feat: add entity verification and migrate audit logs to actor model (CM-966) (#3863)

Author: skwowet

backend/src/api/auditLog/auditLogList.ts

@@ -1,7 +1,5 @@
 import { safeWrap } from '../../middlewares/errorMiddleware'
 
 export default (app) => {
-  app.get(`/audit-log`, safeWrap(require('./auditLogList').default))
-
   app.post(`/audit-logs/query`, safeWrap(require('./auditLogsQuery').default))
 }

backend/src/api/auditLog/index.ts

@@ -1,6 +1,5 @@
 import { getServiceChildLogger } from '@crowd/logging'
 
-import AuditLogRepository from '../../database/repositories/auditLogRepository'
 import IncomingWebhookRepository from '../../database/repositories/incomingWebhookRepository'
 import IntegrationRunRepository from '../../database/repositories/integrationRunRepository'
 import SequelizeRepository from '../../database/repositories/sequelizeRepository'
@@ -40,13 +39,6 @@ export const cleanUpOldWebhooks = async () => {
   await repo.cleanUpOldWebhooks(MAX_MONTHS_TO_KEEP)
 }
 
-export const cleanUpOldAuditLogs = async () => {
-  const dbOptions = await SequelizeRepository.getDefaultIRepositoryOptions()
-
-  log.info(`Cleaning up audit logs that are older than 1 month!`)
-  await AuditLogRepository.cleanUpOldAuditLogs(1, dbOptions)
-}
-
 const job: CrowdJob = {
   name: 'Clean up old data',
   // run once every week on Sunday at 1AM

backend/src/bin/jobs/cleanUp.ts

@@ -0,0 +1,52 @@
+-- ---------------------------------------------------------------------------
+-- Add verification metadata for member identities
+-- ---------------------------------------------------------------------------
+
+-- Track the original source of the identity and which source performed the latest verification
+alter table "memberIdentities" add column if not exists "source" varchar(255);
+alter table "memberIdentities" add column if not exists "verifiedBy" varchar(255);
+
+-- ---------------------------------------------------------------------------
+-- Add verification metadata for organization identities
+-- ---------------------------------------------------------------------------
+
+-- Track the original source of the identity
+alter table "organizationIdentities" add column if not exists "source" varchar(255);
+
+-- ---------------------------------------------------------------------------
+-- Add verification metadata for work experiences
+-- ---------------------------------------------------------------------------
+
+-- Track if the work experience has been verified and by which source
+alter table "memberOrganizations" add column if not exists "verified" boolean not null default false;
+alter table "memberOrganizations" add column if not exists "verifiedBy" varchar(255);
+
+-- ---------------------------------------------------------------------------
+-- Align audit logging with a generic actor model
+-- ---------------------------------------------------------------------------
+
+-- Add actorId and actorType as nullable initially
+alter table "auditLogAction" add column if not exists "actorId" varchar(255);
+alter table "auditLogAction" add column if not exists "actorType" varchar(255);
+
+-- Backfill historical rows (map old userId into new columns)
+update "auditLogAction"
+set "actorId" = "userId"::text,
+    "actorType" = 'user'
+where "actorId" is null;
+
+-- Enforce NOT NULL after backfill
+alter table "auditLogAction" alter column "actorId" set not null;
+alter table "auditLogAction" alter column "actorType" set not null;
+
+-- Add index on actorId to speed up queries
+create index if not exists "auditLogAction_actorId" on "auditLogAction" ("actorId");
+
+-- Remove old userId column
+alter table "auditLogAction" drop column if exists "userId";
+
+-- ---------------------------------------------------------------------------
+-- Remove legacy auditLogs table
+-- ---------------------------------------------------------------------------
+-- This table is no longer used; all audit actions are tracked in auditLogAction
+drop table if exists "auditLogs";

backend/src/database/migrations/V1771403085__add_entity_verification_and_extend_audit_logs.sql

@@ -117,7 +117,6 @@ async function models(queryTimeoutMilliseconds: number, databaseHostnameOverride
   // }
 
   const modelClasses = [
-    require('./auditLog').default,
     require('./member').default,
     require('./memberIdentity').default,
     require('./file').default,

backend/src/database/models/auditLog.ts

@@ -14,12 +14,9 @@ import { IIntegrationResult, IntegrationResultState } from '@crowd/types'
 import { QUEUE_CLIENT } from '@/serverless/utils/queueService'
 
 import { IRepositoryOptions } from './IRepositoryOptions'
-import AuditLogRepository from './auditLogRepository'
 import SegmentRepository from './segmentRepository'
 import SequelizeRepository from './sequelizeRepository'
 
-const log: boolean = false
-
 class ActivityRepository {
   static async create(data, options: IRepositoryOptions) {
     const currentUser = SequelizeRepository.getCurrentUser(options)
@@ -80,8 +77,6 @@ class ActivityRepository {
 
     const record = await this.findById(ids[0], options)
 
-    await this._createAuditLog(AuditLogRepository.CREATE, record, data, options)
-
     return record
   }
 
@@ -216,28 +211,6 @@ class ActivityRepository {
     return results[0][0].id
   }
 
-  static async _createAuditLog(action, record, data, options: IRepositoryOptions) {
-    if (log) {
-      let values = {}
-
-      if (data) {
-        values = {
-          ...record.get({ plain: true }),
-        }
-      }
-
-      await AuditLogRepository.log(
-        {
-          entityName: 'activity',
-          entityId: record.id,
-          action,
-          values,
-        },
-        options,
-      )
-    }
-  }
-
   static async _populateRelationsForRows(rows, options: IRepositoryOptions) {
     if (!rows) {
       return rows