feat(audit): WebhookSettingsController.update writes tenant_operations_log (target_url change)
This commit is contained in:
@@ -6,6 +6,7 @@ namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\OutboundWebhookSubscription;
|
||||
use App\Services\Audit\OperationsLogger;
|
||||
use App\Support\WebhookUrlGuard;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
@@ -49,7 +50,7 @@ class WebhookSettingsController extends Controller
|
||||
]]);
|
||||
}
|
||||
|
||||
public function update(Request $request): JsonResponse
|
||||
public function update(Request $request, OperationsLogger $ops): JsonResponse
|
||||
{
|
||||
$validated = $request->validate([
|
||||
'target_url' => ['required', 'string', 'url', 'max:2048', 'starts_with:https://'],
|
||||
@@ -65,13 +66,19 @@ class WebhookSettingsController extends Controller
|
||||
throw ValidationException::withMessages(['target_url' => [$blockReason]]);
|
||||
}
|
||||
|
||||
$tenantId = (int) $request->user()->tenant_id;
|
||||
$sub = $this->currentSubscription($request);
|
||||
$plainSecret = null;
|
||||
|
||||
// Capture before-state (null on first-time creation)
|
||||
$payloadBefore = $sub !== null
|
||||
? ['target_url' => $sub->target_url, 'is_active' => (bool) $sub->is_active]
|
||||
: null;
|
||||
|
||||
if ($sub === null) {
|
||||
$plainSecret = self::SECRET_PREFIX.Str::random(40);
|
||||
$sub = OutboundWebhookSubscription::query()->create([
|
||||
'tenant_id' => (int) $request->user()->tenant_id,
|
||||
'tenant_id' => $tenantId,
|
||||
'user_id' => (int) $request->user()->id,
|
||||
'name' => 'Webhook',
|
||||
'target_url' => $validated['target_url'],
|
||||
@@ -84,6 +91,19 @@ class WebhookSettingsController extends Controller
|
||||
$sub->update(['target_url' => $validated['target_url']]);
|
||||
}
|
||||
|
||||
// Audit: log target_url change (no secret_hash or plaintext secret)
|
||||
$ops->record(
|
||||
tenantId: $tenantId,
|
||||
userId: (int) $request->user()->id,
|
||||
entityType: 'webhook_settings',
|
||||
entityId: $sub->id,
|
||||
event: 'webhook_settings.updated',
|
||||
payloadBefore: $payloadBefore,
|
||||
payloadAfter: ['target_url' => $sub->target_url, 'is_active' => (bool) $sub->is_active],
|
||||
ip: $request->ip(),
|
||||
userAgent: $request->userAgent(),
|
||||
);
|
||||
|
||||
$payload = [
|
||||
'target_url' => $sub->target_url,
|
||||
'secret_prefix' => $sub->secret_prefix,
|
||||
|
||||
Reference in New Issue
Block a user