Promote from BLAIS5-4254 to main

package.json

@@ -26,6 +26,7 @@
     "formik": "2.4.2"
   },
   "dependencies": {
+    "@google-cloud/logging": "^9.6.0",
     "@google-cloud/profiler": "^4.1.1",
     "@testing-library/dom": "^8.3.0",
     "@testing-library/jest-dom": "^5.16.4",
@@ -34,7 +35,7 @@
     "axios": "^1.7.4",
     "blaise-api-node-client": "git+https://github.com/ONSdigital/blaise-api-node-client",
     "blaise-design-system-react-components": "git+https://github.com/ONSdigital/blaise-design-system-react-components#0.14.0",
-    "blaise-login-react": "git+https://github.com/ONSdigital/blaise-login-react#1.1.0",
+    "blaise-login-react": "git+https://github.com/ONSdigital/blaise-login-react#1.1.1",
     "dotenv": "^10.0.0",
     "ejs": "^3.1.10",
     "express": "^4.19.2",

server/AuditLogger/index.ts

@@ -0,0 +1,56 @@
+import { Logging } from "@google-cloud/logging";
+import { IncomingMessage } from "http";
+
+export interface AuditLog {
+    id: string;
+    timestamp: string;
+    message: string;
+    severity: string;
+}
+
+export default class AuditLogger {
+    projectId: string;
+    logger: Logging;
+    logName: string;
+
+    constructor(projectId: string) {
+        this.projectId = projectId;
+        this.logger = new Logging({ projectId: this.projectId });
+        this.logName = `projects/${this.projectId}/logs/stdout`;
+    }
+
+    info(logger: IncomingMessage["log"], message: string): void {
+        logger.info(`AUDIT_LOG: ${message}`);
+    }
+
+    error(logger: IncomingMessage["log"], message: string): void {
+        logger.error(`AUDIT_LOG: ${message}`);
+    }
+
+    async getLogs(): Promise<AuditLog[]> {
+        const auditLogs: AuditLog[] = [];
+        const log = this.logger.log(this.logName);
+        const [entries] = await log.getEntries({ filter: "jsonPayload.message=~\"^AUDIT_LOG: \"", maxResults: 50 });
+        for (const entry of entries) {
+            let id = "";
+            let timestamp = "";
+            let severity = "INFO";
+            if (entry.metadata.insertId != null) {
+                id = entry.metadata.insertId;
+            }
+            if (entry.metadata.timestamp != null) {
+                timestamp = entry.metadata.timestamp.toString();
+            }
+            if (entry.metadata.severity != null) {
+                severity = entry.metadata.severity.toString();
+            }
+            auditLogs.push({
+                id: id,
+                timestamp: timestamp,
+                message: entry.data.message.replace(/^AUDIT_LOG: /, ""),
+                severity: severity
+            });
+        }
+        return auditLogs;
+    }
+}

server/BlaiseAPI/index.ts

@@ -2,14 +2,19 @@
 import { CustomConfig } from "../interfaces/server";
 import { Auth } from "blaise-login-react/blaise-login-react-server";
 import BlaiseApiClient from "blaise-api-node-client";
+import createLogger from "../pino";
+import AuditLogger from "../AuditLogger";
 
-export default function BlaiseAPIRouter(config: CustomConfig, auth: Auth, blaiseApiClient: BlaiseApiClient): Router {
+const pinoLogger = createLogger();
+
+export default function BlaiseAPIRouter(config: CustomConfig, auth: Auth, blaiseApiClient: BlaiseApiClient, auditLogger: AuditLogger): Router {
     const router = express.Router();
     router.get("/api/roles", auth.Middleware, async function (req: Request, res: Response) {
         res.status(200).json(await blaiseApiClient.getUserRoles());
     });
 
     router.get("/api/users", auth.Middleware, async function (req: Request, res: Response) {
+        auditLogger.info(req.log, `USER: ${req.headers.user} has successfully fetched all users`);
         res.status(200).json(await blaiseApiClient.getUsers());
     });
 
