@sap/audit-logging - npm Package Compare versions

Comparing version 2.2.2 to 2.3.0

CHANGELOG.md

		@@ -8,2 +8,20 @@ # Change Log

		## 2.3.0 - 2018-12-18

		### Added
		- Node.js version 10 support

		### Fixed
		- Update `lodash` to 4.17.11

		## 2.2.4 - 2018-08-14

		### Fixed
		- Update dependencies.

		## 2.2.3 - 2018-07-17

		### Fixed
		- Update request to v2.87.0.

		## 2.2.2 - 2018-05-18
		@@ -10,0 +28,0 @@

npm-shrinkwrap.json

		{
		"version": "2.2.2",
		"version": "2.3.0",
		"name": "@sap/audit-logging",
		@@ -8,11 +8,5 @@ "dependencies": {
		},
		"co": {
		"version": "4.6.0"
		},
		"har-schema": {
		"version": "2.0.0"
		},
		"hoek": {
		"version": "4.2.1"
		},
		"getpass": {
		@@ -22,7 +16,5 @@ "version": "0.1.7"
		"ecc-jsbn": {
		"optional": true,
		"version": "0.1.1"
		"version": "0.1.2"
		},
		"tweetnacl": {
		"optional": true,
		"version": "0.14.5"
		@@ -34,6 +26,6 @@ },
		"mime-types": {
		"version": "2.1.18"
		"version": "2.1.21"
		},
		"punycode": {
		"version": "1.4.1"
		"version": "2.1.1"
		},
		@@ -44,3 +36,3 @@ "verror": {
		"aws4": {
		"version": "1.7.0"
		"version": "1.8.0"
		},
		@@ -50,26 +42,27 @@ "asynckit": {
		},
		"uuid": {
		"version": "3.2.1"
		"psl": {
		"version": "1.1.31"
		},
		"sntp": {
		"version": "2.1.0"
		"safer-buffer": {
		"version": "2.1.2"
		},
		"ajv": {
		"version": "5.5.2"
		"version": "6.6.2"
		},
		"asn1": {
		"version": "0.2.3"
		"version": "0.2.4"
		},
		"tough-cookie": {
		"version": "2.3.4"
		"version": "2.4.3",
		"dependencies": {
		"punycode": {
		"version": "1.4.1"
		}
		}
		},
		"boom": {
		"version": "4.3.1"
		},
		"bcrypt-pbkdf": {
		"optional": true,
		"version": "1.0.1"
		"version": "1.0.2"
		},
		"sshpk": {
		"version": "1.14.1"
		"version": "1.15.2"
		},
		@@ -80,9 +73,9 @@ "is-typedarray": {
		"mime-db": {
		"version": "1.33.0"
		"version": "1.37.0"
		},
		"fast-deep-equal": {
		"version": "1.1.0"
		"version": "2.0.1"
		},
		"json-schema-traverse": {
		"version": "0.3.1"
		"version": "0.4.1"
		},
		@@ -93,3 +86,3 @@ "safe-buffer": {
		"extend": {
		"version": "3.0.1"
		"version": "3.0.2"
		},
		@@ -109,12 +102,4 @@ "http-signature": {
		"har-validator": {
		"version": "5.0.3"
		"version": "5.1.3"
		},
		"cryptiles": {
		"version": "3.1.2",
		"dependencies": {
		"boom": {
		"version": "5.2.0"
		}
		}
		},
		"tunnel-agent": {
		@@ -126,5 +111,2 @@ "version": "0.6.0"
		},
		"hawk": {
		"version": "6.0.2"
		},
		"fast-json-stable-stringify": {
		@@ -134,3 +116,2 @@ "version": "2.0.0"
		"jsbn": {
		"optional": true,
		"version": "0.1.1"
		@@ -147,2 +128,5 @@ },
		},
		"uri-js": {
		"version": "4.2.2"
		},
		"json-stringify-safe": {
		@@ -152,4 +136,7 @@ "version": "5.0.1"
		"request": {
		"version": "2.86.0"
		"version": "2.88.0"
		},
		"uuid": {
		"version": "3.3.2"
		},
		"caseless": {
		@@ -162,9 +149,9 @@ "version": "0.12.0"
		"form-data": {
		"version": "2.3.2"
		"version": "2.3.3"
		},
		"oauth-sign": {
		"version": "0.8.2"
		"version": "0.9.0"
		},
		"combined-stream": {
		"version": "1.0.6"
		"version": "1.0.7"
		},
		@@ -171,0 +158,0 @@ "ms": {

