@sourceloop/audit-log

@sourceloop/audit-log

A loopback-next extension for implementing audit logs in loopback applications for all DB transactions.This extension provides a generic model to store audit data, which can be backed by any datasource you want.

Install

npm install @sourceloop/audit-log

Usage

In order to use this component into your LoopBack application, please follow below steps.

• Add audit model class as Entity.

import {Entity, model, property} from '@loopback/repository';
import {Action} from '@sourceloop/audit-log';

@model({
  name: 'audit_logs',
  settings: {
    strict: false,
  },
})
export class AuditLog extends Entity {
  @property({
    type: 'string',
    id: true,
    generated: false,
  })
  id?: string;

  @property({
    type: 'string',
    required: true,
  })
  action: Action;

  @property({
    name: 'acted_at',
    type: 'date',
    required: true,
  })
  actedAt: Date;

  @property({
    name: 'acted_on',
    type: 'string',
  })
  actedOn?: string;

  @property({
    name: 'action_key',
    type: 'string',
    required: true,
  })
  actionKey: string;

  @property({
    name: 'entity_id',
    type: 'string',
    required: true,
  })
  entityId: string;

  @property({
    type: 'string',
    required: true,
  })
  actor: string;

  @property({
    type: 'object',
  })
  before?: object;

  @property({
    type: 'object',
  })
  after?: object;

  // Define well-known properties here

  // Indexer property to allow additional data
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
  [prop: string]: any;

  constructor(data?: Partial<AuditLog>) {
    super(data);
  }
}

• Using lb4 datasource command create your own datasource using your preferred connector. Here is an example of datasource using postgres connector. Notice the statement static dataSourceName = AuditDbSourceName;. Make sure you change the data source name as per this in order to ensure connection work from extension.

import {inject, lifeCycleObserver, LifeCycleObserver} from '@loopback/core';
import {juggler} from '@loopback/repository';
import {AuditDbSourceName} from '@sourceloop/audit-log';

const config = {
  name: 'audit',
  connector: 'postgresql',
  url: '',
  host: '',
  port: 0,
  user: '',
  password: '',
  database: '',
};

@lifeCycleObserver('datasource')
export class AuditDataSource
  extends juggler.DataSource
  implements LifeCycleObserver
{
  static dataSourceName = AuditDbSourceName;
  static readonly defaultConfig = config;

  constructor(
    @inject('datasources.config.audit', {optional: true})
    dsConfig: object = config,
  ) {
    super(dsConfig);
  }
}

• Using lb4 repository command, create a repository file. After that, change the inject paramater as below so as to refer to correct data source name. @inject(datasources.${AuditDbSourceName}) dataSource: AuditDataSource,

One example below.

import {inject} from '@loopback/core';
import {DefaultCrudRepository} from '@loopback/repository';
import {AuditDbSourceName} from '@sourceloop/audit-log';

import {AuditDataSource} from '../datasources';
import {AuditLog} from '../models';

export class AuditLogRepository extends DefaultCrudRepository<
  AuditLog,
  typeof AuditLog.prototype.id
> {
  constructor(
    @inject(`datasources.${AuditDbSourceName}`) dataSource: AuditDataSource,
  ) {
    super(AuditLog, dataSource);
  }
}

• The component exposes a mixin for your repository classes. Just extend your repository class with AuditRepositoryMixin, for all those repositories where you need audit data. See an example below. For a model Group, here we are extending the GroupRepository with AuditRepositoryMixin.

import {repository} from '@loopback/repository';
import {Group, GroupRelations} from '../models';
import {PgdbDataSource} from '../datasources';
import {inject, Getter, Constructor} from '@loopback/core';
import {AuthenticationBindings, IAuthUser} from 'loopback4-authentication';
import {AuditRepositoryMixin} from '@sourceloop/audit-log';
import {AuditLogRepository} from './audit-log.repository';

const groupAuditOpts: IAuditMixinOptions = {
  actionKey: 'Group_Logs',
};

export class GroupRepository extends AuditRepositoryMixin<
  Group,
  typeof Group.prototype.id,
  GroupRelations,
  string,
  Constructor<
    DefaultCrudRepository<Group, typeof Group.prototype.id, GroupRelations>
  >
>(DefaultCrudRepository, groupAuditOpts) {
  constructor(
    @inject('datasources.pgdb') dataSource: PgdbDataSource,
    @inject.getter(AuthenticationBindings.CURRENT_USER)
    public getCurrentUser: Getter<IAuthUser>,
    @repository.getter('AuditLogRepository')
    public getAuditLogRepository: Getter<AuditLogRepository>,
  ) {
    super(Group, dataSource, getCurrentUser);
  }
}

You can pass any extra attributes to save into audit table using the IAuditMixinOptions parameter of mixin function.

