rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app
History
Andras Bacsai a2096c6f68 feat(observability): add structured audit log channel for API and webhook events 
Introduce a dedicated `audit` log channel (daily rotation, configurable retention via
LOG_AUDIT_DAYS) and a small `auditLog()` / `auditLogWebhookFailure()` helper used to
record state-changing API operations and webhook events.

Instrumented:

- API mutation endpoints (create / update / delete / start / stop / restart) across
  applications, services, databases (incl. backups, env vars, storage), servers,
  projects + environments, scheduled tasks, private keys, GitHub apps, cloud provider
  tokens, Hetzner server provisioning, instance enable/disable.
- Webhook signature verification outcomes for GitHub, GitLab, Bitbucket, Gitea and
  Stripe, plus the Sentinel push endpoint.
- Authentication and authorization outcomes via the global exception handler and
  the `ApiAbility` middleware (unauthenticated, ability-denied, policy-denied).

The helper is wrapped in try/catch so logging failures never affect the request
path. Successful operations log at `info`; suspicious/denied requests log at
`warning`. Operators wanting a failures-only feed can set `LOG_AUDIT_LEVEL=warning`.

Includes a feature test suite covering the helper, the webhook providers and the
new auth/authorization log paths.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-28 14:50:37 +02:00
..
Actions refactor(database): escape postgres_user in SSL chown command 2026-04-20 21:41:48 +02:00
Console feat(security): support expiration on API tokens with warning notifications 2026-04-20 14:28:38 +02:00
Contracts refactor: streamline job status retrieval and clean up repository interface 2025-01-10 19:53:13 +01:00
Data refactor: simplify remote process chain and harden ActivityMonitor 2026-03-26 13:26:16 +01:00
Enums Add new role enum and apply authorization 2024-10-28 17:08:24 +01:00
Events Make proxy restart run as background job to prevent localhost lockout 2025-12-03 10:30:12 +01:00
Exceptions feat(observability): add structured audit log channel for API and webhook events 2026-04-28 14:50:37 +02:00
Helpers fix(ssh): handle chmod failures gracefully and simplify key management 2026-03-16 21:27:10 +01:00
Http feat(observability): add structured audit log channel for API and webhook events 2026-04-28 14:50:37 +02:00
Jobs fix: use --network host for Dockerfile buildpack builds 2026-04-26 19:30:05 +05:30
Listeners fix(proxy): defer UI refresh until Traefik version check completes 2025-12-27 15:16:58 +01:00
Livewire refactor(validation): tokenize shell-safe command pattern 2026-04-20 22:00:41 +02:00
Models refactor(auth): upgrade email verification hash to sha256 2026-04-20 12:09:48 +02:00
Notifications feat(security): support expiration on API tokens with warning notifications 2026-04-20 14:28:38 +02:00
Policies chore: prepare for PR 2026-02-25 11:18:46 +01:00
Providers refactor(api): validate and throttle feedback endpoint 2026-04-19 14:41:47 +02:00
Repositories refactor: streamline job status retrieval and clean up repository interface 2025-01-10 19:53:13 +01:00
Rules refactor(storage): tighten S3 endpoint URL validation 2026-04-20 11:50:19 +02:00
Services refactor: remove verbose logging and use explicit exception types 2026-03-20 15:57:26 +01:00
Support refactor(validation): tokenize shell-safe command pattern 2026-04-20 22:00:41 +02:00
Traits feat(security): support expiration on API tokens with warning notifications 2026-04-20 14:28:38 +02:00
View/Components feat(forms): make textarea monospace opt-in and improve multiline toggle 2026-03-31 15:37:42 +02:00