{"slug":"prisma-automated-audit-trail","title":"Automated Audit Trail in Prisma with AsyncLocalStorage","date":"2025-08-26","description":"Learn how to implement automated audit trails in Prisma using AsyncLocalStorage for user identification and automatic logging of CUD operations","content":"\n# Introduction\n\nAudit trails are crucial for maintaining data integrity, compliance, and debugging in production applications. However, manually adding audit logging to every database operation can be tedious and error-prone. What if we could automate this process using Prisma's middleware system and Node.js AsyncLocalStorage?\n\nIn this article, we'll build an automated audit trail system that:\n- Automatically logs all Create, Update, and Delete (CUD) operations\n- Identifies the user performing each operation using AsyncLocalStorage\n- Filters out unwanted models from audit logging\n- Provides a clean, type-safe interface for audit data\n- Handles system operations when no user context is available\n\n## What is AsyncLocalStorage?\n\nAsyncLocalStorage is a Node.js API that allows you to store data that is accessible throughout the entire lifecycle of an async operation. Think of it as a \"request-scoped container\" that follows your request through all async operations, making it perfect for storing user context that Prisma middleware can access.\n\n## Understanding the Problem\n\nTraditional audit trail implementations often require:\n\n- Manual logging in every service function\n- Passing user context through multiple function calls\n- Risk of forgetting to log certain operations\n- Inconsistent audit data structure\n- Difficulty in filtering what should be audited\n\nOur solution eliminates these issues by centralizing the audit logic in Prisma middleware.\n\n# Implementation\n\n## 1. Setting up the Audit Trail Types\n\nFirst, let's define our audit trail structure:\n\n```ts title=\"types/audit.ts\"\nexport interface AuditTrailEntry {\n id: string;\n tableName: string;\n recordId: string;\n operation: 'CREATE' | 'UPDATE' | 'DELETE';\n oldValues?: Record;\n newValues?: Record;\n userId?: string;\n userEmail?: string;\n timestamp: Date;\n}\n\nexport interface UserContext {\n id: string;\n email: string;\n}\n\nexport interface AuditConfig {\n // Models to exclude from audit trail\n excludedModels: string[];\n // Fields to exclude from audit trail (sensitive data)\n excludedFields: Record;\n // Whether to log the entire record or just changed fields\n logFullRecord: boolean;\n}\n```\n\n## 2. Creating the AsyncLocalStorage Context\n\nNext, we'll create a context manager for storing user information:\n\n```ts title=\"lib/audit-context.ts\"\nimport { AsyncLocalStorage } from 'node:async_hooks';\n\ninterface AuditContext {\n user?: UserContext;\n requestId: string;\n timestamp: Date;\n}\n\nconst auditContextStorage = new AsyncLocalStorage();\n\nexport class AuditContextManager {\n static runWithContext(\n context: Partial,\n fn: () => T | Promise\n ): Promise {\n const fullContext: AuditContext = {\n requestId: context.requestId || crypto.randomUUID(),\n timestamp: context.timestamp || new Date(),\n user: context.user,\n };\n\n return auditContextStorage.run(fullContext, fn);\n }\n\n static getCurrentContext(): AuditContext | undefined {\n return auditContextStorage.getStore();\n }\n\n static getCurrentUser(): UserContext | undefined {\n return auditContextStorage.getStore()?.user;\n }\n\n static setUser(user: UserContext): void {\n const context = auditContextStorage.getStore();\n if (context) {\n context.user = user;\n }\n }\n\n static clearUser(): void {\n const context = auditContextStorage.getStore();\n if (context) {\n context.user = undefined;\n }\n }\n}\n```\n\n## 3. Creating the Audit Trail Service\n\nNow let's build the service that handles audit trail creation:\n\n```ts title=\"lib/audit-service.ts\"\nimport { PrismaClient } from '@prisma/client';\nimport { AuditTrailEntry, AuditConfig, UserContext } from '../types/audit';\n\nexport class AuditService {\n constructor(\n private prisma: PrismaClient,\n private config: AuditConfig\n ) {}\n\n async logOperation(params: {\n tableName: string;\n recordId: string;\n operation: 'CREATE' | 'UPDATE' | 'DELETE';\n oldValues?: Record;\n newValues?: Record;\n }): Promise {\n // Skip if model is excluded\n if (this.config.excludedModels.includes(params.tableName)) {\n return;\n }\n\n const context = AuditContextManager.getCurrentContext();\n const user = context?.user;\n\n // Filter out sensitive fields\n const filteredOldValues = this.filterSensitiveFields(\n params.tableName,\n params.oldValues\n );\n const filteredNewValues = this.filterSensitiveFields(\n params.tableName,\n params.newValues\n );\n\n const auditEntry: Omit = {\n tableName: params.tableName,\n recordId: params.recordId,\n operation: params.operation,\n oldValues: this.config.logFullRecord ? filteredOldValues : undefined,\n newValues: this.config.logFullRecord ? filteredNewValues : undefined,\n userId: user?.id,\n userEmail: user?.email,\n };\n\n try {\n await this.prisma.auditTrail.create({\n data: {\n ...auditEntry,\n timestamp: new Date(),\n },\n });\n } catch (error) {\n // Log error but don't fail the main operation\n console.error('Failed to create audit trail entry:', error);\n }\n }\n\n private filterSensitiveFields(\n tableName: string,\n values?: Record\n ): Record | undefined {\n if (!values) return values;\n\n const excludedFields = this.config.excludedFields[tableName] || [];\n const filtered = { ...values };\n\n excludedFields.forEach(field => {\n if (field in filtered) {\n filtered[field] = '[REDACTED]';\n }\n });\n\n return filtered;\n }\n\n async getAuditTrail(params: {\n tableName?: string;\n recordId?: string;\n userId?: string;\n operation?: 'CREATE' | 'UPDATE' | 'DELETE';\n startDate?: Date;\n endDate?: Date;\n limit?: number;\n offset?: number;\n }): Promise {\n const where: any = {};\n\n if (params.tableName) where.tableName = params.tableName;\n if (params.recordId) where.recordId = params.recordId;\n if (params.userId) where.userId = params.userId;\n if (params.operation) where.operation = params.operation;\n if (params.startDate || params.endDate) {\n where.timestamp = {};\n if (params.startDate) where.timestamp.gte = params.startDate;\n if (params.endDate) where.timestamp.lte = params.endDate;\n }\n\n return this.prisma.auditTrail.findMany({\n where,\n orderBy: { timestamp: 'desc' },\n take: params.limit || 100,\n skip: params.offset || 0,\n });\n }\n}\n```\n\n## 4. Implementing Prisma Middleware\n\nThe core of our solution is Prisma middleware that automatically intercepts all operations:\n\n```ts title=\"lib/prisma-audit-middleware.ts\"\nimport { PrismaClient } from '@prisma/client';\nimport { AuditService } from './audit-service';\nimport { AuditContextManager } from './audit-context';\n\nexport function createAuditMiddleware(auditService: AuditService) {\n return async (params: any, next: any) => {\n // Store original parameters for audit logging\n const originalParams = { ...params };\n \n // Execute the original operation\n const result = await next(params);\n \n // Get current user context\n const user = AuditContextManager.getCurrentUser();\n \n try {\n // Handle different operation types\n if (params.action === 'create') {\n await auditService.logOperation({\n tableName: params.model,\n recordId: result.id || result.id,\n operation: 'CREATE',\n newValues: params.data,\n });\n } else if (params.action === 'update') {\n await auditService.logOperation({\n tableName: params.model,\n recordId: params.args.where.id || params.args.where.id,\n operation: 'UPDATE',\n oldValues: params.args.data,\n newValues: params.args.data,\n });\n } else if (params.action === 'delete') {\n await