From 62ef53280147873c1324807e6348e52e89ddc377 Mon Sep 17 00:00:00 2001 From: shimon Date: Mon, 8 Aug 2022 17:32:54 +0300 Subject: [PATCH] leftovers --- app/controllers/api/account.php | 45 +++++++++++---------- app/controllers/api/databases.php | 66 +++++++++++++------------------ app/controllers/api/storage.php | 24 +++++------ app/controllers/api/teams.php | 43 ++++++-------------- app/controllers/api/users.php | 46 ++++++--------------- app/controllers/shared/api.php | 11 ++---- 6 files changed, 88 insertions(+), 147 deletions(-) diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 30d90b0c4d..0e4f40d8d2 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -47,7 +47,7 @@ App::post('/v1/account') ->label('event', 'users.[userId].create') ->label('scope', 'public') ->label('auth.type', 'emailPassword') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', []) ->label('sdk.namespace', 'account') ->label('sdk.method', 'create') @@ -354,7 +354,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') ->label('abuse-limit', 50) ->label('abuse-key', 'ip:{ip}') ->label('docs', false) - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->param('provider', '', new WhiteList(\array_keys(Config::getParam('providers')), true), 'OAuth2 provider.') ->param('code', '', new Text(2048), 'OAuth2 code.') ->param('state', '', new Text(2048), 'OAuth2 state params.', true) @@ -586,7 +586,7 @@ App::post('/v1/account/sessions/magic-url') ->groups(['api', 'account']) ->label('scope', 'public') ->label('auth.type', 'magic-url') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', []) ->label('sdk.namespace', 'account') ->label('sdk.method', 'createMagicURLSession') @@ -710,7 +710,7 @@ App::put('/v1/account/sessions/magic-url') ->groups(['api', 'account']) ->label('scope', 'public') ->label('event', 'users.[userId].sessions.[sessionId].create') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', []) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updateMagicURLSession') @@ -822,7 +822,7 @@ App::post('/v1/account/sessions/phone') ->groups(['api', 'account']) ->label('scope', 'public') ->label('auth.type', 'phone') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', []) ->label('sdk.namespace', 'account') ->label('sdk.method', 'createPhoneSession') @@ -935,7 +935,7 @@ App::put('/v1/account/sessions/phone') ->groups(['api', 'account']) ->label('scope', 'public') ->label('event', 'users.[userId].sessions.[sessionId].create') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', []) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updatePhoneSession') @@ -1044,7 +1044,7 @@ App::post('/v1/account/sessions/anonymous') ->label('event', 'users.[userId].sessions.[sessionId].create') ->label('scope', 'public') ->label('auth.type', 'anonymous') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', []) ->label('sdk.namespace', 'account') ->label('sdk.method', 'createAnonymousSession') @@ -1399,7 +1399,7 @@ App::patch('/v1/account/name') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.name') ->label('scope', 'account') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updateName') @@ -1430,7 +1430,7 @@ App::patch('/v1/account/password') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.password') ->label('scope', 'account') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updatePassword') @@ -1471,7 +1471,7 @@ App::patch('/v1/account/email') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.email') ->label('scope', 'account') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updateEmail') @@ -1522,7 +1522,7 @@ App::patch('/v1/account/phone') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.phone') ->label('scope', 'account') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updatePhone') @@ -1570,7 +1570,7 @@ App::patch('/v1/account/prefs') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.prefs') ->label('scope', 'account') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updatePrefs') @@ -1599,8 +1599,8 @@ App::patch('/v1/account/status') ->groups(['api', 'account']) ->label('event', 'users.[userId].update.status') ->label('scope', 'account') - ->label('audits.resource', 'user/{payload.$id}') - ->label('audits.payload', '*') + ->label('audits.resource', 'user/{response.$id}') + ->label('audits.payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updateStatus') @@ -1612,10 +1612,9 @@ App::patch('/v1/account/status') ->inject('response') ->inject('user') ->inject('dbForProject') - ->inject('audits') ->inject('events') ->inject('usage') - ->action(function (Request $request, Response $response, Document $user, Database $dbForProject, Audit $audits, Event $events, Stats $usage) { + ->action(function (Request $request, Response $response, Document $user, Database $dbForProject, Event $events, Stats $usage) { $user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('status', false)); @@ -1714,7 +1713,7 @@ App::patch('/v1/account/sessions/:sessionId') ->groups(['api', 'account']) ->label('scope', 'account') ->label('event', 'users.