Adding a system for checking audited data in events, so that PII can be removed by posthog processor.

This commit is contained in:
mike12345567 2023-02-24 16:45:33 +00:00
parent a293d3842f
commit 62501b0185
18 changed files with 290 additions and 77 deletions

View File

@ -225,6 +225,7 @@ export async function platformLogout(opts: PlatformLogoutOpts) {
const sessionIds = sessions.map(({ sessionId }) => sessionId)
await invalidateSessions(userId, { sessionIds, reason: "logout" })
await events.auth.logout()
const user = await userCache.getUser(userId)
await events.auth.logout(user.email)
await userCache.invalidateUser(userId)
}

View File

@ -24,7 +24,15 @@ export default class AuditLogsProcessor implements EventProcessor {
JobQueue.AUDIT_LOG
)
return AuditLogsProcessor.auditLogQueue.process(async job => {
await writeAuditLogs(job.data.event, job.data.properties, {
let properties = job.data.properties
if (properties.audited) {
properties = {
...properties,
...properties.audited,
}
delete properties.audited
}
await writeAuditLogs(job.data.event, properties, {
userId: job.data.opts.userId,
timestamp: job.data.opts.timestamp,
appId: job.data.opts.appId,

View File

@ -85,6 +85,9 @@ export default class PosthogProcessor implements EventProcessor {
if (properties.email) {
delete properties.email
}
if (properties.audited) {
delete properties.audited
}
return properties
}

View File

@ -19,7 +19,9 @@ const created = async (app: App, timestamp?: string | number) => {
const properties: AppCreatedEvent = {
appId: app.appId,
version: app.version,
name: app.name,
audited: {
name: app.name,
},
}
await publishEvent(Event.APP_CREATED, properties, timestamp)
}
@ -28,7 +30,9 @@ async function updated(app: App) {
const properties: AppUpdatedEvent = {
appId: app.appId,
version: app.version,
name: app.name,
audited: {
name: app.name,
},
}
await publishEvent(Event.APP_UPDATED, properties)
}
@ -36,7 +40,9 @@ async function updated(app: App) {
async function deleted(app: App) {
const properties: AppDeletedEvent = {
appId: app.appId,
name: app.name,
audited: {
name: app.name,
},
}
await publishEvent(Event.APP_DELETED, properties)
}
@ -44,7 +50,9 @@ async function deleted(app: App) {
async function published(app: App, timestamp?: string | number) {
const properties: AppPublishedEvent = {
appId: app.appId,
name: app.name,
audited: {
name: app.name,
},
}
await publishEvent(Event.APP_PUBLISHED, properties, timestamp)
}
@ -52,7 +60,9 @@ async function published(app: App, timestamp?: string | number) {
async function unpublished(app: App) {
const properties: AppUnpublishedEvent = {
appId: app.appId,
name: app.name,
audited: {
name: app.name,
},
}
await publishEvent(Event.APP_UNPUBLISHED, properties)
}
@ -60,7 +70,9 @@ async function unpublished(app: App) {
async function fileImported(app: App) {
const properties: AppFileImportedEvent = {
appId: app.appId,
name: app.name,
audited: {
name: app.name,
},
}
await publishEvent(Event.APP_FILE_IMPORTED, properties)
}
@ -69,7 +81,9 @@ async function templateImported(app: App, templateKey: string) {
const properties: AppTemplateImportedEvent = {
appId: app.appId,
templateKey,
name: app.name,
audited: {
name: app.name,
},
}
await publishEvent(Event.APP_TEMPLATE_IMPORTED, properties)
}
@ -83,7 +97,9 @@ async function versionUpdated(
appId: app.appId,
currentVersion,
updatedToVersion,
name: app.name,
audited: {
name: app.name,
},
}
await publishEvent(Event.APP_VERSION_UPDATED, properties)
}
@ -97,7 +113,9 @@ async function versionReverted(
appId: app.appId,
currentVersion,
revertedToVersion,
name: app.name,
audited: {
name: app.name,
},
}
await publishEvent(Event.APP_VERSION_REVERTED, properties)
}
@ -105,7 +123,9 @@ async function versionReverted(
async function reverted(app: App) {
const properties: AppRevertedEvent = {
appId: app.appId,
name: app.name,
audited: {
name: app.name,
},
}
await publishEvent(Event.APP_REVERTED, properties)
}
@ -113,7 +133,9 @@ async function reverted(app: App) {
async function exported(app: App) {
const properties: AppExportedEvent = {
appId: app.appId,
name: app.name,
audited: {
name: app.name,
},
}
await publishEvent(Event.APP_EXPORTED, properties)
}

View File

@ -17,7 +17,9 @@ async function login(source: LoginSource, email: string) {
const properties: LoginEvent = {
userId: identity.id,
source,
email,
audited: {
email,
},
}
await publishEvent(Event.AUTH_LOGIN, properties)
}
@ -26,7 +28,9 @@ async function logout(email: string) {
const identity = await identification.getCurrentIdentity()
const properties: LogoutEvent = {
userId: identity.id,
email,
audited: {
email,
},
}
await publishEvent(Event.AUTH_LOGOUT, properties)
}

View File

@ -18,6 +18,9 @@ async function created(automation: Automation, timestamp?: string | number) {
automationId: automation._id as string,
triggerId: automation.definition?.trigger?.id,
triggerType: automation.definition?.trigger?.stepId,
audited: {
name: automation.name,
},
}
await publishEvent(Event.AUTOMATION_CREATED, properties, timestamp)
}
@ -38,6 +41,9 @@ async function deleted(automation: Automation) {
automationId: automation._id as string,
triggerId: automation.definition?.trigger?.id,
triggerType: automation.definition?.trigger?.stepId,
audited: {
name: automation.name,
},
}
await publishEvent(Event.AUTOMATION_DELETED, properties)
}
@ -71,6 +77,9 @@ async function stepCreated(
triggerType: automation.definition?.trigger?.stepId,
stepId: step.id!,
stepType: step.stepId,
audited: {
name: automation.name,
},
}
await publishEvent(Event.AUTOMATION_STEP_CREATED, properties, timestamp)
}
@ -83,6 +92,9 @@ async function stepDeleted(automation: Automation, step: AutomationStep) {
triggerType: automation.definition?.trigger?.stepId,
stepId: step.id!,
stepType: step.stepId,
audited: {
name: automation.name,
},
}
await publishEvent(Event.AUTOMATION_STEP_DELETED, properties)
}

View File

@ -15,7 +15,9 @@ import {
async function created(group: UserGroup, timestamp?: number) {
const properties: GroupCreatedEvent = {
groupId: group._id as string,
name: group.name,
audited: {
name: group.name,
},
}
await publishEvent(Event.USER_GROUP_CREATED, properties, timestamp)
}
@ -23,7 +25,9 @@ async function created(group: UserGroup, timestamp?: number) {
async function updated(group: UserGroup) {
const properties: GroupUpdatedEvent = {
groupId: group._id as string,
name: group.name,
audited: {
name: group.name,
},
}
await publishEvent(Event.USER_GROUP_UPDATED, properties)
}
@ -31,7 +35,9 @@ async function updated(group: UserGroup) {
async function deleted(group: UserGroup) {
const properties: GroupDeletedEvent = {
groupId: group._id as string,
name: group.name,
audited: {
name: group.name,
},
}
await publishEvent(Event.USER_GROUP_DELETED, properties)
}
@ -40,7 +46,9 @@ async function usersAdded(count: number, group: UserGroup) {
const properties: GroupUsersAddedEvent = {
count,
groupId: group._id as string,
name: group.name,
audited: {
name: group.name,
},
}
await publishEvent(Event.USER_GROUP_USERS_ADDED, properties)
}
@ -49,7 +57,9 @@ async function usersDeleted(count: number, group: UserGroup) {
const properties: GroupUsersDeletedEvent = {
count,
groupId: group._id as string,
name: group.name,
audited: {
name: group.name,
},
}
await publishEvent(Event.USER_GROUP_USERS_REMOVED, properties)
}
@ -65,8 +75,10 @@ async function createdOnboarding(groupId: string) {
async function permissionsEdited(group: UserGroup) {
const properties: GroupPermissionsEditedEvent = {
permissions: group.roles!,
name: group.name,
groupId: group._id as string,
audited: {
name: group.name,
},
}
await publishEvent(Event.USER_GROUP_PERMISSIONS_EDITED, properties)
}

View File

@ -11,6 +11,9 @@ async function created(screen: Screen, timestamp?: string | number) {
layoutId: screen.layoutId,
screenId: screen._id as string,
roleId: screen.routing.roleId,
audited: {
name: screen.routing?.route,
},
}
await publishEvent(Event.SCREEN_CREATED, properties, timestamp)
}
@ -20,6 +23,9 @@ async function deleted(screen: Screen) {
layoutId: screen.layoutId,
screenId: screen._id as string,
roleId: screen.routing.roleId,
audited: {
name: screen.routing?.route,
},
}
await publishEvent(Event.SCREEN_DELETED, properties)
}