auditService.logOperation({\n tableName: params.model,\n recordId: params.args.where.id || params.args.where.id,\n operation: 'DELETE',\n oldValues: result,\n });\n } else if (params.action === 'deleteMany') {\n // Handle bulk deletions\n const records = await params.model.findMany({\n where: params.args.where,\n });\n \n for (const record of records) {\n await auditService.logOperation({\n tableName: params.model,\n recordId: record.id,\n operation: 'DELETE',\n oldValues: record,\n });\n }\n } else if (params.action === 'updateMany') {\n // Handle bulk updates\n const records = await params.model.findMany({\n where: params.args.where,\n });\n \n for (const record of records) {\n await auditService.logOperation({\n tableName: params.model,\n recordId: record.id,\n operation: 'UPDATE',\n oldValues: record,\n newValues: params.args.data,\n });\n }\n }\n } catch (error) {\n // Log error but don't fail the main operation\n console.error('Audit middleware error:', error);\n }\n \n return result;\n };\n}\n```\n\n## 5. Setting up the Prisma Client\n\nNow let's configure our Prisma client with the audit middleware:\n\n```ts title=\"lib/prisma.ts\"\nimport { PrismaClient } from '@prisma/client';\nimport { AuditService } from './audit-service';\nimport { createAuditMiddleware } from './prisma-audit-middleware';\n\nconst auditConfig: AuditConfig = {\n excludedModels: ['AuditTrail', 'Sessions', 'TempFiles'],\n excludedFields: {\n Users: ['password', 'resetToken'],\n Profiles: ['ssn', 'creditCard'],\n Logs: ['sensitiveData'],\n },\n logFullRecord: false, // Only log changed fields for updates\n};\n\nconst auditService = new AuditService(prisma, auditConfig);\n\nexport const prisma = new PrismaClient().$extends({\n query: {\n $allModels: {\n async $allOperations({ model, operation, args, query }) {\n // Apply audit middleware to all operations\n return createAuditMiddleware(auditService)({ \n action: operation, \n model, \n args \n }, query);\n },\n },\n },\n});\n\nexport { auditService };\n```\n\n## 6. Middleware for User Context\n\nTo capture user context in your Express.js or Next.js application:\n\n```ts title=\"middleware/auth-context.ts\"\nimport { Request, Response, NextFunction } from 'express';\nimport { AuditContextManager } from '../lib/audit-context';\n\nexport function authContextMiddleware(req: Request, res: Response, next: NextFunction) {\n const user = req.user; // Assuming you have user info from auth middleware\n \n AuditContextManager.runWithContext(\n {\n user: user ? {\n id: user.id,\n email: user.email,\n } : undefined,\n },\n () => {\n next();\n }\n );\n}\n```\n\n## 7. Usage Examples\n\nHere's how to use the audit trail system:\n\n```ts\n// Example: User registration\napp.post('/register', authContextMiddleware, async (req, res) => {\n try {\n const user = await prisma.user.create({\n data: {\n email: req.body.email,\n name: req.body.name,\n password: hashedPassword,\n },\n });\n \n // Audit trail is automatically created by middleware\n res.status(201).json({ message: 'User created successfully', userId: user.id });\n } catch (error) {\n res.status(400).json({ error: 'Registration failed' });\n }\n});\n\n// Example: Updating user profile\napp.put('/profile/:id', authContextMiddleware, async (req, res) => {\n try {\n const user = await prisma.user.update({\n where: { id: req.params.id },\n data: {\n name: req.body.name,\n bio: req.body.bio,\n },\n });\n \n // Audit trail automatically logs the update\n res.json({ message: 'Profile updated successfully', user });\n } catch (error) {\n res.status(400).json({ error: 'Update failed' });\n }\n});\n\n// Example: Querying audit trail\napp.get('/audit/:tableName/:recordId', async (req, res) => {\n try {\n const auditEntries = await auditService.getAuditTrail({\n tableName: req.params.tableName,\n recordId: req.params.recordId,\n limit: 50,\n });\n \n