[userId].sessions.[sessionId].update') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updateSession') @@ -1867,7 +1866,7 @@ App::post('/v1/account/recovery') ->groups(['api', 'account']) ->label('scope', 'public') ->label('event', 'users.[userId].recovery.[tokenId].create') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'createRecovery') @@ -1970,7 +1969,7 @@ App::put('/v1/account/recovery') ->groups(['api', 'account']) ->label('scope', 'public') ->label('event', 'users.[userId].recovery.[tokenId].update') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updateRecovery') @@ -2038,7 +2037,7 @@ App::post('/v1/account/verification') ->groups(['api', 'account']) ->label('scope', 'account') ->label('event', 'users.[userId].verification.[tokenId].create') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'createVerification') @@ -2127,7 +2126,7 @@ App::put('/v1/account/verification') ->groups(['api', 'account']) ->label('scope', 'public') ->label('event', 'users.[userId].verification.[tokenId].update') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updateVerification') @@ -2187,7 +2186,7 @@ App::post('/v1/account/verification/phone') ->groups(['api', 'account']) ->label('scope', 'account') ->label('event', 'users.[userId].verification.[tokenId].create') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'createPhoneVerification') @@ -2272,7 +2271,7 @@ App::put('/v1/account/verification/phone') ->groups(['api', 'account']) ->label('scope', 'public') ->label('event', 'users.[userId].verification.[tokenId].update') - ->label('audits.resource', 'user/{payload.$id}') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'account') ->label('sdk.method', 'updatePhoneVerification') diff --git a/app/controllers/api/databases.php b/app/controllers/api/databases.php index df032a4dbc..dff09bc5e1 100644 --- a/app/controllers/api/databases.php +++ b/app/controllers/api/databases.php @@ -151,8 +151,8 @@ App::post('/v1/databases') ->groups(['api', 'database']) ->label('event', 'databases.[databaseId].create') ->label('scope', 'databases.write') - ->label('audits.resource', 'database/{payload.$id}') - ->label('audits.payload', '*') + ->label('audits.resource', 'database/{response.$id}') + ->label('audits.payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'create') @@ -377,8 +377,8 @@ App::put('/v1/databases/:databaseId') ->groups(['api', 'database']) ->label('scope', 'databases.write') ->label('event', 'databases.[databaseId].update') - ->label('audits.resource', 'database/{payload.$id}') - ->label('audits.payload', '*') + ->label('audits.resource', 'database/{response.$id}') + ->label('audits.payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'update') @@ -421,6 +421,7 @@ App::delete('/v1/databases/:databaseId') ->groups(['api', 'database']) ->label('scope', 'databases.write') ->label('event', 'databases.[databaseId].delete') + ->label('audits.resource', 'database/{request.databaseId}') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'delete') @@ -458,10 +459,7 @@ App::delete('/v1/databases/:databaseId') ->setPayload($response->output($database, Response::MODEL_DATABASE)) ; - $audits - ->setResource('database/' . $databaseId) - ->setPayload($database->getArrayCopy()) - ; + $audits->setPayload($database->getArrayCopy()); $usage->setParam('databases.delete', 1); @@ -475,7 +473,7 @@ App::post('/v1/databases/:databaseId/collections') ->label('event', 'databases.[databaseId].collections.[collectionId].create') ->label('scope', 'collections.write') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits.payload', '*') + ->label('audits.payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'createCollection') @@ -725,7 +723,7 @@ App::put('/v1/databases/:databaseId/collections/:collectionId') ->label('scope', 'collections.write') ->label('event', 'databases.[databaseId].collections.[collectionId].update') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits-payload', '*') + ->label('audits-payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'updateCollection') @@ -793,6 +791,7 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId') ->groups(['api', 'database']) ->label('scope', 'collections.write') ->label('event', 'databases.[databaseId].collections.[collectionId].delete') + ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'deleteCollection') @@ -839,10 +838,7 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId') ->setPayload($response->output($collection, Response::MODEL_COLLECTION)) ; - $audits - ->setResource('database/' . $databaseId . '/collection/' . $collectionId) - ->setPayload($collection->getArrayCopy()) - ; + $audits->setPayload($collection->getArrayCopy()); $usage ->setParam('databaseId', $databaseId) @@ -858,7 +854,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/attributes/string ->label('event', 'databases.