feat: Add Activity Log feature with Azure Monitor integration

- Implemented ActivityLogController to handle AJAX requests for activity logs.
- Created ActivityLogService to query logs from Azure Monitor using LogsQueryClient.
- Added ActivityLogCategory enum to categorize log events.
- Defined ActivityLogEntry model to represent individual log entries.
- Mapped event names to categories in ActivityLogEventMap.
- Introduced IActivityLogService interface for service abstraction.
- Added Activity Log view with filters for time range, category, and event name.
- Enhanced DataTable for activity logs with server-side processing.
- Updated navigation to include Activity Log link with appropriate authorization policy.
- Added necessary JavaScript for handling filters and AJAX requests in activity log view.
- Configured Application Insights resource ID in Terraform for Azure deployment.
- Assigned Monitoring Reader role to the web app for Application Insights access.

Author: frasermolyneux

src/XtremeIdiots.Portal.Web/ApiControllers/ActivityLogController.cs

@@ -0,0 +1,135 @@
+using Microsoft.ApplicationInsights;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Newtonsoft.Json;
+using XtremeIdiots.Portal.Web.Auth.Constants;
+using XtremeIdiots.Portal.Web.Models;
+using XtremeIdiots.Portal.Web.Models.ActivityLog;
+using XtremeIdiots.Portal.Web.Services;
+
+namespace XtremeIdiots.Portal.Web.ApiControllers;
+
+/// <summary>
+/// API controller providing activity log data for DataTables AJAX requests
+/// </summary>
+[Authorize(Policy = AuthPolicies.AccessActivityLog)]
+[Route("User")]
+public class ActivityLogController(
+    IActivityLogService activityLogService,
+    TelemetryClient telemetryClient,
+    ILogger<ActivityLogController> logger,
+    IConfiguration configuration) : BaseApiController(telemetryClient, logger, configuration)
+{
+    private readonly static Dictionary<string, TimeSpan> timeRanges = new()
+    {
+        ["1h"] = TimeSpan.FromHours(1),
+        ["6h"] = TimeSpan.FromHours(6),
+        ["12h"] = TimeSpan.FromHours(12),
+        ["24h"] = TimeSpan.FromHours(24),
+        ["7d"] = TimeSpan.FromDays(7),
+        ["30d"] = TimeSpan.FromDays(30),
+    };
+
+    /// <summary>
+    /// Provides AJAX endpoint for retrieving paginated activity log data for DataTables
+    /// </summary>
+    [HttpPost("GetActivityLogAjax")]
+    [ValidateAntiForgeryToken]
+    public async Task<IActionResult> GetActivityLogAjax(
+        [FromQuery] string? timeRange,
+        [FromQuery] string? category,
+        [FromQuery] string? eventName,
+        [FromQuery] bool includeReads = false,
+        CancellationToken cancellationToken = default)
+    {
+        return await ExecuteWithErrorHandlingAsync(async () =>
+        {
+            var reader = new StreamReader(Request.Body);
+            var requestBody = await reader.ReadToEndAsync(cancellationToken).ConfigureAwait(false);
+            var model = JsonConvert.DeserializeObject<DataTableAjaxPostModel>(requestBody);
+
+            if (model is null)
+                return BadRequest("Invalid request body");
+
+            var timeSpan = timeRanges.GetValueOrDefault(timeRange ?? "24h", TimeSpan.FromHours(24));
+
+            ActivityLogCategory? parsedCategory = null;
+            if (!string.IsNullOrWhiteSpace(category) && Enum.TryParse<ActivityLogCategory>(category, out var cat))
+            {
+                parsedCategory = cat;
+            }
+
+            // Determine sort column and direction from DataTable model
+            var sortColumn = "timestamp";
+            var sortDirection = "desc";
+
+            if (model.Order.Count > 0)
+            {
+                var orderItem = model.Order[0];
+                var columnIndex = orderItem.Column;
+
+                if (columnIndex >= 0 && columnIndex < model.Columns.Count)
+                {
+                    sortColumn = model.Columns[columnIndex].Name ?? "timestamp";
+                }
+
+                sortDirection = orderItem.Dir ?? "desc";
+            }
+
+            var searchTerm = model.Search?.Value;
+
+            var result = await activityLogService.QueryEventsAsync(
+                timeSpan,
+                parsedCategory,
+                eventName,
+                includeReads,
+                searchTerm,
+                model.Start,
+                model.Length,
+                sortColumn,
+                sortDirection,
+                cancellationToken).ConfigureAwait(false);
+
+            TrackSuccessTelemetry("ActivityLogQueried", nameof(GetActivityLogAjax), new Dictionary<string, string>
+            {
+                { "TimeRange", timeRange ?? "24h" },
+                { "Category", category ?? "All" },
+                { "IncludeReads", includeReads.ToString() },
+                { "ResultCount", result.Entries.Count.ToString() }
+            });
+
+            return Ok(new
+            {
+                model.Draw,
+                recordsTotal = result.TotalCount,
+                recordsFiltered = result.FilteredCount,
+                data = result.Entries
+            });
+        }, nameof(GetActivityLogAjax)).ConfigureAwait(false);
+    }
+
+    /// <summary>
+    /// Returns event names for a given category (used for cascading filter dropdown)
+    /// </summary>
+    [HttpGet("GetActivityLogEvents")]
+    public IActionResult GetActivityLogEvents([FromQuery] string? category, [FromQuery] bool includeReads = false)
+    {
+        if (string.IsNullOrWhiteSpace(category) || !Enum.TryParse<ActivityLogCategory>(category, out var parsedCategory))
+        {
+            // Return all events matching scope
+            var allEvents = ActivityLogEventMap.Events
+                .Where(e => includeReads || e.Value.IsWrite)
+                .Select(e => new { name = e.Key, category = e.Value.Category.ToString() })
+                .OrderBy(e => e.name)
+                .ToList();
+
+            return Ok(allEvents);
+        }
+
+        var events = ActivityLogEventMap.GetEventsByCategory(parsedCategory, includeReads)
+            .Select(e => new { name = e, category = parsedCategory.ToString() })
+            .ToList();
+
+        return Ok(events);
+    }
+}

src/XtremeIdiots.Portal.Web/Auth/Constants/AuthPolicies.cs

@@ -93,6 +93,7 @@ public static class AuthPolicies
     public const string AccessStatus = nameof(AccessStatus);
 
