refactor: Move audit logging from controllers into services

Add auditContext parameter to service mutating functions. Services now
call audit log functions internally when auditContext is provided.
Controllers pass { userId, ipAddress, userAgent } and no longer import
audit service or fetch extra data for audit purposes.

Files modified:
- 10 service files: added audit imports and auditContext parameter
- 9 controller files: removed audit imports and calls

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/controllers/company.controller.js

@@ -2,16 +2,6 @@ import * as companyService from '../services/company.service.js';
 import * as noteService from '../services/note.service.js';
 import * as companyReminderService from '../services/company-reminder.service.js';
 import * as companyEmailService from '../services/company-email.service.js';
-import {
-  logCompanyCreated,
-  logCompanyDeleted,
-  logCompanyUpdated,
-  logCompanyUserAssigned,
-  logCompanyUserRemoved,
-  logCompanyReminderCreated,
-  logCompanyReminderUpdated,
-  logCompanyReminderDeleted,
-} from '../services/audit.service.js';
 
 /**
  * Get all companies
@@ -125,10 +115,7 @@ export const createCompany = async (req, res, next) => {
     const userId = req.userId;
     const data = req.body;
 
-    const company = await companyService.createCompany(userId, data);
-
-    // Log audit event
-    await logCompanyCreated(userId, company.id, company.name, req.ip, req.headers['user-agent']);
+    const company = await companyService.createCompany(userId, data, { userId, ipAddress: req.ip, userAgent: req.headers['user-agent'] });
 
     res.status(201).json({
       success: true,
@@ -151,20 +138,7 @@ export const updateCompany = async (req, res, next) => {
     const { companyId } = req.params;
     const data = req.body;
 
-    // Get old company for audit
-    const oldCompany = await companyService.getCompanyById(companyId);
-
-    const company = await companyService.updateCompany(companyId, data);
-
-    // Log audit event
-    await logCompanyUpdated(
-      userId,
-      companyId,
-      { name: oldCompany.name },
-      { name: company.name },
-      req.ip,
-      req.headers['user-agent']
-    );
+    const company = await companyService.updateCompany(companyId, data, { userId, ipAddress: req.ip, userAgent: req.headers['user-agent'] });
 
     res.status(200).json({
       success: true,
@@ -185,14 +159,7 @@ export const deleteCompany = async (req, res, next) => {
     const { companyId } = req.params;
     const userId = req.userId;
 
-    // Get company info before deleting
-    const company = await companyService.getCompanyById(companyId);
-    const companyName = company?.name;
-
-    const result = await companyService.deleteCompany(companyId);
-
-    // Log audit event
-    await logCompanyDeleted(userId, companyId, companyName, req.ip, req.headers['user-agent']);
+    const result = await companyService.deleteCompany(companyId, { userId, ipAddress: req.ip, userAgent: req.headers['user-agent'] });
 
     res.status(200).json({
       success: true,
@@ -318,10 +285,7 @@ export const createCompanyReminder = async (req, res, next) => {
     const { companyId } = req.params;
     const { description, dueDate, isChecked } = req.body;
 
-    const reminder = await companyReminderService.createReminder(companyId, { description, dueDate, isChecked });
-
-    // Log audit event
-    await logCompanyReminderCreated(userId, reminder.id, companyId, dueDate, req.ip, req.headers['user-agent']);
+    const reminder = await companyReminderService.createReminder(companyId, { description, dueDate, isChecked }, { userId, ipAddress: req.ip, userAgent: req.headers['user-agent'] });
 
     res.status(201).json({
       success: true,
@@ -339,13 +303,7 @@ export const updateCompanyReminder = async (req, res, next) => {
     const { companyId, reminderId } = req.params;
     const { description, dueDate, isChecked } = req.body;
 
-    // Get old reminder for audit
-    const oldReminder = await companyReminderService.getReminderById(reminderId);
-
-    const reminder = await companyReminderService.updateReminder(companyId, reminderId, { description, dueDate, isChecked });
-
-    // Log audit event
-    await logCompanyReminderUpdated(userId, reminderId, companyId, oldReminder?.dueDate, dueDate, req.ip, req.headers['user-agent']);
+    const reminder = await companyReminderService.updateReminder(companyId, reminderId, { description, dueDate, isChecked }, { userId, ipAddress: req.ip, userAgent: req.headers['user-agent'] });
 
     res.status(200).json({
       success: true,
@@ -362,13 +320,7 @@ export const deleteCompanyReminder = async (req, res, next) => {
     const userId = req.userId;
     const { companyId, reminderId } = req.params;
 
-    // Get reminder for audit before deletion
-    const reminder = await companyReminderService.getReminderById(reminderId);
-
-    const result = await companyReminderService.deleteReminder(companyId, reminderId);
-
-    // Log audit event
-    await logCompanyReminderDeleted(userId, reminderId, companyId, reminder?.dueDate, req.ip, req.headers['user-agent']);
+    const result = await companyReminderService.deleteReminder(companyId, reminderId, { userId, ipAddress: req.ip, userAgent: req.headers['user-agent'] });
 
     res.status(200).json({
       success: true,
@@ -453,20 +405,7 @@ export const assignUserToCompany = async (req, res, next) => {
     const { companyId } = req.params;
     const { userId, role } = req.body;
 
-    // Get company name for audit
-    const company = await companyService.getCompanyById(companyId);
-
-    const assignment = await companyService.assignUserToCompany(companyId, userId, currentUserId, role);
-
-    // Log audit event
-    await logCompanyUserAssigned(
-      currentUserId,
-      companyId,
-      userId,
-      company.name,
-      req.ip,
-      req.headers['user-agent']
-    );
+    const assignment = await companyService.assignUserToCompany(companyId, userId, currentUserId, role, { userId: currentUserId, ipAddress: req.ip, userAgent: req.headers['user-agent'] });
 
     res.status(201).json({
       success: true,
@@ -487,20 +426,7 @@ export const removeUserFromCompany = async (req, res, next) => {
     const currentUserId = req.userId;
     const { companyId, userId } = req.params;
 
-    // Get company name for audit
-    const company = await companyService.getCompanyById(companyId);
-
-    const result = await companyService.removeUserFromCompany(companyId, userId);
-
-    // Log audit event
-    await logCompanyUserRemoved(
-      currentUserId,
-      companyId,
-      userId,
-      company.name,
-      req.ip,
-      req.headers['user-agent']
-    );
+    const result = await companyService.removeUserFromCompany(companyId, userId, { userId: currentUserId, ipAddress: req.ip, userAgent: req.headers['user-agent'] });
 
     res.status(200).json({
       success: true,