Fix Audit Logs Authentication in ADM Portal
Resolved 💬 3 comments Opened Aug 24, 2025 by kabzadev Closed Aug 25, 2025
Problem
The Audit Logs page in the ADM portal shows "Error loading logs" because:
- The frontend expects authenticated API calls and sends JWT tokens
- The backend
/api/auditendpoint in the Express server doesn't require authentication - This creates a mismatch where authenticated requests fail
Current Architecture
- Container:
lseg-postgres-testrunning Express.js server on port 3000 - Database: PostgreSQL with audit logs table containing real data
- Frontend: React app on port 4000 with MSAL authentication
- Issue: Backend audit endpoint has no auth validation
Solution Plan
Step 1: Identify the Source
- [ ] Find the actual source code for the Express server running in the container
- [ ] Locate where the
/api/auditendpoint is defined - [ ] Understand the existing JWT validation pattern used in other endpoints
Step 2: Add Authentication
- [ ] Add JWT token extraction from Authorization header
- [ ] Add token validation using existing
jwtService - [ ] Add Teams Administrator role check for audit access
- [ ] Log the authenticated user making audit requests
Step 3: Test Authentication
- [ ] Verify unauthenticated requests return 401
- [ ] Verify authenticated requests with proper roles return audit data
- [ ] Test frontend logs page displays data correctly
- [ ] Verify user tracking in audit logs
Step 4: Validate End-to-End
- [ ] Confirm audit logs page loads with real data
- [ ] Verify proper user identification in audit entries
- [ ] Test role-based access control
Acceptance Criteria
- [ ]
/api/auditendpoint requires valid JWT token - [ ] Endpoint requires Teams Administrator role
- [ ] Frontend logs page displays audit data correctly
- [ ] User identity is properly tracked in audit requests
- [ ] No authentication bypasses remain
Technical Requirements
- Must use existing container and Express server (no new deployments)
- Must integrate with existing JWT validation service
- Must maintain current audit data structure
- Must work with existing frontend authentication flow
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