diff --git a/internal/apps/oauth/middlewares.go b/internal/apps/oauth/middlewares.go
index a77e84a3..4a39f9a1 100644
--- a/internal/apps/oauth/middlewares.go
+++ b/internal/apps/oauth/middlewares.go
@@ -25,13 +25,26 @@
 package oauth
 
 import (
+	"encoding/json"
+	"net/http"
+
 	"github.com/gin-gonic/gin"
 	"github.com/linux-do/cdk/internal/db"
 	"github.com/linux-do/cdk/internal/logger"
 	"github.com/linux-do/cdk/internal/otel_trace"
-	"net/http"
 )
 
+type loginRequiredAuditLog struct {
+	UserID     uint64 `json:"user_id"`
+	Username   string `json:"username"`
+	ClientIP   string `json:"client_ip"`
+	Method     string `json:"method"`
+	Path       string `json:"path"`
+	RequestURI string `json:"request_uri"`
+	UserAgent  string `json:"user_agent"`
+	Referer    string `json:"referer"`
+}
+
 func LoginRequired() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// init trace
@@ -53,8 +66,23 @@ func LoginRequired() gin.HandlerFunc {
 			return
 		}
 
-		// log
-		logger.InfoF(ctx, "[LoginRequired] %d %s", user.ID, user.Username)
+		auditLog := loginRequiredAuditLog{
+			UserID:     user.ID,
+			Username:   user.Username,
+			ClientIP:   c.ClientIP(),
+			Method:     c.Request.Method,
+			Path:       c.Request.URL.Path,
+			RequestURI: c.Request.RequestURI,
+			UserAgent:  c.Request.UserAgent(),
+			Referer:    c.Request.Referer(),
+		}
+		auditJSON, err := json.Marshal(auditLog)
+		if err != nil {
+			logger.ErrorF(ctx, "[LoginRequiredAudit] marshal failed: %v", err)
+			logger.InfoF(ctx, "[LoginRequiredAudit] %s %d %s", c.ClientIP(), user.ID, user.Username)
+		} else {
+			logger.InfoF(ctx, "[LoginRequiredAudit] %s", auditJSON)
+		}
 
 		// set user info
 		SetUserToContext(c, &user)