From f1bb37c4d1f2a154cb839a882a73791a2ddde667 Mon Sep 17 00:00:00 2001 From: Yuli Stremovsky Date: Wed, 20 Dec 2023 20:12:02 +0200 Subject: [PATCH] added new configuration flag to skip audit --- databunker.yaml | 2 ++ src/agreements_api.go | 12 ++++++------ src/audit_api.go | 4 ++-- src/audit_db.go | 5 ++++- src/bunker.go | 1 + src/expiration_api.go | 10 +++++----- src/requests_api.go | 8 ++++---- src/sessions_api.go | 10 +++++----- src/sharedrecords_api.go | 4 ++-- src/userapps_api.go | 10 +++++----- src/users_api.go | 12 ++++++------ 11 files changed, 42 insertions(+), 36 deletions(-) diff --git a/databunker.yaml b/databunker.yaml index 805abb8e..85e2ff42 100644 --- a/databunker.yaml +++ b/databunker.yaml @@ -6,6 +6,8 @@ generic: # use_separate_app_tables: true # specify if API call to list users is available (default false) # list_users: true + # disable audit, default false + # disable_audit: true selfservice: # specifies if user can remove himself withour Admin/DPO approval (default false) forget_me: false diff --git a/src/agreements_api.go b/src/agreements_api.go index 7e3053dc..14aa89a7 100644 --- a/src/agreements_api.go +++ b/src/agreements_api.go @@ -14,7 +14,7 @@ func (e mainEnv) agreementAccept(w http.ResponseWriter, r *http.Request, ps http brief := ps.ByName("brief") mode := ps.ByName("mode") event := audit("agreement accept for "+brief, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) return @@ -127,7 +127,7 @@ func (e mainEnv) agreementWithdraw(w http.ResponseWriter, r *http.Request, ps ht brief := ps.ByName("brief") mode := ps.ByName("mode") event := audit("consent withdraw for "+brief, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) @@ -264,7 +264,7 @@ func (e mainEnv) getUserAgreements(w http.ResponseWriter, r *http.Request, ps ht identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("privacy agreements for "+mode, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) @@ -331,7 +331,7 @@ func (e mainEnv) getUserAgreement(w http.ResponseWriter, r *http.Request, ps htt brief := ps.ByName("brief") mode := ps.ByName("mode") event := audit("privacy agreements for "+mode, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) @@ -408,7 +408,7 @@ func (e mainEnv) consentUserRecord(w http.ResponseWriter, r *http.Request, ps ht brief := ps.ByName("brief") mode := ps.ByName("mode") event := audit("consent record for "+brief, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) @@ -461,7 +461,7 @@ func (e mainEnv) consentUserRecord(w http.ResponseWriter, r *http.Request, ps ht func (e mainEnv) consentFilterRecords(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { brief := ps.ByName("brief") event := audit("consent get all for "+brief, brief, "brief", brief) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if e.enforceAuth(w, r, event) == "" { return } diff --git a/src/audit_api.go b/src/audit_api.go index 14a6817c..47cf0d93 100644 --- a/src/audit_api.go +++ b/src/audit_api.go @@ -11,7 +11,7 @@ import ( func (e mainEnv) getAuditEvents(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { userTOKEN := ps.ByName("token") event := audit("view audit events", userTOKEN, "token", userTOKEN) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, userTOKEN, event) == false { return } @@ -68,7 +68,7 @@ func (e mainEnv) getAdminAuditEvents(w http.ResponseWriter, r *http.Request, ps func (e mainEnv) getAuditEvent(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { atoken := ps.ByName("atoken") event := audit("view audit event", atoken, "token", atoken) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() //fmt.Println("error code") if enforceUUID(w, atoken, event) == false { return diff --git a/src/audit_db.go b/src/audit_db.go index 72a27af3..3c94eb8e 100644 --- a/src/audit_db.go +++ b/src/audit_db.go @@ -38,7 +38,10 @@ func auditApp(title string, record string, app string, mode string, identity str return &auditEvent{Title: title, Mode: mode, Who: identity, Record: record, Status: "ok", When: int32(time.Now().Unix())} } -func (event auditEvent) submit(db *dbcon) { +func (event auditEvent) submit(db *dbcon, conf Config) { + if conf.Generic.DisableAudit == true { + return + } bdoc := bson.M{} atoken, _ := uuid.GenerateUUID() bdoc["atoken"] = atoken diff --git a/src/bunker.go b/src/bunker.go index 952fd428..30c8dec0 100644 --- a/src/bunker.go +++ b/src/bunker.go @@ -45,6 +45,7 @@ type Config struct { CreateUserWithoutAccessToken bool `yaml:"create_user_without_access_token" default:"false"` UseSeparateAppTables bool `yaml:"use_separate_app_tables" default:"false"` UserRecordSchema string `yaml:"user_record_schema"` + DisableAudit bool `yaml:"disable_audit" default:"false"` AdminEmail string `yaml:"admin_email" envconfig:"ADMIN_EMAIL"` ListUsers