Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Promote from BLAIS5-4254 to main #386

Merged
merged 42 commits into from
Nov 5, 2024
Merged
Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
e04ceb9
build: use improved blaise-login components
kristian4res Oct 28, 2024
af4e2d0
wip: add logging
kristian4res Oct 28, 2024
44327f0
wip: add logging
kristian4res Oct 28, 2024
1824256
build: use latest blaise-login-react; use cloud logging (same as DQS …
kristian4res Oct 29, 2024
5f7d124
feat: add and configure gcp cloud logging
kristian4res Oct 29, 2024
3e16abf
fix: trim trailing whitespaces for name and pwd
kristian4res Oct 29, 2024
600ed11
wip: use pino http logger and cloud logging (test with BlaiseAPI)
kristian4res Oct 29, 2024
8cf5e3e
wip: log current user or requester
kristian4res Oct 29, 2024
7c9c1ec
wip: log current user or requester
kristian4res Oct 29, 2024
3759235
wip: log current user or requester
kristian4res Oct 29, 2024
e8723a6
feat: log current user initiating the action
kristian4res Oct 29, 2024
0909143
test: involve auth process in tests by using mock JWT values
kristian4res Oct 29, 2024
5ff600f
feat/refactor: add logging to create, delete and update/edit actions
kristian4res Oct 30, 2024
c7a4e00
refactor: restructure server folder
kristian4res Oct 30, 2024
e937804
test: include log asserts in unit tests
kristian4res Oct 30, 2024
df3c82e
chore: remove unused import
kristian4res Oct 31, 2024
a4ab55a
chore: remove unused import
kristian4res Oct 31, 2024
b376eb8
wip: fix unit test?
kristian4res Oct 31, 2024
7f12c98
wip: fix unit test?
kristian4res Oct 31, 2024
6ecd43c
wip: fix unit test?
kristian4res Oct 31, 2024
525b9cc
wip: fix deploy?
kristian4res Oct 31, 2024
0206e7c
wip: checking logs for roles and permissions
kristian4res Oct 31, 2024
98180f5
chore: remove audit logs endpoint
kristian4res Nov 4, 2024
a9d64b0
test: relocate blaise api tests
kristian4res Nov 4, 2024
f2791cc
refactor: trim whitespace in text user inputs; allow custom IDs for O…
kristian4res Nov 4, 2024
54e8685
test: trim whitespace in text user inputs; allow custom IDs for ONSPa…
kristian4res Nov 4, 2024
b72e261
refactor: assign correct serverparks based on role, before sending to…
kristian4res Nov 4, 2024
1b308a9
refactor: assign correct serverparks based on role, before sending to…
kristian4res Nov 4, 2024
b4b50ef
chore: remove console log
kristian4res Nov 4, 2024
f55a3ac
ref/test: improve logs and add error test case
kristian4res Nov 4, 2024
6a15aaa
ref: improve logs
kristian4res Nov 4, 2024
65e70da
ref: improve logs
kristian4res Nov 4, 2024
96d5950
ref: improve logs
kristian4res Nov 4, 2024
f6d4648
ref: improve logs
kristian4res Nov 4, 2024
fd20b67
ref: improve logs
kristian4res Nov 4, 2024
5a57a47
ref: improve logs
kristian4res Nov 4, 2024
0168d13
fix: sanitize message to prevent log injection
kristian4res Nov 5, 2024
736d33e
chore: remove unused method
kristian4res Nov 5, 2024
5580c25
chore: remove comments
kristian4res Nov 5, 2024
5252d26
build: update design system release reference
kristian4res Nov 5, 2024
fb143be
feat/test: sanitize log messages whilst preserving readability
kristian4res Nov 5, 2024
41721d5
ref: improve code
kristian4res Nov 5, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
"formik": "2.4.2"
},
"dependencies": {
"@google-cloud/logging": "^9.6.0",
"@google-cloud/profiler": "^4.1.1",
"@testing-library/dom": "^8.3.0",
"@testing-library/jest-dom": "^5.16.4",
Expand All @@ -34,7 +35,7 @@
"axios": "^1.7.4",
"blaise-api-node-client": "git+https://github.com/ONSdigital/blaise-api-node-client",
"blaise-design-system-react-components": "git+https://github.com/ONSdigital/blaise-design-system-react-components#0.14.0",
"blaise-login-react": "git+https://github.com/ONSdigital/blaise-login-react#1.1.0",
"blaise-login-react": "git+https://github.com/ONSdigital/blaise-login-react#1.1.1",
"dotenv": "^10.0.0",
"ejs": "^3.1.10",
"express": "^4.19.2",
Expand Down Expand Up @@ -83,6 +84,7 @@
"eslint-plugin-prettier": "^5.1.3",
"eslint-plugin-react": "^7.28.0",
"eslint-plugin-react-hooks": "^4.3.0",
"jsonwebtoken": "^9.0.2",
"pino-pretty": "^4.7.1",
"supertest": "^6.1.6"
},
Expand Down
11 changes: 6 additions & 5 deletions server/index.ts
Original file line number Diff line number Diff line change
@@ -1,20 +1,21 @@
import GetNodeServer from "./server";
import pino from "pino";
import { loadConfigFromEnv } from "./Config";
import { loadConfigFromEnv } from "./config";
import BlaiseApiClient from "blaise-api-node-client";
import { Auth } from "blaise-login-react/blaise-login-react-server";
import dotenv from "dotenv";
import createLogger from "./logger/pinoLogger";
import AuditLogger from "./logger/cloudLogging";
Fixed Show fixed Hide fixed

