Merge branch 'main' into add-bull-queue

joshcolts18 · Aug 19, 2023 · ec234e1 · ec234e1
2 parents 6e1cc12 + 4a48c08
commit ec234e1
Show file tree

Hide file tree

Showing 383 changed files with 7,167 additions and 8,530 deletions.
diff --git a/README.md b/README.md
@@ -34,7 +34,7 @@
     <img src="https://img.shields.io/github/commit-activity/m/infisical/infisical" alt="git commit activity" />
   </a>
   <a href="https://cloudsmith.io/~infisical/repos/">
-    <img src="https://img.shields.io/badge/Downloads-395.8k-orange" alt="Cloudsmith downloads" />
+    <img src="https://img.shields.io/badge/Downloads-821.8k-orange" alt="Cloudsmith downloads" />
   </a>
   <a href="https://infisical.com/slack">
     <img src="https://img.shields.io/badge/chat-on%20Slack-blueviolet" alt="Slack community channel" />
@@ -116,7 +116,7 @@ Lean about Infisical's code scanning feature [here](https://infisical.com/docs/c
 
 This repo available under the [MIT expat license](https://github.com/Infisical/infisical/blob/main/LICENSE), with the exception of the `ee` directory which will contain premium enterprise features requiring a Infisical license.
 
-If you are interested in managed Infisical Cloud of self-hosted Enterprise Offering, take a look at [our webiste](https://infisical.com/) or [book a meeting with us](https://cal.com/vmatsiiako/infisical-demo):
+If you are interested in managed Infisical Cloud of self-hosted Enterprise Offering, take a look at [our website](https://infisical.com/) or [book a meeting with us](https://cal.com/vmatsiiako/infisical-demo):
 
 <a href="https://cal.com/vmatsiiako/infisical-demo"><img alt="Schedule a meeting" src="https://cal.com/book-with-cal-dark.svg" /></a>
 

diff --git a/backend/Dockerfile b/backend/Dockerfile
@@ -14,6 +14,8 @@ FROM node:16-alpine
 
 WORKDIR /app
 
+ENV npm_config_cache /home/node/.npm
+
 COPY package*.json ./
 RUN npm ci --only-production
 
@@ -28,4 +30,4 @@ HEALTHCHECK --interval=10s --timeout=3s --start-period=10s \
 
 EXPOSE 4000
 
-CMD ["npm", "run", "start"]
+CMD ["npm", "run", "start"]
diff --git a/backend/src/controllers/v1/authController.ts b/backend/src/controllers/v1/authController.ts
@@ -15,20 +15,20 @@ import { checkUserDevice } from "../../helpers/user";
 import {
   ACTION_LOGIN,
   ACTION_LOGOUT,
-  AUTH_MODE_JWT,
 } from "../../variables";
 import { 
   BadRequestError,
   UnauthorizedRequestError,
 } from "../../utils/errors";
 import { EELogService } from "../../ee/services";
-import { getChannelFromUserAgent } from "../../utils/posthog";
+import { getUserAgentType } from "../../utils/posthog";
 import {
   getHttpsEnabled,
   getJwtAuthLifetime,
   getJwtAuthSecret,
   getJwtRefreshSecret,
 } from "../../config";
+import { ActorType } from "../../ee/models";
 
 declare module "jsonwebtoken" {
   export interface UserIDJwtPayload extends jwt.JwtPayload {
@@ -142,7 +142,7 @@ export const login2 = async (req: Request, res: Response) => {
         loginAction && await EELogService.createLog({
           userId: user._id,
           actions: [loginAction],
-          channel: getChannelFromUserAgent(req.headers["user-agent"]),
+          channel: getUserAgentType(req.headers["user-agent"]),
           ipAddress: req.realIP,
         });
 
@@ -170,7 +170,7 @@ export const login2 = async (req: Request, res: Response) => {
  * @returns
  */
 export const logout = async (req: Request, res: Response) => {
-  if (req.authData.authMode === AUTH_MODE_JWT && req.authData.authPayload instanceof User && req.authData.tokenVersionId) {
+  if (req.authData.actor.type === ActorType.USER && req.authData.tokenVersionId) {
     await clearTokens(req.authData.tokenVersionId)
   }
 
@@ -190,7 +190,7 @@ export const logout = async (req: Request, res: Response) => {
   logoutAction && await EELogService.createLog({
     userId: req.user._id,
     actions: [logoutAction],
-    channel: getChannelFromUserAgent(req.headers["user-agent"]),
+    channel: getUserAgentType(req.headers["user-agent"]),
     ipAddress: req.realIP,
   });
 

diff --git a/backend/src/controllers/v1/integrationAuthController.ts b/backend/src/controllers/v1/integrationAuthController.ts
@@ -3,7 +3,9 @@ import { Types } from "mongoose";
 import { standardRequest } from "../../config/request";
 import { getApps, getTeams, revokeAccess } from "../../integrations";
 import { Bot, IntegrationAuth } from "../../models";
+import { EventType } from "../../ee/models";
 import { IntegrationService } from "../../services";
+import { EEAuditLogService } from "../../ee/services";
 import {
   ALGORITHM_AES_256_GCM,
   ENCODING_SCHEME_UTF8,
@@ -62,6 +64,19 @@ export const oAuthExchange = async (req: Request, res: Response) => {
     environment: environments[0].slug
   });
 
