Log impersonation start

Author: D-K-P

apps/webapp/app/models/admin.server.ts

@@ -1,5 +1,6 @@
 import { redirect } from "@remix-run/server-runtime";
 import { prisma } from "~/db.server";
+import { logger } from "~/services/logger.server";
 import { SearchParams } from "~/routes/admin._index";
 import {
   clearImpersonationId,
@@ -8,6 +9,12 @@ import {
 } from "~/services/impersonation.server";
 import { requireUser } from "~/services/session.server";
 
+function extractClientIp(xff: string | null): string | null {
+  if (!xff) return null;
+  const parts = xff.split(",").map((p) => p.trim());
+  return parts[parts.length - 1]; // ALB appends the real client IP
+}
+
 const pageSize = 20;
 
 export async function adminGetUsers(userId: string, { page, search }: SearchParams) {
@@ -212,6 +219,22 @@ export async function redirectWithImpersonation(request: Request, userId: string
     throw new Error("Unauthorized");
   }
 
+  const xff = request.headers.get("x-forwarded-for");
+  const ipAddress = extractClientIp(xff);
+
+  try {
+    await prisma.impersonationAuditLog.create({
+      data: {
+        action: "START",
+        adminId: user.id,
+        targetId: userId,
+        ipAddress,
+      },
+    });
+  } catch (error) {
+    logger.error("Failed to create impersonation audit log", { error, adminId: user.id, targetId: userId });
+  }
+
   const session = await setImpersonationId(userId, request);
 
   return redirect(path, {

internal-packages/database/prisma/schema.prisma

@@ -60,7 +60,7 @@ model User {
   backupCodes          MfaBackupCode[]
   bulkActions          BulkActionGroup[]
 
-  impersonationsPerformed ImpersonationAuditLog[] @relation("ImpersonationActor")
+  impersonationsPerformed ImpersonationAuditLog[] @relation("ImpersonationAdmin")
   impersonationsReceived  ImpersonationAuditLog[] @relation("ImpersonationTarget")
 }
 
@@ -2398,8 +2398,8 @@ model ImpersonationAuditLog {
   action ImpersonationAuditLogAction
 
   /// The admin user who initiated/ended the impersonation
-  actor   User   @relation("ImpersonationActor", fields: [actorId], references: [id], onDelete: Cascade, onUpdate: Cascade)
-  actorId String
+  admin   User   @relation("ImpersonationAdmin", fields: [adminId], references: [id], onDelete: Cascade, onUpdate: Cascade)
+  adminId String
 
   /// The user being impersonated
   target   User   @relation("ImpersonationTarget", fields: [targetId], references: [id], onDelete: Cascade, onUpdate: Cascade)
@@ -2409,7 +2409,7 @@ model ImpersonationAuditLog {
 
   createdAt DateTime @default(now())
 
-  @@index([actorId])
+  @@index([adminId])
   @@index([targetId])
   @@index([createdAt])
 }