[databaseId].collections.[collectionId].attributes.[attributeId].create') ->label('scope', 'collections.write') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits.payload', '*') + ->label('audits.payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'createStringAttribute') @@ -905,7 +901,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/attributes/email' ->label('event', 'databases.[databaseId].collections.[collectionId].attributes.[attributeId].create') ->label('scope', 'collections.write') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits.payload', '*') + ->label('audits.payload', true) ->label('sdk.namespace', 'databases') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.method', 'createEmailAttribute') @@ -946,7 +942,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/attributes/enum') ->label('event', 'databases.[databaseId].collections.[collectionId].attributes.[attributeId].create') ->label('scope', 'collections.write') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits.payload', '*') + ->label('audits.payload', true) ->label('sdk.namespace', 'databases') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.method', 'createEnumAttribute') @@ -1003,7 +999,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/attributes/ip') ->label('event', 'databases.[databaseId].collections.[collectionId].attributes.[attributeId].create') ->label('scope', 'collections.write') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits.payload', '*') + ->label('audits.payload', true) ->label('sdk.namespace', 'databases') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.method', 'createIpAttribute') @@ -1044,7 +1040,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/attributes/url') ->label('event', 'databases.[databaseId].collections.[collectionId].attributes.[attributeId].create') ->label('scope', 'collections.write') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits.payload', '*') + ->label('audits.payload', true) ->label('sdk.namespace', 'databases') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.method', 'createUrlAttribute') @@ -1085,7 +1081,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/attributes/intege ->label('event', 'databases.[databaseId].collections.[collectionId].attributes.[attributeId].create') ->label('scope', 'collections.write') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits.payload', '*') + ->label('audits.payload', true) ->label('sdk.namespace', 'databases') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.method', 'createIntegerAttribute') @@ -1155,7 +1151,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/attributes/float' ->label('event', 'databases.[databaseId].collections.[collectionId].attributes.[attributeId].create') ->label('scope', 'collections.write') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits.payload', '*') + ->label('audits.payload', true) ->label('sdk.namespace', 'databases') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.method', 'createFloatAttribute') @@ -1228,7 +1224,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/attributes/boolea ->label('event', 'databases.[databaseId].collections.[collectionId].attributes.[attributeId].create') ->label('scope', 'collections.write') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits.payload', '*') + ->label('audits.payload', true) ->label('sdk.namespace', 'databases') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.method', 'createBooleanAttribute') @@ -1380,6 +1376,7 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/attributes/:key ->groups(['api', 'database']) ->label('scope', 'collections.write') ->label('event', 'databases.[databaseId].collections.[collectionId].attributes.[attributeId].delete') + ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'deleteAttribute') @@ -1460,10 +1457,7 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/attributes/:key ->setPayload($response->output($attribute, $model)) ; - $audits - ->setResource('database/' . $databaseId . '/collection/' . $collectionId) - ->setPayload($attribute->getArrayCopy()) - ; + $audits->setPayload($attribute->getArrayCopy()); $response->noContent(); }); @@ -1475,7 +1469,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/indexes') ->label('event', 'databases.[databaseId].collections.[collectionId].indexes.[indexId].create') ->label('scope', 'collections.write') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits.payload', '*') + ->label('audits.payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'createIndex') @@ -1719,6 +1713,7 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/indexes/:key') ->groups(['api', 'database']) ->label('scope', 'collections.write') ->label('event', 'databases.[databaseId].collections.[collectionId].indexes.