Making logs even more specific and improving the log tracking

Centralized Audit Logging, Logout Endpoint & Observability Improvements

🧭 Overview

This Merge Request introduces a centralized, structured audit logging system across the backend to improve observability, traceability, security auditing, and debugging.

The changes span authentication, patients, consultations, queues, medicines, medical camps, users, and supporting utilities.
The focus is logging and auditability only.

No database schema changes
No breaking API changes
No business logic changes
No permission model changes

🆕 New API Routes Added

🔐 Logout Endpoint

Route:

Purpose:

  • The application uses JWT-based stateless authentication.
  • Logout is handled client-side by removing the token.
  • This endpoint exists only for audit logging of logout events.

Behavior:

  • Requires authentication
  • Logs:
    • User ID
    • Username
    • Logout action
  • Returns a message instructing the client to remove the token

Note:
This endpoint does not invalidate tokens and does not modify authentication logic.

️ Modified Existing Routes (No API Contract Changes)

All existing endpoints preserve their original request/response behavior.
Enhancements are limited to logging, validation clarity, and audit consistency.

🔐 Authentication

  • Improved JWT error handling:
    • Expired tokens
    • Missing sub claim
    • Invalid token format
    • User not found
  • Added structured logout auditing.

👥 Patient Routes

Enhanced logging for:

  • Patient search
  • Patient creation
  • Patient updates (field-level old vs new values)
  • Patient registration for camps
  • Patient status retrieval
  • Vitals update and vitals history access

Key improvement:

  • Field-level audit logs capture exact changes only, not entire objects.
  • Patient logging utilities ensure only meaningful, non-empty fields are logged.

🩺 Consultation Routes

Enhanced logging for:

  • Fetching patient consultations
  • Updating consultations
  • Prescription creation, update, and deletion
  • Counselling status updates

Prescription logging improvements:

  • Logs include:
    • Medicine ID
    • Quantity
    • Medicine type and formulation
    • Days and time slots (if provided)

Consultation Queue Routes

Enhanced logging for:

  • Queue status updates
  • Queue priority updates
  • Viewing queues:
    • By doctor
    • By patient
    • Across all doctors

Architectural improvement:

  • Logging added at both route level and service level
  • Ensures audit logs are captured even when services are reused outside HTTP routes

💊 Medicine Routes

Enhanced logging for:

  • Medicine creation (with metadata)
  • Inventory updates
  • Medicine views
  • Inventory deduction during medicine pickup

Additional improvements:

  • Clearer error messages for duplicate medicines
  • Defensive validation for replaced prescriptions

🏥 Medical Camp

  • Medical camp update schema now supports partial updates
  • Added attended_patients field
  • Field-level logging for:
    • Camp date
    • Location
    • Expected patients
    • Attended patients

👤 User Routes

Enhanced logging for:

  • Viewing all users
  • Viewing a specific user
  • Updating user details
  • Assigning roles
  • Removing roles

All user management actions are now auditable.

🧱 Centralized Logging Infrastructure

🔹 MultiLogger

  • Central logging service that logs to:
    • Console
    • File
    • LogBull (if configured)
  • Structured JSON logs
  • Graceful fallback when LogBull is unavailable

🧰 New Reusable Logging Utilities

To avoid duplication and ensure consistency, several reusable helpers were added:

🔸 Audit Diff Builder

  • Builds field-level audit logs for updates
  • Captures:
    • Updated fields
    • Old values
    • New values
  • Supports enums and transformations

🔸 Patient Logging Utilities

  • Extract meaningful patient fields
  • Compute precise diffs for patient updates

🔸 Medical Camp Logging Utility

  • Tracks exact fields updated in medical camps
  • Logs old vs new values with context

🔸 Consultation Assignment Logging

  • Logs patient–doctor assignment with resolved names

🔸 Prescription Logging Utility

  • Builds enriched prescription logs
  • Includes medicine metadata and optional fields

These utilities keep route and service code clean and maintainable.

🧪 Script & Test Data Improvements

Updated consultation factory used for scripts/testing:

  • Fixed patient visit status progression
  • Improved queue timestamp realism
  • Ensured consultations are created only at valid stages
  • Improved prescription generation logic
  • Modernized Python typing

️ These changes do not affect production behavior.

🚫 What This MR Does NOT Do

  • No database schema changes
  • No breaking API changes
  • No changes to business rules
  • No permission or RBAC changes
  • No performance-impacting changes

🎯 Why This Change Is Important

  • Enables audit-ready logs for compliance and security
  • Makes debugging production issues significantly easier
  • Ensures who did what and when is always traceable
  • Prevents silent failures and logging gaps
  • Establishes a strong foundation for monitoring and analytics

Summary

This Merge Request introduces end-to-end observability by:

  • Adding a logout audit endpoint
  • Centralizing logging across the application
  • Capturing field-level audit trails
  • Logging actions at both route and service layers
  • Improving error clarity
  • Keeping all business logic untouched

The result is a more maintainable, secure, and audit-friendly backend without introducing risk.

Edited by Bikkumalla Sai Krishna