     // User management policies
+    public const string AccessActivityLog = nameof(AccessActivityLog);
     public const string AccessUsers = nameof(AccessUsers);
     public const string CreateUserClaim = nameof(CreateUserClaim);
     public const string DeleteUserClaim = nameof(DeleteUserClaim);

src/XtremeIdiots.Portal.Web/Auth/Handlers/UsersAuthHandler.cs

@@ -34,6 +34,9 @@ public Task HandleAsync(AuthorizationHandlerContext context)
                 case PerformUserSearch performUserSearch:
                     HandlePerformUserSearch(context, performUserSearch);
                     break;
+                case AccessActivityLog accessActivityLog:
+                    HandleAccessActivityLog(context, accessActivityLog);
+                    break;
                 default:
                     break;
             }
@@ -75,5 +78,10 @@ private static void HandlePerformUserSearch(AuthorizationHandlerContext context,
         BaseAuthorizationHelper.CheckClaimTypes(context, requirement, BaseAuthorizationHelper.ClaimGroups.AllAdminLevels);
     }
 
+    private static void HandleAccessActivityLog(AuthorizationHandlerContext context, IAuthorizationRequirement requirement)
+    {
+        BaseAuthorizationHelper.CheckSeniorAdminAccess(context, requirement);
+    }
+
     #endregion
 }

src/XtremeIdiots.Portal.Web/Auth/Requirements/UsersAuthRequirements.cs

@@ -28,4 +28,11 @@ public class DeleteUserClaim : IAuthorizationRequirement
 /// </summary>
 public class PerformUserSearch : IAuthorizationRequirement
 {
+}
+
+/// <summary>
+/// Authorization requirement for accessing the activity log
+/// </summary>
+public class AccessActivityLog : IAuthorizationRequirement
+{
 }

src/XtremeIdiots.Portal.Web/Controllers/UserController.cs

@@ -65,6 +65,21 @@ public async Task<IActionResult> Permissions()
         }, nameof(Permissions)).ConfigureAwait(false);
     }
 
+    /// <summary>
+    /// Displays the activity log page showing Application Insights custom events
+    /// </summary>
+    /// <returns>The activity log view</returns>
+    [HttpGet]
+    [Authorize(Policy = AuthPolicies.AccessActivityLog)]
+    public async Task<IActionResult> ActivityLog()
+    {
+        return await ExecuteWithErrorHandlingAsync(async () =>
+        {
+            await Task.CompletedTask.ConfigureAwait(false);
+            return View();
+        }, nameof(ActivityLog)).ConfigureAwait(false);
+    }
+
     /// <summary>
     /// Displays the user profile management page for the specified user
     /// </summary>

src/XtremeIdiots.Portal.Web/Extensions/PolicyExtensions.cs

@@ -81,6 +81,7 @@ public static void AddXtremeIdiotsPolicies(this AuthorizationOptions options)
         options.AddPolicy(AuthPolicies.AccessStatus, policy => policy.Requirements.Add(new AccessStatus()));
 
         options.AddPolicy(AuthPolicies.AccessUsers, policy => policy.Requirements.Add(new AccessUsers()));
+        options.AddPolicy(AuthPolicies.AccessActivityLog, policy => policy.Requirements.Add(new AccessActivityLog()));
         options.AddPolicy(AuthPolicies.CreateUserClaim, policy => policy.Requirements.Add(new CreateUserClaim()));
         options.AddPolicy(AuthPolicies.DeleteUserClaim, policy => policy.Requirements.Add(new DeleteUserClaim()));
         options.AddPolicy(AuthPolicies.PerformUserSearch, policy => policy.Requirements.Add(new PerformUserSearch()));

src/XtremeIdiots.Portal.Web/Models/ActivityLog/ActivityLogCategory.cs

@@ -0,0 +1,20 @@
+namespace XtremeIdiots.Portal.Web.Models.ActivityLog;
+
+public enum ActivityLogCategory
+{
+    Authentication,
+    Authorization,
+    AdminActions,
+    PlayerManagement,
+    GameServers,
+    Credentials,
+    BanFileMonitors,
+    Demos,
+    Maps,
+    UserManagement,
+    Tags,
+    ProtectedNames,
+    Chat,
+    Notifications,
+    System
+}

src/XtremeIdiots.Portal.Web/Models/ActivityLog/ActivityLogEntry.cs

@@ -0,0 +1,13 @@
+namespace XtremeIdiots.Portal.Web.Models.ActivityLog;
+
+public class ActivityLogEntry
+{
+    public DateTimeOffset Timestamp { get; set; }
+    public string EventName { get; set; } = string.Empty;
+    public string Category { get; set; } = string.Empty;
+    public string? UserId { get; set; }
+    public string? Username { get; set; }
+    public string? Controller { get; set; }
+    public string? Action { get; set; }
+    public Dictionary<string, string> Properties { get; set; } = [];
+}