From f01e9048788e2b377f18e7801b84665d60f9ee55 Mon Sep 17 00:00:00 2001
From: Nick Zeng <Nick.Zeng@wpic.co>
Date: Tue, 17 Mar 2026 15:54:23 +0800
Subject: [PATCH] add request log and operation log

---
 .../app/Controller/api/v1/AuthController.php  | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/backend/app/Controller/api/v1/AuthController.php b/backend/app/Controller/api/v1/AuthController.php
index 69e6f57..867c8a7 100644
--- a/backend/app/Controller/api/v1/AuthController.php
+++ b/backend/app/Controller/api/v1/AuthController.php
@@ -6,7 +6,9 @@ namespace App\Controller\Api\V1;
 
 use App\Controller\AbstractController;
 use App\Middleware\AuthMiddleware;
+use App\Middleware\RequestLogMiddleware;
 use App\Model\User;
+use App\Service\OperationLogService;
 use Carbon\Carbon;
 use Hyperf\HttpServer\Annotation\Controller;
 use Hyperf\HttpServer\Annotation\Middleware;
@@ -252,6 +254,15 @@ class AuthController extends AbstractController
         $user->refresh_token_expires_at = Carbon::now()->addDays(30);
         $user->save();
 
+        OperationLogService::log(
+            user_id: $user->id,
+            action: 'auth.login',
+            target_type: 'user',
+            target_id: $user->id,
+            description: "用户 {$user->username} 登录",
+            ip: RequestLogMiddleware::getClientIp($request),
+        );
+
         return [
             'code' => 0,
             'message' => '登录成功',
@@ -628,6 +639,15 @@ class AuthController extends AbstractController
         $user->refresh_token_expires_at = null;
         $user->save();
 
+        OperationLogService::log(
+            user_id: $user->id,
+            action: 'user.password_change',
+            target_type: 'user',
+            target_id: $user->id,
+            description: "用户 {$user->username} 修改密码",
+            ip: OperationLogService::getRequestIp(),
+        );
+
         return [
             'code' => 0,
             'message' => '密码修改成功，请重新登录',
@@ -662,6 +682,15 @@ class AuthController extends AbstractController
         $user = $auth->guard('jwt')->user();
 
         if ($user instanceof User) {
+            OperationLogService::log(
+                user_id: $user->id,
+                action: 'auth.logout',
+                target_type: 'user',
+                target_id: $user->id,
+                description: "用户 {$user->username} 退出登录",
+                ip: OperationLogService::getRequestIp(),
+            );
+
             // 清除 refresh token
             $user->refresh_token = null;
             $user->refresh_token_expires_at = null;