bool `yaml:"list_users" default:"false"` } diff --git a/src/expiration_api.go b/src/expiration_api.go index 8e3f41a2..ffa4e4ca 100644 --- a/src/expiration_api.go +++ b/src/expiration_api.go @@ -32,7 +32,7 @@ func (e mainEnv) expGetStatus(w http.ResponseWriter, r *http.Request, ps httprou identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("get expiration status by "+mode, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) return @@ -70,7 +70,7 @@ func (e mainEnv) expCancel(w http.ResponseWriter, r *http.Request, ps httprouter identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("clear user expiration by "+mode, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) return @@ -109,7 +109,7 @@ func (e mainEnv) expRetainData(w http.ResponseWriter, r *http.Request, ps httpro identity := ps.ByName("exptoken") mode := "exptoken" event := audit("retain user data by exptoken", identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, identity, event) == false { return } @@ -134,7 +134,7 @@ func (e mainEnv) expDeleteData(w http.ResponseWriter, r *http.Request, ps httpro identity := ps.ByName("exptoken") mode := "exptoken" event := audit("delete user data by exptoken", identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, identity, event) == false { return } @@ -163,7 +163,7 @@ func (e mainEnv) expStart(w http.ResponseWriter, r *http.Request, ps httprouter. identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("initiate user record expiration by "+mode, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) return diff --git a/src/requests_api.go b/src/requests_api.go index 36364657..c6403c8c 100644 --- a/src/requests_api.go +++ b/src/requests_api.go @@ -42,7 +42,7 @@ func (e mainEnv) getCustomUserRequests(w http.ResponseWriter, r *http.Request, p identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("get user privacy requests", identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) @@ -93,7 +93,7 @@ func (e mainEnv) getCustomUserRequests(w http.ResponseWriter, r *http.Request, p func (e mainEnv) getUserRequest(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { request := ps.ByName("request") event := audit("get user request by request token", request, "request", request) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, request, event) == false { return @@ -162,7 +162,7 @@ func (e mainEnv) getUserRequest(w http.ResponseWriter, r *http.Request, ps httpr func (e mainEnv) approveUserRequest(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { request := ps.ByName("request") event := audit("approve user request", request, "request", request) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, request, event) == false { return @@ -260,7 +260,7 @@ func (e mainEnv) approveUserRequest(w http.ResponseWriter, r *http.Request, ps h func (e mainEnv) cancelUserRequest(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { request := ps.ByName("request") event := audit("cancel user request", request, "request", request) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, request, event) == false { return diff --git a/src/sessions_api.go b/src/sessions_api.go index 4b920a66..6da6ec77 100644 --- a/src/sessions_api.go +++ b/src/sessions_api.go @@ -16,7 +16,7 @@ func (e mainEnv) createSession(w http.ResponseWriter, r *http.Request, ps httpro var event *auditEvent defer func() { if event != nil { - event.submit(e.db) + event.submit(e.db, e.conf) } }() if enforceUUID(w, session, event) == false { @@ -72,7 +72,7 @@ func (e mainEnv) createSession(w http.ResponseWriter, r *http.Request, ps httpro func (e mainEnv) deleteSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { session := ps.ByName("session") event := audit("delete session", session, "session", session) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, session, event) == false { //returnError(w, r, "bad session format", nil, event) return @@ -91,7 +91,7 @@ func (e mainEnv) newUserSession(w http.ResponseWriter, r *http.Request, ps httpr identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("create user session", identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) @@ -154,7 +154,7 @@ func (e mainEnv) getUserSessions(w http.ResponseWriter, r *http.Request, ps http identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("get all user sessions", identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) @@ -209,7 +209,7 @@ func (e mainEnv) getSession(w http.ResponseWriter, r *http.Request, ps httproute var event *auditEvent defer func() { if event != nil { - event.submit(e.db) + event.submit(e.db, e.conf) } }() when, record, userTOKEN, err := e.db.getSession(session) diff --git a/src/sharedrecords_api.go b/src/sharedrecords_api.go index 