src/EventSubscriber/AuditSubscriber.php line 334

Open in your IDE?
  1. <?php
  2. namespace App\EventSubscriber;
  3. use App\Entity\LogsAction;
  4. use App\Entity\User;
  5. use App\Repository\LogsActionRepository;
  6. use DateTime;
  7. use DateTimeInterface;
  8. use Doctrine\Common\Collections\Collection;
  9. use Doctrine\ORM\Event\LifecycleEventArgs;
  10. use Doctrine\Persistence\ManagerRegistry;
  11. use Doctrine\Persistence\ObjectManager;
  12. use Error;
  13. use Exception;
  14. use ReflectionMethod;
  15. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  16. use Symfony\Component\HttpFoundation\File\UploadedFile;
  17. use Symfony\Component\HttpFoundation\Request;
  18. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  19. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  20. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  21. use Symfony\Component\HttpKernel\KernelEvents;
  22. use Symfony\Component\Security\Core\Security;
  24. class AuditSubscriber implements EventSubscriberInterface
  25. {
  26.     private $requestData = [];
  27.     private $entityChanges = [];
  28.     private $shouldSkipAudit false;
  29.     private $errorData null;
  30.     private $preDeleteEntityData null;
  32.     // Routes to ignore from audit logging
  33.     private const IGNORED_ROUTES = [
  34.         // Clean route patterns
  35.         '/api/discussion/list',
  36.         '/api/login_check',
  37.         // Original Symfony route patterns  
  38.         '_api_/discussion/list',
  39.         'api/login_check',
  40.         '_api_/discussion/list.{_format}_get',
  41.         'api/login_check_post',
  42.     ];
  44.     public function __construct(
  45.         private readonly \Doctrine\ORM\EntityManagerInterface $entityManager,
  46.         private readonly ManagerRegistry $doctrine,
  47.         private Security $security,
  48.         private readonly LogsActionRepository $logsActionRepository
  49.     ) {
  50.     }
  52.     public static function getSubscribedEvents() :array
  53.     {
  54.         return [
  55.             // HTTP Kernel Events
  56.             KernelEvents::CONTROLLER => 'onKernelController',
  57.             KernelEvents::RESPONSE => 'onKernelResponse',
  58.             KernelEvents::EXCEPTION => 'onKernelException',
  59.         ];
  60.     }
  62.     // Spammed routes like /api/login_check or /api/discussion/list
  63.     private function shouldIgnoreRoute(string $originalRoute nullstring $cleanRoute null): bool
  64.     {
  65.         if (!$originalRoute && !$cleanRoute) {
  66.             return false;
  67.         }
  68.         if ($originalRoute && in_array($originalRouteself::IGNORED_ROUTEStrue)) {
  69.             return true;
  70.         }
  71.         if ($cleanRoute && in_array($cleanRouteself::IGNORED_ROUTEStrue)) {
  72.             return true;
  73.         }
  74.         foreach (self::IGNORED_ROUTES as $ignoredRoute) {
  75.             if ($originalRoute && str_starts_with($originalRoute$ignoredRoute)) {
  76.                 return true;
  77.             }
  78.             if ($originalRoute && $this->matchesRoutePattern($originalRoute$ignoredRoute)) {
  79.                 return true;
  80.             }
  81.         }
  82.         return false;
  83.     }
  84.     private function matchesRoutePattern(string $routestring $pattern): bool
  85.     {
  86.         // Remove format and method suffixes for comparison
  87.         $cleanedRoute preg_replace('/\.\{_format\}(_\w+)?$/'''$route);
  88.         $cleanedRoute preg_replace('/_(?:get|post|put|patch|delete)$/'''$cleanedRoute);
  89.         
  90.         $cleanedPattern preg_replace('/\.\{_format\}(_\w+)?$/'''$pattern);
  91.         $cleanedPattern preg_replace('/_(?:get|post|put|patch|delete)$/'''$cleanedPattern);
  92.         
