From f0d559916747d2a4f98cd8b77236ba31e72c440c Mon Sep 17 00:00:00 2001 From: Matt Date: Wed, 4 Mar 2026 15:53:55 +0100 Subject: [PATCH] feat: add audit logging for applicant file uploads and deletions Applicant saveFileMetadata and deleteFile mutations now log APPLICANT_UPLOAD_FILE and APPLICANT_DELETE_FILE to the audit trail, matching the admin file router's existing audit coverage. Co-Authored-By: Claude Opus 4.6 --- src/server/routers/applicant.ts | 35 +++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/src/server/routers/applicant.ts b/src/server/routers/applicant.ts index 2caa57b..ccd8191 100644 --- a/src/server/routers/applicant.ts +++ b/src/server/routers/applicant.ts @@ -456,6 +456,24 @@ export const applicantRouter = router({ } } + // Audit log + await logAudit({ + prisma: ctx.prisma, + userId: ctx.user.id, + action: 'APPLICANT_UPLOAD_FILE', + entityType: 'ProjectFile', + entityId: file.id, + detailsJson: { + projectId, + fileName: input.fileName, + fileType: input.fileType, + roundId: roundId || null, + isLate: isLate || false, + }, + ipAddress: ctx.ip, + userAgent: ctx.userAgent, + }) + // Auto-analyze document (fire-and-forget, delayed for presigned upload) import('../services/document-analyzer').then(({ analyzeFileDelayed }) => analyzeFileDelayed(file.id).catch((err) => @@ -518,6 +536,23 @@ export const applicantRouter = router({ where: { id: input.fileId }, }) + // Audit log + await logAudit({ + prisma: ctx.prisma, + userId: ctx.user.id, + action: 'APPLICANT_DELETE_FILE', + entityType: 'ProjectFile', + entityId: input.fileId, + detailsJson: { + projectId: file.project.id, + fileName: file.fileName, + fileType: file.fileType, + roundId: file.roundId, + }, + ipAddress: ctx.ip, + userAgent: ctx.userAgent, + }) + return { success: true } }),