CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-02 19:04:49 +12:00
Code Issues Projects Releases Wiki Activity

adding user to audits labels

Browse source
This commit is contained in:
shimon 2022-08-11 16:19:05 +03:00
parent 6a4fee641d
commit b5f977e46d
4 changed files with 67 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
app/controllers/api/account.php
View file

@ -48,6 +48,7 @@ App::post('/v1/account')
->label('scope', 'public')
->label('auth.type', 'emailPassword')
->label('audits.resource', 'user/{response.$id}')
->label('audits.userId', '{response.$id}')
->label('sdk.auth', [])
->label('sdk.namespace', 'account')
->label('sdk.method', 'create')
@ -354,7 +355,6 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
->label('abuse-limit', 50)
->label('abuse-key', 'ip:{ip}')
->label('docs', false)
->label('audits.resource', 'user/{response.$id}')
->param('provider', '', new WhiteList(\array_keys(Config::getParam('providers')), true), 'OAuth2 provider.')
->param('code', '', new Text(2048), 'OAuth2 code.')
->param('state', '', new Text(2048), 'OAuth2 state params.', true)
@ -364,9 +364,10 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
->inject('user')
->inject('dbForProject')
->inject('geodb')
->inject('audits')
->inject('events')
->inject('usage')
->action(function (string $provider, string $code, string $state, Request $request, Response $response, Document $project, Document $user, Database $dbForProject, Reader $geodb, Event $events, Stats $usage) use ($oauthDefaultSuccess) {
->action(function (string $provider, string $code, string $state, Request $request, Response $response, Document $project, Document $user, Database $dbForProject, Reader $geodb, Audit $audits, Event $events, Stats $usage) use ($oauthDefaultSuccess) {
$protocol = $request->getProtocol();
$callback = $protocol . '://' . $request->getHostname() . '/v1/account/sessions/oauth2/callback/' . $provider . '/' . $project->getId();
@ -543,6 +544,8 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
$dbForProject->deleteCachedDocument('users', $user->getId());
$audits->setResource('user/' . $user->getId());
$usage
->setParam('users.sessions.create', 1)
->setParam('projectId', $project->getId())
@ -586,7 +589,8 @@ App::post('/v1/account/sessions/magic-url')
->groups(['api', 'account'])
->label('scope', 'public')
->label('auth.type', 'magic-url')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('audits.userId', '{response.userId}')
->label('sdk.auth', [])
->label('sdk.namespace', 'account')
->label('sdk.method', 'createMagicURLSession')
@ -710,7 +714,7 @@ App::put('/v1/account/sessions/magic-url')
->groups(['api', 'account'])
->label('scope', 'public')
->label('event', 'users.[userId].sessions.[sessionId].create')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('sdk.auth', [])
->label('sdk.namespace', 'account')
->label('sdk.method', 'updateMagicURLSession')
@ -822,7 +826,8 @@ App::post('/v1/account/sessions/phone')
->groups(['api', 'account'])
->label('scope', 'public')
->label('auth.type', 'phone')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('audits.userId', '{response.userId}')
->label('sdk.auth', [])
->label('sdk.namespace', 'account')
->label('sdk.method', 'createPhoneSession')
@ -935,7 +940,7 @@ App::put('/v1/account/sessions/phone')
->groups(['api', 'account'])
->label('scope', 'public')
->label('event', 'users.[userId].sessions.[sessionId].create')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('sdk.auth', [])
->label('sdk.namespace', 'account')
->label('sdk.method', 'updatePhoneSession')
@ -1044,7 +1049,7 @@ App::post('/v1/account/sessions/anonymous')
->label('event', 'users.[userId].sessions.[sessionId].create')
->label('scope', 'public')
->label('auth.type', 'anonymous')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('sdk.auth', [])
->label('sdk.namespace', 'account')
->label('sdk.method', 'createAnonymousSession')
@ -1400,6 +1405,7 @@ App::patch('/v1/account/name')
->label('event', 'users.[userId].update.name')
->label('scope', 'account')
->label('audits.resource', 'user/{response.$id}')
->label('audits.userId', '{response.$id}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'updateName')
@ -1431,6 +1437,7 @@ App::patch('/v1/account/password')
->label('event', 'users.[userId].update.password')
->label('scope', 'account')
->label('audits.resource', 'user/{response.$id}')
->label('audits.userId', '{response.$id}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'updatePassword')
@ -1472,6 +1479,7 @@ App::patch('/v1/account/email')
->label('event', 'users.[userId].update.email')
->label('scope', 'account')
->label('audits.resource', 'user/{response.$id}')
->label('audits.userId', '{response.$id}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'updateEmail')
@ -1523,6 +1531,7 @@ App::patch('/v1/account/phone')
->label('event', 'users.[userId].update.phone')
->label('scope', 'account')
->label('audits.resource', 'user/{response.$id}')
->label('audits.userId', '{response.$id}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'updatePhone')
@ -1712,7 +1721,7 @@ App::patch('/v1/account/sessions/:sessionId')
->groups(['api', 'account'])
->label('scope', 'account')
->label('event', 'users.[userId].sessions.[sessionId].update')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'updateSession')
@ -1865,7 +1874,8 @@ App::post('/v1/account/recovery')
->groups(['api', 'account'])
->label('scope', 'public')
->label('event', 'users.[userId].recovery.[tokenId].create')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('audits.userId', '{response.userId}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'createRecovery')
@ -1968,7 +1978,7 @@ App::put('/v1/account/recovery')
->groups(['api', 'account'])
->label('scope', 'public')
->label('event', 'users.[userId].recovery.[tokenId].update')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'updateRecovery')
@ -2036,7 +2046,7 @@ App::post('/v1/account/verification')
->groups(['api', 'account'])
->label('scope', 'account')
->label('event', 'users.[userId].verification.[tokenId].create')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'createVerification')
@ -2125,7 +2135,7 @@ App::put('/v1/account/verification')
->groups(['api', 'account'])
->label('scope', 'public')
->label('event', 'users.[userId].verification.[tokenId].update')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'updateVerification')
@ -2185,7 +2195,7 @@ App::post('/v1/account/verification/phone')
->groups(['api', 'account'])
->label('scope', 'account')
->label('event', 'users.[userId].verification.[tokenId].create')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'createPhoneVerification')
@ -2270,7 +2280,7 @@ App::put('/v1/account/verification/phone')
->groups(['api', 'account'])
->label('scope', 'public')
->label('event', 'users.[userId].verification.[tokenId].update')
->label('audits.resource', 'user/{response.$id}')
->label('audits.resource', 'user/{response.userId}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'account')
->label('sdk.method', 'updatePhoneVerification')

