Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@sourceloop/audit-service

Package Overview
Dependencies
Maintainers
9
Versions
105
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@sourceloop/audit-service

Audit logging microservice

  • 5.2.18
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
460
increased by80.39%
Maintainers
9
Weekly downloads
 
Created
Source

@sourceloop/audit-service

LoopBack

npm

node-current (scoped)

npm (prod) dependency version (scoped)

Overview

A LoopBack microservice used for auditing user actions. All the user actions like insert, update and delete can be audited. It uses @sourceloop/audit-log as a base which provides the same functionality but through a repository mixin. A repository mixin logs all the actions by default. So when we use a repository mixin we have less control over the customization that can be done. So in case where we want to audit only in certain scenario or for a particular case this service can be used. This service exposes APIs to insert and read the audited data so that we have a free hand.

Installation


npm i @sourceloop/audit-service

Usage

  • Install the audit service npm i @sourceloop/audit-service
  • Set the environment variables.
  • Run the migrations.
  • Add the AuditServiceComponent to your Loopback4 Application (in application.ts).
    // import the AuditServiceComponent
    import {AuditServiceComponent} from '@sourceloop/audit-service';
    // add Component for AuditServiceComponent
    this.component(AuditServiceComponent);
    
  • Set up a Loopback4 Datasource with dataSourceName property set to AuditDbSourceName. You can see an example datasource here.
  • Start the application npm start

Creating Logs

The logs in this service can either be created through the REST endpoint, or through a repository mixin provided with the @sourceloop/audit-log npm module. This mixin, by default, creates logs for all the inbuilt actions done through the extended repository. You can read more about how to use this package here.

All the different types of action that are logged are

export declare enum Action {
  INSERT_ONE = 'INSERT_ONE',
  INSERT_MANY = 'INSERT_MANY',
  UPDATE_ONE = 'UPDATE_ONE',
  UPDATE_MANY = 'UPDATE_MANY',
  DELETE_ONE = 'DELETE_ONE',
  DELETE_MANY = 'DELETE_MANY',
}

Environment Variables

Do not forget to set Environment variables. The examples below show a common configuration for a PostgreSQL Database running locally.

NODE_ENV=dev
LOG_LEVEL=DEBUG
HOST=0.0.0.0
PORT=3000
DB_HOST=localhost
DB_PORT=5432
DB_USER=pg_service_user
DB_PASSWORD=pg_service_user_password
DB_DATABASE=audit_db
DB_SCHEMA=public
JWT_SECRET=super_secret_string
JWT_ISSUER=https://authentication.service
NameRequiredDefault ValueDescription
NODE_ENVYNode environment value, i.e. dev, test, prod
LOG_LEVELYLog level value, i.e. error, warn, info, verbose, debug
HOSTYHost for the service to run under, i.e. 0.0.0.0
PORTY3000Port for the service to listen on.
DB_HOSTYHostname for the database server.
DB_PORTYPort for the database server.
DB_USERYUser for the database.
DB_PASSWORDYPassword for the database user.
DB_DATABASEYDatabase to connect to on the database server.
DB_SCHEMAYpublicDatabase schema used for the data source. In PostgreSQL, this will be public unless a schema is made explicitly for the service.
JWT_SECRETYSymmetric signing key of the JWT token.
JWT_ISSUERYIssuer of the JWT token.

Setting up a DataSource

Here is a Sample Implementation DataSource implementation using environment variables.

import {inject, lifeCycleObserver, LifeCycleObserver} from  '@loopback/core';
import {juggler} from  '@loopback/repository';
import {AuditDbSourceName} from  '@sourceloop/audit-log';

const  config = {
  name:  AuditDbSourceName,
  connector:  'postgresql',
  url:  '',
  host:  process.env.DB_HOST,
  port:  process.env.DB_PORT,
  user:  process.env.DB_USER,
  password:  process.env.DB_PASSWORD,
  database:  process.env.DB_DATABASE,
  schema:  process.env.DB_SCHEMA,
};


@lifeCycleObserver('datasource')
export  class  AuditDbDataSource  extends  juggler.DataSource implements  LifeCycleObserver {
  static  dataSourceName = AuditDbSourceName;
  static  readonly  defaultConfig = config;

  constructor(
    // You need to set datasource configuration name as 'datasources.config.audit' otherwise you might get Errors
    @inject('datasources.config.audit', {optional:  true})
    dsConfig: object = config,
  ) {
      super(dsConfig);
  }
}

Migrations

The migrations required for this service are processed during the installation automatically if you set the AUDIT_MIGRATION or SOURCELOOP_MIGRATION env variable. The migrations use db-migrate with db-migrate-pg driver for migrations, so you will have to install these packages to use auto-migration. Please note that if you are using some pre-existing migrations or databases, they may be affected. In such a scenario, it is advised that you copy the migration files in your project root, using the AUDIT_MIGRATION_COPY or SOURCELOOP_MIGRATION_COPY env variables. You can customize or cherry-pick the migrations in the copied files according to your specific requirements and then apply them to the DB.

API Documentation

Common Headers

Authorization: Bearer where is a JWT token signed using JWT issuer and secret. Content-Type: application/json in the response and in request if the API method is NOT GET

Common Request path Parameters

{version}: Defines the API Version

Common Responses

200: Successful Response. Response body varies w.r.t API 401: Unauthorized: The JWT token is missing or invalid 403: Forbidden : Not allowed to execute the concerned API 404: Entity Not Found 400: Bad Request (Error message varies w.r.t API) 201: No content: Empty Response

API Details

Visit the OpenAPI spec docs

Keywords

FAQs

Package last updated on 03 May 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc