From 0fa984f26f05574336b35af4a2a942583b7c64b7 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Mon, 27 Feb 2023 11:42:52 +0000 Subject: [PATCH] Moving is audited and adding in env var for ip address/user agent auditing. --- packages/backend-core/src/environment.ts | 1 + .../events/processors/AuditLogsProcessor.ts | 22 +++++++++++++------ packages/backend-core/src/utils/utils.ts | 12 +++++++++- .../types/src/sdk/events/identification.ts | 4 ++-- 4 files changed, 29 insertions(+), 10 deletions(-) diff --git a/packages/backend-core/src/environment.ts b/packages/backend-core/src/environment.ts index ed7a161160..6bcc59bcea 100644 --- a/packages/backend-core/src/environment.ts +++ b/packages/backend-core/src/environment.ts @@ -84,6 +84,7 @@ const environment = { DEPLOYMENT_ENVIRONMENT: process.env.DEPLOYMENT_ENVIRONMENT || "docker-compose", ENABLE_4XX_HTTP_LOGGING: process.env.ENABLE_4XX_HTTP_LOGGING || true, + ENABLE_AUDIT_LOG_IP_ADDR: process.env.ENABLE_AUDIT_LOG_IP_ADDR, _set(key: any, value: any) { process.env[key] = value // @ts-ignore diff --git a/packages/backend-core/src/events/processors/AuditLogsProcessor.ts b/packages/backend-core/src/events/processors/AuditLogsProcessor.ts index 326e476544..fd68b66871 100644 --- a/packages/backend-core/src/events/processors/AuditLogsProcessor.ts +++ b/packages/backend-core/src/events/processors/AuditLogsProcessor.ts @@ -4,12 +4,15 @@ import { Group, IdentityType, AuditLogQueueEvent, - AuditLogFn, AuditedEventFriendlyName, + AuditLogFn, + HostInfo, } from "@budibase/types" import { EventProcessor } from "./types" import { getAppId } from "../../context" import BullQueue from "bull" import { createQueue, JobQueue } from "../../queue" +import { isAudited } from "../../utils" +import env from "../../environment" export default class AuditLogsProcessor implements EventProcessor { static auditLogsEnabled = false @@ -31,26 +34,31 @@ export default class AuditLogsProcessor implements EventProcessor { } delete properties.audited } + + // this feature is disabled by default due to privacy requirements + // in some countries - available as env var in-case it is desired + // in self host deployments + let hostInfo: HostInfo | undefined = {} + if (env.ENABLE_AUDIT_LOG_IP_ADDR) { + hostInfo = job.data.opts.hostInfo + } + await writeAuditLogs(job.data.event, properties, { userId: job.data.opts.userId, timestamp: job.data.opts.timestamp, appId: job.data.opts.appId, - hostInfo: job.data.opts.hostInfo, + hostInfo, }) }) } - isAudited(event: Event) { - return !!AuditedEventFriendlyName[event] - } - async processEvent( event: Event, identity: Identity, properties: any, timestamp?: string ): Promise { - if (AuditLogsProcessor.auditLogsEnabled && this.isAudited(event)) { + if (AuditLogsProcessor.auditLogsEnabled && isAudited(event)) { // only audit log actual events, don't include backfills const userId = identity.type === IdentityType.USER ? identity.id : undefined diff --git a/packages/backend-core/src/utils/utils.ts b/packages/backend-core/src/utils/utils.ts index 3731e134ad..3efd40ca80 100644 --- a/packages/backend-core/src/utils/utils.ts +++ b/packages/backend-core/src/utils/utils.ts @@ -10,7 +10,13 @@ import { import env from "../environment" import * as tenancy from "../tenancy" import * as context from "../context" -import { App, Ctx, TenantResolutionStrategy } from "@budibase/types" +import { + App, + AuditedEventFriendlyName, + Ctx, + Event, + TenantResolutionStrategy, +} from "@budibase/types" import { SetOption } from "cookies" const jwt = require("jsonwebtoken") @@ -217,3 +223,7 @@ export async function getBuildersCount() { export function timeout(timeMs: number) { return new Promise(resolve => setTimeout(resolve, timeMs)) } + +export function isAudited(event: Event) { + return !!AuditedEventFriendlyName[event] +} diff --git a/packages/types/src/sdk/events/identification.ts b/packages/types/src/sdk/events/identification.ts index 8b6b7ddf44..627254882e 100644 --- a/packages/types/src/sdk/events/identification.ts +++ b/packages/types/src/sdk/events/identification.ts @@ -35,8 +35,8 @@ export enum IdentityType { } export interface HostInfo { - ipAddress: string - userAgent: string + ipAddress?: string + userAgent?: string } export interface Identity {