security: Add guard to admin audit-log endpoint

[Xhristin3]

Problem Statement

The GET /admin/audit-logs endpoint (api/src/audit/admin-audit.controller.ts) has no authentication or authorization guard. Anyone can query the audit log, including user IDs, actions performed (login, password_change, stream_delete, role_change), and IP addresses.

Evidence

// api/src/audit/admin-audit.controller.ts — no @UseGuards decorator
@Controller("admin/audit-logs")
export class AdminAuditController {
  @Get()
  async findAll(@Query() query: PaginationQueryDto) { ... }
}

Impact

Unauthenticated access to audit logs exposes sensitive user activity data. IP addresses, login timestamps, and privileged action history are publicly accessible.

Proposed Solution

Add @UseGuards(RolesGuard) and @Roles("admin") decorators to the controller, matching the pattern used in AdminController.

Acceptance Criteria

• GET /admin/audit-logs returns 401 without auth header
• GET /admin/audit-logs returns 403 for non-admin users
• GET /admin/audit-logs succeeds for admin users
• AdminAuditController imports and uses RolesGuard + @roles('admin')

File Map

• api/src/audit/admin-audit.controller.ts — add guards

---

Labels: security, quick win
Priority: Medium | Difficulty: Beginner | Estimated Effort: 0.5h

---

Labels: security,quick win
Priority: Medium | Difficulty: Beginner | Estimated Effort: 0.5h
Backlog ID: REPO-031

[Jayydy]

Hello, can i be assigned to this issue?

[shadrach68]

Hi maintainer, I am confident that I can resolve this issue before 24hrs if assigned to me because I have the technical expertise to resolve it.