feat(audit): WebhookSettingsController.update writes tenant_operations_log (target_url change)

This commit is contained in:
Дмитрий
2026-05-22 18:18:11 +03:00
parent b28c653076
commit 964da95a10
2 changed files with 124 additions and 2 deletions
@@ -6,6 +6,7 @@ namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\OutboundWebhookSubscription;
use App\Services\Audit\OperationsLogger;
use App\Support\WebhookUrlGuard;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
@@ -49,7 +50,7 @@ class WebhookSettingsController extends Controller
]]);
}
public function update(Request $request): JsonResponse
public function update(Request $request, OperationsLogger $ops): JsonResponse
{
$validated = $request->validate([
'target_url' => ['required', 'string', 'url', 'max:2048', 'starts_with:https://'],
@@ -65,13 +66,19 @@ class WebhookSettingsController extends Controller
throw ValidationException::withMessages(['target_url' => [$blockReason]]);
}
$tenantId = (int) $request->user()->tenant_id;
$sub = $this->currentSubscription($request);
$plainSecret = null;
// Capture before-state (null on first-time creation)
$payloadBefore = $sub !== null
? ['target_url' => $sub->target_url, 'is_active' => (bool) $sub->is_active]
: null;
if ($sub === null) {
$plainSecret = self::SECRET_PREFIX.Str::random(40);
$sub = OutboundWebhookSubscription::query()->create([
'tenant_id' => (int) $request->user()->tenant_id,
'tenant_id' => $tenantId,
'user_id' => (int) $request->user()->id,
'name' => 'Webhook',
'target_url' => $validated['target_url'],
@@ -84,6 +91,19 @@ class WebhookSettingsController extends Controller
$sub->update(['target_url' => $validated['target_url']]);
}
// Audit: log target_url change (no secret_hash or plaintext secret)
$ops->record(
tenantId: $tenantId,
userId: (int) $request->user()->id,
entityType: 'webhook_settings',
entityId: $sub->id,
event: 'webhook_settings.updated',
payloadBefore: $payloadBefore,
payloadAfter: ['target_url' => $sub->target_url, 'is_active' => (bool) $sub->is_active],
ip: $request->ip(),
userAgent: $request->userAgent(),
);
$payload = [
'target_url' => $sub->target_url,
'secret_prefix' => $sub->secret_prefix,