mirror of
https://github.com/yu-i-i/overleaf-cep.git
synced 2026-05-23 17:19:37 +02:00
ae6dec9dcb
Revert "[web] Convert models and self-referential test files to ESM " GitOrigin-RevId: 5455cccbb513bd9ca36ce526ff1553065f83d233
112 lines
3.4 KiB
JavaScript
112 lines
3.4 KiB
JavaScript
import OError from '@overleaf/o-error'
|
|
import logger from '@overleaf/logger'
|
|
import { UserAuditLogEntry } from '../../models/UserAuditLogEntry.js'
|
|
import { callbackify } from 'node:util'
|
|
import SubscriptionLocator from '../Subscription/SubscriptionLocator.mjs'
|
|
|
|
function _canHaveNoIpAddressId(operation, info) {
|
|
if (operation === 'add-email' && info.script) return true
|
|
if (operation === 'join-group-subscription') return true
|
|
if (operation === 'leave-group-subscription') return true
|
|
if (operation === 'must-reset-password-set') return true
|
|
if (operation === 'remove-email' && info.script) return true
|
|
if (operation === 'release-managed-user' && info.script) return true
|
|
if (operation === 'unlink-dropbox' && info.batch) return true
|
|
return false
|
|
}
|
|
|
|
function _canHaveNoInitiatorId(operation, info) {
|
|
if (operation === 'add-email' && info.script) return true
|
|
if (operation === 'reset-password') return true
|
|
if (operation === 'unlink-sso' && info.providerId === 'collabratec')
|
|
return true
|
|
if (operation === 'unlink-sso' && info.script === true) return true
|
|
if (operation === 'unlink-institution-sso-not-migrated') return true
|
|
if (operation === 'remove-email' && info.script) return true
|
|
if (operation === 'join-group-subscription') return true
|
|
if (operation === 'leave-group-subscription') return true
|
|
if (operation === 'must-reset-password-set') return true
|
|
if (operation === 'must-reset-password-unset') return true
|
|
if (operation === 'account-suspension' && info.script) return true
|
|
if (operation === 'release-managed-user' && info.script) return true
|
|
}
|
|
|
|
// events that are visible to managed user admins in Group Audit Logs view
|
|
const MANAGED_GROUP_USER_EVENTS = [
|
|
'login',
|
|
'reset-password',
|
|
'update-password',
|
|
'link-dropbox',
|
|
'unlink-dropbox',
|
|
'link-github',
|
|
'unlink-github',
|
|
]
|
|
|
|
/**
|
|
* Add an audit log entry
|
|
*
|
|
* The entry should include at least the following fields:
|
|
*
|
|
* - userId: the user on behalf of whom the operation was performed
|
|
* - operation: a string identifying the type of operation
|
|
* - initiatorId: who performed the operation
|
|
* - ipAddress: the IP address of the initiator
|
|
* - info: an object detailing what happened
|
|
*/
|
|
async function addEntry(userId, operation, initiatorId, ipAddress, info = {}) {
|
|
if (!operation) {
|
|
throw new OError('missing operation for audit log', {
|
|
initiatorId,
|
|
ipAddress,
|
|
})
|
|
}
|
|
|
|
if (!ipAddress && !_canHaveNoIpAddressId(operation, info)) {
|
|
throw new OError('missing ipAddress for audit log', {
|
|
operation,
|
|
initiatorId,
|
|
})
|
|
}
|
|
|
|
if (!initiatorId && !_canHaveNoInitiatorId(operation, info)) {
|
|
throw new OError('missing initiatorId for audit log', {
|
|
operation,
|
|
ipAddress,
|
|
})
|
|
}
|
|
|
|
const entry = {
|
|
userId,
|
|
operation,
|
|
initiatorId,
|
|
info,
|
|
ipAddress,
|
|
}
|
|
|
|
if (MANAGED_GROUP_USER_EVENTS.includes(operation)) {
|
|
try {
|
|
const managedSubscription =
|
|
await SubscriptionLocator.promises.getUniqueManagedSubscriptionMemberOf(
|
|
userId
|
|
)
|
|
if (managedSubscription) {
|
|
entry.managedSubscriptionId = managedSubscription._id
|
|
}
|
|
} catch (err) {
|
|
logger.error({ err, userId }, 'failed to lookup managed subscription')
|
|
}
|
|
}
|
|
|
|
await UserAuditLogEntry.create(entry)
|
|
}
|
|
|
|
const UserAuditLogHandler = {
|
|
MANAGED_GROUP_USER_EVENTS,
|
|
addEntry: callbackify(addEntry),
|
|
promises: {
|
|
addEntry,
|
|
},
|
|
}
|
|
|
|
export default UserAuditLogHandler
|