const port: string = process.env.PORT || "5002";
const logger = pino();

if (process.env.NODE_ENV !== "production") {
dotenv.config();
}
const config = loadConfigFromEnv();
const blaiseApiClient = new BlaiseApiClient(config.BlaiseApiUrl);
const auth = new Auth(config);
const server = GetNodeServer(config, blaiseApiClient, auth);
const pinoLogger = createLogger();
const server = GetNodeServer(config, blaiseApiClient, auth, pinoLogger);
server.listen(port);

logger.info("App is listening on port " + port);
pinoLogger.logger.info("BAM nodejs server is listening on port " + port);
6 changes: 6 additions & 0 deletions server/interfaces/logger.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
export interface AuditLog {
id: string;
timestamp: string;
message: string;
severity: string;
}
1 change: 0 additions & 1 deletion server/interfaces/server.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
import { AuthConfig } from "blaise-login-react/blaise-login-react-server";
import { string } from "prop-types";

export interface CustomConfig extends AuthConfig {
BlaiseApiUrl: string
Expand Down
50 changes: 50 additions & 0 deletions server/logger/cloudLogging.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
import { Logging } from "@google-cloud/logging";
import { IncomingMessage } from "http";
import { AuditLog } from "../interfaces/logger";

export default class AuditLogger {
projectId: string;
logger: Logging;
logName: string;

constructor(projectId: string) {
this.projectId = projectId;
this.logger = new Logging({ projectId: this.projectId });
this.logName = `projects/${this.projectId}/logs/stdout`;
}

info(logger: IncomingMessage["log"], message: string): void {
logger.info(`AUDIT_LOG: ${message}`);
Fixed Show fixed Hide fixed
}

error(logger: IncomingMessage["log"], message: string): void {
logger.error(`AUDIT_LOG: ${message}`);
Fixed Show fixed Hide fixed
}

async getLogs(): Promise<AuditLog[]> {
const auditLogs: AuditLog[] = [];
const log = this.logger.log(this.logName);
const [entries] = await log.getEntries({ filter: "jsonPayload.message=~\"^AUDIT_LOG: \"", maxResults: 50 });
for (const entry of entries) {
let id = "";
let timestamp = "";
let severity = "INFO";
if (entry.metadata.insertId != null) {
id = entry.metadata.insertId;
}
if (entry.metadata.timestamp != null) {
timestamp = entry.metadata.timestamp.toString();
}
if (entry.metadata.severity != null) {
severity = entry.metadata.severity.toString();
}
auditLogs.push({
id: id,
timestamp: timestamp,
message: entry.data.message.replace(/^AUDIT_LOG: /, ""),
severity: severity
});
}
return auditLogs;
}
}
File renamed without changes.
34 changes: 34 additions & 0 deletions server/routes/auditLogs.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
import express, { Request, Response, Router } from "express";
import AuditLogger from "../logger/cloudLogging";
import { Auth } from "blaise-login-react/blaise-login-react-server";

export default function auditLogs(auditlogger: AuditLogger, auth: Auth): Router {
const router = express.Router();

const auditHandler = new AuditHandler(auditlogger, auth);
return router.get("/api/audit", auth.Middleware, auditHandler.GetAuditLogs);
}

export class AuditHandler {
auditLogger: AuditLogger;
auth: Auth;

constructor(auditLogger: AuditLogger, auth: Auth) {
this.auditLogger = auditLogger;
this.auth = auth;