+  await EEAuditLogService.createAuditLog(
+    req.authData,
+    {
+      type: EventType.AUTHORIZE_INTEGRATION,
+      metadata: {
+        integration: integrationAuth.integration
+      }
+    },
+    {
+      workspaceId: integrationAuth.workspace
+    }
+  );
+
   return res.status(200).send({
     integrationAuth
   });
@@ -129,6 +144,19 @@ export const saveIntegrationAccessToken = async (req: Request, res: Response) =>
   });
 
   if (!integrationAuth) throw new Error("Failed to save integration access token");
+
+  await EEAuditLogService.createAuditLog(
+    req.authData,
+    {
+      type: EventType.AUTHORIZE_INTEGRATION,
+      metadata: {
+        integration: integrationAuth.integration
+      }
+    },
+    {
+      workspaceId: integrationAuth.workspace
+    }
+  );
 
   return res.status(200).send({
     integrationAuth
@@ -530,6 +558,23 @@ export const deleteIntegrationAuth = async (req: Request, res: Response) => {
     integrationAuth: req.integrationAuth,
     accessToken: req.accessToken
   });
+
+  if (!integrationAuth) return res.status(400).send({
+    message: "Failed to find integration authorization"
+  });
+
+  await EEAuditLogService.createAuditLog(
+    req.authData,
+    {
+      type: EventType.UNAUTHORIZE_INTEGRATION,
+      metadata: {
+        integration: integrationAuth.integration
+      }
+    },
+    {
+      workspaceId: integrationAuth.workspace
+    }
+  );
 
   return res.status(200).send({
     integrationAuth

diff --git a/backend/src/controllers/v1/integrationController.ts b/backend/src/controllers/v1/integrationController.ts
@@ -6,6 +6,8 @@ import { eventStartIntegration } from "../../events";
 import Folder from "../../models/folder";
 import { getFolderByPath } from "../../services/FolderService";
 import { BadRequestError } from "../../utils/errors";
+import { EEAuditLogService } from "../../ee/services";
+import { EventType } from "../../ee/models";
 
 /**
  * Create/initialize an (empty) integration for integration authorization
@@ -74,6 +76,31 @@ export const createIntegration = async (req: Request, res: Response) => {
       })
     });
   }
+
+  await EEAuditLogService.createAuditLog(
+    req.authData,
+    {
+      type: EventType.CREATE_INTEGRATION,
+      metadata: {
+        integrationId: integration._id.toString(),
+        integration: integration.integration,
+        environment: integration.environment,
+        secretPath,
+        url: integration.url,
+        app: integration.app,
+        appId: integration.appId,
+        targetEnvironment: integration.targetEnvironment,
+        targetEnvironmentId: integration.targetEnvironmentId,
+        targetService: integration.targetService,
+        targetServiceId: integration.targetServiceId,
+        path: integration.path,
+        region: integration.region
+      }
+    },
+    {
+      workspaceId: integration.workspace
+    }
+  );
 
   return res.status(200).send({
     integration
@@ -148,8 +175,7 @@ export const updateIntegration = async (req: Request, res: Response) => {
 };
 
 /**
- * Delete integration with id [integrationId] and deactivate bot if there are
- * no integrations left
+ * Delete integration with id [integrationId]
  * @param req
  * @param res
  * @returns
@@ -163,6 +189,31 @@ export const deleteIntegration = async (req: Request, res: Response) => {
 
   if (!integration) throw new Error("Failed to find integration");
 
+  await EEAuditLogService.createAuditLog(
+    req.authData,
+    {
+      type: EventType.DELETE_INTEGRATION,
+      metadata: {
+        integrationId: integration._id.toString(),
+        integration: integration.integration,
+        environment: integration.environment,
+        secretPath: integration.secretPath,
+        url: integration.url,
+        app: integration.app,
+        appId: integration.appId,
+        targetEnvironment: integration.targetEnvironment,
+        targetEnvironmentId: integration.targetEnvironmentId,
+        targetService: integration.targetService,
+        targetServiceId: integration.targetServiceId,
+        path: integration.path,
+        region: integration.region
+      }
+    },
+    {
+      workspaceId: integration.workspace
+    }
+  );
+
   return res.status(200).send({
     integration
   });

diff --git a/backend/src/controllers/v1/keyController.ts b/backend/src/controllers/v1/keyController.ts
@@ -1,6 +1,9 @@
+import { Types } from "mongoose";
 import { Request, Response } from "express";
 import { Key } from "../../models";
 import { findMembership } from "../../helpers/membership";
+import { EventType } from "../../ee/models";
+import { EEAuditLogService } from "../../ee/services";
 
