Skip to content

Commit

Permalink
added new configuration flag to skip audit
Browse files Browse the repository at this point in the history
  • Loading branch information
Yuli Stremovsky authored and Yuli Stremovsky committed Dec 20, 2023
1 parent 2da89ff commit f1bb37c
Show file tree
Hide file tree
Showing 11 changed files with 42 additions and 36 deletions.
2 changes: 2 additions & 0 deletions databunker.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ generic:
# use_separate_app_tables: true
# specify if API call to list users is available (default false)
# list_users: true
# disable audit, default false
# disable_audit: true
selfservice:
# specifies if user can remove himself withour Admin/DPO approval (default false)
forget_me: false
Expand Down
12 changes: 6 additions & 6 deletions src/agreements_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ func (e mainEnv) agreementAccept(w http.ResponseWriter, r *http.Request, ps http
brief := ps.ByName("brief")
mode := ps.ByName("mode")
event := audit("agreement accept for "+brief, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
return
Expand Down Expand Up @@ -127,7 +127,7 @@ func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps ht
brief := ps.ByName("brief")
mode := ps.ByName("mode")
event := audit("consent withdraw for "+brief, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
Expand Down Expand Up @@ -264,7 +264,7 @@ func (e mainEnv) getUserAgreements(w http.ResponseWriter, r *http.Request, ps ht
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("privacy agreements for "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
Expand Down Expand Up @@ -331,7 +331,7 @@ func (e mainEnv) getUserAgreement(w http.ResponseWriter, r *http.Request, ps htt
brief := ps.ByName("brief")
mode := ps.ByName("mode")
event := audit("privacy agreements for "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
Expand Down Expand Up @@ -408,7 +408,7 @@ func (e mainEnv) consentUserRecord(w http.ResponseWriter, r *http.Request, ps ht
brief := ps.ByName("brief")
mode := ps.ByName("mode")
event := audit("consent record for "+brief, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
Expand Down Expand Up @@ -461,7 +461,7 @@ func (e mainEnv) consentUserRecord(w http.ResponseWriter, r *http.Request, ps ht
func (e mainEnv) consentFilterRecords(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
brief := ps.ByName("brief")
event := audit("consent get all for "+brief, brief, "brief", brief)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
if e.enforceAuth(w, r, event) == "" {
return
}
Expand Down
4 changes: 2 additions & 2 deletions src/audit_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
func (e mainEnv) getAuditEvents(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
userTOKEN := ps.ByName("token")
event := audit("view audit events", userTOKEN, "token", userTOKEN)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
if enforceUUID(w, userTOKEN, event) == false {
return
}
Expand Down Expand Up @@ -68,7 +68,7 @@ func (e mainEnv) getAdminAuditEvents(w http.ResponseWriter, r *http.Request, ps
func (e mainEnv) getAuditEvent(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
atoken := ps.ByName("atoken")
event := audit("view audit event", atoken, "token", atoken)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
//fmt.Println("error code")
if enforceUUID(w, atoken, event) == false {
return
Expand Down
5 changes: 4 additions & 1 deletion src/audit_db.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,10 @@ func auditApp(title string, record string, app string, mode string, identity str
return &auditEvent{Title: title, Mode: mode, Who: identity, Record: record, Status: "ok", When: int32(time.Now().Unix())}
}

