Don't write to Dynamo audit log in local environment

Author: devksingh4

package.json

@@ -13,7 +13,7 @@
     "setup": "git config blame.ignoreRevsFile .git-blame-ignore-revs",
     "build": "concurrently --names 'api,ui' 'yarn workspace infra-core-api run build' 'yarn workspace infra-core-ui run build'",
     "postbuild": "yarn lockfile-manage",
-    "dev": "concurrently --names 'api,ui' 'yarn workspace infra-core-api run dev' 'yarn workspace infra-core-ui run dev'",
+    "dev": "cross-env DISABLE_AUDIT_LOG=true concurrently --names 'api,ui' 'yarn workspace infra-core-api run dev' 'yarn workspace infra-core-ui run dev'",
     "lockfile-manage": "synp --with-workspace --source-file yarn.lock",
     "postlockfile-manage": "cp package-lock.json dist/lambda/ && cp package-lock.json dist/sqsConsumer/ && cp src/api/package.lambda.json dist/lambda/package.json && cp src/api/package.lambda.json dist/sqsConsumer/package.json && rm package-lock.json",
     "prettier": "yarn workspaces run prettier && prettier --check tests/**/*.ts",

src/api/functions/auditLog.ts

@@ -55,7 +55,11 @@ export function buildAuditLogTransactPut({
   entry,
 }: {
   entry: AuditLogEntry;
-}): TransactWriteItem {
+}): TransactWriteItem | null {
+  if (process.env.DISABLE_AUDIT_LOG && process.env.RunEnvironment === "dev") {
+    console.log(`Audit log entry: ${JSON.stringify(entry)}`);
+    return null;
+  }
   const item = buildMarshalledAuditLogItem(entry);
   return {
     Put: {

src/api/index.ts

@@ -224,11 +224,27 @@ async function init(prettyPrint: boolean = false) {
   if (!process.env.RunEnvironment) {
     process.env.RunEnvironment = "dev";
   }
+
   if (!runEnvironments.includes(process.env.RunEnvironment as RunEnvironment)) {
     throw new InternalServerError({
       message: `Invalid run environment ${app.runEnvironment}.`,
     });
   }
+  if (process.env.DISABLE_AUDIT_LOG) {
+    if (process.env.RunEnvironment !== "dev") {
+      throw new InternalServerError({
+        message: `Audit log can only be disabled if the run environment is "dev"!`,
+      });
+    }
+    if (process.env.LAMBDA_TASK_ROOT || process.env.AWS_LAMBDA_FUNCTION_NAME) {
+      throw new InternalServerError({
+        message: `Audit log cannot be disabled when running in AWS Lambda environment!`,
+      });
+    }
+    app.log.warn(
+      "Audit logging to Dynamo is disabled! Audit log statements will be logged to the console.",
+    );
+  }
   app.runEnvironment = process.env.RunEnvironment as RunEnvironment;
   app.environmentConfig =
     environmentConfig[app.runEnvironment as RunEnvironment];

src/api/routes/apiKey.ts

@@ -65,7 +65,7 @@ const apiKeyRoute: FastifyPluginAsync = async (fastify, _options) => {
       };
       const command = new TransactWriteItemsCommand({
         TransactItems: [
-          logStatement,
+          ...(logStatement ? [logStatement] : []),
           {
             Put: {
               TableName: genericConfig.ApiKeyTable,
@@ -123,7 +123,7 @@ const apiKeyRoute: FastifyPluginAsync = async (fastify, _options) => {
       });
       const command = new TransactWriteItemsCommand({
         TransactItems: [
-          logStatement,
+          ...(logStatement ? [logStatement] : []),
           {
             Delete: {
               TableName: genericConfig.ApiKeyTable,

src/api/routes/roomRequests.ts

@@ -103,7 +103,7 @@ const roomRequestRoutes: FastifyPluginAsync = async (fastify, _options) => {
           ...request.body,
         }),
       };
-      const logPut = buildAuditLogTransactPut({
+      const logStatement = buildAuditLogTransactPut({
         entry: {
           module: Modules.ROOM_RESERVATIONS,
           actor: request.username!,
@@ -115,7 +115,10 @@ const roomRequestRoutes: FastifyPluginAsync = async (fastify, _options) => {
       try {
         await fastify.dynamoClient.send(
           new TransactWriteItemsCommand({
-            TransactItems: [{ Put: itemPut }, logPut],
+            TransactItems: [
+              { Put: itemPut },
+              ...(logStatement ? [logStatement] : []),
+            ],
           }),
         );
       } catch (e) {
@@ -292,7 +295,7 @@ const roomRequestRoutes: FastifyPluginAsync = async (fastify, _options) => {
         "userId#requestId": `${request.username}#${requestId}`,
         semesterId: request.body.semester,
       };
-      const logPut = buildAuditLogTransactPut({
+      const logStatement = buildAuditLogTransactPut({
         entry: {
           module: Modules.ROOM_RESERVATIONS,
           actor: request.username!,
@@ -324,7 +327,7 @@ const roomRequestRoutes: FastifyPluginAsync = async (fastify, _options) => {
                 }),
               },
             },
-            logPut,
+            ...(logStatement ? [logStatement] : []),
           ],
         });
         await fastify.dynamoClient.send(transactionCommand);

src/api/routes/stripe.ts

@@ -140,7 +140,7 @@ const stripeRoutes: FastifyPluginAsync = async (fastify, _options) => {
       });
       const dynamoCommand = new TransactWriteItemsCommand({
         TransactItems: [
-          logStatement,
+          ...(logStatement ? [logStatement] : []),
           {
             Put: {
               TableName: genericConfig.StripeLinksDynamoTableName,
@@ -245,7 +245,7 @@ const stripeRoutes: FastifyPluginAsync = async (fastify, _options) => {
       });
       const dynamoCommand = new TransactWriteItemsCommand({
         TransactItems: [
-          logStatement,
+          ...(logStatement ? [logStatement] : []),
           {
             Update: {
               TableName: genericConfig.StripeLinksDynamoTableName,
@@ -437,7 +437,7 @@ const stripeRoutes: FastifyPluginAsync = async (fastify, _options) => {
               });
               const dynamoCommand = new TransactWriteItemsCommand({
                 TransactItems: [
-                  logStatement,
+                  ...(logStatement ? [logStatement] : []),
                   {
                     Update: {
                       TableName: genericConfig.StripeLinksDynamoTableName,