fix(audit-log): lazily resolve actor name/email when missing

waleedlatif1 · waleedlatif1 · commit 163b35de8209 · 2026-02-19T16:13:55.000-08:00
diff --git a/apps/sim/lib/audit/log.ts b/apps/sim/lib/audit/log.ts
@@ -1,5 +1,7 @@
 import { auditLog, db } from '@sim/db'
+import { user } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
+import { eq } from 'drizzle-orm'
 import { nanoid } from 'nanoid'
 
 const logger = createLogger('AuditLog')
@@ -185,41 +187,58 @@ interface AuditLogParams {
 
 /**
  * Records an audit log entry. Fire-and-forget — never throws or blocks the caller.
+ * If actorName and actorEmail are both undefined (not provided by the caller),
+ * resolves them from the user table before inserting.
  */
 export function recordAudit(params: AuditLogParams): void {
-  try {
-    const ipAddress =
-      params.request?.headers.get('x-forwarded-for')?.split(',')[0].trim() ??
-      params.request?.headers.get('x-real-ip') ??
-      undefined
-    const userAgent = params.request?.headers.get('user-agent') ?? undefined
-
-    db.insert(auditLog)
-      .values({
-        id: nanoid(),
-        workspaceId: params.workspaceId || null,
-        actorId: params.actorId,
-        action: params.action,
-        resourceType: params.resourceType,
-        resourceId: params.resourceId,
-        actorName: params.actorName ?? undefined,
-        actorEmail: params.actorEmail ?? undefined,
-        resourceName: params.resourceName,
-        description: params.description,
-        metadata: params.metadata ?? {},
-        ipAddress,
-        userAgent,
-      })
-      .then(() => {
-        logger.debug('Audit log recorded', {
-          action: params.action,
-          resourceType: params.resourceType,
-        })
-      })
-      .catch((error) => {
-        logger.error('Failed to record audit log', { error, action: params.action })
-      })
-  } catch (error) {
-    logger.error('Failed to initiate audit log', { error, action: params.action })
+  insertAuditLog(params).catch((error) => {
+    logger.error('Failed to record audit log', { error, action: params.action })
+  })
+}
+
+async function insertAuditLog(params: AuditLogParams): Promise<void> {
+  const ipAddress =
+    params.request?.headers.get('x-forwarded-for')?.split(',')[0].trim() ??
+    params.request?.headers.get('x-real-ip') ??
+    undefined
+  const userAgent = params.request?.headers.get('user-agent') ?? undefined
+
+  let { actorName, actorEmail } = params
+
+  // Only look up if the caller didn't provide either field at all.
+  // Explicit null (e.g. user with no display name) is respected as-is.
+  if (actorName === undefined && actorEmail === undefined && params.actorId) {
+    try {
+      const [row] = await db
+        .select({ name: user.name, email: user.email })
+        .from(user)
+        .where(eq(user.id, params.actorId))
+        .limit(1)
+      actorName = row?.name ?? null
+      actorEmail = row?.email ?? null
+    } catch {
+      // Lookup failure is non-fatal — insert without actor info
+    }
   }
+
+  await db.insert(auditLog).values({
+    id: nanoid(),
+    workspaceId: params.workspaceId || null,
+    actorId: params.actorId,
+    action: params.action,
+    resourceType: params.resourceType,
+    resourceId: params.resourceId,
+    actorName: actorName ?? undefined,
+    actorEmail: actorEmail ?? undefined,
+    resourceName: params.resourceName,
+    description: params.description,
+    metadata: params.metadata ?? {},
+    ipAddress,
+    userAgent,
+  })
+
+  logger.debug('Audit log recorded', {
+    action: params.action,
+    resourceType: params.resourceType,
+  })
 }
