refactor: standardize audit logging for ISO27001 compliance

2026-05-14 05:59:49 +00:00
parent 417d462fb9
commit 815084132f
18 changed files with 184 additions and 100 deletions
@@ -6,6 +6,8 @@ from gatehouse_app.utils.response import api_response
 from gatehouse_app.utils.decorators import login_required, require_admin
 from gatehouse_app.extensions import db
 from gatehouse_app.api.v1.organizations._helpers import _get_system_ca_dict
+from gatehouse_app.utils.constants import AuditAction
+from gatehouse_app.services.audit_service import AuditService


@api_v1_bp.route("/organizations/<org_id>/cas", methods=["GET"])
@@ -182,13 +184,12 @@ def delete_org_ca(org_id, ca_id):
        ca.is_active = False
        ca.delete(soft=True)

-        AuditLog.log(
+        AuditService.log_action(
            action=AuditAction.CA_DELETED,
            user_id=g.current_user.id,
+            organization_id=org_id,
            resource_type="CA",
            resource_id=ca_id,
-            organization_id=org_id,
-            ip_address=request.remote_addr,
            description=f"CA '{ca_name}' ({ca_type}) deleted",
        )
        return api_response(data={"ca_id": ca_id}, message="CA deleted successfully")
@@ -206,8 +207,6 @@ def rotate_org_ca(org_id, ca_id):
    from gatehouse_app.models.organization.organization import Organization
    from gatehouse_app.utils.crypto import compute_ssh_fingerprint
    from gatehouse_app.utils.ca_key_encryption import encrypt_ca_key
-    from gatehouse_app.utils.constants import AuditAction
-    from gatehouse_app.models import AuditLog
    from sshkey_tools.keys import Ed25519PrivateKey, RsaPrivateKey, EcdsaPrivateKey

    org = Organization.query.filter_by(id=org_id, deleted_at=None).first()
@@ -244,14 +243,13 @@ def rotate_org_ca(org_id, ca_id):
        ca.key_type = KeyType(new_key_type)
        db.session.commit()

-        AuditLog.log(
+        AuditService.log_action(
            action=AuditAction.CA_KEY_ROTATED,
            user_id=g.current_user.id,
+            organization_id=org_id,
            resource_type="CA",
            resource_id=ca_id,
-            organization_id=org_id,
-            ip_address=request.remote_addr,
-            description=(f"CA '{ca.name}' key rotated. Old fingerprint: {old_fingerprint}, New fingerprint: {new_fingerprint}. Reason: {reason}"),
+            description=f"CA '{ca.name}' key rotated. Old fingerprint: {old_fingerprint}, New fingerprint: {new_fingerprint}. Reason: {reason}",
        )

        return api_response(data={"ca": ca.to_dict(), "old_fingerprint": old_fingerprint}, message="CA key rotated successfully. Update TrustedUserCAKeys / known_hosts on your servers.")