From 67f638943e3219080dfde802409541b14bafd701 Mon Sep 17 00:00:00 2001 From: "joshua.smee" Date: Thu, 4 Jan 2024 15:35:27 +1100 Subject: [PATCH] Added audit trail --- src/api/entities/AuditTrail.ts | 12 +++++++++- src/api/routers/participantsRouter.ts | 22 +++++++++++++----- src/api/services/auditTrailService.ts | 32 +++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 6 deletions(-) diff --git a/src/api/entities/AuditTrail.ts b/src/api/entities/AuditTrail.ts index 03c1b589..87a1164d 100644 --- a/src/api/entities/AuditTrail.ts +++ b/src/api/entities/AuditTrail.ts @@ -15,13 +15,15 @@ export enum AuditTrailEvents { UpdateSharingTypes = 'UpdateSharingTypes', ApproveAccount = 'ApproveAccount', ManageKeyPair = 'ManageKeyPair', + ManageApiKey = 'ManageApiKey', } export type AuditTrailEventData = | UpdateSharingPermissionEventData | ApproveAccountEventData | UpdateSharingTypesEventData - | ManageKeyPairEventData; + | ManageKeyPairEventData + | ManageApiKeyEventData; export type UpdateSharingPermissionEventData = { siteId: number; @@ -54,6 +56,14 @@ export type ManageKeyPairEventData = { participantId: number; }; +export type ManageApiKeyEventData = { + siteId: number; + action: AuditAction; + keyName: String; + apiRoles: String[]; + participantId: number; +}; + export class AuditTrail extends BaseModel { static get tableName() { return 'auditTrails'; diff --git a/src/api/routers/participantsRouter.ts b/src/api/routers/participantsRouter.ts index 3d7ee1b0..d4b23116 100644 --- a/src/api/routers/participantsRouter.ts +++ b/src/api/routers/participantsRouter.ts @@ -36,6 +36,7 @@ import { import { insertApproveAccountAuditTrail, insertKeyPairAuditTrails, + insertManageApiKeyAuditTrail, insertSharingAuditTrails, insertSharingTypesAuditTrail, updateAuditTrailToProceed, @@ -298,21 +299,32 @@ export function createParticipantsRouter() { participantsRouter.post( '/:participantId/apiKeys/create', async (req: ParticipantRequest, res: Response) => { - // TODO Add Audit here - const { participant } = req; if (!participant?.siteId) { return res.status(400).send('Site id is not set'); } - const { name, roles } = apiKeyCreateInputParser.parse(req.body); + const { name: keyName, roles: apiRoles } = apiKeyCreateInputParser.parse(req.body); - if (!checkApiRoles(roles, participant)) { + const traceId = getTraceId(req); + const currentUser = await findUserByEmail(req.auth?.payload?.email as string); + const auditTrail = await insertManageApiKeyAuditTrail( + participant, + currentUser!.id, + currentUser!.email, + AuditAction.Add, + keyName, + apiRoles, + traceId + ); + + if (!checkApiRoles(apiRoles, participant)) { return res.status(400).send('Invalid api Roles'); } - const key = await createApiKey(name, roles, participant.siteId); + const key = await createApiKey(keyName, apiRoles, participant.siteId); + await updateAuditTrailToProceed(auditTrail.id); return res.status(200).json(createdApiKeyToApiKeySecrets(key)); } ); diff --git a/src/api/services/auditTrailService.ts b/src/api/services/auditTrailService.ts index a0451982..dff24d65 100644 --- a/src/api/services/auditTrailService.ts +++ b/src/api/services/auditTrailService.ts @@ -54,6 +54,38 @@ export const insertSharingAuditTrails = async ( } }; +export const insertManageApiKeyAuditTrail = async ( + participant: Participant, + userId: number, + userEmail: string, + action: AuditAction, + keyName: String, + apiRoles: String[], + traceId: string +) => { + try { + const manageApiKeyTrail: Omit = { + userId, + userEmail, + event: AuditTrailEvents.ManageApiKey, + eventData: { + siteId: participant.siteId!, + action, + apiRoles, + keyName, + participantId: participant.id, + }, + succeeded: false, + }; + + return await AuditTrail.query().insert(manageApiKeyTrail); + } catch (error) { + const { errorLogger } = getLoggers(); + errorLogger.error(`Audit trails inserted failed: ${error}`, traceId); + throw error; + } +}; + export const insertSharingTypesAuditTrail = async ( participant: Participant, userId: number,