package.json

		@@ -1,1 +0,1 @@
		{"dependencies":{"debug":"3.1.0","request":"2.86.0"},"description":"Provides audit logging functionalities for Node.js applications","devDependencies":{"@sap/hdbext":"^4.4.2","async":"2.0.1","chai":"3.5.0","eslint":"3.2.2","filter-node-package":"^2.0.0","istanbul":"0.4.5","lodash":"4.17.5","markdown-toc":"^1.1.0","mocha":"3.0.2","node-build":"^1.0.0","node-style":"^2.0.0","sinon":"1.17.5"},"engines":{"node":"^0.12.7 \|\| ^4.4.0 \|\| ^6.0.0 \|\| ^8.0.0"},"main":"index.js","maintainers":[{"name":"https-support.sap.com","email":"do-not-reply@sap.com"}],"name":"@sap/audit-logging","optionalDependencies":{},"readme":"# @sap/audit-logging\n\nProvides audit logging functionalities for Node.js applications.\n\n<!-- toc -->\n\n- [Overview](#overview)\n * [General audit logging principles](#general-audit-logging-principles)\n * [Prerequisites](#prerequisites)\n * [Versions](#versions)\n- [API - v1](#api---v1)\n * [Importing the library](#importing-the-library)\n * [Data access messages](#data-access-messages)\n * [Data modification messages](#data-modification-messages)\n * [Update data modification](#update-data-modification)\n * [Configuration change messages](#configuration-change-messages)\n * [Update configuration change](#update-configuration-change)\n * [General security messages](#general-security-messages)\n * [Logging a message](#logging-a-message)\n- [API - v2](#api---v2)\n * [Importing the library](#importing-the-library-1)\n * [Data access messages](#data-access-messages-1)\n * [Data modification messages](#data-modification-messages-1)\n * [Configuration change messages](#configuration-change-messages-1)\n * [General security messages](#general-security-messages-1)\n- [Local development](#local-development)\n * [Without Audit log service](#without-audit-log-service)\n * [With Audit log service](#with-audit-log-service)\n\n<!-- tocstop -->\n\n## Overview\n\nAudit logging is about writing entries in a specific format to a log storage. Subject to audit logging are events of significant importance.\nFor example, security events which may impact the confidentiality, the integrity or the availability of a system.\nAnother example of such an event would be access to personal data (both reading and altering) like bank accounts, political opinion,\nhealth status etc.\n\nWhile the consumer of ordinary logs is a system administrator who would like to keep track of the state of a system,\naudit logs are read by an auditor. There are legal requirements (in some countries stricter than in others) regarding audit logging.\n\nIn general the events that are supposed to be audit logged can be grouped in 3 main categories:\n- changes to system configurations (which may have significant effect on the system itself)\n- access to personal data (related to data privacy)\n- general security events (like starting/stopping a system, failed authorization checks etc.)\n\n\n### General audit logging principles\n\n- All attempts to perform an action in a system should be audit logged no matter if they have been successful or not.\n- Audit log entries should be consistent with the state of the system. If, for example, the writing of the audit log entry fails,\nbut the changes to system critical parameters have been applied, then those changes should be reverted. Best practice is to wait for\nthe callback of the logger before continuing with the execution of other code.\n- Especially important is which user (or other agent) has triggered the corresponding event that is being audit logged.\nFor most of the cases the library will validate that such a field is provided in the message.\n- All audit log entries should be in English. Numbers should be converted to strings with English locale.\nAll time fields should be in UTC time in order to avoid timezone and day light saving time issues.\n- Passwords should never be audit logged.\n\n### Prerequisites\n\nAn application using the audit log library needs to be bound to an instance of the Audit log service.\n\n### Versions\n\nThe Audit log service provides REST APIs that are available to applications for\nlogging relevant messages. The latest Audit log server supports 2 versions\nof the REST APIs. This library provides JavaScript programming interfaces for\nboth of these versions of the server's APIs.