View File

@ -13,6 +13,9 @@ import {
async function created(table: Table, timestamp?: string | number) {
const properties: TableCreatedEvent = {
tableId: table._id as string,
audited: {
name: table.name,
},
}
await publishEvent(Event.TABLE_CREATED, properties, timestamp)
}
@ -20,6 +23,9 @@ async function created(table: Table, timestamp?: string | number) {
async function updated(table: Table) {
const properties: TableUpdatedEvent = {
tableId: table._id as string,
audited: {
name: table.name,
},
}
await publishEvent(Event.TABLE_UPDATED, properties)
}
@ -27,6 +33,9 @@ async function updated(table: Table) {
async function deleted(table: Table) {
const properties: TableDeletedEvent = {
tableId: table._id as string,
audited: {
name: table.name,
},
}
await publishEvent(Event.TABLE_DELETED, properties)
}
@ -35,6 +44,9 @@ async function exported(table: Table, format: TableExportFormat) {
const properties: TableExportedEvent = {
tableId: table._id as string,
format,
audited: {
name: table.name,
},
}
await publishEvent(Event.TABLE_EXPORTED, properties)
}
@ -42,6 +54,9 @@ async function exported(table: Table, format: TableExportFormat) {
async function imported(table: Table) {
const properties: TableImportedEvent = {
tableId: table._id as string,
audited: {
name: table.name,
},
}
await publishEvent(Event.TABLE_IMPORTED, properties)
}

View File

@ -19,7 +19,9 @@ import {
async function created(user: User, timestamp?: number) {
const properties: UserCreatedEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(Event.USER_CREATED, properties, timestamp)
}
@ -27,7 +29,9 @@ async function created(user: User, timestamp?: number) {
async function updated(user: User) {
const properties: UserUpdatedEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(Event.USER_UPDATED, properties)
}
@ -35,7 +39,9 @@ async function updated(user: User) {
async function deleted(user: User) {
const properties: UserDeletedEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(Event.USER_DELETED, properties)
}
@ -43,7 +49,9 @@ async function deleted(user: User) {
export async function onboardingComplete(user: User) {
const properties: UserOnboardingEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(Event.USER_ONBOARDING_COMPLETE, properties)
}
@ -53,7 +61,9 @@ export async function onboardingComplete(user: User) {
async function permissionAdminAssigned(user: User, timestamp?: number) {
const properties: UserPermissionAssignedEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(
Event.USER_PERMISSION_ADMIN_ASSIGNED,
@ -65,7 +75,9 @@ async function permissionAdminAssigned(user: User, timestamp?: number) {
async function permissionAdminRemoved(user: User) {
const properties: UserPermissionRemovedEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(Event.USER_PERMISSION_ADMIN_REMOVED, properties)
}
@ -73,7 +85,9 @@ async function permissionAdminRemoved(user: User) {
async function permissionBuilderAssigned(user: User, timestamp?: number) {
const properties: UserPermissionAssignedEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(
Event.USER_PERMISSION_BUILDER_ASSIGNED,
@ -85,7 +99,9 @@ async function permissionBuilderAssigned(user: User, timestamp?: number) {
async function permissionBuilderRemoved(user: User) {
const properties: UserPermissionRemovedEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(Event.USER_PERMISSION_BUILDER_REMOVED, properties)
}
@ -93,14 +109,20 @@ async function permissionBuilderRemoved(user: User) {
// INVITE
async function invited(email: string) {
const properties: UserInvitedEvent = { email }
const properties: UserInvitedEvent = {
audited: {
email,
},
}
await publishEvent(Event.USER_INVITED, properties)
}
async function inviteAccepted(user: User) {
const properties: UserInviteAcceptedEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(Event.USER_INVITED_ACCEPTED, properties)
}
@ -110,7 +132,9 @@ async function inviteAccepted(user: User) {
async function passwordForceReset(user: User) {
const properties: UserPasswordForceResetEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(Event.USER_PASSWORD_FORCE_RESET, properties)
}
@ -118,7 +142,9 @@ async function passwordForceReset(user: User) {
async function passwordUpdated(user: User) {
const properties: UserPasswordUpdatedEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(Event.USER_PASSWORD_UPDATED, properties)
}
@ -126,7 +152,9 @@ async function passwordUpdated(user: User) {
async function passwordResetRequested(user: User) {
const properties: UserPasswordResetRequestedEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(Event.USER_PASSWORD_RESET_REQUESTED, properties)
}
@ -134,7 +162,9 @@ async function passwordResetRequested(user: User) {
async function passwordReset(user: User) {
const properties: UserPasswordResetEvent = {
userId: user._id as string,
email: user.email,
audited: {
email: user.email,
},
}
await publishEvent(Event.USER_PASSWORD_RESET, properties)
}

