feat: implement comprehensive audit logging system

controllers/contactController.js

@@ -1,6 +1,9 @@
 const { addBaseUrlToImages } = require("../utils/imageHelper");
 const Contact = require("../models/contact");
 const ContactSubmission = require("../models/contactSubmission");
+const writeAuditLog = require("../audit/writeAuditLog");
+const diffObject = require("../audit/diffObject");
+const AUDIT_ACTIONS = require("../constants/auditAction");
 
 // Get contact data from MongoDB
 const getContactData = async () => {
@@ -74,7 +77,11 @@ exports.index = async (req, res) => {
         heading: "",
         description: "",
         fields: [],
-        submitButton: { text: "Send Message", icon: "fa-solid fa-arrow-right", buttonClass: "theme-btn style-2" },
+        submitButton: {
+          text: "Send Message",
+          icon: "fa-solid fa-arrow-right",
+          buttonClass: "theme-btn style-2",
+        },
       },
     };
 
@@ -94,7 +101,9 @@ exports.index = async (req, res) => {
       }
     }
 
-    const submissions = await ContactSubmission.find(query).sort({ createdAt: -1 }).limit(50);
+    const submissions = await ContactSubmission.find(query)
+      .sort({ createdAt: -1 })
+      .limit(50);
     const frontendUrl = process.env.FRONTEND_URL;
 
     res.render("admin/contact/index", {
@@ -141,6 +150,11 @@ exports.update = async (req, res) => {
     // Tìm hoặc tạo contact
     let contact = await Contact.findOne({ name: "default" });
 
+    // ✅ Capture BEFORE state
+    const beforeData = contact
+      ? JSON.parse(JSON.stringify(contact.toObject()))
+      : {};
+
     if (!contact) {
       // Tạo mới với default values
       contact = new Contact({
@@ -157,7 +171,11 @@ exports.update = async (req, res) => {
         contactCards: (contactCardsData || []).map((card) => ({
           ...card,
           iconType: card.iconType || "",
-          iconSource: card.iconSource || (card.iconType && card.iconType.startsWith('/uploads/') ? 'image' : 'fontawesome'),
+          iconSource:
+            card.iconSource ||
+            (card.iconType && card.iconType.startsWith("/uploads/")
+              ? "image"
+              : "fontawesome"),
         })),
         map: mapData || {
           coordinates: { lat: 0, lng: 0 },
@@ -177,7 +195,11 @@ exports.update = async (req, res) => {
           heading: "",
           description: "",
           fields: [],
-          submitButton: { text: "Send Message", icon: "fa-solid fa-arrow-right", buttonClass: "theme-btn style-2" },
+          submitButton: {
+            text: "Send Message",
+            icon: "fa-solid fa-arrow-right",
+            buttonClass: "theme-btn style-2",
+          },
         },
       });
     } else {
@@ -188,7 +210,11 @@ exports.update = async (req, res) => {
         contact.contactCards = contactCardsData.map((card) => ({
           ...card,
           iconType: card.iconType || "",
-          iconSource: card.iconSource || (card.iconType && card.iconType.startsWith('/uploads/') ? 'image' : 'fontawesome'),
+          iconSource:
+            card.iconSource ||
+            (card.iconType && card.iconType.startsWith("/uploads/")
+              ? "image"
+              : "fontawesome"),
         }));
       }
       if (mapData) contact.map = mapData;
@@ -197,6 +223,23 @@ exports.update = async (req, res) => {
 
     await contact.save();
 
+    // ✅ Capture AFTER state
+    const afterData = JSON.parse(JSON.stringify(contact.toObject()));
+
+    // ✅ AUDIT LOGGING - Contact Updated
+    const changes = diffObject(beforeData, afterData);
+    if (changes.length > 0) {
+      await writeAuditLog({
+        model: "Contact",
+        documentId: contact._id,
+        action: AUDIT_ACTIONS.UPDATE_CONTACT,
+        before: beforeData,
+        after: afterData,
+        changes,
+        req,
+      });
+    }
+
     req.flash("success_msg", "Contact updated successfully");
     res.redirect("/admin/contact");
   } catch (err) {
@@ -321,7 +364,7 @@ exports.updateSubmissionStatus = async (req, res) => {
     const submission = await ContactSubmission.findByIdAndUpdate(
       id,
       updateData,
-      { new: true }
+      { new: true },
     );
 
     if (!submission) {