Phase 4 of Migration

backend/auth/router.py

@@ -1,4 +1,4 @@
-from fastapi import APIRouter, Depends
+from fastapi import APIRouter, Depends, Request
 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
 
@@ -6,6 +6,7 @@ from database.postgres import get_pg_session
 from staff.orm import Staff
 from auth.models import LoginRequest, TokenResponse
 from auth.utils import verify_password, create_access_token
+from shared.audit import log_action
 from shared.exceptions import AuthenticationError
 
 router = APIRouter(prefix="/api/auth", tags=["auth"])
@@ -21,7 +22,11 @@ _ROLE_MAP = {
 
 
 @router.post("/login", response_model=TokenResponse)
-async def login(body: LoginRequest, db: AsyncSession = Depends(get_pg_session)):
+async def login(
+    body: LoginRequest,
+    request: Request,
+    db: AsyncSession = Depends(get_pg_session),
+):
     result = await db.execute(
         select(Staff).where(Staff.email == body.email).limit(1)
     )
@@ -49,6 +54,18 @@ async def login(body: LoginRequest, db: AsyncSession = Depends(get_pg_session)):
     if role in ("editor", "user"):
         permissions = staff.permissions
 
+    await log_action(
+        db,
+        actor_id=staff.id,
+        actor_name=staff.name,
+        action="LOGIN",
+        entity_type="staff",
+        entity_id=staff.id,
+        entity_label=staff.email,
+        meta={"ip": request.client.host if request.client else None},
+    )
+    await db.commit()
+
     return TokenResponse(
         access_token=token,
         role=role,