  93.         return $cleanedRoute === $cleanedPattern;
  94.     }
  96.     private function extractEntityData($entity): array
  97.     {
  98.         try {
  99.             $data = [];
  100.             $reflection = new \ReflectionClass($entity);
  102.             foreach ($reflection->getProperties() as $property) {
  103.                 try {
  104.                     $value $property->getValue($entity);
  105.                 } catch (Error $e) {
  106.                     // Handle uninitialized typed properties (like ID in prePersist)
  107.                     if (str_contains($e->getMessage(), 'must not be accessed before initialization')) {
  108.                         continue;
  109.                     }
  110.                     continue;
  111.                 }
  112.                 if ($value instanceof DateTimeInterface) {
  113.                     $data[$property->getName()] = $value->format('Y-m-d H:i:s');
  114.                 } elseif (is_object($value) && method_exists($value'getId')) {
  115.                     // For relations just store the ID
  116.                     try {
  117.                         $data[$property->getName() . '_id'] = $value->getId();
  118.                     } catch (Error $e) {
  119.                         if (str_contains($e->getMessage(), 'must not be accessed before initialization')) {
  120.                             $data[$property->getName() . '_id'] = 'uninitialized';
  121.                         } else {
  122.                             $data[$property->getName() . '_id'] = 'error';
  123.                         }
  124.                     }
  125.                 } elseif (is_array($value) || $value instanceof Collection) {
  126.                     // For collections, store count or IDs
  127.                     try {
  128.                         if ($value instanceof Collection) {
  129.                             // Check if the collection is initialized to avoid lazy loading issues
  130.                             if ($value instanceof \Doctrine\ORM\PersistentCollection && !$value->isInitialized()) {
  131.                                 $data[$property->getName() . '_count'] = 'uninitialized_collection';
  132.                             } else {
  133.                                 $data[$property->getName() . '_count'] = $value->count();
  134.                             }
  135.                         } else {
  136.                             $data[$property->getName() . '_count'] = count($value);
  137.                         }
  138.                     } catch (Exception $e) {
  139.                         // If counting fails, just note that there's a collection
  140.                         $data[$property->getName() . '_count'] = 'collection_error';
  141.                     }
  142.                 } elseif (is_scalar($value) || is_null($value)) {
  143.                     $data[$property->getName()] = $value;
  144.                 } else {
  145.                     // For other objects, try to get a string representation
  146.                     try {
  147.                         $data[$property->getName()] = (string)$value;
  148.                     } catch (Exception $e) {
  149.                         $data[$property->getName()] = 'object_conversion_error';
  150.                     }
  151.                 }
  152.             }
  154.             return $data;
  156.         } catch (Exception $e) {
  157.             // Return basic entity info if extraction fails completely
  158.             return [
  159.                 'entity_class' => get_class($entity),
  160.                 'extraction_error' => $e->getMessage()
  161.             ];
  162.         }
  163.     }
  165.     // This function is useless right now but in case we need to specify which HTTP actions to log later
  166.     private function shouldLogHttpAction(string $methodint $statusCode): bool
  167.     {
  168.         // Log all successful requests for certain methods
  169.         if ($statusCode >= 200 && $statusCode 300) {
  170.             return in_array($method, ['GET''DELETE''POST''PUT''PATCH']);
  171.         }
  172.         // Log all error responses
  173.         return $statusCode >= 400;
  174.     }
  177.     private function getHttpActionType(string $methodstring $route null): string
  178.     {
  179.         if ($route && $this->isDeleteRoute($route)) {
  180.             return 'delete';
  181.         }
  182.         
  183.         return match ($method) {
  184.             'GET' => 'read',
  185.             'POST' => 'create',
  186.             'PUT''PATCH' => 'update'
  187.             'DELETE' => 'delete',
  188.             default => 'request'
  189.         };
  190.     }
  192.     // Some Delete routes are using POST method so u need to handle them separately
  193.     private function isDeleteRoute(string $route): bool
  194.     {
  195.         $deletePatterns = [
  196.             '/delete',
  197.             'delete_',
  198.             '_delete',
  199.             '/remove',
  200.             'remove_',
  201.             '_remove',
  202.             '/destroy',
  203.             'destroy_',
  204.             '_destroy'
  205.         ];
  206.         
  207.         $lowerRoute strtolower($route);
  208.         
  209.         foreach ($deletePatterns as $pattern) {
  210.             if (str_contains($lowerRoute$pattern)) {
  211.                 return true;
  212.             }
  213.         }
  214.         
