Issue #90: Backend — AuditLog Entity & Module

[wumibals]

Labels: backend database audit nestjs
Area: backend/src/modules/audit/audit-log.entity.ts, backend/src/modules/audit/audit.service.ts, backend/src/modules/audit/audit.module.ts
Difficulty: Intermediate

Description

Every admin action (create, update, delete, login, logout) is recorded in the audit log. The AuditLog entity stores what happened, who did it, and when. The AuditService is injected into other modules to log events at key points.

Acceptance Criteria

• Create backend/src/modules/audit/audit-log.entity.ts with @Entity("audit_logs"):
  • Columns: id (UUID, primary, generated), action (varchar 50 — action label like "CREATE_MENU_ITEM"), entityType (varchar 50 — e.g. "menu"), entityId (varchar, nullable), adminId (UUID, nullable), adminUsername (varchar 100, nullable — denormalised for speed), details (text, nullable — human-readable summary), ipAddress (varchar 45, nullable), userAgent (text, nullable), restaurantId (UUID), createdAt (CreateDateColumn)
  • Index on (restaurantId, createdAt DESC) — primary read pattern
• Create backend/src/modules/audit/audit.service.ts with AuditService:
  • log(entry: Partial<AuditLog>): Promise<void> — creates and saves an audit log entry; never throws (wrap in try/catch and console.error on failure — audit logging must not break the main flow)
  • findAll(restaurantId: string, limit?: number): Promise<AuditLog[]> — ordered by createdAt DESC, limited
  • findByAdmin(adminId: string, restaurantId: string): Promise<AuditLog[]>
• Create backend/src/modules/audit/audit.module.ts — exports AuditService so other modules can inject it
• AuditService.log is intentionally fire-and-forget — callers do not await it in hot paths