From d2577ae72d7ab667555f36d89c4d97f936876914 Mon Sep 17 00:00:00 2001
From: Denis Mishankov <mishankov@mail.com>
Date: Thu, 19 Mar 2026 08:49:07 +0300
Subject: [PATCH] Fix #72: add user info to auth log events

---
 auth/middleware.go      |  7 ++++++
 auth/middleware_test.go | 47 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)

diff --git a/auth/middleware.go b/auth/middleware.go
index c76012b..fb54a49 100644
--- a/auth/middleware.go
+++ b/auth/middleware.go
@@ -42,6 +42,13 @@ func (m *AuthenticationMiddleware) Wrap(next http.Handler) http.Handler {
 
 		newRequest := r
 		if user != nil {
+			if event := log.EventFromContext(r.Context()); event != nil {
+				event.AddAttrs(map[string]any{
+					"user.id":       user.ID,
+					"user.username": user.Username,
+				})
+			}
+
 			ctxWithUserId := context.WithValue(r.Context(), log.UserIDKey, user.ID)
 			ctxWithUser := context.WithValue(ctxWithUserId, UserContextKey, user)
 			newRequest = r.WithContext(ctxWithUser)
diff --git a/auth/middleware_test.go b/auth/middleware_test.go
index f3073cd..c3c951a 100644
--- a/auth/middleware_test.go
+++ b/auth/middleware_test.go
@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	"github.com/platforma-dev/platforma/auth"
+	platformalog "github.com/platforma-dev/platforma/log"
 )
 
 func TestAuthenticationMiddleware_ValidSession(t *testing.T) {
@@ -36,6 +37,52 @@ func TestAuthenticationMiddleware_ValidSession(t *testing.T) {
 	}
 }
 
+func TestAuthenticationMiddleware_ValidSessionAddsUserInfoToWideEvent(t *testing.T) {
+	t.Parallel()
+
+	userSvc := &mockUserService{
+		users: map[string]*auth.User{
+			"valid-session-id": {ID: "user-id", Username: "testuser"},
+		},
+		cookieName: "session",
+	}
+	middleware := auth.NewAuthenticationMiddleware(userSvc)
+
+	handler := middleware.Wrap(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	req.AddCookie(&http.Cookie{Name: "session", Value: "valid-session-id"})
+
+	event := platformalog.NewEvent("http.request")
+	req = req.WithContext(context.WithValue(req.Context(), platformalog.WideEventKey, event))
+
+	w := httptest.NewRecorder()
+
+	handler.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("expected status 200, got %d", w.Code)
+	}
+
+	userID, ok := event.Attr("user.id")
+	if !ok {
+		t.Fatal("expected user.id attribute in event")
+	}
+	if userID != "user-id" {
+		t.Fatalf("expected user.id to be user-id, got %v", userID)
+	}
+
+	username, ok := event.Attr("user.username")
+	if !ok {
+		t.Fatal("expected user.username attribute in event")
+	}
+	if username != "testuser" {
+		t.Fatalf("expected user.username to be testuser, got %v", username)
+	}
+}
+
 func TestAuthenticationMiddleware_NoSessionCookie(t *testing.T) {
 	t.Parallel()