  215.         return false;
  216.     }
  218.     private function captureEntityBeforeDelete(Request $requeststring $route): void
  219.     {
  220.         try {
  221.             $entityId $this->extractEntityIdFromRequest($request);
  222.             if (!$entityId) {
  223.                 return;
  224.             }
  225.             $entityClass $this->getEntityFromRoute($route);
  226.             if (!$entityClass) {
  227.                 return;
  228.             }
  230.             $repository $this->entityManager->getRepository($entityClass);
  231.             $entity $repository->find($entityId);
  232.             
  233.             if ($entity) {
  234.                 $this->preDeleteEntityData $this->extractEntityData($entity);
  235.             }
  236.         } catch (Exception $e) {
  237.         }
  238.     }
  240.     private function extractEntityIdFromRequest(Request $request): ?int
  241.     {
  242.         $idParams = ['id''entityId''siteId''userId''customerId'];
  243.         
  244.         foreach ($idParams as $param) {
  245.             $value $request->get($param);
  246.             if ($value && is_numeric($value)) {
  247.                 return (int) $value;
  248.             }
  249.         }
  250.         $pathInfo $request->getPathInfo();
  251.         if (preg_match('/\/(\d+)(?:\/|$)/'$pathInfo$matches)) {
  252.             $id = (int) $matches[1];
  253.             return $id;
  254.         }
  255.         return null;
  256.     }
  258.     private function getEntityFromRoute(string $route): ?string
  259.     {
  260.         $routeToEntityMap = [
  261.             'sites' => 'App\Entity\Site',
  262.             'users' => 'App\Entity\User'
  263.             'customers' => 'App\Entity\Customer',
  264.             'evaluations' => 'App\Entity\Evaluation',
  265.             'documents' => 'App\Entity\Document',
  266.             'categories' => 'App\Entity\Category',
  267.             'sections' => 'App\Entity\Section',
  268.             'compliances' => 'App\Entity\Compliance',
  269.             //
  270.             'site' => 'App\Entity\Site',
  271.             'user' => 'App\Entity\User',
  272.             'customer' => 'App\Entity\Customer'
  273.             'evaluation' => 'App\Entity\Evaluation',
  274.             'document' => 'App\Entity\Document',
  275.             'category' => 'App\Entity\Category',
  276.             'section' => 'App\Entity\Section',
  277.             'compliance' => 'App\Entity\Compliance',
  278.         ];
  280.         $lowerRoute strtolower($route);
  281.         
  282.         foreach ($routeToEntityMap as $routePattern => $entityClass) {
  283.             if (str_contains($lowerRoute$routePattern)) {
  284.                 return $entityClass;
  285.             }
  286.         }
  288.         return null;
  289.     }
  292.     private function getAuditEntityManager(): ObjectManager
  293.     {
  294.         try {
  295.             $em $this->doctrine->resetManager();
  296.             return $this->doctrine->getManager();
  297.         } catch (Exception $e) {
  298.             return $this->entityManager;
  299.         }
  300.     }
  302.     private function getCleanRoute($request): string
  303.     {
  304.         // Try to get the actual path first
  305.         $pathInfo $request->getPathInfo();
  306.         if ($pathInfo && $pathInfo !== '/') {
  307.             return $pathInfo;
  308.         }
  309.         
  310.         // Fallback to route name, but clean it up
  311.         $route $request->attributes->get('_route');
  312.         if (!$route) {
  313.             return 'unknown_route';
  314.         }
  315.         
  316.         // Clean up common Symfony route patterns
  317.         $cleanRoute $route;
  318.         
  319.         // Remove format placeholders
  320.         $cleanRoute preg_replace('/\.\{_format\}/'''$cleanRoute);
  321.         
  322.         // Remove method suffixes (like _post, _get, etc.)
  323.         $cleanRoute preg_replace('/_(?:get|post|put|patch|delete)$/'''$cleanRoute);
  324.         
  325.         // Convert underscores to forward slashes for API routes
  326.         if (str_starts_with($cleanRoute'_api_')) {
  327.             $cleanRoute str_replace('_api_''/api/'$cleanRoute);
  328.             $cleanRoute str_replace('_''/'$cleanRoute);
  329.         }
  330.         