View File

@ -3,61 +3,83 @@ import { BaseEvent } from "./event"
export interface AppCreatedEvent extends BaseEvent {
appId: string
version: string
name: string
audited: {
name: string
}
}
export interface AppUpdatedEvent extends BaseEvent {
appId: string
version: string
name: string
audited: {
name: string
}
}
export interface AppDeletedEvent extends BaseEvent {
appId: string
name: string
audited: {
name: string
}
}
export interface AppPublishedEvent extends BaseEvent {
appId: string
name: string
audited: {
name: string
}
}
export interface AppUnpublishedEvent extends BaseEvent {
appId: string
name: string
audited: {
name: string
}
}
export interface AppFileImportedEvent extends BaseEvent {
appId: string
name: string
audited: {
name: string
}
}
export interface AppTemplateImportedEvent extends BaseEvent {
appId: string
templateKey: string
name: string
audited: {
name: string
}
}
export interface AppVersionUpdatedEvent extends BaseEvent {
appId: string
currentVersion: string
updatedToVersion: string
name: string
audited: {
name: string
}
}
export interface AppVersionRevertedEvent extends BaseEvent {
appId: string
currentVersion: string
revertedToVersion: string
name: string
audited: {
name: string
}
}
export interface AppRevertedEvent extends BaseEvent {
appId: string
name: string
audited: {
name: string
}
}
export interface AppExportedEvent extends BaseEvent {
appId: string
name: string
audited: {
name: string
}
}

View File

@ -7,12 +7,16 @@ export type SSOType = ConfigType.OIDC | ConfigType.GOOGLE
export interface LoginEvent extends BaseEvent {
userId: string
source: LoginSource
email: string
audited: {
email: string
}
}
export interface LogoutEvent extends BaseEvent {
userId: string
email: string
audited: {
email: string
}
}
export interface SSOCreatedEvent extends BaseEvent {

View File

@ -5,6 +5,9 @@ export interface AutomationCreatedEvent extends BaseEvent {
automationId: string
triggerId: string
triggerType: string
audited: {
name: string
}
}
export interface AutomationTriggerUpdatedEvent extends BaseEvent {
@ -19,6 +22,9 @@ export interface AutomationDeletedEvent extends BaseEvent {
automationId: string
triggerId: string
triggerType: string
audited: {
name: string
}
}
export interface AutomationTestedEvent extends BaseEvent {
@ -35,6 +41,9 @@ export interface AutomationStepCreatedEvent extends BaseEvent {
triggerType: string
stepId: string
stepType: string
audited: {
name: string
}
}
export interface AutomationStepDeletedEvent extends BaseEvent {
@ -44,6 +53,9 @@ export interface AutomationStepDeletedEvent extends BaseEvent {
triggerType: string
stepId: string
stepType: string
audited: {
name: string
}
}
export interface AutomationsRunEvent extends BaseEvent {

View File

@ -262,11 +262,11 @@ export const AuditedEventFriendlyName: Record<Event, string | undefined> = {
[Event.QUERY_PREVIEWED]: undefined,
// TABLE
[Event.TABLE_CREATED]: `Table created`,
[Event.TABLE_UPDATED]: `Table updated`,
[Event.TABLE_DELETED]: `Table deleted`,
[Event.TABLE_EXPORTED]: `Table exported`,
[Event.TABLE_IMPORTED]: `Table imported`,
[Event.TABLE_CREATED]: `Table "{{ name }}" created`,
[Event.TABLE_UPDATED]: `Table "{{ name }}" updated`,
[Event.TABLE_DELETED]: `Table "{{ name }}" deleted`,
[Event.TABLE_EXPORTED]: `Table "{{ name }}" exported`,
[Event.TABLE_IMPORTED]: `Table "{{ name }}" imported`,
[Event.TABLE_DATA_IMPORTED]: `Data imported to table`,
// ROWS
@ -274,17 +274,17 @@ export const AuditedEventFriendlyName: Record<Event, string | undefined> = {
[Event.ROWS_IMPORTED]: `Rows imported`,
// AUTOMATION
[Event.AUTOMATION_CREATED]: `Automation created`,
[Event.AUTOMATION_DELETED]: `Automation deleted`,
[Event.AUTOMATION_CREATED]: `Automation "{{ name }}" created`,
[Event.AUTOMATION_DELETED]: `Automation "{{ name }}" deleted`,
[Event.AUTOMATION_STEP_CREATED]: `Automation "{{ name }}" step added`,
[Event.AUTOMATION_STEP_DELETED]: `Automation "{{ name }}" step removed`,
[Event.AUTOMATION_TESTED]: undefined,
[Event.AUTOMATIONS_RUN]: undefined,
[Event.AUTOMATION_STEP_CREATED]: undefined,
[Event.AUTOMATION_STEP_DELETED]: undefined,
[Event.AUTOMATION_TRIGGER_UPDATED]: undefined,
// SCREEN
[Event.SCREEN_CREATED]: `Screen created`,
[Event.SCREEN_DELETED]: `Screen deleted`,
[Event.SCREEN_CREATED]: `Screen "{{ name }}" created`,
[Event.SCREEN_DELETED]: `Screen "{{ name }}" deleted`,
// COMPONENT
[Event.COMPONENT_CREATED]: `Component created`,
@ -375,6 +375,11 @@ export interface BaseEvent {
installationId?: string
tenantId?: string
hosting?: Hosting
// any props in the audited section will be removed before passing events
// up out of system (purely for use with auditing)
audited?: {
[key: string]: any
}
}
export type TableExportFormat = "json" | "csv"

