From d001fcd45646fdd6d5c49c84b9384b729acd616b Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Fri, 14 Aug 2020 09:30:32 -0600 Subject: [PATCH] [CORL-1291] Logging Improvements (#3103) * feat: added settings audit * fix: added tenantID to audit entry Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> --- src/core/server/graph/mutators/Settings.ts | 2 +- src/core/server/services/tenant/tenant.ts | 30 +++++++++++++++++++--- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/src/core/server/graph/mutators/Settings.ts b/src/core/server/graph/mutators/Settings.ts index 774d066e9..3cc0b1dac 100644 --- a/src/core/server/graph/mutators/Settings.ts +++ b/src/core/server/graph/mutators/Settings.ts @@ -60,7 +60,7 @@ export const Settings = ({ update: ( input: WithoutMutationID ): Promise => - update(mongo, redis, tenantCache, config, tenant, input.settings), + update(mongo, redis, tenantCache, config, tenant, user!, input.settings), rotateSSOSigningSecret: ({ inactiveIn }: GQLRotateSSOSigningSecretInput) => rotateSSOSigningSecret(mongo, redis, tenantCache, tenant, inactiveIn, now), deleteSSOSigningSecret: ({ kid }: GQLDeleteSSOSigningSecretInput) => diff --git a/src/core/server/services/tenant/tenant.ts b/src/core/server/services/tenant/tenant.ts index 673b14881..57dd08b5c 100644 --- a/src/core/server/services/tenant/tenant.ts +++ b/src/core/server/services/tenant/tenant.ts @@ -32,15 +32,29 @@ import TenantCache from "./cache/cache"; export type UpdateTenant = GQLSettingsInput; -function cleanWordList( +function cleanWordlist(list: string[]): string[] { + return uniqBy( + list + // For each phrase, trim any whitespace. + .map((phrase) => phrase.trim()) + // Only allow truthy phrases (no empty strings)! + .filter((phrase) => !!phrase) + .sort(), + // Only allow unique phrases. This ensures we don't discriminate based on + // case. + lowerCase + ); +} + +function cleanWordLists( list: GQLSettingsWordListInput ): GQLSettingsWordListInput { if (list.banned) { - list.banned = uniqBy(list.banned.filter(Boolean), lowerCase) as string[]; + list.banned = cleanWordlist(list.banned); } if (list.suspect) { - list.suspect = uniqBy(list.suspect.filter(Boolean), lowerCase) as string[]; + list.suspect = cleanWordlist(list.suspect); } return list; @@ -52,6 +66,7 @@ export async function update( cache: TenantCache, config: Config, tenant: Tenant, + user: User, input: UpdateTenant ): Promise { // If the environment variable for disabling live updates is provided, then @@ -67,9 +82,16 @@ export async function update( // If the word list was specified, we should validate it to ensure there isn't // any empty spaces. if (input.wordList) { - input.wordList = cleanWordList(input.wordList); + input.wordList = cleanWordLists(input.wordList); } + // Whenever the settings are updated, log who performed the update and what + // keys they updated. + logger.info( + { update: Object.keys(input), userID: user.id, tenantID: tenant.id }, + "settings update audit" + ); + const updatedTenant = await updateTenant(mongo, tenant.id, input); if (!updatedTenant) { return null;