 /**
  * Add (encrypted) copy of workspace key for workspace with id [workspaceId] for user with
@@ -44,7 +47,7 @@ export const uploadKey = async (req: Request, res: Response) => {
  */
 export const getLatestKey = async (req: Request, res: Response) => {
   const { workspaceId } = req.params;
-
+  
   // get latest key
   const latestKey = await Key.find({
     workspace: workspaceId,
@@ -58,6 +61,18 @@ export const getLatestKey = async (req: Request, res: Response) => {
 
 	if (latestKey.length > 0) {
 		resObj["latestKey"] = latestKey[0];
+    await EEAuditLogService.createAuditLog(
+      req.authData,
+      {
+        type: EventType.GET_WORKSPACE_KEY,
+        metadata: {
+          keyId: latestKey[0]._id.toString()
+        }
+      },
+      {
+        workspaceId: new Types.ObjectId(workspaceId)
+      }
+    );
 	}
 
 	return res.status(200).send(resObj);

diff --git a/backend/src/controllers/v1/membershipController.ts b/backend/src/controllers/v1/membershipController.ts
@@ -1,9 +1,12 @@
 import { Request, Response } from "express";
-import { Key, Membership, MembershipOrg, User } from "../../models";
+import { Types } from "mongoose";
+import { IUser, Key, Membership, MembershipOrg, User } from "../../models";
+import { EventType } from "../../ee/models";
 import { deleteMembership as deleteMember, findMembership } from "../../helpers/membership";
 import { sendMail } from "../../helpers/nodemailer";
 import { ACCEPTED, ADMIN, MEMBER } from "../../variables";
 import { getSiteURL } from "../../config";
+import { EEAuditLogService } from "../../ee/services";
 
 /**
  * Check that user is a member of workspace with id [workspaceId]
@@ -36,11 +39,11 @@ export const validateMembership = async (req: Request, res: Response) => {
  */
 export const deleteMembership = async (req: Request, res: Response) => {
   const { membershipId } = req.params;
-
+  
   // check if membership to delete exists
   const membershipToDelete = await Membership.findOne({
     _id: membershipId
-  }).populate("user");
+  }).populate<{ user: IUser }>("user");
 
   if (!membershipToDelete) {
     throw new Error("Failed to delete workspace membership that doesn't exist");
@@ -66,6 +69,20 @@ export const deleteMembership = async (req: Request, res: Response) => {
   const deletedMembership = await deleteMember({
     membershipId: membershipToDelete._id.toString()
   });
+
+  await EEAuditLogService.createAuditLog(
+    req.authData,
+    {
+      type: EventType.REMOVE_WORKSPACE_MEMBER,
+      metadata: {
+        userId: membershipToDelete.user._id.toString(),
+        email: membershipToDelete.user.email
+      }
+    },
+    {
+      workspaceId: membership.workspace
+    }
+  );
 
   return res.status(200).send({
     deletedMembership
@@ -87,9 +104,9 @@ export const changeMembershipRole = async (req: Request, res: Response) => {
   }
 
   // validate target membership
-  const membershipToChangeRole = await findMembership({
-    _id: membershipId
-  });
+  const membershipToChangeRole = await Membership
+    .findById(membershipId)
+    .populate<{ user: IUser }>("user");
 
   if (!membershipToChangeRole) {
     throw new Error("Failed to find membership to change role");
@@ -110,9 +127,27 @@ export const changeMembershipRole = async (req: Request, res: Response) => {
     // user is not an admin member of the workspace
     throw new Error("Insufficient role for changing member roles");
   }
+
+  const oldRole = membershipToChangeRole.role;
 
   membershipToChangeRole.role = role;
   await membershipToChangeRole.save();
+
+  await EEAuditLogService.createAuditLog(
+    req.authData,
+    {
+      type: EventType.UPDATE_USER_WORKSPACE_ROLE,
+      metadata: {
+        userId: membershipToChangeRole.user._id.toString(),
+        email: membershipToChangeRole.user.email,
+        oldRole,
+        newRole: membershipToChangeRole.role
+      }
+    },
+    {
+      workspaceId: membershipToChangeRole.workspace
+    }
+  );
 
   return res.status(200).send({
     membership: membershipToChangeRole
@@ -140,7 +175,7 @@ export const inviteUserToWorkspace = async (req: Request, res: Response) => {
   const inviteeMembership = await Membership.findOne({
     user: invitee._id,
     workspace: workspaceId
-  });
+  }).populate<{ user: IUser }>("user");
 
   if (inviteeMembership) throw new Error("Failed to add existing member of workspace");
 
@@ -181,6 +216,20 @@ export const inviteUserToWorkspace = async (req: Request, res: Response) => {
     }
   });
 
+  await EEAuditLogService.createAuditLog(
+    req.authData,
+    {
+      type: EventType.ADD_WORKSPACE_MEMBER,
+      metadata: {
+        userId: invitee._id.toString(),
+        email: invitee.email
+      }
+    },
+    {
+      workspaceId: new Types.ObjectId(workspaceId)
+    }
+  );
+
   return res.status(200).send({
     invitee,
     latestKey