sourcefuse / loopback4-audit-log Goto Github PK

Describe the bug
loopback versions update

Describe the bug
Add sonar and synk badges

Describe the bug

• Loopback version update

Describe the bug
Fix sonar quality gate issues.

Screenshots
If applicable, add screenshots to help explain your problem.

https://sonarcloud.io/project/issues?resolved=false&types=CODE_SMELL&id=sourcefuse_loopback4-audit-log

Describe the bug
Loopback version update

Is your feature request related to a problem? Please describe.
After the sourceloop release processes regression on jenkins the release of packages needs to be done locally.

Describe the solution you'd like
Set up a manually dispatch-able github action to publish releases.

Describe alternatives you've considered
The possible alternate is to publish packages locally but that requires keeping the credentials environment already setup.

Additional context
__

Hi,

Thank you for a great library supporting audit feature. While the feature is comprehensive, is there a way I can configure where my logs should go and sit.

To quote a few examples, I may want to:

1. Have my logs go into separate tables/collections based on the Source Application. Meaning thereby, let's say I have multiple applications but would like to have all my audit data in a single database, but seggregated into separate tables/collections. Is this a possibility?
2. Have my logs move into a dynamically created table/collection by date. Meaning thereby, let's say, I configure my logging/auditing such that every month or so, a new table/collection gets created and the audit logs go into this table/collection.

Please let me know your thoughts on the above two.

Warm Regards
Siva

Describe the bug
loopback version update

Describe the bug
Fix sonar issues and smells
https://sonarcloud.io/summary/overall?id=sourcefuse_loopback4-audit-log

Describe the bug
When mixin is applied on a repository class, in some methods (eg. updateById) it calls the parent class' methods like find, findById to get the before values (earlier to performing the actual operation).

But these calls are made without forwarding the options param which results in a bug when transactions are used. The users passes the transaction instance but it doesn't get forwarded to the find/findById method resulting in the response where entry is returned when not expected (the case where that transaction is not committed yet).
And ultimately the before column will have an unexpected value.

To Reproduce
Steps to reproduce the behavior:

1. Apply the audit mixin to a repository on which a transaction can be performed.
2. Begin a transaction, create an entry, update it using updateById, commit the transaction.
3. See the audit logs created.

Expected behavior
The mixin should forward the options received originally to the original repository class calls.

Additional context
__

Describe the bug
Test case coverage missing and not up to the mark

To Reproduce
We should have at least 75% unit test case coverage for this package.

Describe the bug

In the below code there are 3 db transactions, one for before, one for updation and another one for fetching the updated data post the update transaction, i feel this can be reduced to two considering we have the before value and the update value, we can make a union of the two values, this has performance impact on the application.
Considering negative scenarios of unwanted values, the update operation should be sufficient enough invalidate those values.

  async updateById(
     id: ID,
     data: DataObject<M>,
     options?: AuditOptions,
   ): Promise<void> {
     if (options?.noAudit) {
       return super.updateById(id, data, options);
     }
     const before = await this.findById(id);
     // loopback repository internally calls updateAll so we don't want to create another log
     if (options) {
       options.noAudit = true;
     } else {
       options = {noAudit: true};
     }
     await super.updateById(id, data, options);
     const after = await this.findById(id);

Is your feature request related to a problem? Please describe.
Node v14 reaching its end of life this month. Loopback removes support for node v14 in all of its packages we depend on.

Sourceloop packages/services also currently have v12 and v14 as the supported versions.

Describe the solution you'd like
Remove the support for node v14 and v12. And add the support for the latest LTS version v18.

Describe alternatives you've considered
__

Additional context
__

Describe the bug
Loopback verison update

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you can benefit from your bug fixes and new features again.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can fix this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here are some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Invalid npm token.

The npm token configured in the NPM_TOKEN environment variable must be a valid token allowing to publish to the registry https://registry.npmjs.org/.

If you are using Two Factor Authentication for your account, set its level to "Authorization only" in your account settings. semantic-release cannot publish with the default "
Authorization and writes" level.

Please make sure to set the NPM_TOKEN environment variable in your CI with the exact value of the npm token.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Describe the bug
Currently the issues and PR never closed even if inactive.
They should be closed automatically.

To Reproduce
Steps to reproduce the behavior:

1. Create a new issue/Pr
2. Observe it.
3. Even after no activity it stays open.

Expected behavior
Inactive issues/Pr should be closed automatically.

To have a consistent header in all sourceloop packages.
Reference readme: https://www.npmjs.com/package/@sourceloop/cache

• update all dependencies ( including dev and peer dependencies)
• use node version 16 for the same

Is your feature request related to a problem? Please describe.
Currently the audit mixin can be only applied to DefaultCrudRepository and the add ons of it in sourceloop packages like DefaultUserModifyCrudRepository, DefaultSoftCrudRepository etc.
Due to the explicit type being expected in the mixin the SequelizeCrudRepository or the equivalent sourceloop add-ons like SequelizeUserModifyCrudRepository can't be used currently.