View File

@ -4,10 +4,16 @@ export interface ScreenCreatedEvent extends BaseEvent {
screenId: string
layoutId?: string
roleId: string
audited: {
name: string
}
}
export interface ScreenDeletedEvent extends BaseEvent {
screenId: string
layoutId?: string
roleId: string
audited: {
name: string
}
}

View File

@ -2,21 +2,36 @@ import { BaseEvent, TableExportFormat } from "./event"
export interface TableCreatedEvent extends BaseEvent {
tableId: string
audited: {
name: string
}
}
export interface TableUpdatedEvent extends BaseEvent {
tableId: string
audited: {
name: string
}
}
export interface TableDeletedEvent extends BaseEvent {
tableId: string
audited: {
name: string
}
}
export interface TableExportedEvent extends BaseEvent {
tableId: string
format: TableExportFormat
audited: {
name: string
}
}
export interface TableImportedEvent extends BaseEvent {
tableId: string
audited: {
name: string
}
}

View File

@ -2,60 +2,84 @@ import { BaseEvent } from "./event"
export interface UserCreatedEvent extends BaseEvent {
userId: string
email: string
audited: {
email: string
}
}
export interface UserUpdatedEvent extends BaseEvent {
userId: string
email: string
audited: {
email: string
}
}
export interface UserDeletedEvent extends BaseEvent {
userId: string
email: string
audited: {
email: string
}
}
export interface UserOnboardingEvent extends BaseEvent {
userId: string
step?: string
email: string
audited: {
email: string
}
}
export interface UserPermissionAssignedEvent extends BaseEvent {
userId: string
email: string
audited: {
email: string
}
}
export interface UserPermissionRemovedEvent extends BaseEvent {
userId: string
email: string
audited: {
email: string
}
}
export interface UserInvitedEvent extends BaseEvent {
email: string
audited: {
email: string
}
}
export interface UserInviteAcceptedEvent extends BaseEvent {
userId: string
email: string
audited: {
email: string
}
}
export interface UserPasswordForceResetEvent extends BaseEvent {
userId: string
email: string
audited: {
email: string
}
}
export interface UserPasswordUpdatedEvent extends BaseEvent {
userId: string
email: string
audited: {
email: string
}
}
export interface UserPasswordResetRequestedEvent extends BaseEvent {
userId: string
email: string
audited: {
email: string
}
}
export interface UserPasswordResetEvent extends BaseEvent {
userId: string
email: string
audited: {
email: string
}
}

View File

@ -2,29 +2,39 @@ import { BaseEvent } from "./event"
export interface GroupCreatedEvent extends BaseEvent {
groupId: string
name: string
audited: {
name: string
}
}
export interface GroupUpdatedEvent extends BaseEvent {
groupId: string
name: string
audited: {
name: string
}
}
export interface GroupDeletedEvent extends BaseEvent {
groupId: string
name: string
audited: {
name: string
}
}
export interface GroupUsersAddedEvent extends BaseEvent {
count: number
groupId: string
name: string
audited: {
name: string
}
}
export interface GroupUsersDeletedEvent extends BaseEvent {
count: number
groupId: string
name: string
audited: {
name: string
}
}
export interface GroupAddedOnboardingEvent extends BaseEvent {
@ -34,6 +44,8 @@ export interface GroupAddedOnboardingEvent extends BaseEvent {
export interface GroupPermissionsEditedEvent extends BaseEvent {
permissions: Record<string, string>
name: string
groupId: string
audited: {
name: string
}
}