16
app/controllers/api/teams.php
View file

@ -207,6 +207,7 @@ App::delete('/v1/teams/:teamId')
->groups(['api', 'teams'])
->label('event', 'teams.[teamId].delete')
->label('scope', 'teams.write')
->label('audits.resource', 'team/{request.teamId}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'teams')
->label('sdk.method', 'delete')
@ -251,10 +252,7 @@ App::delete('/v1/teams/:teamId')
->setPayload($response->output($team, Response::MODEL_TEAM))
;
$audits
->setParam('resource', 'team/' . $teamId)
->setParam('data', $team->getArrayCopy())
;
$audits->setParam('data', $team->getArrayCopy());
$response->noContent();
});
@ -265,7 +263,7 @@ App::post('/v1/teams/:teamId/memberships')
->label('event', 'teams.[teamId].memberships.[membershipId].create')
->label('scope', 'teams.write')
->label('auth.type', 'invites')
->label('audits.resource', 'team/{response.teamId}')
->label('audits.resource', 'team/{request.teamId}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'teams')
->label('sdk.method', 'createMembership')
@ -544,7 +542,7 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId')
->groups(['api', 'teams'])
->label('event', 'teams.[teamId].memberships.[membershipId].update')
->label('scope', 'teams.write')
->label('audits.resource', 'team/{response.teamId}')
->label('audits.resource', 'team/{request.teamId}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'teams')
->label('sdk.method', 'updateMembershipRoles')
@ -614,7 +612,7 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
->groups(['api', 'teams'])
->label('event', 'teams.[teamId].memberships.[membershipId].update.status')
->label('scope', 'public')
->label('audits.resource', 'team/{response.teamId}')
->label('audits.resource', 'team/{request.teamId}')
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_JWT])
->label('sdk.namespace', 'teams')
->label('sdk.method', 'updateMembershipStatus')
@ -676,9 +674,7 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
->setAttribute('confirm', true)
;
$user
->setAttribute('emailVerification', true)
;
$user->setAttribute('emailVerification', true);
// Log user in

67
app/controllers/api/users.php
View file

@ -76,13 +76,9 @@ App::post('/v1/users')
throw new Exception('Account already exists', 409, Exception::USER_ALREADY_EXISTS);
}
$usage
->setParam('users.create', 1)
;
$usage->setParam('users.create', 1);
$events
->setParam('userId', $user->getId())
;
$events->setParam('userId', $user->getId());
$response->setStatusCode(Response::STATUS_CODE_CREATED);
$response->dynamic($user, Response::MODEL_USER);
@ -124,9 +120,7 @@ App::get('/v1/users')
$queries[] = new Query('search', Query::TYPE_SEARCH, [$search]);
}
$usage
->setParam('users.read', 1)
;
$usage->setParam('users.read', 1);
$response->dynamic(new Document([
'users' => $dbForProject->find('users', $queries, $limit, $offset, [], [$orderType], $cursorUser ?? null, $cursorDirection),
@ -157,9 +151,8 @@ App::get('/v1/users/:userId')
throw new Exception('User not found', 404, Exception::USER_NOT_FOUND);
}
$usage
->setParam('users.read', 1)
;
$usage->setParam('users.read', 1);
$response->dynamic($user, Response::MODEL_USER);
});
@ -188,9 +181,8 @@ App::get('/v1/users/:userId/prefs')
$prefs = $user->getAttribute('prefs', new \stdClass());
$usage
->setParam('users.read', 1)
;
$usage->setParam('users.read', 1);
$response->dynamic(new Document($prefs), Response::MODEL_PREFERENCES);
});
@ -230,9 +222,8 @@ App::get('/v1/users/:userId/sessions')
$sessions[$key] = $session;
}
$usage
->setParam('users.read', 1)
;
$usage->setParam('users.read', 1);
$response->dynamic(new Document([
'sessions' => $sessions,
'total' => count($sessions),
@ -350,9 +341,7 @@ App::get('/v1/users/:userId/logs')
}
}
$usage
->setParam('users.read', 1)
;
$usage->setParam('users.read', 1);
$response->dynamic(new Document([
'total' => $audit->countLogsByUser($user->getId()),
@ -388,13 +377,9 @@ App::patch('/v1/users/:userId/status')
$user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('status', (bool) $status));
$usage
->setParam('users.update', 1)
;
$usage->setParam('users.update', 1);
$events
->setParam('userId', $user->getId())
;
$events->setParam('userId', $user->getId());
$response->dynamic($user, Response::MODEL_USER);
});
@ -427,13 +412,9 @@ App::patch('/v1/users/:userId/verification')
$user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('emailVerification', $emailVerification));
$usage
->setParam('users.update', 1)
;
$usage->setParam('users.update', 1);
$events
->setParam('userId', $user->getId())
;
$events->setParam('userId', $user->getId());
$response->dynamic($user, Response::MODEL_USER);
});
@ -466,13 +447,9 @@ App::patch('/v1/users/:userId/verification/phone')
$user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('phoneVerification', $phoneVerification));
$usage
->setParam('users.update', 1)
;
$usage->setParam('users.update', 1);
$events
->setParam('userId', $user->getId())
;
$events->setParam('userId', $user->getId());
$response->dynamic($user, Response::MODEL_USER);
});
@ -669,13 +646,9 @@ App::patch('/v1/users/:userId/prefs')
$user = $dbForProject->updateDocument('users', $user->getId(), $user->setAttribute('prefs', $prefs));
$usage
->setParam('users.update', 1)
;
$usage->setParam('users.update', 1);
$events
->setParam('userId', $user->getId())
;
$events->setParam('userId', $user->getId());
$response->dynamic(new Document($prefs), Response::MODEL_PREFERENCES);
});
@ -814,9 +787,7 @@ App::delete('/v1/users/:userId')
->setPayload($response->output($clone, Response::MODEL_USER))
;
$usage
->setParam('users.delete', 1)
;
$usage->setParam('users.delete', 1);
$response->noContent();
});

27
app/controllers/shared/api.php
View file

@ -229,11 +229,13 @@ App::shutdown()
if ($project->getId() !== 'console') {
$allEvents = Event::generateEvents($events->getEvent(), $events->getParams());
$payload = new Document($events->getPayload());
$db = $events->getContext('database');
$collection = $events->getContext('collection');
$bucket = $events->getContext('bucket');
$target = Realtime::fromPayload(
// Pass first, most verbose event pattern
// Pass first, most verbose event pattern
event: $allEvents[0],
payload: $payload,
project: $project,
@ -249,6 +251,7 @@ App::shutdown()
channels: $target['channels'],
roles: $target['roles'],
options: [
'permissionsChanged' => $target['permissionsChanged'],
'userId' => $events->getParam('userId')
]
);
@ -277,7 +280,7 @@ App::shutdown()
$parts = explode('.', $match);
if(count($parts) !== 2){
throw new Exception('Too less or more parts', 400, Exception::GENERAL_ARGUMENT_INVALID);
throw new Exception('Too less or too many parts', 400, Exception::GENERAL_ARGUMENT_INVALID);
}
$namespace = $parts[0];
@ -296,28 +299,34 @@ App::shutdown()
return $label;
};
$auditsResource = $route->getLabel('audits.resource', null);
if (!empty($auditsResource)) {
$resource = $parseLabel($auditsResource);
if (!empty($resource) && $resource !== $auditsResource) {
$pattern = $route->getLabel('audits.resource', null);
if (!empty($pattern)) {
$resource = $parseLabel($pattern);
if (!empty($resource) && $resource !== $pattern) {
$audits->setResource($resource);
}
}
$pattern = $route->getLabel('audits.userId', null);
if(!empty($pattern)) {
$userId = $parseLabel($pattern);
$user = $dbForProject->getDocument('users', $userId);
$audits->setUser($user);
}
if (!empty($audits->getResource())) {
/**
* audits.payload is switched to default true
* in order to auto audit payload for all endpoints
*/
$auditsPayload = $route->getLabel('audits.payload', true);
if (!empty($auditsPayload)) {
$pattern = $route->getLabel('audits.payload', true);
if (!empty($pattern)) {
$audits->setPayload($responsePayload);
}
foreach ($events->getParams() as $key => $value) {
$audits->setParam($key, $value);
}
$audits->trigger();
}