mirror of
https://github.com/penpot/penpot.git
synced 2025-06-13 01:41:38 +02:00
🐛 Fix audit context forwarding on explicit events
This commit is contained in:
Andrey Antukh
parent
343f3feed3
commit
7df9ac5e4f
6 changed files with 79 additions and 88 deletions
|
|
@ -80,13 +80,17 @@
|
||||||
(remove #(contains? reserved-props (key %))))
|
(remove #(contains? reserved-props (key %))))
|
||||||
props))
|
props))
|
||||||
|
|
||||||
(defn params->context
|
(defn event-from-rpc-params
|
||||||
"Extract default context properties from RPC params object"
|
"Create a base event skeleton with pre-filled some important
|
||||||
|
data that can be extracted from RPC params object"
|
||||||
[params]
|
[params]
|
||||||
(d/without-nils
|
(let [context {:external-session-id (::rpc/external-session-id params)
|
||||||
{:external-session-id (::rpc/external-session-id params)
|
:external-event-origin (::rpc/external-event-origin params)
|
||||||
:event-origin (::rpc/external-event-origin params)
|
:triggered-by (::rpc/handler-name params)}]
|
||||||
:triggered-by (::rpc/handler-name params)}))
|
{::type "action"
|
||||||
|
::profile-id (::rpc/profile-id params)
|
||||||
|
::ip-addr (::rpc/ip-addr params)
|
||||||
|
::context (d/without-nils context)}))
|
||||||
|
|
||||||
;; --- SPECS
|
;; --- SPECS
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@
|
||||||
[app.rpc.rlimit :as rlimit]
|
[app.rpc.rlimit :as rlimit]
|
||||||
[app.setup :as-alias setup]
|
[app.setup :as-alias setup]
|
||||||
[app.storage :as-alias sto]
|
[app.storage :as-alias sto]
|
||||||
|
[app.util.inet :as inet]
|
||||||
[app.util.services :as sv]
|
[app.util.services :as sv]
|
||||||
[app.util.time :as dt]
|
[app.util.time :as dt]
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
|
|
@ -81,7 +82,9 @@
|
||||||
(defn- get-external-event-origin
|
(defn- get-external-event-origin
|
||||||
[request]
|
[request]
|
||||||
(when-let [origin (rreq/get-header request "x-event-origin")]
|
(when-let [origin (rreq/get-header request "x-event-origin")]
|
||||||
(when-not (> (count origin) 256)
|
(when-not (or (> (count origin) 256)
|
||||||
|
(= origin "null")
|
||||||
|
(str/blank? origin))
|
||||||
origin)))
|
origin)))
|
||||||
|
|
||||||
(defn- rpc-handler
|
(defn- rpc-handler
|
||||||
|
|
@ -93,11 +96,13 @@
|
||||||
profile-id (or (::session/profile-id request)
|
profile-id (or (::session/profile-id request)
|
||||||
(::actoken/profile-id request))
|
(::actoken/profile-id request))
|
||||||
|
|
||||||
|
ip-addr (inet/parse-request request)
|
||||||
session-id (get-external-session-id request)
|
session-id (get-external-session-id request)
|
||||||
event-origin (get-external-event-origin request)
|
event-origin (get-external-event-origin request)
|
||||||
|
|
||||||
data (-> params
|
data (-> params
|
||||||
(assoc ::handler-name handler-name)
|
(assoc ::handler-name handler-name)
|
||||||
|
(assoc ::ip-addr ip-addr)
|
||||||
(assoc ::request-at (dt/now))
|
(assoc ::request-at (dt/now))
|
||||||
(assoc ::external-session-id session-id)
|
(assoc ::external-session-id session-id)
|
||||||
(assoc ::external-event-origin event-origin)
|
(assoc ::external-event-origin event-origin)
|
||||||
|
|
|
||||||
|
|
@ -413,15 +413,13 @@
|
||||||
{:modified-at (dt/now)}
|
{:modified-at (dt/now)}
|
||||||
{:id project-id})
|
{:id project-id})
|
||||||
|
|
||||||
(let [props (audit/clean-props params)
|
(let [props (audit/clean-props params)]
|
||||||
context (audit/params->context params)]
|
|
||||||
(doseq [file-id result]
|
(doseq [file-id result]
|
||||||
(audit/submit! cfg
|
(let [props (assoc props :id file-id)
|
||||||
{::audit/type "action"
|
event (-> (audit/event-from-rpc-params params)
|
||||||
::audit/name "create-file"
|
(assoc ::audit/name "create-file")
|
||||||
::audit/profile-id profile-id
|
(assoc ::audit/props props))]
|
||||||
::audit/props (assoc props :id file-id)
|
(audit/submit! cfg event))))
|
||||||
::audit/context context})))
|
|
||||||
|
|
||||||
result))))
|
result))))
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -789,16 +789,13 @@
|
||||||
|
|
||||||
(let [props (-> (dissoc tprops :profile-id)
|
(let [props (-> (dissoc tprops :profile-id)
|
||||||
(audit/clean-props))
|
(audit/clean-props))
|
||||||
context (audit/params->context params)]
|
evname (if updated?