this.GetAuditLogs = this.GetAuditLogs.bind(this);
}

async GetAuditLogs(req: Request, res: Response): Promise<Response> {
const currentUser = this.auth.GetUser(this.auth.GetToken(req));
try {
const logs = await this.auditLogger.getLogs();
this.auditLogger.info(req.log, `${currentUser.name} retrieved audit logs`);
return res.status(200).json(logs);
} catch (error: unknown) {
this.auditLogger.error(req.log, `${currentUser.name} failed to get audit logs`);
return res.status(500).json(error);
}
}
}
33 changes: 24 additions & 9 deletions server/BlaiseAPI/index.ts → server/routes/blaiseApi.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,11 @@ import express, { Request, Response, Router } from "express";
import { CustomConfig } from "../interfaces/server";
import { Auth } from "blaise-login-react/blaise-login-react-server";
import BlaiseApiClient from "blaise-api-node-client";
import AuditLogger from "../logger/cloudLogging";

export default function BlaiseAPIRouter(config: CustomConfig, auth: Auth, blaiseApiClient: BlaiseApiClient): Router {
export default function blaiseApi(config: CustomConfig, auth: Auth, blaiseApiClient: BlaiseApiClient, auditLogger: AuditLogger): Router {
const router = express.Router();

router.get("/api/roles", auth.Middleware, async function (req: Request, res: Response) {
res.status(200).json(await blaiseApiClient.getUserRoles());
});
Expand All @@ -14,6 +16,7 @@ export default function BlaiseAPIRouter(config: CustomConfig, auth: Auth, blaise
});

router.patch("/api/users/:user/rolesAndPermissions", auth.Middleware, async function (req: Request, res: Response) {
const currentUser = auth.GetUser(auth.GetToken(req));
const { role } = req.body;
const user = req.params.user;
let newServerParks = [""];
Fixed Show fixed Hide fixed
Expand All @@ -36,14 +39,15 @@ export default function BlaiseAPIRouter(config: CustomConfig, auth: Auth, blaise
try {
await blaiseApiClient.changeUserRole(user, role);
await blaiseApiClient.changeUserServerParks(user, newServerParks, newDefaultServerPark);
const successMessage = `Successfully updated user role and permissions to ${role} for ${user}`;
console.log(successMessage + ` at ${(new Date()).toLocaleTimeString("en-UK")} ${(new Date()).toLocaleDateString("en-UK")}`);
const successMessage = `${currentUser.name || "Unknown"} has successfully updated user role and permissions to ${role} for ${user}`;
auditLogger.info(req.log, successMessage);
return res.status(200).json({
message: successMessage + " today at " + (new Date()).toLocaleTimeString("en-UK")
message: successMessage
});
} catch (error) {
const errorMessage = `Error whilst trying to update user role and permissions to ${role} for ${req.params.user}: ${error}`;
console.error(errorMessage);
auditLogger.info(req.log, `${currentUser.name || "Unknown"} has failed to update user role and permissions to ${role} for ${user}`);
auditLogger.error(req.log, errorMessage);
return res.status(500).json({
message: errorMessage
});
Expand All @@ -58,13 +62,14 @@ export default function BlaiseAPIRouter(config: CustomConfig, auth: Auth, blaise
try {
const user = await blaiseApiClient.getUser(req.params.user);
const successMessage = `Successfully fetched user details for ${req.params.user}`;
auditLogger.info(req.log, successMessage);
return res.status(200).json({
message: successMessage,
data: user
});
} catch (error) {
const errorMessage = `Error whilst trying to retrieve user ${req.params.user}: ${error}`;
console.error(errorMessage);
auditLogger.error(req.log, errorMessage);
return res.status(500).json({
message: errorMessage,
error: error
Expand All @@ -73,6 +78,7 @@ export default function BlaiseAPIRouter(config: CustomConfig, auth: Auth, blaise
});

router.get("/api/change-password/:user", auth.Middleware, async function (req: Request, res: Response) {
const currentUser = auth.GetUser(auth.GetToken(req));
let { password } = req.headers;

if (Array.isArray(password)) {
Expand All @@ -84,31 +90,39 @@ export default function BlaiseAPIRouter(config: CustomConfig, auth: Auth, blaise
}

blaiseApiClient.changePassword(req.params.user, password).then(() => {
auditLogger.info(req.log, `${currentUser.name || "Unknown"} has successfully changed the password for ${req.params.user}`);
return res.status(204).json(null);
}).catch((error: unknown) => {
console.error(error);
auditLogger.info(req.log, `${currentUser.name || "Unknown"} has failed to change the password for ${req.params.user}`);
auditLogger.error(req.log, `Error whilst trying to change password for ${req.params.user}: ${error}`);
return res.status(500).json(error);
});
});