\nNote: It is recommended to use REST APIs v2 if available on the Audit log server being in use (and respectively the JavaScript v2 APIs).\nThe initial version of the Audit log server REST APIs is deprecated in favor of the v2 version. The same applies to the JavaScript APIs provided by this library.\n\n## API - v1\n\nThe library provides an API for writing audit messages of type configuration changes, data modifications, data accesses and security events.\n\n### Importing the library\n\n```js\nvar credentials = {\n \"user\": \"user\",\n \"password\": \"password\",\n \"url\": \"https://host:port\"\n};\nvar auditLog = require('@sap/audit-logging')(credentials);\n```\n\n`credentials` object is the bound audit log service's credentials.\nTake a look at @sap/xsenv package for more information on how to retrieve service credentials.\n\n### Data access messages\n\nLet's suppose we need to create an entry for a data access operation over personal data. We can achieve that with the following code:\n\n```js\nauditLog.read('user123')\n .attribute('username', true)\n .attribute('first name', true)\n .attribute('last name', true)\n .accessChannel('UI')\n .by('John Doe')\n .tenant('tenantId')\n .log(...);\n```\n\n* `read` - takes a string which identifies the object which is being accessed.\n* `attribute(name, successful)` - sets object attributes. It is mandatory to provide at least one attribute.\n * `name` - is the name of the attribute being accessed.\n * `successful` - specifies whether the access was successful or not.\n* `by` - takes a string which identifies the user performing the action. This is mandatory.\n* `accessChannel` - takes a string which specifies channel of access.\n* `attachment(id, name)` - if attachments or files are downloaded or displayed, information identifying the attachment shall be logged.\n * `id` - attachment id\n * `name` - attachment name\n* `tenant` - takes a string which specifies the tenant id. The provided value is ignored by older versions of the Audit log service that do not support setting a tenant.\n* `log` - See [here](#logging-a-message)\n\n### Data modification messages\n\nHere is how to create an entry for a data modification operation:\n\n```js\nauditLog.update('userdata')\n .attribute('first name', 'john', 'John')\n .by('John Doe')\n .tenant('tenantId')\n .log(...);\n```\n\nNote: Specifying an old and a new value for an attribute is only supported in newer versions of the Audit log service. Providing these values while working with an older version of the service results in an error in the callback. In such cases one may use the `attribute` method with an alternative signature:\n\n```js\nauditLog.update('userdata')\n .attribute('password', false)\n .by('John Doe')\n .tenant('tenantId')\n .log(...);\n```\n\n* `update` - takes a string which identifies the object which is being updated.\n* `attribute(name, oldValue, newValue)` - sets object attributes. It is mandatory to provide at least one attribute.\n * `name` - is the name of the attribute being modified.\n * `oldValue` - is the current value of the attribute.\n * `newValue` - is the value of the attribute after the change.\n\n Note: One may use this signature of the `attribute` method only if the Audit log service being consumed supports old and new values.\n\n* `attribute(name, successful)` - sets object attributes. It is mandatory to provide at least one attribute.\n * `name` - is the name of the attribute being modified.\n * `successful` - specifies whether the modification was successful or not.\n\n Note: this signature of the method is deprecated. It should be used only if the consumed Audit log service does not support old and new values.\n\n* `by` - takes a string which identifies the user performing the action. This is mandatory.\n* `tenant` - takes a string which specifies the tenant id. The provided value is ignored by older versions of the Audit log service that do not support setting a tenant.\n* `log` - See [here](#logging-a-message)\n\n### Update data modification\n\n```js\nauditLog.updateDataModification(id, isSuccessful)\n .log(...);\n```\n\n* `updateDataModification(id, isSuccessful)` - takes two arguments.\n * `id` - id of the data modification message saved earlier (see [log](#logging-a-message))\n * `isSuccessful` - denotes whether the data modification was successful or not.\n* `log` - See [here](#logging-a-message)\n\nNote: This function should only be used with an Audit log service that supports old and new values.\n\n### Configuration change messages\n\nHere is how to create an entry for a configuration change operation:\n\n```js\nauditLog.configurationChange('configuration object')\n .attribute('session timeout', '5', '25')\n .by('Application Admin')\n .successful(true)\n .tenant('tenantId')\n .log(...);\n```\n\n* `configurationChange` - takes a string which identifies the object which is being configured.\n* `attribute(name, oldValue, newValue)` - sets object attributes. It is mandatory to provide at least one attribute.\n * `name` - is the name of the attribute being accessed.\n * `oldValue` - is the current value of the attribute being changed.\n * `newValue` - is the value of the attribute after the change.\n* `successful(isSuccessful)` - used to mark whether the configuration change is finished with success, failure.\n If not called configuration change will be marked as pending.\n * `isSuccessful` - should be a valid boolean.\n* `by` - takes a string which identifies the user performing the action. This is mandatory.\n* `tenant` - takes a string which specifies the tenant id. The provided value is ignored by older versions of the Audit log service that do not support setting a tenant.\n* `log` - See [here](#logging-a-message)\n\n### Update configuration change\n\n```js\nauditLog.updateConfigurationChange(id, isSuccessful)\n .log(...);\n```\n\n* `updateConfigurationChange(id, isSuccessful)` - takes two arguments.\n * `id` - id of the configuration message saved earlier (see [log](#logging-a-message))\n * `isSuccessful` - denotes whether the configuration change was successful or not.\n* `log` - See [here](#logging-a-message)\n\n### General security messages\n\nHere is how to create a general security audit log message:\n\n```js\nauditLog.securityMessage('%d unsuccessful login attempts', 3)\n .by('John Doe')\n .externalIP('127.0.0.1')\n .tenant('tenantId')\n .log(...);\n```\n\n* `securityMessage` - takes a formatted string as in [util.format()](https://nodejs.org/api/util.html#util_util_format_format_args).\n* `externalIP` - states the IP of the machine that contacts the system. It is not mandatory, but it should be either IPv4 or IPv6.\n* `by` - takes a string which identifies the user performing the action. This is mandatory.\n* `tenant` - takes a string which specifies the tenant id. The provided value is ignored by older versions of the Audit log service that do not support setting a tenant.\n* `log` - See [here](#logging-a-message)\n\n### Logging a message\n\nUse the `log` method to write a message to the Audit log. It takes one argument - a callback function.\nBe aware that the state of the audit logs should be consistent with the state of the system.\nMake sure you handle errors from the audit log writer properly.\nApplication code should wait for the logging to finish before executing any other code.\n\n```js\nvar message = /* any of the above example messages /;\nmessage.log(function (err, id) {\n // Do error handling and place all of the remaining logic here\n });\n```\n\n `message` - Any of the following:\n * [`read`](#data-access-messages)\n * [`update`](#data-modification-messages)\n * [`configurationChange`](#configuration-change-messages)\n * [`updateConfigurationChange`](#update-configuration-change)\n * [`securityMessage`](#general-security-messages)\n* `err` - error object in case of error.\n* `id` - Id of the message that is saved. Use it when you want to do [`updateConfigurationChange`](#update-configuration-change). `id` is undefined in case of [`updateConfigurationChange`](#update-configuration-change).\n\nNote: When a message is logged, the library checks for missing properties and will throw an error if some are missing.