@@ -37,13 +42,13 @@
             await blaiseApiClient.changeUserRole(user, role);
             await blaiseApiClient.changeUserServerParks(user, newServerParks, newDefaultServerPark);
             const successMessage = `Successfully updated user role and permissions to ${role} for ${user}`;
-            console.log(successMessage + ` at ${(new Date()).toLocaleTimeString("en-UK")} ${(new Date()).toLocaleDateString("en-UK")}`);
+            auditLogger.info(req.log, successMessage + ` at ${(new Date()).toLocaleTimeString("en-UK")} ${(new Date()).toLocaleDateString("en-UK")}`);
             return res.status(200).json({
                 message: successMessage + " today at " + (new Date()).toLocaleTimeString("en-UK")
             });
         } catch (error) {
             const errorMessage = `Error whilst trying to update user role and permissions to ${role} for ${req.params.user}: ${error}`;
-            console.error(errorMessage);
+            auditLogger.error(req.log, errorMessage + ` at ${(new Date()).toLocaleTimeString("en-UK")} ${(new Date()).toLocaleDateString("en-UK")}`);
             return res.status(500).json({
                 message: errorMessage
             });
@@ -58,13 +63,14 @@
         try {
             const user = await blaiseApiClient.getUser(req.params.user);
             const successMessage = `Successfully fetched user details for ${req.params.user}`;
+            auditLogger.info(req.log, successMessage);
             return res.status(200).json({
                 message: successMessage,
                 data: user
             });
         } catch (error) {
             const errorMessage = `Error whilst trying to retrieve user ${req.params.user}: ${error}`;
-            console.error(errorMessage);
+            auditLogger.error(req.log, errorMessage);
             return res.status(500).json({
                 message: errorMessage,
                 error: error
@@ -84,9 +90,10 @@
         }
 
         blaiseApiClient.changePassword(req.params.user, password).then(() => {
+            auditLogger.info(req.log, `Successfully changed password for ${req.params.user}`);
             return res.status(204).json(null);
         }).catch((error: unknown) => {
-            console.error(error);
+            auditLogger.error(req.log, `Error whilst trying to change password for ${req.params.user}: ${error}`);
             return res.status(500).json(error);
         });
     });
@@ -99,15 +106,17 @@
         }
 
         if (!user) {
+            auditLogger.error(req.log, "No user provided for deletion");
             return res.status(400).json();
         }
+        auditLogger.info(req.log, `Successfully deleted user: ${user}`);
         return res.status(204).json(await blaiseApiClient.deleteUser(user));
     });
 
     router.post("/api/users", auth.Middleware, async function (req: Request, res: Response) {
         const data = req.body;
         if(!data.role){
-            return res.status(400).json();
+            return res.status(400).json({ message: "No role provided for user creation" });
         }
         const roleServerParksOverride = config.RoleToServerParksMap[data.role];
         if (roleServerParksOverride != null) {
@@ -118,6 +127,8 @@
             data.serverParks = defaultServerPark;
             data.defaultServerPark = defaultServerPark[0];
         }
+        const currentUser = req.headers.user;
+        auditLogger.info(req.log, `${currentUser} has created user: ${data.username}`);
         return res.status(200).json(await blaiseApiClient.createUser(data));
     });
 

server/server.ts

@@ -7,45 +7,43 @@ import BlaiseAPIRouter from "./BlaiseAPI";
 import multer from "multer";
 import * as profiler from "@google-cloud/profiler";
 import { newLoginHandler, Auth } from "blaise-login-react/blaise-login-react-server";
-import pino from "pino";
 import { CustomConfig } from "./interfaces/server";
 import BlaiseApi from "blaise-api-node-client";
 import { Express } from "express";
 import fs from "fs";
+import AuditLogger from "./AuditLogger";
 
 export default function GetNodeServer(config: CustomConfig, blaiseApi: BlaiseApi, auth: Auth): Express
 {
-    const pinoLogger = pino();
+    const pinoLogger = createLogger();
     profiler.start({ logLevel: 4 }).catch((err: unknown) => {
-        pinoLogger.error(`Failed to start profiler: ${err}`);
+        pinoLogger.logger.error(`Failed to start profiler: ${err}`);
     });
 
     const upload = multer();
-
     const server = express();
+    const logger = createLogger();
 
     server.use(upload.any());
-
-    axios.defaults.timeout = 10000;
-
-    const logger = createLogger();
     server.use(logger);
+    axios.defaults.timeout = 10000;
 
