BastionSSO/app/Http/Controllers/Controller.php

<?php

namespace App\Http\Controllers;

use App\Models\AccessLog;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Http\Request;
use Illuminate\Routing\Controller as BaseController;

abstract class Controller extends BaseController
{
    use AuthorizesRequests;
    use ValidatesRequests;

    protected function auditLog(Request $request, string $action, array $extra = []): void
    {
        AccessLog::query()->create([
            'user_id' => auth('api')->id(),
            'server_resource_id' => $extra['server_resource_id'] ?? null,
            'bastion_account_id' => $extra['bastion_account_id'] ?? null,
            'protocol' => $extra['protocol'] ?? null,
            'action' => $action,
            'requested_at' => now(),
            'metadata' => [
                'path' => $request->path(),
                'method' => $request->method(),
                'client_ip' => $request->ip(),
                ...($extra['metadata'] ?? []),
            ],
        ]);
    }
}