func (event auditEvent) submit(db *dbcon) {
func (event auditEvent) submit(db *dbcon, conf Config) {
if conf.Generic.DisableAudit == true {
return
}
bdoc := bson.M{}
atoken, _ := uuid.GenerateUUID()
bdoc["atoken"] = atoken
Expand Down
1 change: 1 addition & 0 deletions src/bunker.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ type Config struct {
CreateUserWithoutAccessToken bool `yaml:"create_user_without_access_token" default:"false"`
UseSeparateAppTables bool `yaml:"use_separate_app_tables" default:"false"`
UserRecordSchema string `yaml:"user_record_schema"`
DisableAudit bool `yaml:"disable_audit" default:"false"`
AdminEmail string `yaml:"admin_email" envconfig:"ADMIN_EMAIL"`
ListUsers bool `yaml:"list_users" default:"false"`
}
Expand Down
10 changes: 5 additions & 5 deletions src/expiration_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ func (e mainEnv) expGetStatus(w http.ResponseWriter, r *http.Request, ps httprou
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("get expiration status by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
return
Expand Down Expand Up @@ -70,7 +70,7 @@ func (e mainEnv) expCancel(w http.ResponseWriter, r *http.Request, ps httprouter
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("clear user expiration by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
return
Expand Down Expand Up @@ -109,7 +109,7 @@ func (e mainEnv) expRetainData(w http.ResponseWriter, r *http.Request, ps httpro
identity := ps.ByName("exptoken")
mode := "exptoken"
event := audit("retain user data by exptoken", identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
if enforceUUID(w, identity, event) == false {
return
}
Expand All @@ -134,7 +134,7 @@ func (e mainEnv) expDeleteData(w http.ResponseWriter, r *http.Request, ps httpro
identity := ps.ByName("exptoken")
mode := "exptoken"
event := audit("delete user data by exptoken", identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
if enforceUUID(w, identity, event) == false {
return
}
Expand Down Expand Up @@ -163,7 +163,7 @@ func (e mainEnv) expStart(w http.ResponseWriter, r *http.Request, ps httprouter.
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("initiate user record expiration by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
return
Expand Down
8 changes: 4 additions & 4 deletions src/requests_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func (e mainEnv) getCustomUserRequests(w http.ResponseWriter, r *http.Request, p
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("get user privacy requests", identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
Expand Down Expand Up @@ -93,7 +93,7 @@ func (e mainEnv) getCustomUserRequests(w http.ResponseWriter, r *http.Request, p
func (e mainEnv) getUserRequest(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
request := ps.ByName("request")
event := audit("get user request by request token", request, "request", request)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if enforceUUID(w, request, event) == false {
return
Expand Down Expand Up @@ -162,7 +162,7 @@ func (e mainEnv) getUserRequest(w http.ResponseWriter, r *http.Request, ps httpr
func (e mainEnv) approveUserRequest(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
request := ps.ByName("request")
event := audit("approve user request", request, "request", request)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if enforceUUID(w, request, event) == false {
return
Expand Down Expand Up @@ -260,7 +260,7 @@ func (e mainEnv) approveUserRequest(w http.ResponseWriter, r *http.Request, ps h
func (e mainEnv) cancelUserRequest(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
request := ps.ByName("request")
event := audit("cancel user request", request, "request", request)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if enforceUUID(w, request, event) == false {
return
Expand Down
10 changes: 5 additions & 5 deletions src/sessions_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ func (e mainEnv) createSession(w http.ResponseWriter, r *http.Request, ps httpro
var event *auditEvent
defer func() {
if event != nil {
event.submit(e.db)
event.submit(e.db, e.conf)
}
}()
if enforceUUID(w, session, event) == false {
Expand Down Expand Up @@ -72,7 +72,7 @@ func (e mainEnv) createSession(w http.ResponseWriter, r *http.Request, ps httpro
func (e mainEnv) deleteSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
session := ps.ByName("session")
event := audit("delete session", session, "session", session)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
if enforceUUID(w, session, event) == false {
//returnError(w, r, "bad session format", nil, event)
return
Expand All @@ -91,7 +91,7 @@ func (e mainEnv) newUserSession(w http.ResponseWriter, r *http.Request, ps httpr
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("create user session", identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
Expand Down Expand Up @@ -154,7 +154,7 @@ func (e mainEnv) getUserSessions(w http.ResponseWriter, r *http.Request, ps http
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("get all user sessions", identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
Expand Down Expand Up @@ -209,7 +209,7 @@ func (e mainEnv) getSession(w http.ResponseWriter, r *http.Request, ps httproute
var event *auditEvent
defer func() {
if event != nil {
event.submit(e.db)
event.submit(e.db, e.conf)
}
}()
when, record, userTOKEN, err := e.db.getSession(session)
Expand Down
4 changes: 2 additions & 2 deletions src/sharedrecords_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import (
func (e mainEnv) newSharedRecord(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
userTOKEN := ps.ByName("token")
event := audit("create shared record by user token", userTOKEN, "token", userTOKEN)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if enforceUUID(w, userTOKEN, event) == false {
return
Expand Down Expand Up @@ -86,7 +86,7 @@ func (e mainEnv) newSharedRecord(w http.ResponseWriter, r *http.Request, ps http
func (e mainEnv) getRecord(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
record := ps.ByName("record")
event := audit("get record data by record token", record, "record", record)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if enforceUUID(w, record, event) == false {
return
Expand Down
10 changes: 5 additions & 5 deletions src/userapps_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ func (e mainEnv) userappNew(w http.ResponseWriter, r *http.Request, ps httproute
userTOKEN := ps.ByName("token")
appName := strings.ToLower(ps.ByName("appname"))
event := auditApp("create user app record", userTOKEN, appName, "token", userTOKEN)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if enforceUUID(w, userTOKEN, event) == false {
return
Expand Down Expand Up @@ -57,7 +57,7 @@ func (e mainEnv) userappChange(w http.ResponseWriter, r *http.Request, ps httpro
userTOKEN := ps.ByName("token")
appName := strings.ToLower(ps.ByName("appname"))
event := auditApp("change user app record", userTOKEN, appName, "token", userTOKEN)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if enforceUUID(w, userTOKEN, event) == false {
return
Expand Down Expand Up @@ -124,7 +124,7 @@ func (e mainEnv) userappChange(w http.ResponseWriter, r *http.Request, ps httpro
func (e mainEnv) userappList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
userTOKEN := ps.ByName("token")
event := audit("get user app list", userTOKEN, "token", userTOKEN)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if enforceUUID(w, userTOKEN, event) == false {
return
Expand All @@ -146,7 +146,7 @@ func (e mainEnv) userappGet(w http.ResponseWriter, r *http.Request, ps httproute
userTOKEN := ps.ByName("token")
appName := strings.ToLower(ps.ByName("appname"))
event := auditApp("get user app record", userTOKEN, appName, "token", userTOKEN)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if enforceUUID(w, userTOKEN, event) == false {
return
Expand Down Expand Up @@ -177,7 +177,7 @@ func (e mainEnv) userappDelete(w http.ResponseWriter, r *http.Request, ps httpro
userTOKEN := ps.ByName("token")
appName := strings.ToLower(ps.ByName("appname"))
event := auditApp("delete user app record", userTOKEN, appName, "token", userTOKEN)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if enforceUUID(w, userTOKEN, event) == false {
return
Expand Down
12 changes: 6 additions & 6 deletions src/users_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import (