7ac5c51c..07e31368 100644 --- a/src/sharedrecords_api.go +++ b/src/sharedrecords_api.go @@ -15,7 +15,7 @@ import ( func (e mainEnv) newSharedRecord(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { userTOKEN := ps.ByName("token") event := audit("create shared record by user token", userTOKEN, "token", userTOKEN) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, userTOKEN, event) == false { return @@ -86,7 +86,7 @@ func (e mainEnv) newSharedRecord(w http.ResponseWriter, r *http.Request, ps http func (e mainEnv) getRecord(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { record := ps.ByName("record") event := audit("get record data by record token", record, "record", record) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, record, event) == false { return diff --git a/src/userapps_api.go b/src/userapps_api.go index a1154030..d1e09a74 100644 --- a/src/userapps_api.go +++ b/src/userapps_api.go @@ -13,7 +13,7 @@ func (e mainEnv) userappNew(w http.ResponseWriter, r *http.Request, ps httproute userTOKEN := ps.ByName("token") appName := strings.ToLower(ps.ByName("appname")) event := auditApp("create user app record", userTOKEN, appName, "token", userTOKEN) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, userTOKEN, event) == false { return @@ -57,7 +57,7 @@ func (e mainEnv) userappChange(w http.ResponseWriter, r *http.Request, ps httpro userTOKEN := ps.ByName("token") appName := strings.ToLower(ps.ByName("appname")) event := auditApp("change user app record", userTOKEN, appName, "token", userTOKEN) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, userTOKEN, event) == false { return @@ -124,7 +124,7 @@ func (e mainEnv) userappChange(w http.ResponseWriter, r *http.Request, ps httpro func (e mainEnv) userappList(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { userTOKEN := ps.ByName("token") event := audit("get user app list", userTOKEN, "token", userTOKEN) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, userTOKEN, event) == false { return @@ -146,7 +146,7 @@ func (e mainEnv) userappGet(w http.ResponseWriter, r *http.Request, ps httproute userTOKEN := ps.ByName("token") appName := strings.ToLower(ps.ByName("appname")) event := auditApp("get user app record", userTOKEN, appName, "token", userTOKEN) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, userTOKEN, event) == false { return @@ -177,7 +177,7 @@ func (e mainEnv) userappDelete(w http.ResponseWriter, r *http.Request, ps httpro userTOKEN := ps.ByName("token") appName := strings.ToLower(ps.ByName("appname")) event := auditApp("delete user app record", userTOKEN, appName, "token", userTOKEN) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if enforceUUID(w, userTOKEN, event) == false { return diff --git a/src/users_api.go b/src/users_api.go index a7c0c5be..ca2ecdf7 100644 --- a/src/users_api.go +++ b/src/users_api.go @@ -12,7 +12,7 @@ import ( func (e mainEnv) userCreate(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { event := audit("create user record", "", "", "") - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if e.conf.Generic.CreateUserWithoutAccessToken == false { // anonymous user can not create user record, check token @@ -127,7 +127,7 @@ func (e mainEnv) userGet(w http.ResponseWriter, r *http.Request, ps httprouter.P identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("get user record by "+mode, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) return @@ -199,7 +199,7 @@ func (e mainEnv) userChange(w http.ResponseWriter, r *http.Request, ps httproute identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("change user record by "+mode, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad index", 405, nil, event) @@ -281,7 +281,7 @@ func (e mainEnv) userDelete(w http.ResponseWriter, r *http.Request, ps httproute identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("delete user record by "+mode, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if validateMode(mode) == false { returnError(w, r, "bad mode", 405, nil, event) @@ -356,7 +356,7 @@ func (e mainEnv) userPrelogin(w http.ResponseWriter, r *http.Request, ps httprou identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("user prelogin by "+mode, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() code0, err := decryptCaptcha(captcha) if err != nil || code0 != code { @@ -413,7 +413,7 @@ func (e mainEnv) userLogin(w http.ResponseWriter, r *http.Request, ps httprouter identity := ps.ByName("identity") mode := ps.ByName("mode") event := audit("user login by "+mode, identity, mode, identity) - defer func() { event.submit(e.db) }() + defer func() { event.submit(e.db, e.conf) }() if mode != "phone" && mode != "email" { returnError(w, r, "bad mode", 405, nil, event)