feat(backend): add cryptographic signature verification to Audit Logger#1011
Merged
Conversation
|
@emmanuelStack654 is attempting to deploy a commit to the Emmanuel's projects Team on Vercel. A member of the Team first needs to authorize it. |
|
@emmanuelStack654 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
…ication-to-audit-logger
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes #903
This pull request introduces cryptographic signature verification and payload integrity checks to the Audit Logger module. By enhancing the data retrieved during audit log queries, the platform can now dynamically verify that none of the log parameters have been altered since they were originally written. This verification process serves as a robust defense against log-tampering and enhances the platform's security auditing capabilities.
To accomplish this, the database query inside getAuditLogs has been expanded to fetch the merchant_id, status, payload_hash, and signature fields. A validation pipeline has been integrated into the service layer that reconstructs the canonical audit log payload—distinguishing between login attempts and general events—and compares its SHA-256 hash against the database's record. Furthermore, if an audit signing secret is configured, the system performs a constant-time HMAC-SHA256 signature verification to prevent timing-oracle attacks. Both verification results are exposed to the calling application via hash_verified and signature_verified boolean properties.
Additionally, the vitest suite in auditService.test.js has been updated with mocked verification routines to cover these new execution paths. Test cases verify that matching signatures and hashes evaluate to true, tampered logs report false, and legacy logs (which lack signatures or were created before a signing key was defined) gracefully report null without throwing runtime exceptions. This change satisfies the security audit recommendations, preserves indexing performance, and links directly to issue #769.