Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-03-13 00:01:51 -05:00
Code Issues Activity

🐛 Fix many on handle some audit events.

Browse source
This commit is contained in:
Andrey Antukh 2021-05-19 23:05:05 +02:00
parent 20b8269766
commit 344622b1c1
6 changed files with 61 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
backend/src/app/loggers/audit.clj
View file

@ -24,19 +24,33 @@
[lambdaisland.uri :as u])) [lambdaisland.uri :as u]))
(defn clean-props (defn clean-props
"Cleans the params from complex data, only accept strings, numbers and [{:keys [profile-id] :as event}]
uuids and removing sensitive data such as :password and related (letfn [(clean-common [props]
props." (-> props
[params] (dissoc :session-id)
(let [params (dissoc params :session-id :password :old-password :token)] (dissoc :password)
(reduce-kv (fn [params k v] (dissoc :old-password)
(cond-> params (dissoc :token)))
(clean-profile-id [props]
(cond-> props
(= profile-id (:profile-id props))
(dissoc :profile-id)))
(clean-complex-data [props]
(reduce-kv (fn [props k v]
(cond-> props
(or (string? v) (or (string? v)
(uuid? v) (uuid? v)
(boolean? v)
(number? v)) (number? v))
(assoc k v))) (assoc k v)
(keyword? v)
(assoc k (name v))))
{} {}
params))) props))]
(update event :props #(-> % clean-common clean-profile-id clean-complex-data))))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Collector ;; Collector
@ -52,11 +66,16 @@
(defmethod ig/pre-init-spec ::collector [_] (defmethod ig/pre-init-spec ::collector [_]
(s/keys :req-un [::db/pool ::wrk/executor ::enabled])) (s/keys :req-un [::db/pool ::wrk/executor ::enabled]))
(def event-xform
(comp
(filter :profile-id)
(map clean-props)))
(defmethod ig/init-key ::collector (defmethod ig/init-key ::collector
[_ {:keys [enabled] :as cfg}] [_ {:keys [enabled] :as cfg}]
(when enabled (when enabled
(l/info :msg "intializing audit collector") (l/info :msg "intializing audit collector")
(let [input (a/chan) (let [input (a/chan 1 event-xform)
buffer (aa/batch input {:max-batch-size 100 buffer (aa/batch input {:max-batch-size 100
:max-batch-age (* 5 1000) :max-batch-age (* 5 1000)
:init []})] :init []})]
@ -65,7 +84,10 @@
(l/debug :action "persist-events (batch)" (l/debug :action "persist-events (batch)"
:reason (name type) :reason (name type)
:count (count events)) :count (count events))
(a/<! (persist-events cfg events)) (let [res (a/<! (persist-events cfg events))]
(when (ex/exception? res)
(l/error :hint "error on persiting events"
:cause res)))
(recur))) (recur)))
(fn [& [cmd & params]] (fn [& [cmd & params]]
@ -113,7 +135,6 @@
(ex/raise :type :internal (ex/raise :type :internal
:code :task-not-configured :code :task-not-configured
:hint "archive task not configured, missing uri")) :hint "archive task not configured, missing uri"))
(l/debug :msg "start archiver" :uri uri)
(loop [] (loop []
(let [res (archive-events cfg)] (let [res (archive-events cfg)]
(when (= res :continue) (when (= res :continue)
@ -204,7 +225,6 @@
(defn- clean-archived (defn- clean-archived
[{:keys [pool max-age]}] [{:keys [pool max-age]}]
(prn "clean-archived" max-age)
(let [interval (db/interval max-age) (let [interval (db/interval max-age)
result (db/exec-one! pool [sql:clean-archived interval]) result (db/exec-one! pool [sql:clean-archived interval])
result (:next.jdbc/update-count result)] result (:next.jdbc/update-count result)]

3
backend/src/app/rpc.clj
View file

@ -99,7 +99,6 @@
(ex/raise :type :authentication (ex/raise :type :authentication
:code :authentication-required :code :authentication-required
:hint "authentication required for this endpoint")) :hint "authentication required for this endpoint"))
(let [params (us/conform spec params) (let [params (us/conform spec params)
result (f cfg params) result (f cfg params)
resultm (meta result)] resultm (meta result)]
@ -111,7 +110,7 @@
(audit :submit {:type (::type cfg) (audit :submit {:type (::type cfg)
:name (::sv/name mdata) :name (::sv/name mdata)
:profile-id profile-id :profile-id profile-id
:props (audit/clean-props props)}))) :props props})))
result)))) result))))
(defn- process-method (defn- process-method

6
backend/src/app/rpc/mutations/demo.clj
View file

@ -11,6 +11,7 @@
[app.common.uuid :as uuid] [app.common.uuid :as uuid]
[app.config :as cfg] [app.config :as cfg]
[app.db :as db] [app.db :as db]
[app.loggers.audit :as audit]
[app.rpc.mutations.profile :as profile] [app.rpc.mutations.profile :as profile]
[app.setup.initial-data :as sid] [app.setup.initial-data :as sid]
[app.util.services :as sv] [app.util.services :as sv]
@ -53,5 +54,6 @@
::wrk/conn conn ::wrk/conn conn
:profile-id id}) :profile-id id})
{:email email (with-meta {:email email
:password password}))) :password password}
{::audit/profile-id id}))))

12
backend/src/app/rpc/mutations/profile.clj
View file

@ -277,10 +277,12 @@
:member-email (:email profile)) :member-email (:email profile))
token (tokens :generate claims)] token (tokens :generate claims)]
(with-meta {:invitation-token token} (with-meta {:invitation-token token}
{:transform-response ((:create session) (:id profile))})) {:transform-response ((:create session) (:id profile))
::audit/profile-id (:id profile)}))
(with-meta profile (with-meta profile
{:transform-response ((:create session) (:id profile))})))))) {:transform-response ((:create session) (:id profile))
::audit/profile-id (:id profile)}))))))
;; --- Mutation: Logout ;; --- Mutation: Logout
@ -307,7 +309,9 @@
(let [profile (-> (assoc cfg :conn conn) (let [profile (-> (assoc cfg :conn conn)
(login-or-register params))] (login-or-register params))]
(with-meta profile (with-meta profile
{:before-complete (annotate-profile-register metrics profile)})))) {:before-complete (annotate-profile-register metrics profile)
::audit/props (:props profile)
::audit/profile-id (:id profile)}))))
(defn login-or-register (defn login-or-register
[{:keys [conn] :as cfg} {:keys [email backend] :as params}] [{:keys [conn] :as cfg} {:keys [email backend] :as params}]
@ -614,7 +618,7 @@
;; Schedule a complete deletion of profile ;; Schedule a complete deletion of profile
(wrk/submit! {::wrk/task :delete-profile (wrk/submit! {::wrk/task :delete-profile
::wrk/dalay cfg/deletion-delay ::wrk/delay cfg/deletion-delay
::wrk/conn conn ::wrk/conn conn
:profile-id profile-id}) :profile-id profile-id})

4
frontend/src/app/main/data/users.cljs
View file

@ -379,9 +379,11 @@
on-success identity}} (meta params)] on-success identity}} (meta params)]
(->> (rp/mutation :delete-profile {}) (->> (rp/mutation :delete-profile {})
(rx/tap on-success) (rx/tap on-success)
(rx/delay-at-least 300)
(rx/catch (constantly (rx/of 1)))
(rx/map logged-out)
(rx/catch on-error)))))) (rx/catch on-error))))))
;; --- EVENT: request-profile-recovery ;; --- EVENT: request-profile-recovery
(s/def ::request-profile-recovery (s/def ::request-profile-recovery

20
frontend/src/app/main/ui/settings/delete_account.cljs
View file

@ -12,7 +12,7 @@
[app.main.store :as st] [app.main.store :as st]
[app.main.ui.icons :as i] [app.main.ui.icons :as i]
[app.main.ui.messages :as msgs] [app.main.ui.messages :as msgs]
[app.util.i18n :as i18n :refer [tr t]] [app.util.i18n :as i18n :refer [tr]]
[app.util.router :as rt] [app.util.router :as rt]
[beicon.core :as rx] [beicon.core :as rx]
[cljs.spec.alpha :as s] [cljs.spec.alpha :as s]
@ -25,42 +25,36 @@
(rx/of (dm/error msg))) (rx/of (dm/error msg)))
(rx/throw error))) (rx/throw error)))
(defn on-success
[x]
(st/emit! (rt/nav :auth-login)))
(mf/defc delete-account-modal (mf/defc delete-account-modal
{::mf/register modal/components {::mf/register modal/components
::mf/register-as :delete-account} ::mf/register-as :delete-account}
[props] [props]
(let [locale (mf/deref i18n/locale) (let [on-close
on-close
(mf/use-callback (st/emitf (modal/hide))) (mf/use-callback (st/emitf (modal/hide)))
on-accept on-accept
(mf/use-callback (mf/use-callback
(st/emitf (modal/hide) (st/emitf (modal/hide)
(du/request-account-deletion (du/request-account-deletion
(with-meta {} {:on-error on-error (with-meta {} {:on-error on-error}))))]
:on-success on-success}))))]
[:div.modal-overlay [:div.modal-overlay
[:div.modal-container.change-email-modal [:div.modal-container.change-email-modal
[:div.modal-header [:div.modal-header
[:div.modal-header-title [:div.modal-header-title
[:h2 (t locale "modals.delete-account.title")]] [:h2 (tr "modals.delete-account.title")]]
[:div.modal-close-button [:div.modal-close-button
{:on-click on-close} i/close]] {:on-click on-close} i/close]]
[:div.modal-content [:div.modal-content
[:& msgs/inline-banner [:& msgs/inline-banner
{:type :warning {:type :warning
:content (t locale "modals.delete-account.info")}]] :content (tr "modals.delete-account.info")}]]
[:div.modal-footer [:div.modal-footer
[:div.action-buttons [:div.action-buttons
[:button.btn-warning.btn-large {:on-click on-accept} [:button.btn-warning.btn-large {:on-click on-accept}
(t locale "modals.delete-account.confirm")] (tr "modals.delete-account.confirm")]
[:button.btn-secondary.btn-large {:on-click on-close} [:button.btn-secondary.btn-large {:on-click on-close}
(t locale "modals.delete-account.cancel")]]]]])) (tr "modals.delete-account.cancel")]]]]]))