Added audit trail

IABTechLab · Jan 4, 2024 · 67f6389 · 67f6389
1 parent 487ff74
commit 67f6389
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 6 deletions.
diff --git a/src/api/entities/AuditTrail.ts b/src/api/entities/AuditTrail.ts
@@ -15,13 +15,15 @@ export enum AuditTrailEvents {
   UpdateSharingTypes = 'UpdateSharingTypes',
   ApproveAccount = 'ApproveAccount',
   ManageKeyPair = 'ManageKeyPair',
+  ManageApiKey = 'ManageApiKey',
 }
 
 export type AuditTrailEventData =
   | UpdateSharingPermissionEventData
   | ApproveAccountEventData
   | UpdateSharingTypesEventData
-  | ManageKeyPairEventData;
+  | ManageKeyPairEventData
+  | ManageApiKeyEventData;
 
 export type UpdateSharingPermissionEventData = {
   siteId: number;
@@ -54,6 +56,14 @@ export type ManageKeyPairEventData = {
   participantId: number;
 };
 
+export type ManageApiKeyEventData = {
+  siteId: number;
+  action: AuditAction;
+  keyName: String;
+  apiRoles: String[];
+  participantId: number;
+};
+
 export class AuditTrail extends BaseModel {
   static get tableName() {
     return 'auditTrails';

diff --git a/src/api/routers/participantsRouter.ts b/src/api/routers/participantsRouter.ts
@@ -36,6 +36,7 @@ import {
 import {
   insertApproveAccountAuditTrail,
   insertKeyPairAuditTrails,
+  insertManageApiKeyAuditTrail,
   insertSharingAuditTrails,
   insertSharingTypesAuditTrail,
   updateAuditTrailToProceed,
@@ -298,21 +299,32 @@ export function createParticipantsRouter() {
   participantsRouter.post(
     '/:participantId/apiKeys/create',
     async (req: ParticipantRequest, res: Response) => {
-      // TODO Add Audit here
-
       const { participant } = req;
       if (!participant?.siteId) {
         return res.status(400).send('Site id is not set');
       }
 
-      const { name, roles } = apiKeyCreateInputParser.parse(req.body);
+      const { name: keyName, roles: apiRoles } = apiKeyCreateInputParser.parse(req.body);
 
-      if (!checkApiRoles(roles, participant)) {
+      const traceId = getTraceId(req);
+      const currentUser = await findUserByEmail(req.auth?.payload?.email as string);
+      const auditTrail = await insertManageApiKeyAuditTrail(
+        participant,
+        currentUser!.id,
+        currentUser!.email,
+        AuditAction.Add,
+        keyName,
+        apiRoles,
+        traceId
+      );
+
+      if (!checkApiRoles(apiRoles, participant)) {
         return res.status(400).send('Invalid api Roles');
       }
 
-      const key = await createApiKey(name, roles, participant.siteId);
+      const key = await createApiKey(keyName, apiRoles, participant.siteId);
 
+      await updateAuditTrailToProceed(auditTrail.id);
       return res.status(200).json(createdApiKeyToApiKeySecrets(key));
     }
   );

diff --git a/src/api/services/auditTrailService.ts b/src/api/services/auditTrailService.ts
@@ -54,6 +54,38 @@ export const insertSharingAuditTrails = async (
   }
 };
 
+export const insertManageApiKeyAuditTrail = async (
+  participant: Participant,
+  userId: number,
+  userEmail: string,
+  action: AuditAction,
+  keyName: String,
+  apiRoles: String[],
+  traceId: string
+) => {
+  try {
+    const manageApiKeyTrail: Omit<AuditTrailDTO, 'id'> = {
+      userId,
+      userEmail,
+      event: AuditTrailEvents.ManageApiKey,
+      eventData: {
+        siteId: participant.siteId!,
+        action,
+        apiRoles,
+        keyName,
+        participantId: participant.id,
+      },
+      succeeded: false,
+    };
+
+    return await AuditTrail.query().insert(manageApiKeyTrail);
+  } catch (error) {
+    const { errorLogger } = getLoggers();
+    errorLogger.error(`Audit trails inserted failed: ${error}`, traceId);
+    throw error;
+  }
+};
+
 export const insertSharingTypesAuditTrail = async (
   participant: Participant,
   userId: number,