\n\n## API - v2\n\n### Importing the library\n\n```js\nvar credentials = {\n \"user\": \"user\",\n \"password\": \"password\",\n \"url\": \"https://host:port\"\n};\n\nvar auditLogging = require('@sap/audit-logging');\nauditLogging.v2(credentials, function(err, auditLog) {\n if (err) {\n // if the Audit log server does not support version 2 of the REST APIs\n // an error in the callback is returned\n return console.log(err);\n }\n});\n```\n\n`credentials` object with credentials for the Audit log service.\nTake a look at @sap/xsenv package for more information on how to retrieve service credentials.\nThe callback will be called with an error if the Audit log server does not support version 2 of the REST APIs.\n\n### Data access messages\n\n```js\nauditLog.read({ type: 'accessed-object-type', id: { key: 'value' } })\n .attribute({ name: 'attr-0' })\n .attribute({ name: 'attr-1', successful: true })\n .attachment({ id: '123' })\n .attachment({ id: '456', name: 'file.doc' })\n .dataSubject({ type: 'data-subject-type', id: { key: 'value' }, role: 'role' })\n .accessChannel('UI')\n .tenant('tenantId')\n .by('John Doe')\n .log(function (err) {\n\n });\n```\n\n* `read` - takes a JavaScript object which identifies the object which contains the data being accessed. Should have `type` and `id` properties.\n* `attribute(attribute)` - takes an object which describes an attribute. Should have a `name` property and optionally a `successful` property. It is mandatory to provide at least one attribute.\n* `attachment(attachment)` - takes an object which describes an attachment (used if attachments or files are downloaded or displayed). Should have an `id` property and optionally a `name` property.\n* `dataSubject` - takes an object describing the owner of the personal data. Should have `type` and `id` properties. The `role` property is optional. `dataSubject` is mandatory.\n* `accessChannel` - takes a string which specifies channel of access.\n* `tenant` - takes a string which specifies the tenant id.\n* `by` - takes a string which identifies the user performing the action. This is mandatory.\n* `log` - logs the message.\n\n### Data modification messages\n\n```js\nvar message = auditLog.update({ type: 'accessed-object-type', id: { key: 'value' } })\n .attribute({ name: 'attr-0' })\n .attribute({ name: 'attr-1' })\n .attribute({ name: 'attr-2', old: 'old value', new: 'new value' })\n .dataSubject({ type: 'data-subject-type', id: { key: 'value' }, role: 'role' })\n .tenant('tenantId')\n .by('John Doe');\n\nmessage.logPrepare(function (err) {\n message.logSuccess(function (err) { });\n // or\n message.logFailure(function(err) { });\n});\n```\n\n* `update` - takes a JavaScript object which identifies the object which contains the data being updated. Should have `type` and `id` properties.\n* `attribute(attribute)` - takes an object which describes an attribute. Should have a `name` property and optionally - `old` and `new` properties. It is mandatory to provide at least one attribute.\n* `dataSubject` - takes an object describing the owner of the personal data. Should have `type` and `id` properties. The `role` property is optional. `dataSubject` is mandatory.\n* `tenant` - takes a string which specifies the tenant id.\n* `by` - takes a string which identifies the user performing the action. This is mandatory.\n* `logPrepare` - Used to log that a user has started an operation over the data.\n* `logSuccess` - Used to log that the operation over the data has been completed successfully.\n* `logFailure` - Used to log that the operation over the data has not been completed successfully.\n\n### Configuration change messages\n\n```js\nvar message = auditLog.configurationChange({ type: 'accessed-object-type', id: { key: 'value' } })\n .attribute({ name: 'session timeout', old: '5', new: '25' })\n .tenant('tenantId')\n .by('Application Admin');\n\nmessage.logPrepare(function (err) {\n message.logSuccess(function (err) { });\n // or\n message.logFailure(function(err) { });\n});\n```\n\n* `configurationChange` - takes a JavaScript object which identifies the object which contains the data being configured. Should have `type` and `id` properties.\n* `attribute(attribute)` - takes an object which describes an attribute. Should have a `name`, `old` and `new` properties. It is mandatory to provide at least one attribute.