res.json(auditEntries);\n } catch (error) {\n res.status(500).json({ error: 'Failed to fetch audit trail' });\n }\n});\n```\n\n## 8. Database Schema\n\nYou'll need to add an audit trail table to your Prisma schema:\n\n```prisma title=\"prisma/schema.prisma\"\nmodel AuditTrail {\n id String @id @default(cuid())\n tableName String\n recordId String\n operation String // CREATE, UPDATE, DELETE\n oldValues Json? // Previous values (for updates/deletes)\n newValues Json? // New values (for creates/updates)\n userId String? // ID of user who performed the operation\n userEmail String? // Email of user for easier querying\n timestamp DateTime @default(now())\n\n @@index([tableName, recordId])\n @@index([userId])\n @@index([timestamp])\n @@index([operation])\n}\n```\n\n# Configuration Options\n\n## Audit Configuration\n\n```ts\nconst auditConfig: AuditConfig = {\n // Exclude system tables and temporary data\n excludedModels: [\n 'AuditTrail',\n 'Sessions', \n 'TempFiles',\n 'Cache',\n 'Logs'\n ],\n \n // Exclude sensitive fields from audit trail\n excludedFields: {\n Users: ['password', 'resetToken', 'apiKey'],\n Profiles: ['ssn', 'creditCard', 'passportNumber'],\n Orders: ['paymentToken', 'cvv'],\n Logs: ['sensitiveData', 'stackTrace']\n },\n \n // Only log changed fields for updates (more efficient)\n logFullRecord: false,\n \n // Additional options you could add:\n // maxAuditEntries: 10000, // Limit audit trail size\n // retentionDays: 365, // Auto-delete old entries\n // batchSize: 100, // Batch audit operations\n};\n```\n\n## Environment-based Configuration\n\n```ts title=\"config/audit.ts\"\nexport const getAuditConfig = (): AuditConfig => {\n const isProduction = process.env.NODE_ENV === 'production';\n \n return {\n excludedModels: [\n 'AuditTrail',\n 'Sessions',\n ...(isProduction ? ['DebugLogs', 'TestData'] : [])\n ],\n excludedFields: {\n Users: ['password', 'resetToken'],\n ...(isProduction ? {\n Profiles: ['ssn', 'creditCard'],\n Orders: ['paymentToken']\n } : {})\n },\n logFullRecord: !isProduction, // Log full records in development\n };\n};\n```\n\n# Advanced Features\n\n## 1. Batch Operations Support\n\nFor bulk operations, you might want to batch audit entries:\n\n```ts title=\"lib/batch-audit-service.ts\"\nexport class BatchAuditService extends AuditService {\n private batchQueue: Array<() => Promise> = [];\n private batchTimeout: NodeJS.Timeout | null = null;\n private readonly batchDelay = 100; // ms\n\n async logOperation(params: any): Promise {\n return new Promise((resolve) => {\n this.batchQueue.push(async () => {\n await super.logOperation(params);\n resolve();\n });\n\n this.scheduleBatch();\n });\n }\n\n private scheduleBatch(): void {\n if (this.batchTimeout) return;\n\n this.batchTimeout = setTimeout(async () => {\n const operations = [...this.batchQueue];\n this.batchQueue = [];\n this.batchTimeout = null;\n\n // Execute all operations in parallel\n await Promise.all(operations.map(op => op()));\n }, this.batchDelay);\n }\n}\n```\n\n## 2. Audit Trail Cleanup\n\nImplement automatic cleanup of old audit entries:\n\n```ts title=\"lib/audit-cleanup.ts\"\nexport class AuditCleanupService {\n constructor(private prisma: PrismaClient) {}\n\n async cleanupOldEntries(retentionDays: number = 365): Promise {\n const cutoffDate = new Date();\n cutoffDate.setDate(cutoffDate.getDate() - retentionDays);\n\n const result = await this.prisma.auditTrail.deleteMany({\n where: {\n timestamp: {\n lt: cutoffDate,\n },\n },\n });\n\n return result.count;\n }\n\n async cleanupByTable(tableName: string, retentionDays: number): Promise {\n const cutoffDate = new Date();\n cutoffDate.setDate(cutoffDate.getDate() - retentionDays);\n\n const result = await this.prisma.auditTrail.deleteMany({\n where: {\n tableName,\n timestamp: {\n lt: cutoffDate,\n },\n },\n });\n\n return result.count;\n }\n}\n```\n\n## 3. Audit Trail