Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/FloresJesus/SS_RESTAURANT/llms.txt

Use this file to discover all available pages before exploring further.

The Audit Log API exposes the auditoria table, which records every significant action performed in the system. Entries are written automatically by the logAudit utility function (utils/auditLogger.js) at the point of the originating operation — no separate step is required. Each entry captures who performed the action (usuario_id), what they did (accion), which table was affected (tabla), which record (registro_id), a plain-text description (detalle), and the request IP address (direccion_ip). This provides a complete, tamper-evident trail for compliance, debugging, and operational review. All read and write access to the audit log is restricted to the admin role.

Automatic logging

The logAudit function is called throughout the codebase whenever a state-changing operation completes:
Triggeracciontabla
User logs inLOGINusuarios
New order createdCREARpedidos
Order status updatedACTUALIZARpedidos
Order detail line addedCREARdetalle_pedido
Payment processedCREARpagos
Ticket generatedCREARtickets
Invoice generatedCREARfacturas
Report generatedGENERARreportes
Report deletedELIMINARreportes
User account createdCREARusuarios
User account updatedACTUALIZARusuarios
User account deletedELIMINARusuarios
Settings updatedACTUALIZARconfiguracion

Endpoints

MethodPathAuthDescription
GET/api/auditadminList audit log entries, with optional filters
POST/api/auditadminManually record an audit entry

GET /api/audit

Returns audit log entries joined with the usuario table to include the actor’s name and email. Without query parameters the full log is returned in descending timestamp order. Combine any of the filter parameters to narrow the results. Query parameters
accion
string
Filter by action type: LOGIN, CREAR, ACTUALIZAR, ELIMINAR, or GENERAR.
tabla
string
Filter by the name of the affected database table (e.g., pedidos, pagos, reportes).
usuario_id
number
Filter entries by the ID of the user who performed the action.
desde
string
ISO 8601 datetime lower bound for creado_en (inclusive). Example: 2025-01-01T00:00:00.
hasta
string
ISO 8601 datetime upper bound for creado_en (inclusive). Example: 2025-01-31T23:59:59.
# All audit entries
curl -X GET https://api.example.com/api/audit \
  -H "Authorization: Bearer <token>"

# Payments by a specific user this month
curl -X GET "https://api.example.com/api/audit?accion=CREAR&tabla=pagos&usuario_id=2&desde=2025-01-01T00:00:00&hasta=2025-01-31T23:59:59" \
  -H "Authorization: Bearer <token>"
Response — array of audit entries: 
[
  {
    "id": 201,
    "usuario_id": 2,
    "usuario_nombre": "Ana",
    "usuario_email": "[email protected]",
    "accion": "CREAR",
    "tabla": "pagos",
    "registro_id": 15,
    "detalle": "Pago 15 para pedido 42 - efectivo Bs.120.5",
    "direccion_ip": "192.168.1.10",
    "creado_en": "2025-01-15T18:32:01.000Z"
  }
]
id
number
Audit entry primary key.
usuario_id
number
ID of the user who performed the action.
usuario_nombre
string
First name of the acting user (joined from usuario).
usuario_email
string
Email of the acting user (joined from usuario).
accion
string
Action type: one of LOGIN, CREAR, ACTUALIZAR, ELIMINAR, or GENERAR.
tabla
string
Name of the database table that was affected (e.g., pedidos, pagos, usuarios, reportes, detalle_pedido).
registro_id
number
Primary key of the affected record. May be null for actions that do not map to a single row (e.g., settings updates).
detalle
string
Human-readable description of the action, e.g., "Pago 15 para pedido 42 - efectivo Bs.120.5".
direccion_ip
string
IP address from which the request originated, as captured by req.ip.
creado_en
string
ISO 8601 timestamp when the entry was recorded.

POST /api/audit

Manually inserts an audit entry. Intended for administrative tools or integration scripts that perform actions outside the standard API flow and still need to be recorded in the trail.

Request body

accion
string
required
Action type. Recommended values: LOGIN, CREAR, ACTUALIZAR, ELIMINAR, GENERAR. Free-form strings are accepted but using the standard vocabulary keeps the log filterable.
tabla
string
required
Name of the database table or resource being acted upon.
registro_id
number
Primary key of the affected record, if applicable.
detalle
string
Plain-text description of what was done.
curl -X POST https://api.example.com/api/audit \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "accion": "ELIMINAR",
    "tabla": "reservas",
    "registro_id": 7,
    "detalle": "Reserva 7 cancelada manualmente por admin"
  }'
Response 201 Created: 
{ "message": "Auditoria registrada correctamente" }

Error responses

StatusCondition
400accion or tabla not provided
500Database or internal error

Sample audit entry

{
  "id": 201,
  "usuario_id": 2,
  "usuario_nombre": "Ana",
  "usuario_email": "[email protected]",
  "accion": "CREAR",
  "tabla": "pagos",
  "registro_id": 15,
  "detalle": "Pago 15 para pedido 42 - efectivo Bs.120.5",
  "direccion_ip": "192.168.1.10",
  "creado_en": "2025-01-15T18:32:01.000Z"
}
The logAudit utility is designed to be non-blocking — if the audit insert fails (e.g., due to a transient database error), it logs the error to console.error but does not throw, so the originating operation is not rolled back. Audit entries are best-effort; they should not be relied upon as the sole source of financial truth.

Build docs developers (and LLMs) love

Get started for freeTalk to us