[indexId].delete') + ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'deleteIndex') @@ -1780,10 +1775,7 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/indexes/:key') ->setPayload($response->output($index, Response::MODEL_INDEX)) ; - $audits - ->setResource('database/' . $databaseId . '/collection/' . $collection->getId()) - ->setPayload($index->getArrayCopy()) - ; + $audits->setPayload($index->getArrayCopy()); $response->noContent(); }); @@ -1795,7 +1787,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents') ->label('event', 'databases.[databaseId].collections.[collectionId].documents.[documentId].create') ->label('scope', 'documents.write') ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}') - ->label('audits.payload', '*') + ->label('audits.payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'createDocument') @@ -2191,8 +2183,8 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum ->groups(['api', 'database']) ->label('event', 'databases.[databaseId].collections.[collectionId].documents.[documentId].update') ->label('scope', 'documents.write') - ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}/document/{payload.$id}') - ->label('audits.payload', '*') + ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}/document/{response.$id}') + ->label('audits.payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'updateDocument') @@ -2326,6 +2318,7 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/documents/:docu ->groups(['api', 'database']) ->label('scope', 'documents.write') ->label('event', 'databases.[databaseId].collections.[collectionId].documents.[documentId].delete') + ->label('audits.resource', 'database/{request.databaseId}/collection/{request.collectionId}/document/{request.documentId}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'databases') ->label('sdk.method', 'deleteDocument') @@ -2412,10 +2405,7 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/documents/:docu ->setPayload($response->output($document, Response::MODEL_DOCUMENT)) ; - $audits - ->setResource('database/' . $databaseId . '/collection/' . $collectionId . '/document/' . $document->getId()) - ->setPayload($document->getArrayCopy()) - ; + $audits->setPayload($document->getArrayCopy()); $response->noContent(); }); diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index abcd97da25..eb58bc0f82 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -46,8 +46,8 @@ App::post('/v1/storage/buckets') ->groups(['api', 'storage']) ->label('scope', 'buckets.write') ->label('event', 'buckets.[bucketId].create') - ->label('audits.resource', 'storage/buckets/{payload.$id}') - ->label('audits.payload', '*') + ->label('audits.resource', 'storage/buckets/{response.$id}') + ->label('audits.payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'storage') ->label('sdk.method', 'createBucket') @@ -210,8 +210,8 @@ App::put('/v1/storage/buckets/:bucketId') ->groups(['api', 'storage']) ->label('scope', 'buckets.write') ->label('event', 'buckets.[bucketId].update') - ->label('audits.resource', 'storage/buckets/{payload.$id}') - ->label('audits.payload', '*') + ->label('audits.resource', 'storage/buckets/{response.$id}') + ->label('audits.payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'storage') ->label('sdk.method', 'updateBucket') @@ -273,6 +273,7 @@ App::delete('/v1/storage/buckets/:bucketId') ->groups(['api', 'storage']) ->label('scope', 'buckets.write') ->label('event', 'buckets.[bucketId].delete') + ->label('audits.resource', 'storage/buckets/{request.bucketId}') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'storage') ->label('sdk.method', 'deleteBucket') @@ -306,10 +307,7 @@ App::delete('/v1/storage/buckets/:bucketId') ->setPayload($response->output($bucket, Response::MODEL_BUCKET)) ; - $audits - ->setResource('storage/buckets/' . $bucket->getId()) - ->setPayload($bucket->getArrayCopy()) - ; + $audits->setPayload($bucket->getArrayCopy()); $usage->setParam('storage.buckets.delete', 1); @@ -322,7 +320,7 @@ App::post('/v1/storage/buckets/:bucketId/files') ->groups(['api', 'storage']) ->label('scope', 'files.write') ->label('event', 'buckets.[bucketId].files.[fileId].create') - ->label('audits.resource', 'storage/files/{payload.$id}') + ->label('audits.resource', 'storage/files/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'storage') ->label('sdk.method', 'createFile') @@ -1267,7 +1265,7 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId') ->groups(['api', 'storage']) ->label('scope', 'files.write') ->label('event', 'buckets.[bucketId].files.[fileId].update') - ->label('audits.resource', 'storage/files/{payload.$id}') + ->label('audits.resource', 'storage/files/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'storage') ->label('sdk.method', 'updateFile') @@ -1362,6 +1360,7 @@ App::delete('/v1/storage/buckets/:bucketId/files/:fileId') ->groups(['api', 'storage']) ->label('scope', 'files.write') ->label('event', 'buckets.