Database Schema
157257

158258
### audit_logs Table
@@ -201,7 +301,7 @@ Logged when gas is submitted for processing (e.g., via subsidy program).
201301
Retrieve audit logs with filtering and pagination.
202302

203303
**Query Parameters:**
204-
- `eventType` (string): Filter by event type (APIRequest, KeyCreated, KeyRotated, KeyRevoked, GasTransaction, GasSubmission)
304+
- `eventType` (string): Filter by event type (APIRequest, KeyCreated, KeyRotated, KeyRevoked, GasTransaction, GasSubmission, ConfigUpdate, RoleChange, TreasuryOperation, SystemAdmin)
205305
- `user` (string): Filter by user/merchant ID
206306
- `apiKey` (string): Filter by API key
207307
- `chainId` (integer): Filter by blockchain chain ID
@@ -339,7 +439,11 @@ Retrieve high-level audit statistics.
339439
"GasTransaction": 3000,
340440
"KeyRotated": 200,
341441
"KeyRevoked": 50,
342-
"GasSubmission": 32
442+
"GasSubmission": 32,
443+
"ConfigUpdate": 45,
444+
"RoleChange": 12,
445+
"TreasuryOperation": 8,
446+
"SystemAdmin": 23
343447
}
344448
}
345449
```

0 commit comments

Comments
 (0)