  331.         return $cleanRoute;
  332.     }
  334.     public function onKernelController(ControllerEvent $event)
  335.     {
  336.         $request $event->getRequest();
  337.         $originalRoute $request->attributes->get('_route');
  338.         $cleanRoute $this->getCleanRoute($request);
  340.         if ($this->shouldIgnoreRoute($originalRoute$cleanRoute)) {
  341.             $this->shouldSkipAudit true;
  342.             return;
  343.         }
  345.         $this->shouldSkipAudit false;
  346.         $requestData = [];
  348.         $requestData['query'] = $request->query->all();
  349.         $requestData['request'] = $request->request->all();
  350.         $requestData['attributes'] = $request->attributes->all();
  352.         if ($request->getContentType() === 'json' || str_contains($request->headers->get('Content-Type'''), 'application/json')) {
  353.             $content $request->getContent();
  354.             if ($content) {
  355.                 $decodedContent json_decode($contenttrue);
  356.                 if (json_last_error() === JSON_ERROR_NONE) {
  357.                     $requestData['json_body'] = $decodedContent;
  358.                 } else {
  359.                     $requestData['raw_body'] = $content;
  360.                 }
  361.             }
  362.         }
  364.         if ($request->files->all()) {
  365.             $requestData['files'] = array_map(function($file) {
  366.                 return $file instanceof UploadedFile
  367.                     ? ['name' => $file->getClientOriginalName(), 'size' => $file->getSize(), 'type' => $file->getMimeType()]
  368.                     : (string)$file;
  369.             }, $request->files->all());
  370.         }
  372.         $this->requestData = [
  373.             'route' => $cleanRoute,
  374.             'method' => $request->getMethod(),
  375.             'ip_address' => $this->logsActionRepository->getRealIpAddress($request),
  376.             'user_agent' => $request->headers->get('User-Agent'),
  377.             'request_data' => json_encode($requestData),
  378.         ];
  380.         if ($this->isDeleteRoute($cleanRoute)) {
  381.             $this->captureEntityBeforeDelete($request$cleanRoute);
  382.         }
  383.     }
  385.      public function preUpdate(LifecycleEventArgs $args)
  386.      {
  387.          if ($this->shouldSkipAudit) {
  388.              return;
  389.          }
  390.          try {
  391.              $entity $args->getObject();
  392.              $entityClass get_class($entity);
  393.              $entityId 'unknown';
  394.              if (method_exists($entity'getId')) {
  395.                  try {
  396.                      $entityId $entity->getId() ?? 'null_id';
  397.                  } catch (\Error $e) {
  398.                      if (str_contains($e->getMessage(), 'must not be accessed before initialization')) {
  399.                          $entityId 'uninitialized_id';
  400.                      } else {
  401.                          $entityId 'error_getting_id';
  402.                      }
  403.                  }
  404.              }
  406.              $dataBefore = [];
  407.              try {
  408.                  $uow $this->entityManager->getUnitOfWork();
  409.                  $changeSet $uow->getEntityChangeSet($entity);
  411.                  foreach ($changeSet as $field => $values) {
  412.                      // $values[0] is the old value (before), $values[1] is the new value (after)
  413.                      // This will create 2 pairs: field => old_value, field => new_value
  414.                      $oldValue $values[0];
  415.                      
  416.                      if ($oldValue instanceof DateTimeInterface) {
  417.                          $dataBefore[$field] = $oldValue->format('Y-m-d H:i:s');
  418.                      } elseif (is_object($oldValue) && method_exists($oldValue'getId')) {
  419.                          try {
  420.                              $dataBefore[$field '_id'] = $oldValue->getId();
  421.                          } catch (\Error $e) {
  422.                              $dataBefore[$field '_id'] = 'uninitialized';
  423.                          }
  424.                      } elseif (is_scalar($oldValue) || is_null($oldValue)) {
  425.                          $dataBefore[$field] = $oldValue;
  426.                      } else {
  427.                          try {
  428.                              $dataBefore[$field] = (string)$oldValue;
  429.                          } catch (Exception $e) {
  430.                              $dataBefore[$field] = 'object_conversion_error';
  431.                          }
  432.                      }
  433.                  }
  435.                  if (empty($dataBefore)) {
  436.                      $originalData $uow->getOriginalEntityData($entity);
  437.                      foreach ($originalData as $field => $value) {
  438.                          if ($value instanceof DateTimeInterface) {
  439.                              $dataBefore[$field] = $value->format('Y-m-d H:i:s');