Analytics\n\nAdd analytics capabilities to your audit trail:\n\n```ts title=\"lib/audit-analytics.ts\"\nexport class AuditAnalyticsService {\n constructor(private prisma: PrismaClient) {}\n\n async getOperationStats(startDate: Date, endDate: Date) {\n const stats = await this.prisma.auditTrail.groupBy({\n by: ['operation', 'tableName'],\n where: {\n timestamp: {\n gte: startDate,\n lte: endDate,\n },\n },\n _count: {\n id: true,\n },\n });\n\n return stats;\n }\n\n async getTopUsers(startDate: Date, endDate: Date, limit: number = 10) {\n const users = await this.prisma.auditTrail.groupBy({\n by: ['userId', 'userEmail'],\n where: {\n timestamp: {\n gte: startDate,\n lte: endDate,\n },\n userId: { not: null },\n },\n _count: {\n id: true,\n },\n orderBy: {\n _count: {\n id: 'desc',\n },\n },\n take: limit,\n });\n\n return users;\n }\n\n async getTableActivity(startDate: Date, endDate: Date) {\n const activity = await this.prisma.auditTrail.groupBy({\n by: ['tableName', 'operation'],\n where: {\n timestamp: {\n gte: startDate,\n lte: endDate,\n },\n },\n _count: {\n id: true,\n },\n orderBy: {\n _count: {\n id: 'desc',\n },\n },\n });\n\n return activity;\n }\n}\n```\n\n# Testing Your Audit Trail\n\n## Unit Tests\n\n```ts title=\"tests/audit-service.test.ts\"\nimport { AuditService } from '../lib/audit-service';\nimport { AuditContextManager } from '../lib/audit-context';\n\ndescribe('AuditService', () => {\n let auditService: AuditService;\n let mockPrisma: any;\n\n beforeEach(() => {\n mockPrisma = {\n auditTrail: {\n create: jest.fn(),\n },\n };\n \n auditService = new AuditService(mockPrisma, {\n excludedModels: ['TestModel'],\n excludedFields: {},\n logFullRecord: true,\n });\n });\n\n it('should log CREATE operation', async () => {\n const user = { id: 'user1', email: 'test@example.com' };\n \n await AuditContextManager.runWithContext({ user }, async () => {\n await auditService.logOperation({\n tableName: 'Users',\n recordId: 'user1',\n operation: 'CREATE',\n newValues: { email: 'test@example.com' },\n });\n });\n\n expect(mockPrisma.auditTrail.create).toHaveBeenCalledWith({\n data: expect.objectContaining({\n tableName: 'Users',\n operation: 'CREATE',\n userId: 'user1',\n userEmail: 'test@example.com',\n }),\n });\n });\n\n it('should exclude sensitive fields', async () => {\n const auditService = new AuditService(mockPrisma, {\n excludedModels: [],\n excludedFields: {\n Users: ['password'],\n },\n logFullRecord: true,\n });\n\n await auditService.logOperation({\n tableName: 'Users',\n recordId: 'user1',\n operation: 'UPDATE',\n newValues: { email: 'test@example.com', password: 'secret' },\n });\n\n expect(mockPrisma.auditTrail.create).toHaveBeenCalledWith({\n data: expect.objectContaining({\n newValues: { email: 'test@example.com', password: '[REDACTED]' },\n }),\n });\n });\n});\n```\n\n## Integration Tests\n\n```ts title=\"tests/audit-integration.test.ts\"\ndescribe('Audit Trail Integration', () => {\n it('should automatically log user creation', async () => {\n const user = await prisma.user.create({\n data: {\n email: 'test@example.com',\n name: 'Test User',\n },\n });\n\n const auditEntry = await prisma.auditTrail.findFirst({\n where: {\n tableName: 'User',\n recordId: user.id,\n operation: 'CREATE',\n },\n });\n\n expect(auditEntry).toBeTruthy();\n expect(auditEntry?.newValues).toMatchObject({\n email: 'test@example.com',\n name: 'Test User',\n });\n });\n\n it('should handle system operations without user context', async () => {\n // No user context set\n const user = await prisma.user.create({\n data: {\n email: 'system@example.com',\n name: 'System User',\n },\n });\n\n const auditEntry = await prisma.auditTrail.findFirst({\n where: {\n tableName: 'User',\n recordId: user.id,\n operation: 'CREATE',\n },\n });\n\n expect(auditEntry).toBeTruthy();\n expect(auditEntry?.userId).toBeNull();\n