router.delete("/api/users", auth.Middleware, async function (req: Request, res: Response) {
const currentUser = auth.GetUser(auth.GetToken(req));
let { user } = req.headers;

if (Array.isArray(user)) {
user = user.join("");
}

if (!user) {
auditLogger.error(req.log, "No user provided for deletion");
return res.status(400).json();
}
auditLogger.info(req.log, `${currentUser.name || "Unknown"} has successfully deleted user: ${user}`);
return res.status(204).json(await blaiseApiClient.deleteUser(user));
});

router.post("/api/users", auth.Middleware, async function (req: Request, res: Response) {
const currentUser = auth.GetUser(auth.GetToken(req));
const data = req.body;
if(!data.role){
return res.status(400).json();

if(!data.role) {
return res.status(400).json({ message: "No role provided for user creation" });
}

const roleServerParksOverride = config.RoleToServerParksMap[data.role];
if (roleServerParksOverride != null) {
data.serverParks = roleServerParksOverride;
Expand All @@ -118,6 +132,7 @@ export default function BlaiseAPIRouter(config: CustomConfig, auth: Auth, blaise
data.serverParks = defaultServerPark;
data.defaultServerPark = defaultServerPark[0];
}
auditLogger.info(req.log, `${currentUser.name || "Unknown"} has successfully created user: ${data.username}`);
return res.status(200).json(await blaiseApiClient.createUser(data));
});

Expand Down
50 changes: 25 additions & 25 deletions server/server.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,50 +2,48 @@
import axios from "axios";
import path from "path";
import ejs from "ejs";
import createLogger from "./pino";
import BlaiseAPIRouter from "./BlaiseAPI";
import createLogger from "./logger/pinoLogger";
Fixed Show fixed Hide fixed
import multer from "multer";
import * as profiler from "@google-cloud/profiler";
import { newLoginHandler, Auth } from "blaise-login-react/blaise-login-react-server";
import pino from "pino";
import { CustomConfig } from "./interfaces/server";
import BlaiseApi from "blaise-api-node-client";
import { Express } from "express";
import fs from "fs";
import AuditLogger from "./logger/cloudLogging";
import auditLogs from "./routes/auditLogs";
import blaiseApi from "./routes/blaiseApi";
import { Logger } from "pino";
Fixed Show fixed Hide fixed
import { HttpLogger } from "pino-http";

export default function GetNodeServer(config: CustomConfig, blaiseApi: BlaiseApi, auth: Auth): Express
export default function GetNodeServer(config: CustomConfig, blaiseApiClient: BlaiseApi, auth: Auth, logger: HttpLogger): Express
{
const pinoLogger = pino();
profiler.start({ logLevel: 4 }).catch((err: unknown) => {
pinoLogger.error(`Failed to start profiler: ${err}`);
});

const auditLogger = new AuditLogger(config.ProjectId);
const pinoLogger = logger;
const upload = multer();

const server = express();
// where ever the react built package is
const buildFolder = "../build";

server.use(upload.any());

server.use(pinoLogger);
axios.defaults.timeout = 10000;

const logger = createLogger();
server.use(logger);
const loginRouter = newLoginHandler(auth, blaiseApiClient);
const auditRouter = auditLogs(auditLogger, auth);
const blaiseApiRouter = blaiseApi(config, auth, blaiseApiClient, auditLogger);

// where ever the react built package is
const buildFolder = "../build";

const loginHandler = newLoginHandler(auth, blaiseApi);

// Health Check endpoint
profiler.start({ logLevel: 4 }).catch((err: unknown) => {
pinoLogger.logger.info(`Failed to start GCP profiler: ${err}`);
});
// GCP health check
server.get("/bam-ui/:version/health", async function (req: Request, res: Response) {
pinoLogger.info("Heath Check endpoint called");
auditLogger.info(req.log, "Heath Check endpoint called");
res.status(200).json({ healthy: true });
});

server.use("/", loginHandler);

// All Endpoints calling the Blaise API
server.use("/", BlaiseAPIRouter(config, auth, blaiseApi));
server.use("/", loginRouter);
server.use("/", blaiseApiRouter);
server.use("/", auditRouter);

// treat the index.html as a template and substitute the values at runtime
server.set("views", path.join(__dirname, "/views"));
Expand All @@ -66,8 +64,10 @@

server.use(function (err, _req, res, _next) {
if (err && err.stack) {
auditLogger.error(res, err.stack);
console.error(err.stack);
} else {
auditLogger.error(res, "An undefined error occurred");
console.error("An undefined error occurred");
}
res.render("../views/500.html", {});
Expand Down
Loading
Loading