From eeed27a0becca2aa15f61c9d3a781268de8ff880 Mon Sep 17 00:00:00 2001
From: Flo <53355483+Flo4604@users.noreply.github.com>
Date: Mon, 14 Jul 2025 13:12:11 +0200
Subject: [PATCH] bulk insert auditlogs

---
 apps/dashboard/lib/audit.ts                   | 69 +++++++------------
 .../lib/trpc/routers/key/createRootKey.ts     | 12 ++--
 2 files changed, 33 insertions(+), 48 deletions(-)

diff --git a/apps/dashboard/lib/audit.ts b/apps/dashboard/lib/audit.ts
index 0b4721127f..cadfd5e88c 100644
--- a/apps/dashboard/lib/audit.ts
+++ b/apps/dashboard/lib/audit.ts
@@ -3,6 +3,7 @@ import { z } from "zod";
 
 import type { MaybeArray } from "@/lib/types";
 import { type Database, type Transaction, schema } from "@unkey/db";
+import type { auditLog, auditLogTarget } from "@unkey/db/src/schema";
 import { newId } from "@unkey/id";
 
 export const AUDIT_LOG_BUCKET = "unkey_mutations";
@@ -103,31 +104,15 @@ export async function insertAuditLogs(
   const logs = Array.isArray(logOrLogs) ? logOrLogs : [logOrLogs];
 
   if (logs.length === 0) {
-    console.info("No audit logs to insert");
     return Promise.resolve();
   }
 
-  console.info({
-    message: "Inserting audit logs",
-    count: logs.length,
-    events: logs.map((log) => log.event),
-    workspaceIds: [...new Set(logs.map((log) => log.workspaceId))],
-  });
+  const auditLogs: (typeof auditLog.$inferInsert)[] = [];
+  const auditLogTargets: (typeof auditLogTarget.$inferInsert)[] = [];
 
   for (const log of logs) {
     const auditLogId = newId("auditLog");
-
-    console.info({
-      message: "Inserting audit log entry",
-      auditLogId,
-      workspaceId: log.workspaceId,
-      event: log.event,
-      actorType: log.actor.type,
-      actorId: log.actor.id,
-      resourceCount: log.resources.length,
-    });
-
-    await db.insert(schema.auditLog).values({
+    auditLogs.push({
       id: auditLogId,
       workspaceId: log.workspaceId,
       bucketId: "DEPRECATED",
@@ -143,32 +128,28 @@ export async function insertAuditLogs(
       actorMeta: log.actor.meta,
     });
 
-    if (log.resources.length > 0) {
-      console.info({
-        message: "Inserting audit log resources",
-        auditLogId,
-        resourceCount: log.resources.length,
-        resourceTypes: log.resources.map((r) => r.type),
-      });
-
-      await db.insert(schema.auditLogTarget).values(
-        log.resources.map((r) => ({
-          workspaceId: log.workspaceId,
-          auditLogId,
-          bucketId: "DEPRECATED",
-          bucket: AUDIT_LOG_BUCKET,
-          displayName: "",
-          type: r.type,
-          id: r.id,
-          name: r.name,
-          meta: r.meta,
-        })),
-      );
+    if (log.resources.length === 0) {
+      continue;
     }
+
+    auditLogTargets.push(
+      ...log.resources.map((r) => ({
+        workspaceId: log.workspaceId,
+        auditLogId,
+        bucketId: "DEPRECATED",
+        bucket: AUDIT_LOG_BUCKET,
+        displayName: "",
+        type: r.type,
+        id: r.id,
+        name: r.name,
+        meta: r.meta,
+      })),
+    );
   }
 
-  console.info({
-    message: "Successfully inserted all audit logs",
-    count: logs.length,
-  });
+  await db.insert(schema.auditLog).values(auditLogs);
+
+  if (auditLogTargets.length > 0) {
+    await db.insert(schema.auditLogTarget).values(auditLogTargets);
+  }
 }
diff --git a/apps/dashboard/lib/trpc/routers/key/createRootKey.ts b/apps/dashboard/lib/trpc/routers/key/createRootKey.ts
index a1c27b0288..0d852252d3 100644
--- a/apps/dashboard/lib/trpc/routers/key/createRootKey.ts
+++ b/apps/dashboard/lib/trpc/routers/key/createRootKey.ts
@@ -1,5 +1,5 @@
 import type { UnkeyAuditLog } from "@/lib/audit";
-import { db, eq, schema } from "@/lib/db";
+import { and, db, eq, schema } from "@/lib/db";
 import { env } from "@/lib/env";
 import { TRPCError } from "@trpc/server";
 import { newId } from "@unkey/id";
@@ -53,7 +53,6 @@ export const createRootKey = t.procedure
     }
 
     const keyId = newId("key");
-
     const { key, hash, start } = await newKey({
       prefix: "unkey",
       byteLength: 16,
@@ -102,13 +101,15 @@ export const createRootKey = t.procedure
         let identityId: string | undefined = undefined;
         await tx.query.identities
           .findFirst({
-            where: (table, { eq }) => eq(table.externalId, ctx.user.id),
+            where: (table, { eq }) =>
+              and(eq(table.workspaceId, ctx.workspace.id), eq(table.externalId, ctx.user.id)),
           })
           .then((res) => {
             if (res) {
               identityId = res.id;
             }
           });
+
         if (!identityId) {
           identityId = newId("identity");
           await tx.insert(schema.identities).values({
@@ -116,6 +117,7 @@ export const createRootKey = t.procedure
             workspaceId: ctx.workspace.id,
             externalId: ctx.user.id,
           });
+
           auditLogs.push({
             workspaceId: ctx.workspace.id,
             actor: { type: "user", id: ctx.user.id },
@@ -133,6 +135,7 @@ export const createRootKey = t.procedure
             },
           });
         }
+
         await tx.update(schema.keys).set({ identityId }).where(eq(schema.keys.id, keyId));
 
         const { permissions, auditLogs: createPermissionLogs } = await upsertPermissions(
@@ -140,8 +143,8 @@ export const createRootKey = t.procedure
           env().UNKEY_WORKSPACE_ID,
           input.permissions,
         );
-        auditLogs.push(...createPermissionLogs);
 
+        auditLogs.push(...createPermissionLogs);
         auditLogs.push(
           ...permissions.map((p) => ({
             workspaceId: ctx.workspace.id,
@@ -174,6 +177,7 @@ export const createRootKey = t.procedure
             workspaceId: env().UNKEY_WORKSPACE_ID,
           })),
         );
+
         await insertAuditLogs(tx, auditLogs);
       });
     } catch (_err) {