expect(auditEntry?.userEmail).toBeNull();\n });\n});\n```\n\n# Performance Considerations\n\n## 1. Database Indexing\n\nEnsure your audit trail table is properly indexed:\n\n```sql\n-- Add these indexes to your audit trail table\nCREATE INDEX idx_audit_trail_table_record ON audit_trail(table_name, record_id);\nCREATE INDEX idx_audit_trail_user ON audit_trail(user_id);\nCREATE INDEX idx_audit_trail_timestamp ON audit_trail(timestamp);\nCREATE INDEX idx_audit_trail_operation ON audit_trail(operation);\nCREATE INDEX idx_audit_trail_user_timestamp ON audit_trail(user_id, timestamp);\n```\n\n## 2. Partitioning for Large Tables\n\nFor high-traffic applications, consider partitioning your audit trail table:\n\n```sql\n-- Partition by month for better performance\nCREATE TABLE audit_trail_2024_01 PARTITION OF audit_trail\nFOR VALUES FROM ('2024-01-01') TO ('2024-02-01');\n\nCREATE TABLE audit_trail_2024_02 PARTITION OF audit_trail\nFOR VALUES FROM ('2024-02-01') TO ('2024-03-01');\n```\n\n## 3. Async Processing\n\nFor better performance, consider processing audit entries asynchronously:\n\n```ts title=\"lib/async-audit-service.ts\"\nexport class AsyncAuditService extends AuditService {\n async logOperation(params: any): Promise {\n // Don't await - fire and forget\n setImmediate(async () => {\n try {\n await super.logOperation(params);\n } catch (error) {\n console.error('Async audit logging failed:', error);\n }\n });\n }\n}\n```\n\n# Best Practices\n\n## 1. Security Considerations\n\n- **Never log sensitive data**: Always filter out passwords, tokens, and PII\n- **Encrypt audit logs**: Consider encrypting sensitive audit data at rest\n- **Access control**: Limit who can view audit trails\n- **Data retention**: Implement proper data retention policies\n\n## 2. Performance Best Practices\n\n- **Index your audit table**: Ensure fast queries on common fields\n- **Batch operations**: Use batch processing for high-volume operations\n- **Async logging**: Don't block main operations for audit logging\n- **Regular cleanup**: Implement automated cleanup of old audit entries\n\n## 3. Monitoring and Alerting\n\n- **Monitor audit log size**: Set up alerts for rapidly growing audit tables\n- **Track failed audits**: Monitor and alert on audit logging failures\n- **Performance metrics**: Track audit logging performance impact\n\n# Conclusion\n\nImplementing an automated audit trail using Prisma middleware and AsyncLocalStorage provides a robust, maintainable solution for tracking data changes in your application. The key benefits of this approach are:\n\n- **Automatic logging**: No need to manually add audit calls throughout your codebase\n- **User context**: Automatic user identification without passing context through function calls\n- **Performance**: Minimal impact on your main application operations\n- **Flexibility**: Easy to configure what gets audited and what doesn't\n- **Maintainability**: Centralized audit logic that's easy to modify and extend\n\nThis system scales well from small applications to enterprise-level systems and provides the foundation for compliance, debugging, and business intelligence needs. By leveraging Prisma's middleware system and Node.js AsyncLocalStorage, you get the best of both worlds: powerful database operations and comprehensive audit trails without the maintenance overhead.\n\nRemember to:\n- Start with a simple configuration and expand as needed\n- Monitor performance impact and adjust accordingly\n- Implement proper data retention and cleanup policies\n- Test thoroughly, especially edge cases like system operations\n- Consider your compliance requirements when designing the audit schema\n\nWith this implementation, you'll have a production-ready audit trail system that automatically tracks all your important data changes while maintaining excellent application performance.\n","readingTime":"14","tags":[]}