log

core/security.py

@@ -1,32 +0,0 @@
-"""
-Core Security Utilities
-
-Note: Secret key authentication has been replaced with Google OAuth.
-The bcrypt functions below are kept for potential future use (e.g., admin passwords).
-"""
-import bcrypt
-
-
-def verify_password(plain_password: str, hashed_password: str) -> bool:
-    """
-    Verify a password against a bcrypt hash.
-    
-    Note: This is no longer used for user authentication (moved to Google OAuth).
-    Kept for potential admin/internal use cases.
-    """
-    if isinstance(hashed_password, str):
-        hashed_password = hashed_password.encode('utf-8')
-    return bcrypt.checkpw(plain_password.encode('utf-8'), hashed_password)
-
-
-def get_password_hash(password: str) -> str:
-    """
-    Hash a password using bcrypt.
-    
-    Note: This is no longer used for user authentication (moved to Google OAuth).
-    Kept for potential admin/internal use cases.
-    """
-    salt = bcrypt.gensalt(rounds=12)
-    hashed = bcrypt.hashpw(password.encode('utf-8'), salt)
-    return hashed.decode('utf-8')
-

routers/auth.py

@@ -25,14 +25,19 @@ from core.schemas import (
 from services.auth_service.google_provider import (
     GoogleAuthService,
     GoogleUserInfo,
-    InvalidTokenError,
+    InvalidTokenError as GoogleInvalidTokenError,
+    ConfigurationError as GoogleConfigError,
+    get_google_auth_service,
 )
 from services.auth_service.jwt_provider import (
     JWTService,
     create_access_token,
+    get_jwt_service,
+    InvalidTokenError as JWTInvalidTokenError,
 )
 from dependencies import check_rate_limit, get_current_user
 from services.drive_service import DriveService
+from services.audit_service import AuditService
 
 logger = logging.getLogger(__name__)
 
@@ -105,15 +110,14 @@ async def google_auth(
         logger.warning(f"Invalid Google token from {ip}: {e}")
         
         # Log failed attempt
-        audit_log = AuditLog(
+        await AuditService.log_event(
+            db=db,
             log_type="server",
-            user_id=None,
             action="google_auth",
-            ip_address=ip,
             status="failed",
-            error_message=str(e)
+            error_message=str(e),
+            request=req
         )
-        db.add(audit_log)
         await db.commit()
         
         raise HTTPException(
@@ -185,15 +189,15 @@ async def google_auth(
             db.add(client_user)
     
     # Log successful auth
-    audit_log = AuditLog(
+    await AuditService.log_event(
+        db=db,
         log_type="server",
-        user_id=user.id,  # Integer FK to users.id
+        user_id=user.id,
         client_user_id=request.temp_user_id,
         action="google_auth",
-        ip_address=ip,
-        status="success"
+        status="success",
+        request=req
     )
-    db.add(audit_log)
     await db.commit()
     
     # Create our JWT access token with current token_version
@@ -327,14 +331,14 @@ async def logout(
     logger.info(f"User {user.user_id} logged out. Token version incremented to {user.token_version}")
     
     # Log logout
-    audit_log = AuditLog(
+    await AuditService.log_event(
+        db=db,
         log_type="server",
-        user_id=user.id,  # Integer FK to users.id
+        user_id=user.id,
         action="logout",
-        ip_address=ip,
-        status="success"
+        status="success",
+        request=req
     )
-    db.add(audit_log)
     await db.commit()
     
     # Sync DB to Drive (Async)

services/audit_service.py

@@ -0,0 +1,82 @@
+"""
+Audit Service - Handle security and activity logging.
+"""
+import logging
+from datetime import datetime
+from typing import Optional, Dict, Any
+from fastapi import Request
+from sqlalchemy.ext.asyncio import AsyncSession
+from core.models import AuditLog
+
+logger = logging.getLogger(__name__)
+
+
+class AuditService:
+    """
+    Service for creating audit logs.
+    """
+
+    @staticmethod
+    async def log_event(
+        db: AsyncSession,
+        action: str,
+        status: str,
+        user_id: Optional[int] = None,
+        client_user_id: Optional[str] = None,
+        details: Optional[Dict[str, Any]] = None,
+        request: Optional[Request] = None,
+        error_message: Optional[str] = None,
+        log_type: str = "client"
+    ) -> AuditLog:
+        """
+        Create an audit log entry.
+
+        Args:
+            db: Database session
+            action: Event action (e.g., "login", "logout")
+            status: Outcome (e.g., "success", "failure")
+            user_id: ID of the authenticated user (if any)
+            client_user_id: Client-side ID (if any)
+            details: Additional metadata
+            request: FastAPI request object (for IP/UA)
+            error_message: Error description if failed
+            log_type: "client" or "server"
+
+        Returns:
+            The created AuditLog instance
+        """
+        ip_address = None
+        user_agent = None
+        refer_url = None
+
+        if request:
+            ip_address = request.client.host if request.client else None
+            user_agent = request.headers.get("user-agent")
+            refer_url = request.headers.get("referer")
+
+        # Create log entry
+        audit_log = AuditLog(
+            log_type=log_type,
+            user_id=user_id,
+            client_user_id=client_user_id,
+            action=action,
+            details=details or {},
+            ip_address=ip_address,
+            user_agent=user_agent,
+            refer_url=refer_url,
+            status=status,
+            error_message=error_message,
+            timestamp=datetime.utcnow()
+        )
+
+        db.add(audit_log)
+        # We don't commit here to allow the caller to group with other transactions
+        # or commit explicitly.
+        
+        logger.info(f"Audit Log: [{status}] {action} - User: {user_id or 'Anon'} - IP: {ip_address}")
+        
+        return audit_log
+
+# Global instance not strictly needed as it's a static method helper, 
+# but keeping pattern consistent if we add state later.
+audit_service = AuditService()