From f2c31d3ca697f1ad72b94f0b719ade83fd2808f4 Mon Sep 17 00:00:00 2001 From: Owen Date: Wed, 22 Oct 2025 14:27:21 -0700 Subject: [PATCH] Add actor data to request --- server/db/pg/schema/schema.ts | 1 - server/db/sqlite/schema/schema.ts | 1 - server/routers/auditLogs/types.ts | 2 +- server/routers/badger/logRequestAudit.ts | 18 ++-- server/routers/badger/verifySession.ts | 87 ++++++++++++++----- .../[orgId]/settings/logs/request/page.tsx | 14 ++- 6 files changed, 79 insertions(+), 44 deletions(-) diff --git a/server/db/pg/schema/schema.ts b/server/db/pg/schema/schema.ts index 00942de3..f204d5bc 100644 --- a/server/db/pg/schema/schema.ts +++ b/server/db/pg/schema/schema.ts @@ -678,7 +678,6 @@ export const requestAuditLog = pgTable( id: serial("id").primaryKey(), timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds orgId: text("orgId") - .notNull() .references(() => orgs.orgId, { onDelete: "cascade" }), action: boolean("action").notNull(), reason: integer("reason").notNull(), diff --git a/server/db/sqlite/schema/schema.ts b/server/db/sqlite/schema/schema.ts index f7f1913a..28697318 100644 --- a/server/db/sqlite/schema/schema.ts +++ b/server/db/sqlite/schema/schema.ts @@ -723,7 +723,6 @@ export const requestAuditLog = sqliteTable( id: integer("id").primaryKey({ autoIncrement: true }), timestamp: integer("timestamp").notNull(), // this is EPOCH time in seconds orgId: text("orgId") - .notNull() .references(() => orgs.orgId, { onDelete: "cascade" }), action: integer("action", { mode: "boolean" }).notNull(), reason: integer("reason").notNull(), diff --git a/server/routers/auditLogs/types.ts b/server/routers/auditLogs/types.ts index f2f6139f..f0b1a224 100644 --- a/server/routers/auditLogs/types.ts +++ b/server/routers/auditLogs/types.ts @@ -17,9 +17,9 @@ export type QueryActionAuditLogResponse = { export type QueryRequestAuditLogResponse = { log: { timestamp: number; - orgId: string; action: boolean; reason: number; + orgId: string | null; actorType: string | null; actor: string | null; actorId: string | null; diff --git a/server/routers/badger/logRequestAudit.ts b/server/routers/badger/logRequestAudit.ts index 2c10264c..b9adc161 100644 --- a/server/routers/badger/logRequestAudit.ts +++ b/server/routers/badger/logRequestAudit.ts @@ -27,9 +27,10 @@ export async function logRequestAudit( action: boolean; reason: number; resourceId?: number; + orgId?: string; location?: string; - user?: { username: string; userId: string; orgId: string }; - apiKey?: { name: string; apiKeyId: string; orgId: string }; + user?: { username: string; userId: string; }; + apiKey?: { name: string | null; apiKeyId: string; }; metadata?: any; // userAgent?: string; }, @@ -47,32 +48,23 @@ export async function logRequestAudit( } ) { try { - let orgId: string | undefined; let actorType: string | undefined; let actor: string | undefined; let actorId: string | undefined; const user = data.user; if (user) { - orgId = user.orgId; actorType = "user"; actor = user.username; actorId = user.userId; } const apiKey = data.apiKey; if (apiKey) { - orgId = apiKey.orgId; actorType = "apiKey"; - actor = apiKey.name; + actor = apiKey.name || apiKey.apiKeyId; actorId = apiKey.apiKeyId; } - if (!orgId) { - logger.warn("logRequestAudit: No organization context found"); - orgId = "org_7g93l5xu7p61q14"; - // return; - } - // if (!actorType || !actor || !actorId) { // logger.warn("logRequestAudit: Incomplete actor information"); // return; @@ -107,7 +99,7 @@ export async function logRequestAudit( await db.insert(requestAuditLog).values({ timestamp, - orgId, + orgId: data.orgId, actorType, actor, actorId, diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts index d5a859ab..db4bdf25 100644 --- a/server/routers/badger/verifySession.ts +++ b/server/routers/badger/verifySession.ts @@ -1,6 +1,4 @@ -import { - validateResourceSessionToken -} from "@server/auth/sessions/resource"; +import { validateResourceSessionToken } from "@server/auth/sessions/resource"; import { verifyResourceAccessToken } from "@server/auth/verifyResourceAccessToken"; import { getResourceByDomain, @@ -151,14 +149,17 @@ export async function verifyResourceSession( if (!result) { logger.debug(`Resource not found ${cleanHost}`); - logRequestAudit( - { - action: false, - reason: 201, //resource not found - location: ipCC - }, - parsedBody.data - ); + // TODO: we cant log this for now because we dont know the org + // eventually it would be cool to show this for the server admin + + // logRequestAudit( + // { + // action: false, + // reason: 201, //resource not found + // location: ipCC + // }, + // parsedBody.data + // ); return notAllowed(res); } @@ -172,14 +173,17 @@ export async function verifyResourceSession( if (!resource) { logger.debug(`Resource not found ${cleanHost}`); - logRequestAudit( - { - action: false, - reason: 201, //resource not found - location: ipCC - }, - parsedBody.data - ); + // TODO: we cant log this for now because we dont know the org + // eventually it would be cool to show this for the server admin + + // logRequestAudit( + // { + // action: false, + // reason: 201, //resource not found + // location: ipCC + // }, + // parsedBody.data + // ); return notAllowed(res); } @@ -193,6 +197,8 @@ export async function verifyResourceSession( { action: false, reason: 202, //resource blocked + resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -218,6 +224,7 @@ export async function verifyResourceSession( action: true, reason: 100, // allowed by rule resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -233,6 +240,7 @@ export async function verifyResourceSession( action: false, reason: 203, // dropped by rules resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -264,6 +272,7 @@ export async function verifyResourceSession( action: true, reason: 101, // allowed no auth resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -325,7 +334,12 @@ export async function verifyResourceSession( action: true, reason: 102, // valid access token resourceId: resource.resourceId, - location: ipCC + orgId: resource.orgId, + location: ipCC, + apiKey: { + name: tokenItem.title, + apiKeyId: tokenItem.accessTokenId, + } }, parsedBody.data ); @@ -371,7 +385,12 @@ export async function verifyResourceSession( action: true, reason: 102, // valid access token resourceId: resource.resourceId, - location: ipCC + orgId: resource.orgId, + location: ipCC, + apiKey: { + name: tokenItem.title, + apiKeyId: tokenItem.accessTokenId, + } }, parsedBody.data ); @@ -393,7 +412,8 @@ export async function verifyResourceSession( action: true, reason: 103, // valid header auth resourceId: resource.resourceId, - location: ipCC + orgId: resource.orgId, + location: ipCC, }, parsedBody.data ); @@ -413,6 +433,7 @@ export async function verifyResourceSession( action: true, reason: 103, // valid header auth resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -433,6 +454,7 @@ export async function verifyResourceSession( action: false, reason: 299, // no more auth methods resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -453,6 +475,7 @@ export async function verifyResourceSession( action: false, reason: 299, // no more auth methods resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -476,6 +499,7 @@ export async function verifyResourceSession( action: false, reason: 204, // no sessions resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -520,6 +544,7 @@ export async function verifyResourceSession( action: false, reason: 205, // temporary request token resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -539,6 +564,7 @@ export async function verifyResourceSession( action: true, reason: 104, // valid pincode resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -557,6 +583,7 @@ export async function verifyResourceSession( action: true, reason: 105, // valid password resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -578,6 +605,7 @@ export async function verifyResourceSession( action: true, reason: 106, // valid email resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data @@ -596,7 +624,12 @@ export async function verifyResourceSession( action: true, reason: 102, // valid access token resourceId: resource.resourceId, - location: ipCC + orgId: resource.orgId, + location: ipCC, + apiKey: { + name: resourceSession.accessTokenTitle, + apiKeyId: resourceSession.accessTokenId, + } }, parsedBody.data ); @@ -634,7 +667,12 @@ export async function verifyResourceSession( action: true, reason: 107, // valid sso resourceId: resource.resourceId, - location: ipCC + orgId: resource.orgId, + location: ipCC, + user: { + username: allowedUserData.username, + userId: resourceSession.userId + } }, parsedBody.data ); @@ -662,6 +700,7 @@ export async function verifyResourceSession( action: false, reason: 299, // no more auth methods resourceId: resource.resourceId, + orgId: resource.orgId, location: ipCC }, parsedBody.data diff --git a/src/app/[orgId]/settings/logs/request/page.tsx b/src/app/[orgId]/settings/logs/request/page.tsx index 3010806f..de1a2099 100644 --- a/src/app/[orgId]/settings/logs/request/page.tsx +++ b/src/app/[orgId]/settings/logs/request/page.tsx @@ -353,12 +353,18 @@ export default function GeneralPage() { cell: ({ row }) => { return ( - {row.original.actorType == "user" ? ( - + {row.original.actor ? ( + <> + {row.original.actorType == "user" ? ( + + ) : ( + + )} + {row.original.actor} + ) : ( - + <>- )} - {row.original.actor} ); }