Make sure you provide getCurrentUser and getAuditLogRepository Getter functions in constructor.

This will create all insert, update, delete audits for this model.

• Option to disable audit logging on specific functions by just passing noAudit:true flag with options

create(data, {noAudit: true});

• The package exposes a conditional mixin for your repository classes. Just extend your repository class with ConditionalAuditRepositoryMixin, for all those repositories where you need audit data based on condition whether ADD_AUDIT_LOG_MIXIN is set true. See an example below. For a model Group, here we are extending the GroupRepository with AuditRepositoryMixin.

import {repository} from '@loopback/repository';
import {Group, GroupRelations} from '../models';
import {PgdbDataSource} from '../datasources';
import {inject, Getter, Constructor} from '@loopback/core';
import {AuthenticationBindings, IAuthUser} from 'loopback4-authentication';
import {ConditionalAuditRepositoryMixin} from '@sourceloop/audit-log';
import {AuditLogRepository} from './audit-log.repository';

const groupAuditOpts: IAuditMixinOptions = {
  actionKey: 'Group_Logs',
};

export class GroupRepository extends ConditionalAuditRepositoryMixin(
  DefaultUserModifyCrudRepository<
    Group,
    typeof Group.prototype.id,
    GroupRelations
  >,
  groupAuditOpts,
) {
  constructor(
    @inject('datasources.pgdb') dataSource: PgdbDataSource,
    @inject.getter(AuthenticationBindings.CURRENT_USER)
    public getCurrentUser: Getter<IAuthUser>,
    @repository.getter('AuditLogRepository')
    public getAuditLogRepository: Getter<AuditLogRepository>,
  ) {
    super(Group, dataSource, getCurrentUser);
  }
}

Using with Sequelize ORM

This extension provides support to both juggler (the default loopback ORM) and sequelize.

If your loopback project is already using SequelizeCrudRepository from @loopback/sequelize or equivalent add on repositories from sourceloop packages like SequelizeUserModifyCrudRepository. You'll need to make just two changes:

1. The import statements should have the suffix /sequelize, like below:

import {
  AuditRepositoryMixin,
  AuditLogRepository,
} from '@sourceloop/audit-log/sequelize';

1. The Audit datasource's parent class should be SequelizeDataSource.

import {SequelizeDataSource} from '@loopback/sequelize';

export class AuditDataSource
  extends SequelizeDataSource
  implements LifeCycleObserver
{
  static dataSourceName = AuditDbSourceName;
  static readonly defaultConfig = config;

  constructor(
    @inject('datasources.config.audit', {optional: true})
    dsConfig: object = config,
  ) {
    super(dsConfig);
  }
}

Feedback

If you've noticed a bug or have a question or have a feature request, search the issue tracker to see if someone else in the community has already created a ticket. If not, go ahead and make one! All feature requests are welcome. Implementation time may vary. Feel free to contribute the same, if you can. If you think this extension is useful, please star it. Appreciation really helps in keeping this project alive.

Contributing

Please read CONTRIBUTING.md for details on the process for submitting pull requests to us.

Code of conduct

Code of conduct guidelines here.

License

MIT

Changelog

Release v5.1.0 May 25, 2023

Welcome to the May 25, 2023 release of loopback4-audit-log. There are many updates in this version that we hope you will like, the key highlights include:

• Provide Sequelize Support :- feat(sequelize): add sequelize support was commited on May 25, 2023 by Shubham P

  • modified mixin argument type to accept non default crud repositories

  • added

  • directory import syntax to provide sequelize specific artifacts

  • GH-69

Clink on the above links to understand the changes in detail.

---