Documentation
¶
Overview ¶
Package audit provides structured audit logging for security-sensitive operations. It follows the WHO/WHAT/WHEN pattern for compliance and forensics.
Index ¶
- type Event
- type EventType
- type Logger
- func (l *Logger) APIAccess(remoteAddr, method, endpoint string, statusCode int)
- func (l *Logger) AuthFailure(remoteAddr, endpoint, reason string)
- func (l *Logger) AuthMissing(remoteAddr, endpoint string)
- func (l *Logger) AuthSuccess(remoteAddr, endpoint string)
- func (l *Logger) ConfigReload(actor, result string, details map[string]string)
- func (l *Logger) Log(event Event)
- func (l *Logger) LogFromContext(ctx context.Context, event Event)
- func (l *Logger) RateLimitExceeded(remoteAddr, endpoint string)
- func (l *Logger) RefreshComplete(actor string, channels, bouquets int, durationMS int64)
- func (l *Logger) RefreshError(actor, reason string)
- func (l *Logger) RefreshStart(actor string, bouquets []string)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Event ¶
type Event struct {
Timestamp time.Time `json:"timestamp"`
Type EventType `json:"type"`
Actor string `json:"actor"` // WHO: username, IP, or "system"
Action string `json:"action"` // WHAT: human-readable action description
Resource string `json:"resource"` // Resource affected (e.g., endpoint, config file)
Result string `json:"result"` // success, failure, denied
RemoteAddr string `json:"remote_addr"` // Client IP address
UserAgent string `json:"user_agent"` // Client user agent
RequestID string `json:"request_id"` // Correlation ID
Details map[string]string `json:"details,omitempty"` // Additional context
}
Event represents a structured audit event.
type EventType ¶
type EventType string
EventType represents the type of audit event.
const ( // Configuration events EventConfigReload EventType = "config.reload" EventConfigReloadError EventType = "config.reload.error" // Refresh events EventRefreshStart EventType = "refresh.start" EventRefreshSuccess EventType = "refresh.success" EventRefreshError EventType = "refresh.error" // Authentication events EventAuthSuccess EventType = "auth.success" EventAuthFailure EventType = "auth.failure" EventAuthMissing EventType = "auth.missing" // API access events EventAPIAccess EventType = "api.access" EventAPIForbidden EventType = "api.forbidden" EventAPIRateLimit EventType = "api.ratelimit" )
type Logger ¶
type Logger struct {
// contains filtered or unexported fields
}
Logger provides audit logging functionality.
func NewLogger ¶
func NewLogger() *Logger
NewLogger creates a new audit logger with a dedicated "audit" component.
func (*Logger) AuthFailure ¶
AuthFailure logs a failed authentication attempt.
func (*Logger) AuthMissing ¶
AuthMissing logs a request without authentication.
func (*Logger) AuthSuccess ¶
AuthSuccess logs a successful authentication.
func (*Logger) ConfigReload ¶
ConfigReload logs a configuration reload event.
func (*Logger) LogFromContext ¶
LogFromContext logs an audit event with context information. It automatically extracts request ID, remote addr, and user agent from the context.
func (*Logger) RateLimitExceeded ¶
RateLimitExceeded logs rate limit violations.
func (*Logger) RefreshComplete ¶
RefreshComplete logs a completed refresh operation.
func (*Logger) RefreshError ¶
RefreshError logs a failed refresh operation.
func (*Logger) RefreshStart ¶
RefreshStart logs the start of a refresh operation.
Source Files