admin/Azaion.Services/AuditLog.cs

using Azaion.Common.Database;
using Azaion.Common.Entities;
using LinqToDB;
using Microsoft.AspNetCore.Http;

namespace Azaion.Services;

public interface IAuditLog
{
    Task RecordLoginFailed (string email, CancellationToken ct = default);
    Task RecordLoginLockout(string email, CancellationToken ct = default);
    Task RecordLoginSuccess(string email, CancellationToken ct = default);

    /// <summary>
    /// Number of `login_failed` rows for the given email within the last <paramref name="windowSeconds"/>.
    /// Used by the per-account sliding-window rate limit (AZ-537 AC-2).
    /// </summary>
    Task<int> CountRecentFailedLogins(string email, int windowSeconds, CancellationToken ct = default);
}

public class AuditLog(IDbFactory dbFactory, IHttpContextAccessor httpContextAccessor) : IAuditLog
{
    public Task RecordLoginFailed (string email, CancellationToken ct = default)
        => Insert(AuditEventTypes.LoginFailed,  email, ct);

    public Task RecordLoginLockout(string email, CancellationToken ct = default)
        => Insert(AuditEventTypes.LoginLockout, email, ct);

    public Task RecordLoginSuccess(string email, CancellationToken ct = default)
        => Insert(AuditEventTypes.LoginSuccess, email, ct);

    public async Task<int> CountRecentFailedLogins(string email, int windowSeconds, CancellationToken ct = default)
    {
        var cutoff = DateTime.UtcNow.AddSeconds(-windowSeconds);
        var normalised = email.ToLowerInvariant();
        return await dbFactory.Run(async db =>
            await db.AuditEvents
                .Where(e => e.EventType == AuditEventTypes.LoginFailed
                            && e.Email == normalised
                            && e.OccurredAt >= cutoff)
                .CountAsync(token: ct));
    }

    private async Task Insert(string eventType, string email, CancellationToken ct)
    {
        var ip = httpContextAccessor.HttpContext?.Connection.RemoteIpAddress?.ToString();
        var normalised = email.ToLowerInvariant();
        await dbFactory.RunAdmin(async db =>
        {
            await db.InsertAsync(new AuditEvent
            {
                EventType  = eventType,
                OccurredAt = DateTime.UtcNow,
                Email      = normalised,
                Ip         = ip
            }, token: ct);
        });
    }
}