Moving is audited and adding in env var for ip address/user agent auditing.
This commit is contained in:
mike12345567
parent
65646ba01b
commit
0fa984f26f
|
|
@ -84,6 +84,7 @@ const environment = {
|
|||
DEPLOYMENT_ENVIRONMENT:
|
||||
process.env.DEPLOYMENT_ENVIRONMENT || "docker-compose",
|
||||
ENABLE_4XX_HTTP_LOGGING: process.env.ENABLE_4XX_HTTP_LOGGING || true,
|
||||
ENABLE_AUDIT_LOG_IP_ADDR: process.env.ENABLE_AUDIT_LOG_IP_ADDR,
|
||||
_set(key: any, value: any) {
|
||||
process.env[key] = value
|
||||
// @ts-ignore
|
||||
|
|
|
|||
|
|
@ -4,12 +4,15 @@ import {
|
|||
Group,
|
||||
IdentityType,
|
||||
AuditLogQueueEvent,
|
||||
AuditLogFn, AuditedEventFriendlyName,
|
||||
AuditLogFn,
|
||||
HostInfo,
|
||||
} from "@budibase/types"
|
||||
import { EventProcessor } from "./types"
|
||||
import { getAppId } from "../../context"
|
||||
import BullQueue from "bull"
|
||||
import { createQueue, JobQueue } from "../../queue"
|
||||
import { isAudited } from "../../utils"
|
||||
import env from "../../environment"
|
||||
|
||||
export default class AuditLogsProcessor implements EventProcessor {
|
||||
static auditLogsEnabled = false
|
||||
|
|
@ -31,26 +34,31 @@ export default class AuditLogsProcessor implements EventProcessor {
|
|||
}
|
||||
delete properties.audited
|
||||
}
|
||||
|
||||
// this feature is disabled by default due to privacy requirements
|
||||
// in some countries - available as env var in-case it is desired
|
||||
// in self host deployments
|
||||
let hostInfo: HostInfo | undefined = {}
|
||||
if (env.ENABLE_AUDIT_LOG_IP_ADDR) {
|
||||
hostInfo = job.data.opts.hostInfo
|
||||
}
|
||||
|
||||
await writeAuditLogs(job.data.event, properties, {
|
||||
userId: job.data.opts.userId,
|
||||
timestamp: job.data.opts.timestamp,
|
||||
appId: job.data.opts.appId,
|
||||
hostInfo: job.data.opts.hostInfo,
|
||||
hostInfo,
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
isAudited(event: Event) {
|
||||
return !!AuditedEventFriendlyName[event]
|
||||
}
|
||||
|
||||
async processEvent(
|
||||
event: Event,
|
||||
identity: Identity,
|
||||
properties: any,
|
||||
timestamp?: string
|
||||
): Promise<void> {
|
||||
if (AuditLogsProcessor.auditLogsEnabled && this.isAudited(event)) {
|
||||
if (AuditLogsProcessor.auditLogsEnabled && isAudited(event)) {
|
||||
// only audit log actual events, don't include backfills
|
||||
const userId =
|
||||
identity.type === IdentityType.USER ? identity.id : undefined
|
||||
|
|
|
|||
|
|
@ -10,7 +10,13 @@ import {
|
|||
import env from "../environment"
|
||||
import * as tenancy from "../tenancy"
|
||||
import * as context from "../context"
|
||||
import { App, Ctx, TenantResolutionStrategy } from "@budibase/types"
|
||||
import {
|
||||
App,
|
||||
AuditedEventFriendlyName,
|
||||
Ctx,
|
||||
Event,
|
||||
TenantResolutionStrategy,
|
||||
} from "@budibase/types"
|
||||
import { SetOption } from "cookies"
|
||||
const jwt = require("jsonwebtoken")
|
||||
|
||||
|
|
@ -217,3 +223,7 @@ export async function getBuildersCount() {
|
|||
export function timeout(timeMs: number) {
|
||||
return new Promise(resolve => setTimeout(resolve, timeMs))
|
||||
}
|
||||
|
||||
export function isAudited(event: Event) {
|
||||
return !!AuditedEventFriendlyName[event]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,8 +35,8 @@ export enum IdentityType {
|
|||
}
|
||||
|
||||
export interface HostInfo {
|
||||
ipAddress: string
|
||||
userAgent: string
|
||||
ipAddress?: string
|
||||
userAgent?: string
|
||||
}
|
||||
|
||||
export interface Identity {
|
||||
|
|
|
|||
Loading…
Reference in New Issue