From 1476b8ea3abe8b5c26bfc31e5e23b8be8c96df43 Mon Sep 17 00:00:00 2001 From: Gao Sun Date: Fri, 16 Dec 2022 23:41:45 +0800 Subject: [PATCH] refactor(core): use audit log middleware on-demand --- packages/core/src/app/init.ts | 2 -- .../src/middleware/koa-audit-log-session.ts | 2 +- .../src/middleware/koa-log-session-legacy.ts | 2 +- packages/core/src/oidc/init.ts | 4 +++ packages/core/src/routes/init.ts | 7 ++-- .../interaction/utils/social-verification.ts | 2 +- packages/schemas/src/types/log/interaction.ts | 32 +++++++++++-------- 7 files changed, 31 insertions(+), 20 deletions(-) diff --git a/packages/core/src/app/init.ts b/packages/core/src/app/init.ts index ab07336fa..0a52826a8 100644 --- a/packages/core/src/app/init.ts +++ b/packages/core/src/app/init.ts @@ -9,7 +9,6 @@ import koaLogger from 'koa-logger'; import mount from 'koa-mount'; import envSet, { MountedApps } from '#src/env-set/index.js'; -import koaAuditLog from '#src/middleware/koa-audit-log.js'; import koaCheckDemoApp from '#src/middleware/koa-check-demo-app.js'; import koaConnectorErrorHandler from '#src/middleware/koa-connector-error-handler.js'; import koaErrorHandler from '#src/middleware/koa-error-handler.js'; @@ -37,7 +36,6 @@ export default async function initApp(app: Koa): Promise { app.use(koaOIDCErrorHandler()); app.use(koaSlonikErrorHandler()); app.use(koaConnectorErrorHandler()); - app.use(koaAuditLog()); app.use(koaI18next()); const provider = await initOidc(app); diff --git a/packages/core/src/middleware/koa-audit-log-session.ts b/packages/core/src/middleware/koa-audit-log-session.ts index 2d4bf92d5..c5f5d1df6 100644 --- a/packages/core/src/middleware/koa-audit-log-session.ts +++ b/packages/core/src/middleware/koa-audit-log-session.ts @@ -16,7 +16,7 @@ export default function koaAuditLogSession { addOidcEventListeners(oidc); + // Session audit logs + oidc.use(koaAuditLog()); + app.use(mount('/oidc', oidc.app)); return oidc; diff --git a/packages/core/src/routes/init.ts b/packages/core/src/routes/init.ts index cb34ad255..5469448b3 100644 --- a/packages/core/src/routes/init.ts +++ b/packages/core/src/routes/init.ts @@ -4,6 +4,9 @@ import mount from 'koa-mount'; import Router from 'koa-router'; import type { Provider } from 'oidc-provider'; +import koaAuditLogLegacy from '#src/middleware/koa-audit-log-legacy.js'; +import koaAuditLog from '#src/middleware/koa-audit-log.js'; + import koaAuditLogSession from '../middleware/koa-audit-log-session.js'; import koaAuth from '../middleware/koa-auth.js'; import koaLogSessionLegacy from '../middleware/koa-log-session-legacy.js'; @@ -29,11 +32,11 @@ import wellKnownRoutes from './well-known.js'; const createRouters = (provider: Provider) => { const sessionRouter: AnonymousRouterLegacy = new Router(); - sessionRouter.use(koaLogSessionLegacy(provider)); + sessionRouter.use(koaAuditLogLegacy(), koaLogSessionLegacy(provider)); sessionRoutes(sessionRouter, provider); const interactionRouter: AnonymousRouter = new Router(); - interactionRouter.use(koaAuditLogSession(provider)); + interactionRouter.use(koaAuditLog(), koaAuditLogSession(provider)); interactionRoutes(interactionRouter, provider); const managementRouter: AuthedRouter = new Router(); diff --git a/packages/core/src/routes/interaction/utils/social-verification.ts b/packages/core/src/routes/interaction/utils/social-verification.ts index dea2d56c0..d527abadb 100644 --- a/packages/core/src/routes/interaction/utils/social-verification.ts +++ b/packages/core/src/routes/interaction/utils/social-verification.ts @@ -24,7 +24,7 @@ export const verifySocialIdentity = async ( { connectorId, connectorData }: SocialConnectorPayload, log: LogContext['log'] ): Promise => { - log.setKey('SignIn.SocialId.Social.Submit'); + log.setKey('SignIn.SocialId.Social.Create'); log({ connectorId, connectorData }); const userInfo = await getUserInfoByAuthCode(connectorId, connectorData); diff --git a/packages/schemas/src/types/log/interaction.ts b/packages/schemas/src/types/log/interaction.ts index 9fce78674..1f8f344ed 100644 --- a/packages/schemas/src/types/log/interaction.ts +++ b/packages/schemas/src/types/log/interaction.ts @@ -20,10 +20,12 @@ export enum Method { } export enum Action { - /** Submit updated info to an entity, or submit to the system. (E.g. submit an interaction, submit a verification code to get verified) */ - Submit = 'Submit', /** Create a new entity. (E.g. create an interaction, create a verification code) */ Create = 'Create', + /** Update an existing entity. (E.g. change interaction type) */ + Update = 'Update', + /** Submit updated info to an entity, or submit to the system. (E.g. submit an interaction, submit a verification code to get verified) */ + Submit = 'Submit', } /** @@ -44,7 +46,7 @@ export enum Action { export type ForgotPasswordLogKey = `${Flow.ForgotPassword}.${Exclude< Identifier, 'SocialId' ->}.${Method.VerificationCode}.${Action}`; +>}.${Method.VerificationCode}.${Action.Create | Action.Submit}`; type SignInRegisterFlow = Exclude; @@ -57,15 +59,18 @@ type SignInRegisterFlow = Exclude; * * Restrictions: * - * - For social identifier and method, the value can only be `SignIn.SocialId.Social.Submit`. - * - For password method, the action can only be `Submit`. + * - For social identifier and method, the value can only be `SignIn.SocialId.Social.Create`. + * - For password method, the action can only be `Create`. + * - For verification code method, the action can be `Create` or `Submit`. * * @see {@link SignInRegisterFlow}, {@link Identifier}, {@link Method}, {@link Action} for all available enums. */ export type SignInRegisterLogKey = - | `${Flow.SignIn}.${Identifier.SocialId}.${Method.Social}.${Action.Submit}` - | `${SignInRegisterFlow}.${Exclude}.${Method.Password}.${Action.Submit}` - | `${SignInRegisterFlow}.${Exclude}.${Method.VerificationCode}.${Action}`; + | `${Flow.SignIn}.${Identifier.SocialId}.${Method.Social}.${Action.Create}` + | `${SignInRegisterFlow}.${Exclude}.${Method.Password}.${Action.Create}` + | `${SignInRegisterFlow}.${Exclude}.${Method.VerificationCode}.${ + | Action.Create + | Action.Submit}`; export type FlowLogKey = `${Flow}.${Action}`; @@ -81,14 +86,15 @@ export type FlowLogKey = `${Flow}.${Action}`; * * The key MUST describe an {@link Action}: * - * - {@link Action.Submit} (submit updated info to an entity, or submit to the system); - * - {@link Action.Create} (create a new entity). + * - {@link Action.Create} (Create a new entity); + * - {@link Action.Update} (Update an existing entity.); + * - {@link Action.Submit} (Submit updated info to an entity, or submit to the system). * - * In an interaction, ONLY the interaction itself and verification codes can be created, i.e.: + * In an interaction, ONLY the interaction itself and verification codes can be submitted, i.e.: * * ```ts - * `${Flow}.Create` - * `${Flow}.${Identifier}.VerificationCode.Create` + * `${Flow}.Submit` + * `${Flow}.${Identifier}.VerificationCode.Submit` * ``` * * There may be more restrictions, please see the specific type to learn more.