[bucketId].files.[fileId].delete') + ->label('audits.resource', 'file/{request.fileId}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'storage') ->label('sdk.method', 'deleteFile') @@ -1373,12 +1372,11 @@ App::delete('/v1/storage/buckets/:bucketId/files/:fileId') ->inject('response') ->inject('dbForProject') ->inject('events') - ->inject('audits') ->inject('usage') ->inject('mode') ->inject('deviceFiles') ->inject('project') - ->action(function (string $bucketId, string $fileId, Response $response, Database $dbForProject, Event $events, Audit $audits, Stats $usage, string $mode, Device $deviceFiles, Document $project) { + ->action(function (string $bucketId, string $fileId, Response $response, Database $dbForProject, Event $events, Stats $usage, string $mode, Device $deviceFiles, Document $project) { $bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); if ( @@ -1434,8 +1432,6 @@ App::delete('/v1/storage/buckets/:bucketId/files/:fileId') throw new Exception('Failed to delete file from device', 500, Exception::GENERAL_SERVER_ERROR); } - $audits->setResource('file/' . $file->getId()); - $usage ->setParam('storage', $file->getAttribute('size', 0) * -1) ->setParam('storage.files.delete', 1) diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index 79e1ac3d18..14141b20bc 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -36,6 +36,8 @@ App::post('/v1/teams') ->groups(['api', 'teams']) ->label('event', 'teams.[teamId].create') ->label('scope', 'teams.write') + ->label('audits.resource', 'team/{response.$id}') + ->label('audits.payload', true) ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'teams') ->label('sdk.method', 'create') @@ -50,8 +52,7 @@ App::post('/v1/teams') ->inject('user') ->inject('dbForProject') ->inject('events') - ->inject('audits') - ->action(function (string $teamId, string $name, array $roles, Response $response, Document $user, Database $dbForProject, Event $events, Event $audits) { + ->action(function (string $teamId, string $name, array $roles, Response $response, Document $user, Database $dbForProject, Event $events) { $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); $isAppUser = Auth::isAppUser(Authorization::getRoles()); @@ -94,12 +95,6 @@ App::post('/v1/teams') $events->setParam('userId', $user->getId()); } - $audits - ->setParam('event', 'teams.create') - ->setParam('resource', 'team/' . $teamId) - ->setParam('data', $team->getArrayCopy()) - ; - $response->setStatusCode(Response::STATUS_CODE_CREATED); $response->dynamic($team, Response::MODEL_TEAM); }); @@ -178,6 +173,7 @@ App::put('/v1/teams/:teamId') ->groups(['api', 'teams']) ->label('event', 'teams.[teamId].update') ->label('scope', 'teams.write') + ->label('audits.resource', 'team/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'teams') ->label('sdk.method', 'update') @@ -190,8 +186,7 @@ App::put('/v1/teams/:teamId') ->inject('response') ->inject('dbForProject') ->inject('events') - ->inject('audits') - ->action(function (string $teamId, string $name, Response $response, Database $dbForProject, Event $events, EventAudit $audits) { + ->action(function (string $teamId, string $name, Response $response, Database $dbForProject, Event $events) { $team = $dbForProject->getDocument('teams', $teamId); @@ -204,7 +199,6 @@ App::put('/v1/teams/:teamId') ->setAttribute('search', implode(' ', [$teamId, $name]))); $events->setParam('teamId', $team->getId()); - $audits->setResource('team/' . $team->getId()); $response->dynamic($team, Response::MODEL_TEAM); }); @@ -259,7 +253,6 @@ App::delete('/v1/teams/:teamId') ; $audits - ->setParam('event', 'teams.delete') ->setParam('resource', 'team/' . $teamId) ->setParam('data', $team->getArrayCopy()) ; @@ -273,6 +266,7 @@ App::post('/v1/teams/:teamId/memberships') ->label('event', 'teams.[teamId].memberships.[membershipId].create') ->label('scope', 'teams.write') ->label('auth.type', 'invites') + ->label('audits.resource', 'team/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'teams') ->label('sdk.method', 'createMembership') @@ -291,10 +285,9 @@ App::post('/v1/teams/:teamId/memberships') ->inject('user') ->inject('dbForProject') ->inject('locale') - ->inject('audits') ->inject('mails') ->inject('events') - ->action(function (string $teamId, string $email, array $roles, string $url, string $name, Response $response, Document $project, Document $user, Database $dbForProject, Locale $locale, EventAudit $audits, Mail $mails, Event $events) { + ->action(function (string $teamId, string $email, array $roles, string $url, string $name, Response $response, Document $project, Document $user, Database $dbForProject, Locale $locale, Mail $mails, Event $events) { $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); $isAppUser = Auth::isAppUser(Authorization::getRoles()); @@ -414,10 +407,6 @@ App::post('/v1/teams/:teamId/memberships') ; } - $audits - ->setResource('team/' . $teamId) - ; - $events ->setParam('teamId', $team->getId()) ->setParam('membershipId', $membership->getId()) @@ -556,6 +545,7 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId') ->groups(['api', 'teams']) ->label('event', 'teams.