feat(center): add audit logs for auth and node operations

Fabric.Backend.Center/src/auth/auth.service.ts

@@ -10,6 +10,7 @@ import * as jwt from 'jsonwebtoken';
 import { User } from '../entities/user.entity';
 import { RegisterDto } from './dto.register.dto';
 import { LoginDto } from './dto.login.dto';
+import { AuditService } from '../audit/audit.service';
 
 function parseDurationToSeconds(input: string, fallbackSeconds: number): number {
   const raw = input.trim();
@@ -44,6 +45,7 @@ export class AuthService {
   constructor(
     @InjectRepository(User)
     private readonly userRepo: Repository<User>,
+    private readonly audit: AuditService,
   ) {}
 
   async register(input: RegisterDto) {
@@ -60,6 +62,14 @@ export class AuthService {
     });
     const saved = await this.userRepo.save(user);
 
+    await this.audit.write({
+      action: 'auth.register',
+      actorId: saved.id,
+      targetType: 'user',
+      targetId: saved.id,
+      detail: JSON.stringify({ email: saved.email }),
+    });
+
     return {
       id: saved.id,
       email: saved.email,
@@ -79,6 +89,14 @@ export class AuthService {
     user.refreshTokenHash = await bcrypt.hash(refreshToken, 10);
     await this.userRepo.save(user);
 
+    await this.audit.write({
+      action: 'auth.login',
+      actorId: user.id,
+      targetType: 'user',
+      targetId: user.id,
+      detail: JSON.stringify({ email: user.email }),
+    });
+
     return {
       accessToken,
       refreshToken,
@@ -112,6 +130,14 @@ export class AuthService {
     user.refreshTokenHash = await bcrypt.hash(newRefreshToken, 10);
     await this.userRepo.save(user);
 
+    await this.audit.write({
+      action: 'auth.refresh',
+      actorId: user.id,
+      targetType: 'user',
+      targetId: user.id,
+      detail: null,
+    });
+
     return {
       accessToken: newAccessToken,
       refreshToken: newRefreshToken,
@@ -135,6 +161,13 @@ export class AuthService {
 
     user.refreshTokenHash = null;
     await this.userRepo.save(user);
+    await this.audit.write({
+      action: 'auth.logout',
+      actorId: user.id,
+      targetType: 'user',
+      targetId: user.id,
+      detail: null,
+    });
     return { status: 'ok' };
   }
 }