     // where ever the react built package is
     const buildFolder = "../build";
-
+    const auditLogger = new AuditLogger(config.ProjectId);
     const loginHandler = newLoginHandler(auth, blaiseApi);
 
     // Health Check endpoint
     server.get("/bam-ui/:version/health", async function (req: Request, res: Response) {
-        pinoLogger.info("Heath Check endpoint called");
+        auditLogger.info(req.log, "Heath Check endpoint called");
+        req.log.info("Heath Check endpoint called");
         res.status(200).json({ healthy: true });
     });
 
     server.use("/", loginHandler);
 
     // All Endpoints calling the Blaise API
-    server.use("/", BlaiseAPIRouter(config, auth, blaiseApi));
+    server.use("/", BlaiseAPIRouter(config, auth, blaiseApi, auditLogger));
 
     // treat the index.html as a template and substitute the values at runtime
     server.set("views", path.join(__dirname, "/views"));
@@ -66,8 +64,10 @@ export default function GetNodeServer(config: CustomConfig, blaiseApi: BlaiseApi
 
     server.use(function (err, _req, res, _next) {
         if (err && err.stack) {
+            auditLogger.error(res, err.stack);
             console.error(err.stack);
         } else {
+            auditLogger.error(res, "An undefined error occurred");
             console.error("An undefined error occurred");
         }
         res.render("../views/500.html", {});

src/pages/users/UserUpload/NewUser.tsx

@@ -25,9 +25,10 @@ function NewUserComponent(): ReactElement {
         setUsername(formData.username);
         if (formData.username && formData.password) {
             const newUser: NewUser = {
-                name: formData.username,
-                password: formData.password,
+                name: formData.username.trim(),
+                password: formData.password.trim(),
                 role: role,
+                // TODO: Are these needed? These should be set in the server depending on the role
                 defaultServerPark: "gusty",
                 serverParks: ["gusty"]
             };

yarn.lock

@@ -3171,6 +3171,27 @@
     stream-events "^1.0.5"
     uuid "^8.0.0"
 
+"@google-cloud/logging@^9.6.0":
+  version "9.9.0"
+  resolved "https://registry.yarnpkg.com/@google-cloud/logging/-/logging-9.9.0.tgz#d13fd6ae359e02123809b2bd640a0a8f71793434"
+  integrity sha512-rJQ0i9COI1WbtWuGyXL8edF4OA3XHcvgAq5I2DZmjKFvmCLCcspFIWZtztxgd0UgmrrshQVZ0R76oBHjTGggkg==
+  dependencies:
+    "@google-cloud/common" "^3.4.1"
+    "@google-cloud/paginator" "^3.0.0"
+    "@google-cloud/projectify" "^2.0.0"
+    "@google-cloud/promisify" "^2.0.0"
+    arrify "^2.0.1"
+    dot-prop "^6.0.0"
+    eventid "^2.0.0"
+    extend "^3.0.2"
+    gcp-metadata "^4.0.0"
+    google-auth-library "^7.0.0"
+    google-gax "^2.24.1"
+    on-finished "^2.3.0"
+    pumpify "^2.0.1"
+    stream-events "^1.0.5"
+    uuid "^8.0.0"
+
 "@google-cloud/paginator@^3.0.0":
   version "3.0.7"
   resolved "https://registry.yarnpkg.com/@google-cloud/paginator/-/paginator-3.0.7.tgz#fb6f8e24ec841f99defaebf62c75c2e744dd419b"
@@ -6296,9 +6317,9 @@ bl@^4.0.3, bl@^4.1.0:
     path-parse "^1.0.7"
     typescript "~4.2.2"
 
-"blaise-login-react@git+https://github.com/ONSdigital/blaise-login-react#1.1.0":
+"blaise-login-react@git+https://github.com/ONSdigital/blaise-login-react#1.1.1":
   version "0.0.0"
-  resolved "git+https://github.com/ONSdigital/blaise-login-react#39f4182a62b1faaf01039fb8c94adc296ac78766"
+  resolved "git+https://github.com/ONSdigital/blaise-login-react#f7fc532e1938ccb45831816311c85336510383ae"
 
 bluebird@^3.5.5:
   version "3.7.2"