kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

feat: enforce tenant isolation for audit logs and enhance user list filtering for multi-tenant admins

Browse Source
This commit is contained in:
조찬영
2026-03-04 14:12:39 +09:00
parent 9da97554ce
commit 39b41a4c42
7 changed files with 78 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
backend/internal/repository/clickhouse_repo.go
View File

@@ -54,6 +54,7 @@ func NewClickHouseRepository(host string, port int, user, password, db string) (
event_id String,
timestamp DateTime DEFAULT now(),
user_id String,
tenant_id String,
event_type String,
status String,
ip_address String,
@@ -69,6 +70,7 @@ func NewClickHouseRepository(host string, port int, user, password, db string) (
alterQuery := `
ALTER TABLE audit_logs
ADD COLUMN IF NOT EXISTS tenant_id String,
ADD COLUMN IF NOT EXISTS event_id String
`
if err := conn.Exec(context.Background(), alterQuery); err != nil {
@@ -87,13 +89,14 @@ func (r *ClickHouseRepository) Create(log *domain.AuditLog) error {
}
query := `
INSERT INTO audit_logs (event_id, timestamp, user_id, event_type, status, ip_address, user_agent, device_id, details)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
INSERT INTO audit_logs (event_id, timestamp, user_id, tenant_id, event_type, status, ip_address, user_agent, device_id, details)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
`
return r.conn.Exec(ctx, query,
log.EventID,
log.Timestamp,
log.UserID,
log.TenantID,
log.EventType,
log.Status,
log.IPAddress,
@@ -103,18 +106,25 @@ func (r *ClickHouseRepository) Create(log *domain.AuditLog) error {
)
}
func (r *ClickHouseRepository) FindPage(ctx context.Context, limit int, cursor *domain.AuditCursor) ([]domain.AuditLog, error) {
func (r *ClickHouseRepository) FindPage(ctx context.Context, limit int, cursor *domain.AuditCursor, tenantID string) ([]domain.AuditLog, error) {
if limit <= 0 {
limit = 50
}
query := `
SELECT event_id, timestamp, user_id, event_type, status, ip_address, user_agent, device_id, details
SELECT event_id, timestamp, user_id, tenant_id, event_type, status, ip_address, user_agent, device_id, details
FROM audit_logs
WHERE 1=1
`
args := make([]any, 0, 4)
args := make([]any, 0, 5)
if tenantID != "" {
query += " AND tenant_id = ?"
args = append(args, tenantID)
}
if cursor != nil {
query += `
WHERE (timestamp < ?) OR (timestamp = ? AND event_id < ?)
AND ((timestamp < ?) OR (timestamp = ? AND event_id < ?))
`
args = append(args, cursor.Timestamp, cursor.Timestamp, cursor.EventID)
}
@@ -137,6 +147,7 @@ func (r *ClickHouseRepository) FindPage(ctx context.Context, limit int, cursor *
&log.EventID,
&log.Timestamp,
&log.UserID,
&log.TenantID,
&log.EventType,
&log.Status,
&log.IPAddress,
@@ -156,7 +167,7 @@ func (r *ClickHouseRepository) FindByUserAndEvents(ctx context.Context, userID s
limit = 100
}
query := `
SELECT event_id, timestamp, user_id, event_type, status, ip_address, user_agent, device_id, details
SELECT event_id, timestamp, user_id, tenant_id, event_type, status, ip_address, user_agent, device_id, details
FROM audit_logs
WHERE user_id = ? AND event_type IN (?)
ORDER BY timestamp DESC
@@ -175,6 +186,7 @@ func (r *ClickHouseRepository) FindByUserAndEvents(ctx context.Context, userID s
&log.EventID,
&log.Timestamp,
&log.UserID,
&log.TenantID,
&log.EventType,
&log.Status,
&log.IPAddress,