fix(oauth): centralize audit logging with reusable LogForAudit function

internal/apps/oauth/audit.go

@@ -0,0 +1,50 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2025 linux.do
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package oauth
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/gin-gonic/gin"
+	"github.com/linux-do/cdk/internal/logger"
+)
+
+func LogForAudit(ctx context.Context, user *User, c *gin.Context) {
+	auditLog := loginRequiredAuditLog{
+		UserID:     user.ID,
+		Username:   user.Username,
+		ClientIP:   c.ClientIP(),
+		Method:     c.Request.Method,
+		Path:       c.Request.URL.Path,
+		RequestURI: c.Request.RequestURI,
+		UserAgent:  c.Request.UserAgent(),
+		Referer:    c.Request.Referer(),
+	}
+	auditJSON, err := json.Marshal(auditLog)
+	if err != nil {
+		logger.ErrorF(ctx, "[LoginRequiredAudit] marshal failed: %v", err)
+		logger.InfoF(ctx, "[LoginRequiredAudit] %s %d %s", c.ClientIP(), user.ID, user.Username)
+	} else {
+		logger.InfoF(ctx, "[LoginRequiredAudit] %s", auditJSON)
+	}
+}

internal/apps/oauth/middlewares.go

@@ -25,12 +25,10 @@
 package oauth
 
 import (
-	"encoding/json"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
 	"github.com/linux-do/cdk/internal/db"
-	"github.com/linux-do/cdk/internal/logger"
 	"github.com/linux-do/cdk/internal/otel_trace"
 )
 
@@ -66,23 +64,8 @@ func LoginRequired() gin.HandlerFunc {
 			return
 		}
 
-		auditLog := loginRequiredAuditLog{
-			UserID:     user.ID,
-			Username:   user.Username,
-			ClientIP:   c.ClientIP(),
-			Method:     c.Request.Method,
-			Path:       c.Request.URL.Path,
-			RequestURI: c.Request.RequestURI,
-			UserAgent:  c.Request.UserAgent(),
-			Referer:    c.Request.Referer(),
-		}
-		auditJSON, err := json.Marshal(auditLog)
-		if err != nil {
-			logger.ErrorF(ctx, "[LoginRequiredAudit] marshal failed: %v", err)
-			logger.InfoF(ctx, "[LoginRequiredAudit] %s %d %s", c.ClientIP(), user.ID, user.Username)
-		} else {
-			logger.InfoF(ctx, "[LoginRequiredAudit] %s", auditJSON)
-		}
+		// log
+		LogForAudit(ctx, &user, c)
 
 		// set user info
 		SetUserToContext(c, &user)

internal/apps/oauth/routers.go

@@ -26,12 +26,13 @@ package oauth
 
 import (
 	"fmt"
+	"net/http"
+
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 	"github.com/linux-do/cdk/internal/db"
 	"github.com/linux-do/cdk/internal/logger"
-	"net/http"
 )
 
 type GetLoginURLResponse struct {
@@ -100,9 +101,11 @@ func Callback(c *gin.Context) {
 		c.JSON(http.StatusInternalServerError, CallbackResponse{ErrorMsg: err.Error()})
 		return
 	}
+	// log
+	LogForAudit(c.Request.Context(), user, c)
+	logger.InfoF(c.Request.Context(), "[OAuthCallback] %d %s", user.ID, user.Username)
 	// response
 	c.JSON(http.StatusOK, CallbackResponse{})
-	logger.InfoF(c.Request.Context(), "[OAuthCallback] %d %s", user.ID, user.Username)
 }
 
 type BasicUserInfo struct {