  440.                          } elseif ($value instanceof \Doctrine\ORM\PersistentCollection) {
  441.                              if (!$value->isInitialized()) {
  442.                                  $dataBefore[$field] = 'uninitialized_collection';
  443.                              } else {
  444.                                  $dataBefore[$field] = 'collection_count_' $value->count();
  445.                              }
  446.                          } elseif ($value instanceof \Doctrine\Common\Collections\Collection) {
  447.                              $dataBefore[$field] = 'collection_count_' $value->count();
  448.                          } elseif (is_array($value)) {
  449.                              $dataBefore[$field] = 'array_count_' count($value);
  450.                          } elseif (is_object($value) && method_exists($value'getId')) {
  451.                              try {
  452.                                  $dataBefore[$field '_id'] = $value->getId();
  453.                              } catch (Error $e) {
  454.                                  $dataBefore[$field '_id'] = 'uninitialized';
  455.                              }
  456.                          } elseif (is_object($value)) {
  457.                              if (method_exists($value'__toString')) {
  458.                                  try {
  459.                                      $dataBefore[$field] = (string)$value;
  460.                                  } catch (\Exception $e) {
  461.                                      $dataBefore[$field] = get_class($value) . '_toString_error';
  462.                                  }
  463.                              } else {
  464.                                  $dataBefore[$field] = get_class($value);
  465.                              }
  466.                          } elseif (is_scalar($value) || is_null($value)) {
  467.                              $dataBefore[$field] = $value;
  468.                          } else {
  469.                              $dataBefore[$field] = 'unknown_type_' gettype($value);
  470.                          }
  471.                      }
  472.                  }
  473.                  
  474.              } catch (Exception $e) {
  475.                  // If all fails, at least note the error
  476.                  $dataBefore['error'] = 'Could not retrieve change set: ' $e->getMessage();
  477.              }
  479.              $this->entityChanges[] = [
  480.                  'entity' => $entityClass,
  481.                  'entity_id' => $entityId,
  482.                  'data_before' => $dataBefore,
  483.                  'data_after' => $this->extractEntityData($entity),
  484.                  'action' => 'update',
  485.              ];
  486.          } catch (Exception $e) {
  487.              // Silently handle any errors to prevent disrupting the update process
  488.          }
  489.      }
  492.     public function prePersist(LifecycleEventArgs $args)
  493.     {
  494.         if ($this->shouldSkipAudit) {
  495.             return;
  496.         }
  498.         try {
  499.             $entity $args->getObject();
  500.             $entityClass get_class($entity);
  501.             $entityId 'new';
  502.             if (method_exists($entity'getId')) {
  503.                 try {
  504.                     $id $entity->getId();
  505.                     $entityId $id ?? 'new';
  506.                 } catch (Error $e) {
  507.                     // Handle uninitialized typed property
  508.                     if (str_contains($e->getMessage(), 'must not be accessed before initialization')) {
  509.                         $entityId 'new';
  510.                     } else {
  511.                         $entityId 'new_error';
  512.                     }
  513.                 }
  514.             }
  516.             $this->entityChanges[] = [
  517.                 'entity' => $entityClass,
  518.                 'entity_id' => $entityId,
  519.                 'data_before' => [],
  520.                 'data_after' => $this->extractEntityData($entity),
  521.                 'action' => 'create',
  522.             ];
  523.         } catch (Exception $e) {
  524.         }
  525.     }
  527.     // Capture entity deletions
  528.     public function preRemove(LifecycleEventArgs $args)
  529.     {
  530.         if ($this->shouldSkipAudit) {
  531.             return;
  532.         }
  534.         try {
  535.             $entity $args->getObject();
  536.             $entityClass get_class($entity);
  538.             // Safely get entity ID
  539.             $entityId 'unknown';
  540.             if (method_exists($entity'getId')) {
  541.                 try {
  542.                     $entityId $entity->getId() ?? 'null_id';
  543.                 } catch (Error $e) {
  544.                     if (str_contains($e->getMessage(), 'must not be accessed before initialization')) {
  545.                         $entityId 'uninitialized_id';
  546.                     } else {
  547.                         $entityId 'error_getting_id';
  548.                     }
  549.                 }