Describe the solution you'd like
Provide a way to enable use of mixin on repositories of both ORMs.

Describe alternatives you've considered
__

Additional context
__

Is your feature request related to a problem? Please describe.
Custom ChangeLog generation with details about changes

Describe the solution you'd like
Right now the changelog generated is automated by semantic-release and does not provide much details about the changes done for the new release.
A detailed description of the changes and the issue corresponding to the change will be really helpful.

Describe the bug
remove all curent vulnerability of loopback4-audit-log.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

Describe the bug
Right now Issue description is not visible in the changelog
To Reproduce
Steps to reproduce the behavior:

1. Release a new version
2. check the changelog
3. Issue Description not visible
4. Issue link not clickable

Is your feature request related to a problem? Please describe.
add audit log mixin wrapper around mixin, that will let user to decide whether to generate audit logs or not

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

A consolidated issue to track all the repos and their issues.

Audit -- #85

Describe the bug

• License and Copyright Headers’ Year Upgradation

Describe the bug
Loopback version updates.

Describe the bug
Table name pre-defined in model (name: 'audit_logs',). It creates issues if I want some other table name or my table name is having some prefix.
It should be configurable so that we can change it anytime without making changes in core code.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'https://github.com/sourcefuse/loopback4-audit-log/blob/master/src/models/audit-log.model.ts.'
2. Check line number 13

Expected behavior
Table name should be configurable

Screenshots

Describe the bug
Update lb4 dependencies in the package

For further information refer to the link below:
sourcefuse/loopback4-soft-delete#197

Describe the bug
Changes for semantic-release
when dependencies are updated with chore type new version is not released

To Reproduce
try updating the dependencies using chore(deps)

Expected behavior
when dependencies are updated with chore type new version must be released

Is your feature request related to a problem? Please describe.

1. Remove support for node 16 and lower versions
2. update package deps.

Describe the solution you'd like
Changes in the node property of package.json
This will be a breaking change.

Is your feature request related to a problem? Please describe.
Adding semantic release for automatic release of packages.

Describe the solution you'd like
Using npm semantic-release

Describe alternatives you've considered

Additional context

Describe the bug

• The actor field in the audit logs created use the id of the user bound in the context and there is no way to override this behaviour
• We can not use the mixin if the user is not present in the context
• deleteAllHard method is not creating any log records so there should be a way to create records for such methods

To Reproduce
Steps to reproduce the behavior:

1. Add mixin to repo
2. Hit the repo with a User in the context
3. The actor saved uses the id property of user

Expected behavior

• The property of the user that is saved in the log should be configurable
• It should work without user bound in context
• deleteAllHard should also create log records

Additional context
This is required in case we want to save something like userTenantId instead of simply the userId

Describe the bug
I have tried to use loopback4-authentication and loopback4-auditlog and when I try to change my repository to extend from AuditRepositoryMixin, it throws the following error message. We are unsure if any step is missed out or if these are compatible libraries.

Class 'HospitalRepository' incorrectly extends base class 'DefaultCrudRepository<Hospital, any, HospitalRelations> & IAuditMixin'.
Type 'HospitalRepository' is not assignable to type 'IAuditMixin'.
The types returned by 'getCurrentUser()' are incompatible between these types.
Type 'Promise' is not assignable to type 'Promise<User<string, string, string>>'.
Type 'IAuthUser' is missing the following properties from type 'User<string, string, string>': permissions, authClientId, role, firstName, lastName

To Reproduce
Please provide a user who can review the changes in our Git repository and I can add them to view the issue.

I get the below error in my repository class where i am trying to add the auditlog. Not sure what I am missing. Please help

Class 'ContactRepository' incorrectly extends base class '{ getAuditLogRepository: () => Promise; getCurrentUser?: (() => Promise<{ id?: string | undefined; }>) | undefined; create(dataObject: DataObject<...>, options?: AuditOptions | undefined): Promise<...>; ... 15 more ...; count: (where?: Where<...> | undefined, options?: AnyObject | undefined) => P...'.
Type 'ContactRepository' is not assignable to type '{ getAuditLogRepository: () => Promise; getCurrentUser?: (() => Promise<{ id?: string | undefined; }>) | undefined; create(dataObject: DataObject<...>, options?: AuditOptions | undefined): Promise<...>; ... 15 more ...; count: (where?: Where<...> | undefined, options?: AnyObject | undefined) => P...'.
The types returned by 'getAuditLogRepository()' are incompatible between these types.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

See: sourcefuse/arc-docs#26