Moving is audited and adding in env var for ip address/user agent auditing.

packages/backend-core/src/environment.ts

@@ -84,6 +84,7 @@ const environment = {
   DEPLOYMENT_ENVIRONMENT:
     process.env.DEPLOYMENT_ENVIRONMENT || "docker-compose",
   ENABLE_4XX_HTTP_LOGGING: process.env.ENABLE_4XX_HTTP_LOGGING || true,
+  ENABLE_AUDIT_LOG_IP_ADDR: process.env.ENABLE_AUDIT_LOG_IP_ADDR,
   _set(key: any, value: any) {
     process.env[key] = value
     // @ts-ignore

packages/backend-core/src/events/processors/AuditLogsProcessor.ts

@@ -4,12 +4,15 @@ import {
   Group,
   IdentityType,
   AuditLogQueueEvent,
-  AuditLogFn, AuditedEventFriendlyName,
+  AuditLogFn,
+  HostInfo,
 } from "@budibase/types"
 import { EventProcessor } from "./types"
 import { getAppId } from "../../context"
 import BullQueue from "bull"
 import { createQueue, JobQueue } from "../../queue"
+import { isAudited } from "../../utils"
+import env from "../../environment"
 
 export default class AuditLogsProcessor implements EventProcessor {
   static auditLogsEnabled = false
@@ -31,26 +34,31 @@ export default class AuditLogsProcessor implements EventProcessor {
         }
         delete properties.audited
       }
+
+      // this feature is disabled by default due to privacy requirements
+      // in some countries - available as env var in-case it is desired
+      // in self host deployments
+      let hostInfo: HostInfo | undefined = {}
+      if (env.ENABLE_AUDIT_LOG_IP_ADDR) {
+        hostInfo = job.data.opts.hostInfo
+      }
+
       await writeAuditLogs(job.data.event, properties, {
         userId: job.data.opts.userId,
         timestamp: job.data.opts.timestamp,
         appId: job.data.opts.appId,
-        hostInfo: job.data.opts.hostInfo,
+        hostInfo,
       })
     })
   }
 
-  isAudited(event: Event) {
-    return !!AuditedEventFriendlyName[event]
-  }
-
   async processEvent(
     event: Event,
     identity: Identity,
     properties: any,
     timestamp?: string
   ): Promise<void> {
-    if (AuditLogsProcessor.auditLogsEnabled && this.isAudited(event)) {
+    if (AuditLogsProcessor.auditLogsEnabled && isAudited(event)) {
       // only audit log actual events, don't include backfills
       const userId =
         identity.type === IdentityType.USER ? identity.id : undefined

packages/backend-core/src/utils/utils.ts

@@ -10,7 +10,13 @@ import {
 import env from "../environment"
 import * as tenancy from "../tenancy"
 import * as context from "../context"
-import { App, Ctx, TenantResolutionStrategy } from "@budibase/types"
+import {
+  App,
+  AuditedEventFriendlyName,
+  Ctx,
+  Event,
+  TenantResolutionStrategy,
+} from "@budibase/types"
 import { SetOption } from "cookies"
 const jwt = require("jsonwebtoken")
 
@@ -217,3 +223,7 @@ export async function getBuildersCount() {
 export function timeout(timeMs: number) {
   return new Promise(resolve => setTimeout(resolve, timeMs))
 }
+
+export function isAudited(event: Event) {
+  return !!AuditedEventFriendlyName[event]
+}

packages/types/src/sdk/events/identification.ts

@@ -35,8 +35,8 @@ export enum IdentityType {
 }
 
 export interface HostInfo {
-  ipAddress: string
+  ipAddress?: string
-  userAgent: string
+  userAgent?: string
 }
 
 export interface Identity {