func (e mainEnv) userCreate(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
event := audit("create user record", "", "", "")
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if e.conf.Generic.CreateUserWithoutAccessToken == false {
// anonymous user can not create user record, check token
Expand Down Expand Up @@ -127,7 +127,7 @@ func (e mainEnv) userGet(w http.ResponseWriter, r *http.Request, ps httprouter.P
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("get user record by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()
if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
return
Expand Down Expand Up @@ -199,7 +199,7 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("change user record by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if validateMode(mode) == false {
returnError(w, r, "bad index", 405, nil, event)
Expand Down Expand Up @@ -281,7 +281,7 @@ func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httproute
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("delete user record by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if validateMode(mode) == false {
returnError(w, r, "bad mode", 405, nil, event)
Expand Down Expand Up @@ -356,7 +356,7 @@ func (e mainEnv) userPrelogin(w http.ResponseWriter, r *http.Request, ps httprou
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("user prelogin by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

code0, err := decryptCaptcha(captcha)
if err != nil || code0 != code {
Expand Down Expand Up @@ -413,7 +413,7 @@ func (e mainEnv) userLogin(w http.ResponseWriter, r *http.Request, ps httprouter
identity := ps.ByName("identity")
mode := ps.ByName("mode")
event := audit("user login by "+mode, identity, mode, identity)
defer func() { event.submit(e.db) }()
defer func() { event.submit(e.db, e.conf) }()

if mode != "phone" && mode != "email" {
returnError(w, r, "bad mode", 405, nil, event)
Expand Down

0 comments on commit f1bb37c

Please sign in to comment.