[teamId].memberships.[membershipId].update') ->label('scope', 'teams.write') + ->label('audits.resource', 'team/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'teams') ->label('sdk.method', 'updateMembershipRoles') @@ -570,9 +560,8 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId') ->inject('response') ->inject('user') ->inject('dbForProject') - ->inject('audits') ->inject('events') - ->action(function (string $teamId, string $membershipId, array $roles, Request $request, Response $response, Document $user, Database $dbForProject, EventAudit $audits, Event $events) { + ->action(function (string $teamId, string $membershipId, array $roles, Request $request, Response $response, Document $user, Database $dbForProject, Event $events) { $team = $dbForProject->getDocument('teams', $teamId); if ($team->isEmpty()) { @@ -608,8 +597,6 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId') */ $dbForProject->deleteCachedDocument('users', $profile->getId()); - $audits->setResource('team/' . $teamId); - $events ->setParam('teamId', $team->getId()) ->setParam('membershipId', $membership->getId()); @@ -628,6 +615,7 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status') ->groups(['api', 'teams']) ->label('event', 'teams.[teamId].memberships.[membershipId].update.status') ->label('scope', 'public') + ->label('audits.resource', 'team/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'teams') ->label('sdk.method', 'updateMembershipStatus') @@ -644,9 +632,8 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status') ->inject('user') ->inject('dbForProject') ->inject('geodb') - ->inject('audits') ->inject('events') - ->action(function (string $teamId, string $membershipId, string $userId, string $secret, Request $request, Response $response, Document $user, Database $dbForProject, Reader $geodb, EventAudit $audits, Event $events) { + ->action(function (string $teamId, string $membershipId, string $userId, string $secret, Request $request, Response $response, Document $user, Database $dbForProject, Reader $geodb, Event $events) { $protocol = $request->getProtocol(); $membership = $dbForProject->getDocument('memberships', $membershipId); @@ -729,8 +716,6 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status') $team = Authorization::skip(fn() => $dbForProject->updateDocument('teams', $team->getId(), $team->setAttribute('total', $team->getAttribute('total', 0) + 1))); - $audits->setResource('team/' . $teamId); - $events ->setParam('teamId', $team->getId()) ->setParam('membershipId', $membership->getId()) @@ -761,6 +746,7 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId') ->groups(['api', 'teams']) ->label('event', 'teams.[teamId].memberships.[membershipId].delete') ->label('scope', 'teams.write') + ->label('audits.resource', 'team/{request.teamId}') ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) ->label('sdk.namespace', 'teams') ->label('sdk.method', 'deleteMembership') @@ -771,9 +757,8 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId') ->param('membershipId', '', new UID(), 'Membership ID.') ->inject('response') ->inject('dbForProject') - ->inject('audits') ->inject('events') - ->action(function (string $teamId, string $membershipId, Response $response, Database $dbForProject, EventAudit $audits, Event $events) { + ->action(function (string $teamId, string $membershipId, Response $response, Database $dbForProject, Event $events) { $membership = $dbForProject->getDocument('memberships', $membershipId); @@ -812,8 +797,6 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId') Authorization::skip(fn() => $dbForProject->updateDocument('teams', $team->getId(), $team)); } - $audits->setResource('team/' . $teamId); - $events ->setParam('teamId', $team->getId()) ->setParam('membershipId', $membership->getId()) diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 8845db4810..b8bce1932c 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -483,6 +483,7 @@ App::patch('/v1/users/:userId/name') ->groups(['api', 'users']) ->label('event', 'users.