\n* `tenant` - takes a string which specifies the tenant id.\n* `by` - takes a string which identifies the user performing the action. This is mandatory.\n* `logPrepare` - Used to log that a user has started a configuration change operation.\n* `logSuccess` - Used to log that the operation has been completed successfully.\n* `logFailure` - Used to log that the operation has not been completed successfully.\n\n### General security messages\n\n```js\nauditLog.securityMessage('%d unsuccessful login attempts', 3)\n .by('John Doe')\n .externalIP('127.0.0.1')\n .tenant('tenantId')\n .log(function (err) {\n\n });\n```\n\n* `securityMessage` - takes a formatted string as in [util.format()](https://nodejs.org/api/util.html#util_util_format_format_args).\n* `externalIP` - states the IP of the machine that contacts the system. Specifying it is optional, but if provided, should be either IPv4 or IPv6.\n* `by` - takes a string which identifies the user performing the action. This is mandatory.\n* `tenant` - takes a string which specifies the tenant id.\n* `log` - logs the message.\n\n\n## Local development\n\n### Without Audit log service\n\n```js\nvar credentials = {\n logToConsole: true\n};\nvar auditLog = require('@sap/audit-logging')(credentials);\n\n// or\n\nrequire('@sap/audit-logging').v2(credentials, function (err, auditLog) {\n\n});\n```\n\nWhen `logToConsole` is `true` the library will ignore other credential properties and will not use the Audit log service,\nbut will write the messages to the console.\n\nHint: If you use the @sap/xsenv package, you can pass the credentials through the default-services.json file\nor `VCAP_SERVICES` environment variable.\n\n### With Audit log service\n\nIf your application is not deployed in Cloud Foundry or XS Advanced,\nbut you have a running Audit log service somewhere, you should set the `VCAP_APPLICATION` environment variable to a string like\n`{ \"application_name\" : \"my-app\", \"organization_name\" : \"my-org\", \"space_name\" : \"my-space\" }`\n\nHint: If you use the @sap/xsenv package, you can set environment variables like this:\n\n```js\nvar xsenv = require('@sap/xsenv');\n\nxsenv.loadEnv();\nvar credentials = xsenv.getServices({ auditlog: 'auditlog-instance-name' }).auditlog;\nvar auditLog = require('@sap/audit-logging')(credentials);\n```\n\ndefault-env.json file:\n\n```json\n{\n \"VCAP_APPLICATION\": {\n \"application_name\" : \"my-app\",\n \"organization_name\" : \"my-org\",\n \"space_name\" : \"my-space\"\n },\n\n \"VCAP_SERVICES\" : {\n \"auditlog\" : [ {\n \"name\" : \"auditlog-instance-name\",\n \"credentials\" : {\n \"password\" : \"password\",\n \"user\" : \"user\",\n \"url\" : \"https://host:port\"\n }\n } ]\n }\n}\n```\n","readmeFilename":"README.md","repository":{},"scripts":{"itest-v1":"mocha itest/v1-test.js","itest-v2":"mocha itest/v2-test.js","lint":"eslint -f stylish --ignore-path .gitignore .","prepareRelease":"clean-packages && npm prune --production","test":"node build/test","toc":"markdown-toc -i README.md"},"version":"2.2.2","license":"SEE LICENSE IN developer-license-3.1.txt"}
		{"bundleDependencies":false,"dependencies":{"debug":"3.1.0","request":"2.88.0"},"deprecated":false,"description":"Provides audit logging functionalities for Node.js applications","devDependencies":{"@sap/hdbext":"^4.7.4","async":"2.0.1","chai":"3.5.0","eslint":"3.2.2","filter-node-package":"^2.1.1","istanbul":"0.4.5","lodash":"4.17.11","markdown-toc":"^1.1.0","mocha":"3.0.2","node-build":"^1.1.1","node-style":"^2.0.1","sinon":"1.17.5"},"engines":{"node":"^0.12.7 \|\| ^4.4.0 \|\| ^6.0.0 \|\| ^8.0.0 \|\| ^10.0.0"},"main":"index.js","name":"@sap/audit-logging","repository":{},"scripts":{"itest-v1":"mocha itest/v1-test.js","itest-v2":"mocha itest/v2-test.js","lint":"eslint -f stylish --ignore-path .gitignore .","prepareRelease":"clean-packages && npm prune --production","test":"node build/test","toc":"markdown-toc -i README.md"},"version":"2.3.0","license":"SEE LICENSE IN developer-license-3.1.txt"}

SIGNATURE.SMF

Sorry, the diff of this file is not supported yet

@sap/audit-logging - npm Package Compare versions

Improved metrics

Worsened metrics

Dependency changes