Skip to main content

audit_log_middleware

Function audit_log_middleware 

Source
pub async fn audit_log_middleware(req: Request, next: Next) -> Response
Expand description

Axum middleware that synthesises one AuditRecord per state-mutating HTTP call and dispatches it to the configured AuditSink.

Wiring contract:

  • The router must layer axum::Extension(AuditConfig) so this middleware can recover the sink.
  • Run this middleware after bearer_auth and tenant_scope so the AuthContext and Extension<TenantId> are populated by the time the audit record is built.
  • The route-shape filter (AuditAction::classify) suppresses emission for read-only routes (GET /healthz, GET /metrics, GET /jobs/{id}); those calls flow through with zero serialisation cost.

On entry the middleware stamps the request extensions with a fresh Uuid so handlers can correlate their own logs against the audit trail (recovered via Extension<Uuid> or directly from request extensions). The same id appears in AuditRecord::request_id.