[userId].update.name') ->label('scope', 'users.write') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'users') ->label('sdk.method', 'updateName') @@ -494,9 +495,8 @@ App::patch('/v1/users/:userId/name') ->param('name', '', new Text(128), 'User name. Max length: 128 chars.') ->inject('response') ->inject('dbForProject') - ->inject('audits') ->inject('events') - ->action(function (string $userId, string $name, Response $response, Database $dbForProject, EventAudit $audits, Event $events) { + ->action(function (string $userId, string $name, Response $response, Database $dbForProject, Event $events) { $user = $dbForProject->getDocument('users', $userId); @@ -511,13 +511,7 @@ App::patch('/v1/users/:userId/name') $user = $dbForProject->updateDocument('users', $user->getId(), $user); - $audits - ->setResource('user/' . $user->getId()) - ; - - $events - ->setParam('userId', $user->getId()) - ; + $events->setParam('userId', $user->getId()); $response->dynamic($user, Response::MODEL_USER); }); @@ -527,6 +521,7 @@ App::patch('/v1/users/:userId/password') ->groups(['api', 'users']) ->label('event', 'users.[userId].update.password') ->label('scope', 'users.write') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'users') ->label('sdk.method', 'updatePassword') @@ -538,9 +533,8 @@ App::patch('/v1/users/:userId/password') ->param('password', '', new Password(), 'New user password. Must be at least 8 chars.') ->inject('response') ->inject('dbForProject') - ->inject('audits') ->inject('events') - ->action(function (string $userId, string $password, Response $response, Database $dbForProject, EventAudit $audits, Event $events) { + ->action(function (string $userId, string $password, Response $response, Database $dbForProject, Event $events) { $user = $dbForProject->getDocument('users', $userId); @@ -554,13 +548,7 @@ App::patch('/v1/users/:userId/password') $user = $dbForProject->updateDocument('users', $user->getId(), $user); - $audits - ->setResource('user/' . $user->getId()) - ; - - $events - ->setParam('userId', $user->getId()) - ; + $events->setParam('userId', $user->getId()); $response->dynamic($user, Response::MODEL_USER); }); @@ -570,6 +558,7 @@ App::patch('/v1/users/:userId/email') ->groups(['api', 'users']) ->label('event', 'users.[userId].update.email') ->label('scope', 'users.write') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'users') ->label('sdk.method', 'updateEmail') @@ -581,9 +570,8 @@ App::patch('/v1/users/:userId/email') ->param('email', '', new Email(), 'User email.') ->inject('response') ->inject('dbForProject') - ->inject('audits') ->inject('events') - ->action(function (string $userId, string $email, Response $response, Database $dbForProject, EventAudit $audits, Event $events) { + ->action(function (string $userId, string $email, Response $response, Database $dbForProject, Event $events) { $user = $dbForProject->getDocument('users', $userId); @@ -605,11 +593,6 @@ App::patch('/v1/users/:userId/email') throw new Exception('Email already exists', 409, Exception::USER_EMAIL_ALREADY_EXISTS); } - - $audits - ->setResource('user/' . $user->getId()) - ; - $events ->setParam('userId', $user->getId()) ; @@ -622,6 +605,7 @@ App::patch('/v1/users/:userId/phone') ->groups(['api', 'users']) ->label('event', 'users.[userId].update.phone') ->label('scope', 'users.write') + ->label('audits.resource', 'user/{response.$id}') ->label('sdk.auth', [APP_AUTH_TYPE_KEY]) ->label('sdk.namespace', 'users') ->label('sdk.method', 'updatePhone') @@ -633,9 +617,8 @@ App::patch('/v1/users/:userId/phone') ->param('number', '', new Phone(), 'User phone number.') ->inject('response') ->inject('dbForProject') - ->inject('audits') ->inject('events') - ->action(function (string $userId, string $number, Response $response, Database $dbForProject, EventAudit $audits, Event $events) { + ->action(function (string $userId, string $number, Response $response, Database $dbForProject, Event $events) { $user = $dbForProject->getDocument('users', $userId); @@ -654,14 +637,7 @@ App::patch('/v1/users/:userId/phone') throw new Exception('Email already exists', 409, Exception::USER_EMAIL_ALREADY_EXISTS); } - - $audits - ->setResource('user/' . $user->getId()) - ; - - $events - ->setParam('userId', $user->getId()) - ; + $events->setParam('userId', $user->getId()); $response->dynamic($user, Response::MODEL_USER); }); diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index e63e48095d..8d8c0b29c8 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -281,7 +281,7 @@ App::shutdown() list($namespace, $replace) = explode('.', $match); switch ($namespace) { - case 'payload': + case 'response': $params = $responsePayload; break; case 'request': @@ -299,7 +299,7 @@ App::shutdown() return $label; }; - $auditsResource = $route->getLabel('audits.resource',''); + $auditsResource = $route->getLabel('audits.resource',null); if(!empty($auditsResource)) { $resource = $parseLabel($auditsResource); if(!empty($resource)) { @@ -307,14 +307,11 @@ App::shutdown() } } - $auditsPayload = $route->getLabel('audits.payload',''); + $auditsPayload = $route->getLabel('audits.payload',false); if(!empty($auditsPayload)) { - if($auditsPayload === '*'){ - $audits->setPayload($responsePayload); - } + $audits->setPayload($responsePayload); } - if (!empty($audits->getResource())) { foreach ($events->getParams() as $key => $value) { $audits->setParam($key, $value);