feat: add activity logs on user actions with authentication, resource… (#6748)

* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI * feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI * feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI * feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI * feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI * fix: add unit tests to info package for context changes * fix: add activity_interceptor.go suggestion Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> * fix: refactoring and fixes through PR review * fix: add auth service to lists of resourceAPIs --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Fabi <fabienne@zitadel.com>
2025-08-11 21:37:32 +00:00 · 2023-10-25 14:09:15 +02:00
parent 385a55bd21
commit 48ae5d58ac
13 changed files with 496 additions and 1 deletions
--- a/internal/api/grpc/admin/server.go
+++ b/internal/api/grpc/admin/server.go
@@ -79,5 +79,9 @@ func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
 }

 func (s *Server) GatewayPathPrefix() string {
+	return GatewayPathPrefix()
+}
+
+func GatewayPathPrefix() string {
 	return "/admin/v1"
 }
--- a/internal/api/grpc/management/server.go
+++ b/internal/api/grpc/management/server.go
@@ -71,5 +71,9 @@ func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
 }

 func (s *Server) GatewayPathPrefix() string {
+	return GatewayPathPrefix()
+}
+
+func GatewayPathPrefix() string {
 	return "/management/v1"
 }
--- a/internal/api/grpc/server/middleware/activity_interceptor.go
+++ b/internal/api/grpc/server/middleware/activity_interceptor.go
@@ -0,0 +1,35 @@
+package middleware
+
+import (
+	"context"
+	"slices"
+	"strings"
+
+	"google.golang.org/grpc"
+
+	"github.com/zitadel/zitadel/internal/activity"
+)
+
+func ActivityInterceptor() grpc.UnaryServerInterceptor {
+	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+		resp, err := handler(ctx, req)
+		if isResourceAPI(info.FullMethod) {
+			activity.TriggerWithContext(ctx, activity.ResourceAPI)
+		}
+		return resp, err
+	}
+}
+
+var resourcePrefixes = []string{
+	"/zitadel.management.v1.ManagementService/",
+	"/zitadel.admin.v1.AdminService/",
+	"/zitadel.user.v2beta.UserService/",
+	"/zitadel.settings.v2beta.SettingsService/",
+	"/zitadel.auth.v1.AuthService/",
+}
+
+func isResourceAPI(method string) bool {
+	return slices.ContainsFunc(resourcePrefixes, func(prefix string) bool {
+		return strings.HasPrefix(method, prefix)
+	})
+}
--- a/internal/api/grpc/server/server.go
+++ b/internal/api/grpc/server/server.go
@@ -58,6 +58,7 @@ func CreateServer(
 				middleware.TranslationHandler(),
 				middleware.ValidationHandler(),
 				middleware.ServiceHandler(),
+				middleware.ActivityInterceptor(),
 			),
 		),
 	}
--- a/internal/api/grpc/session/v2/session.go
+++ b/internal/api/grpc/session/v2/session.go
@@ -9,6 +9,8 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"

 	"github.com/muhlemmer/gu"
+
+	"github.com/zitadel/zitadel/internal/activity"
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/command"
@@ -57,6 +59,7 @@ func (s *Server) CreateSession(ctx context.Context, req *session.CreateSessionRe
 	if err != nil {
 		return nil, err
 	}
+
 	return &session.CreateSessionResponse{
 		Details:      object.DomainToDetailsPb(set.ObjectDetails),
 		SessionId:    set.ID,
@@ -310,6 +313,9 @@ func (s *Server) checksToCommand(ctx context.Context, checks *session.Checks) ([
 		if err != nil {
 			return nil, err
 		}
+
+		// trigger activity log for session for user
+		activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SessionAPI)
 		sessionChecks = append(sessionChecks, command.CheckUser(user.ID))
 	}
 	if password := checks.GetPassword(); password != nil {