  550.             }
  552.             $entityData $this->extractEntityData($entity);
  554.             $this->entityChanges[] = [
  555.                 'entity' => $entityClass,
  556.                 'entity_id' => $entityId,
  557.                 'data_before' => $entityData,
  558.                 'data_after' => [], // Empty after deletion
  559.                 'action' => 'delete',
  560.                 'doctrine_event' => 'preRemove',
  561.             ];
  562.         } catch (Exception $e) {
  563.         }
  564.     }
  565.     public function onKernelException(ExceptionEvent $event): void
  566.     {
  567.         if ($this->shouldSkipAudit) {
  568.             return;
  569.         }
  571.         $exception $event->getThrowable();
  572.         $this->errorData = [
  573.             'error_message' => $exception->getMessage(),
  574.             'error_code' => $exception->getCode(),
  575.             'error_file' => $exception->getFile(),
  576.             'error_line' => $exception->getLine(),
  577.             'error_trace' => $exception->getTraceAsString()
  578.         ];
  579.     }
  581.     public function onKernelResponse(ResponseEvent $event): void
  582.     {
  583.         if ($this->shouldSkipAudit) {
  584.             return;
  585.         }
  586.         $response $event->getResponse() ?? null;
  587.         $user $this->security->getUser() ?? 0;
  588.         $statusCode $response->getStatusCode();
  589.         $method $this->requestData['method'] ?? 'UNKNOWN';
  591.         $responseData = [];
  592.         // Clean Response Data
  593.         if ($response) {
  594.             $responseData['status_code'] = $statusCode;
  595.             $responseData['headers'] = [];
  596.             $importantHeaders = ['content-type''location''cache-control''content-length'];
  597.             foreach ($importantHeaders as $header) {
  598.                 if ($response->headers->has($header)) {
  599.                     $responseData['headers'][$header] = $response->headers->get($header);
  600.                 }
  601.             }
  603.             if ($statusCode >= 200 && $statusCode 300) {
  604.                 $content $response->getContent();
  605.                 if (!empty($content)) {
  606.                     // Limit response content size
  607.                     if (strlen($content) > 5000) {
  608.                         $responseData['content'] = substr($content05000) . '... [truncated]';
  609.                         $responseData['content_truncated'] = true;
  610.                         $responseData['original_content_length'] = strlen($content);
  611.                     } else {
  612.                         $decodedContent json_decode($contenttrue);
  613.                         if (json_last_error() === JSON_ERROR_NONE) {
  614.                             $responseData['content'] = $decodedContent;
  615.                         } else {
  616.                             $responseData['content'] = $content;
  617.                         }
  618.                     }
  619.                 }
  620.             }
  621.         }
  623.         if ($statusCode >= 400 && empty($this->entityChanges)) {
  624.             $errorData $this->errorData ?? ['status_code' => $statusCode];
  625.             $errorData array_merge($errorData$responseData);
  626.             
  627.             $this->entityChanges[] = [
  628.                 'entity' => 'HTTP_ERROR',
  629.                 'entity_id' => 'error',
  630.                 'data_before' => [],
  631.                 'data_after' => $errorData,
  632.                 'action' => 'error',
  633.                 'response_data' => $responseData,
  634.             ];
  635.         }
  638.         if (empty($this->entityChanges) && $this->shouldLogHttpAction($method$statusCode)) {
  639.             $route $this->requestData['route'] ?? null;
  640.             $action $this->getHttpActionType($method$route);
  641.             $dataBefore = [];
  642.             $dataAfter = [];
  643.             if ($action === 'delete' && $this->preDeleteEntityData !== null) {
  644.                 $dataBefore $this->preDeleteEntityData;
  645.             }
  646.             $this->entityChanges[] = [
  647.                 'entity' => 'HTTP_REQUEST',
  648.                 'entity_id' => $route ?? 'unknown_route',
  649.                 'data_before' => $dataBefore,
  650.                 'data_after' => $dataAfter// Keep empty for HTTP requests - data goes in request_data
  651.                 'action' => $action,
  652.                 'response_data' => $responseData,
  653.                 'http_request_data' => [ // This will be stored in request_data column
  654.                     'method' => $method,
  655.                     'route' => $route,
  656.                     'original_route' => $this->requestData['original_route'] ?? null,
  657.                     'status_code' => $statusCode,
  658.                     'user_agent' => $this->requestData['user_agent'] ?? null,
  659.                     'ip_address' => $this->requestData['ip_address'] ?? null,