|
||||||
|
|
||||||
(audit/submit! cfg
|
|
||||||
{::audit/type "action"
|
|
||||||
::audit/name (if updated?
|
|
||||||
"update-team-invitation"
|
"update-team-invitation"
|
||||||
"create-team-invitation")
|
"create-team-invitation")
|
||||||
::audit/profile-id (:id profile)
|
event (-> (audit/event-from-rpc-params params)
|
||||||
::audit/props props
|
(assoc ::audit/name evname)
|
||||||
::audit/context context}))
|
(assoc ::audit/props props))]
|
||||||
|
(audit/submit! cfg event))
|
||||||
|
|
||||||
(eml/send! {::eml/conn conn
|
(eml/send! {::eml/conn conn
|
||||||
::eml/factory eml/invite-to-team
|
::eml/factory eml/invite-to-team
|
||||||
|
|
@ -882,9 +879,10 @@
|
||||||
(sv/defmethod ::create-team-with-invitations
|
(sv/defmethod ::create-team-with-invitations
|
||||||
{::doc/added "1.17"
|
{::doc/added "1.17"
|
||||||
::sm/params schema:create-team-with-invitations}
|
::sm/params schema:create-team-with-invitations}
|
||||||
[{:keys [::db/pool] :as cfg} {:keys [::rpc/profile-id emails role name] :as params}]
|
[cfg {:keys [::rpc/profile-id emails role name] :as params}]
|
||||||
(db/with-atomic [conn pool]
|
|
||||||
|
|
||||||
|
(db/tx-run! cfg
|
||||||
|
(fn [{:keys [::db/conn] :as cfg}]
|
||||||
(let [features (-> (cfeat/get-enabled-features cf/flags)
|
(let [features (-> (cfeat/get-enabled-features cf/flags)
|
||||||
(cfeat/check-client-features! (:features params)))
|
(cfeat/check-client-features! (:features params)))
|
||||||
|
|
||||||
|
|
@ -895,8 +893,13 @@
|
||||||
cfg (assoc cfg ::db/conn conn)
|
cfg (assoc cfg ::db/conn conn)
|
||||||
team (create-team cfg params)
|
team (create-team cfg params)
|
||||||
profile (db/get-by-id conn :profile profile-id)
|
profile (db/get-by-id conn :profile profile-id)
|
||||||
emails (into #{} (map profile/clean-email) emails)
|
emails (into #{} (map profile/clean-email) emails)]
|
||||||
context (audit/params->context params)]
|
|
||||||
|
(let [props {:name name :features features}
|
||||||
|
event (-> (audit/event-from-rpc-params params)
|
||||||
|
(assoc ::audit/name "create-team")
|
||||||
|
(assoc ::audit/props props))]
|
||||||
|
(audit/submit! cfg event))
|
||||||
|
|
||||||
;; Create invitations for all provided emails.