  660.                     'detected_as_delete' => $action === 'delete' && $method !== 'DELETE',
  661.                     'has_pre_delete_data' => $this->preDeleteEntityData !== null,
  662.                 ],
  663.             ];
  664.         }
  666.         if (empty($this->entityChanges)) {
  667.             return;
  668.         }
  669.         foreach ($this->entityChanges as &$change) {
  670.             if (!isset($change['response_data'])) {
  671.                 $change['response_data'] = $responseData;
  672.             }
  673.         }
  674.         unset($change);
  675.         // Use a separate EntityManager for audit operations to avoid transaction conflicts
  676.         $auditEM $this->getAuditEntityManager();
  677.         if (!$auditEM) {
  678.             return;
  679.         }
  680.         foreach ($this->entityChanges as $change) {
  681.             try {
  682.                 $log = new LogsAction();
  683.                 if ($user) {
  684.                     $auditUser null;
  685.                     $userId null;
  686.                     if ($user instanceof User) {
  687.                         $userId $user->getId();
  688.                         $auditUser $auditEM->find(User::class, $userId);
  689.                     } elseif (method_exists($user'getId')) {
  690.                         try {
  691.                             $reflection = new ReflectionMethod($user'getId');
  692.                             $userId $reflection->invoke($user);
  693.                             if ($userId) {
  694.                                 $auditUser $auditEM->find(User::class, $userId);
  695.                             }
  696.                         } catch (Exception $e) {
  697.                             // Ignore reflection errors
  698.                         }
  699.                     } 
  701.                     if (!$auditUser && method_exists($user'getUserIdentifier')) {
  702.                         $userRepo $auditEM->getRepository(User::class);
  703.                         $auditUser $userRepo->findOneBy(['username' => $user->getUserIdentifier()]);
  704.                     }
  705.                     if ($auditUser) {
  706.                         $log->setUser($auditUser);
  707.                     } else {
  708.                         continue;
  709.                     }
  710.                 } else {
  711.                     $defaultUser $auditEM->find(User::class, 0);
  712.                     if (!$defaultUser) {
  713.                         $userRepo $auditEM->getRepository(User::class);
  714.                         $defaultUser $userRepo->findOneBy(['username' => 'system']);
  715.                     }
  716.                     if ($defaultUser) {
  717.                         $log->setUser($defaultUser);
  718.                     } else {
  719.                         continue;
  720.                     }
  721.                 }
  723.                 $log->setAction($change['action']);
  724.                 $log->setRoute($this->requestData['route'] ?? null);
  725.                 $log->setMethod($this->requestData['method'] ?? null);
  726.                 $log->setIpAddress($this->requestData['ip_address'] ?? null);
  727.                 $log->setUserAgent($this->requestData['user_agent'] ?? null);
  728.                 if ($change['entity'] === 'HTTP_REQUEST' && isset($change['http_request_data'])) {
  729.                     $log->setRequestData(json_encode($change['http_request_data']));
  730.                 } else {
  731.                     $log->setRequestData($this->requestData['request_data'] ?? null);
  732.                 }
  733.                 $log->setDataBefore(json_encode($change['data_before']));
  734.                 $log->setDataAfter(json_encode($change['data_after']));
  735.                 $log->setStatusCode($statusCode);
  736.                 if (isset($change['response_data']) && !empty($change['response_data'])) {
  737.                     $log->setResponseData(json_encode($change['response_data']));
  738.                 } elseif ($this->errorData && $statusCode >= 400) {
  739.                     $errorResponseData array_merge($responseData, (array)$this->errorData);
  740.                     $log->setResponseData(json_encode($errorResponseData));
  741.                 } elseif (!empty($responseData)) {
  742.                     $log->setResponseData(json_encode($responseData));
  743.                 }
  744.                 $log->setCreatedAt(new DateTime());
  745.                 $log->setUpdatedAt(new DateTime());
  746.                 $auditEM->persist($log);
  747.                 
  748.             } catch (Exception $e) {
  749.                 continue;
  750.             }
  751.         }
  753.         try {
  754.             $auditEM->flush();
  755.         } catch (Exception $e) {
  756.         } finally {
  757.             $this->entityChanges = [];
  758.             $this->errorData null;
  759.             $this->requestData = [];
  760.             $this->preDeleteEntityData null;
  761.         }
  762.     }
  763. }