|
;; Create invitations for all provided emails.
|
||||||
(->> emails
|
(->> emails
|
||||||
|
|
@ -920,24 +923,7 @@
|
||||||
::quotes/team-id (:id team)
|
::quotes/team-id (:id team)
|
||||||
::quotes/incr (count emails)}))
|
::quotes/incr (count emails)}))
|
||||||
|
|
||||||
(audit/submit! cfg
|
(vary-meta team assoc ::audit/props {:invitations (count emails)})))))
|
||||||
{::audit/type "action"
|
|
||||||
::audit/name "create-team"
|
|
||||||
::audit/profile-id profile-id
|
|
||||||
::audit/props {:name name
|
|
||||||
:features features}
|
|
||||||
::audit/context context})
|
|
||||||
|
|
||||||
(audit/submit! cfg
|
|
||||||
{::audit/type "command"
|
|
||||||
::audit/name "create-team-invitations"
|
|
||||||
::audit/profile-id profile-id
|
|
||||||
::audit/props {:emails emails
|
|
||||||
:role role
|
|
||||||
:profile-id profile-id
|
|
||||||
:invitations (count emails)}})
|
|
||||||
|
|
||||||
(vary-meta team assoc ::audit/props {:invitations (count emails)}))))
|
|
||||||
|
|
||||||
;; --- Query: get-team-invitation-token
|
;; --- Query: get-team-invitation-token
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -169,19 +169,15 @@
|
||||||
;; if we have logged-in user and it matches the invitation we proceed
|
;; if we have logged-in user and it matches the invitation we proceed
|
||||||
;; with accepting the invitation and joining the current profile to the
|
;; with accepting the invitation and joining the current profile to the
|
||||||
;; invited team.
|
;; invited team.
|
||||||
(let [context (audit/params->context params)
|
(let [props {:team-id (:team-id claims)
|
||||||
props {:team-id (:team-id claims)
|
|
||||||
:role (:role claims)
|
:role (:role claims)
|
||||||
:invitation-id (:id invitation)}]
|
:invitation-id (:id invitation)}
|
||||||
|
event (-> (audit/event-from-rpc-params params)
|
||||||
|
(assoc ::audit/name "accept-team-invitation")
|
||||||
|
(assoc ::audit/props props))]
|
||||||
|
|
||||||
(accept-invitation cfg claims invitation profile)
|
(accept-invitation cfg claims invitation profile)
|
||||||
(audit/submit! cfg
|
(audit/submit! cfg event)
|
||||||
{::audit/type "action"
|
|
||||||
::audit/name "accept-team-invitation"
|
|
||||||
::audit/profile-id profile-id
|
|
||||||
::audit/props props
|
|
||||||
::audit/context context})
|
|
||||||
|
|
||||||
(assoc claims :state :created))
|
(assoc claims :state :created))
|
||||||
|
|
||||||
(ex/raise :type :validation
|
(ex/raise :type :validation
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,8 @@
|
||||||
ring.request/Request
|
ring.request/Request
|
||||||
(get-header [_ name]
|
(get-header [_ name]
|
||||||
(case name
|
(case name
|
||||||
"x-forwarded-for" "127.0.0.44"))))
|
"x-forwarded-for" "127.0.0.44"
|
||||||
|
"x-real-ip" "127.0.0.43"))))
|
||||||
|
|
||||||
(t/deftest push-events-1
|
(t/deftest push-events-1
|
||||||
(with-redefs [app.config/flags #{:audit-log}]
|
(with-redefs [app.config/flags #{:audit-log}]
|
||||||
|
|
@ -46,6 +47,7 @@
|
||||||
:profile-id (:id prof)
|
:profile-id (:id prof)
|
||||||
:timestamp (dt/now)
|
:timestamp (dt/now)
|
||||||
:type "action"}]}
|
:type "action"}]}
|
||||||
|
|
||||||
params (with-meta params
|
params (with-meta params
|
||||||
{:app.http/request http-request})
|
{:app.http/request http-request})
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue