now logs requests into the db

Author: iolufemi

models/RequestLogs.js

@@ -0,0 +1,185 @@
+"use strict";
+
+var db = require('../services/database/mongo');
+
+var collection = 'RequestLogs';
+
+var service = 'Users';
+
+var debug = require('debug')(collection);
+
+var schemaObject = {
+    RequestId: {
+        type: 'String'
+    },
+    ipAddress: {
+        type: 'String'
+    },
+    url: {
+        type: 'String'
+    },
+    method: {
+        type: 'String'
+    },
+    service: {
+        type: 'String',
+        default: service
+    },
+    body: {
+        type: db.Schema.Types.Mixed
+    },
+    app: {
+        type: db.Schema.Types.ObjectId,
+        ref: 'Applications'
+    },
+    user: {
+        type: db.Schema.Types.ObjectId,
+        ref: 'Users'
+    },
+    device: {
+        type: 'String'
+    },
+    response: {
+        type: db.Schema.Types.Mixed
+    },
+};
+
+schemaObject.createdAt = {
+    type: 'Date',
+    default: Date.now
+};
+
+schemaObject.updatedAt = {
+    type: 'Date'
+    // default: Date.now
+};
+
+schemaObject.owner = {
+    type: db.Schema.Types.ObjectId,
+    ref: 'Users'
+};
+
+schemaObject.createdBy = {
+    type: db.Schema.Types.ObjectId,
+    ref: 'Users'
+};
+
+schemaObject.client = {
+    type: db.Schema.Types.ObjectId,
+    ref: 'Clients'
+};
+
+schemaObject.developer = {
+    type: db.Schema.Types.ObjectId,
+    ref: 'Users'
+};
+
+schemaObject.tags = {
+    type: [String],
+    index: 'text'
+};
+
+// Let us define our schema
+var Schema = db.Schema(schemaObject);
+
+// Index all text for full text search
+// MyModel.find({$text: {$search: searchString}})
+//    .skip(20)
+//    .limit(10)
+//    .exec(function(err, docs) { ... });
+// Schema.index({'tags': 'text'});
+
+Schema.statics.search = function(string) {
+    return this.find({$text: {$search: string}}, { score : { $meta: "textScore" } })
+    .sort({ score : { $meta : 'textScore' } });
+};
+
+// assign a function to the "methods" object of our Schema
+// Schema.methods.someMethod = function (cb) {
+//     return this.model(collection).find({}, cb);
+// };
+
+// assign a function to the "statics" object of our Schema
+// Schema.statics.someStaticFunction = function(query, cb) {
+// eg. pagination
+    // this.find(query, null, { skip: 10, limit: 5 }, cb);
+// };
+
+// Adding hooks
+
+Schema.pre('save', function(next) {
+    // Indexing for search
+    var ourDoc = this._doc;
+    var split = [];
+    for(var n in ourDoc){
+        if(typeof ourDoc[n] === 'string'){
+            split.push(ourDoc[n].split(' '));
+        }
+    }
+    this.tags = split;
+    next();
+});
+
+Schema.post('init', function(doc) {
+  debug('%s has been initialized from the db', doc._id);
+});
+
+Schema.post('validate', function(doc) {
+  debug('%s has been validated (but not saved yet)', doc._id);
+});
+
+Schema.post('save', function(doc) {
+  debug('%s has been saved', doc._id);
+});
+
+Schema.post('remove', function(doc) {
+  debug('%s has been removed', doc._id);
+});
+
+Schema.pre('validate', function(next) {
+  debug('this gets printed first');
+  next();
+});
+
+Schema.post('validate', function() {
+  debug('this gets printed second');
+});
+
+Schema.pre('find', function(next) {
+  debug(this instanceof db.Query); // true
+  this.start = Date.now();
+  next();
+});
+
+Schema.post('find', function(result) {
+  debug(this instanceof db.Query); // true
+  // prints returned documents
+  debug('find() returned ' + JSON.stringify(result));
+  // prints number of milliseconds the query took
+  debug('find() took ' + (Date.now() - this.start) + ' millis');
+});
+
+Schema.pre('update', function(next) {
+    // Adding updated date
+    
+    // Indexing for search
+    var ourDoc = this._update.$set;
+    var split = [];
+    for(var n in ourDoc){
+        if(typeof ourDoc[n] === 'string'){
+            split.push(ourDoc[n].split(' '));
+        }
+    }
+
+    if(!split){
+        this.update(this._conditions,{ $set: { updatedAt: new Date()} });
+    }else{
+        this.update(this._conditions,{ $set: { updatedAt: new Date()}, $addToSet: {tags: {$each: split}} });
+    }
+    
+    next();
+});
+
+var Model = db.model(collection, Schema);
+
+module.exports = Model;

package.json

@@ -48,6 +48,7 @@
     "express-enforces-ssl": "^1.1.0",
     "express-limiter": "^1.6.0",
     "express-validator": "^3.1.2",
+    "fnv-plus": "^1.2.12",
     "helmet": "^3.6.1",
     "hpp": "^0.2.2",
     "lodash": "^4.17.4",

routes/index.js

@@ -17,6 +17,20 @@ var cors = require('cors');
 var hpp = require('hpp');
 var contentLength = require('express-content-length-validator');
 var MAX_CONTENT_LENGTH_ACCEPTED = config.maxContentLength * 1;
+var url = require('url');
+var fnv = require('fnv-plus');
+var RequestLogs = require('../models/RequestLogs');
+
+var sanitizeRequestUrl = function(req) {
+  var requestUrl = url.format({
+    protocol: req.protocol,
+    host: req.hostname,
+    pathname: req.originalUrl || req.url,
+    query: req.query
+});
+
+  return requestUrl.replace(/(password=).*?(&|$)/ig, '$1<hidden>$2');
+};
 
 var allRequestData = function(req,res,next){
     var requestData = {};
@@ -41,8 +55,6 @@ var enforceUserIdAndAppId = function(req,res,next){
     }else if(!appId){
         res.badRequest(false,'No appId parameter was passed in the payload of this request. Please pass an appId.');
     }else{
-        // Do a middleware that validates userId and appID here. put the user service endpoint in the env var. ideally, this should be the gateway endpoint
-        // Check if this user and app is allowed on this service
         req.userId = userId;
         req.appId = appId;
         next();
@@ -80,9 +92,32 @@ limiter({
 
 router.use(response);
 router.use(expressValidator());
+// Log requests here
 router.use(function(req,res,next){
-    log.info('[TIME: '+new Date().toISOString()+'] [IP Address: '+req.ip+'] [METHOD: '+req.method+'] [URL: '+req.originalUrl+']');
-    next();
+  var ipAddress = req.get('x-forwarded-for') || req.connection && req.connection.remoteAddress;
+  req.requestId = fnv.hash(new Date().valueOf() + ipAddress, 128).str();
+
+  var reqLog = {
+    RequestId: req.requestId,
+    ipAddress: ipAddress,
+    url: sanitizeRequestUrl(req),
+    method: req.method,
+    body: _.omit(req.body, ['password','cardno']),
+    app: req.appId,
+    user: req.userId,
+    device: req.get('user-agent'),
+    createdAt: new Date()
+};
+
+RequestLogs.create(reqLog)
+.then(function(res){
+    return _.identity(res);
+});
+
+  // persist RequestLog entry in the background; continue immediately
+
+  log.info(reqLog);
+  next();
 });
 
 router.get('/', function (req, res) {

services/response/badRequest.js

@@ -1,8 +1,17 @@
 "use strict";
 var log = require('../logger');
+var RequestLogs = require('../../models/RequestLogs');
+var _ = require('lodash');
 
 module.exports = function(data, message){
 	log.warn('Sending bad request response: ', data, message || 'bad request');
+    var req = this.req;
+    var res = this;
+
+    RequestLogs.update({RequestId: req.requestId},{response: {status: 'error', data: data, message: message ? message : 'bad request'}})
+    .then(function(res){
+        return _.identity(res);
+    });
 
 	if (data !== undefined && data !== null) {
 		if(Object.keys(data).length === 0 && JSON.stringify(data) === JSON.stringify({})){

services/response/forbidden.js

@@ -1,8 +1,17 @@
 "use strict";
 var log = require('../logger');
+var RequestLogs = require('../../models/RequestLogs');
+var _ = require('lodash');
 
 module.exports = function(data, message){
 	log.warn('Sending forbidden response: ', data, message || 'forbidden');
+    var req = this.req;
+    var res = this;
+
+    RequestLogs.update({RequestId: req.requestId},{response: {status: 'error', data: data, message: message ? message : 'forbidden'}})
+    .then(function(res){
+        return _.identity(res);
+    });
 
 	if (data !== undefined && data !== null) {
 		if(Object.keys(data).length === 0 && JSON.stringify(data) === JSON.stringify({})){

services/response/notFound.js

@@ -1,7 +1,17 @@
 "use strict";
 var log = require('../logger');
+var RequestLogs = require('../../models/RequestLogs');
+var _ = require('lodash');
 
 module.exports = function(){
 	log.warn('Sending 404 response: '+'not found');
+    var req = this.req;
+    var res = this;
+
+    RequestLogs.update({RequestId: req.requestId},{response: {status: 'error', message: 'not found'}})
+    .then(function(res){
+        return _.identity(res);
+    });
+
 	this.status(404).json({status: 'error', message: 'not found'});
 };

services/response/ok.js

@@ -3,34 +3,43 @@ var log = require('../logger');
 var config = require('../../config');
 var encryption = require('../encryption');
 var debug = require('debug')('response');
+var RequestLogs = require('../../models/RequestLogs');
+var _ = require('lodash');
 
 module.exports = function(data){
 	debug("sending ok response");
 	var req = this.req;
 	var res = this;
 
-	if(req.header('x-tag') && req.method === 'POST' && config.secureMode && data){
-		debug("i want to encrypt");
-		var key = req.header('x-tag');
-		debug('our encryption key: ', key);
-		var text = JSON.stringify(data);
-		debug("about to call encryption method");
-		encryption.encrypt(text, key)
-		.then(function(resp){
-			debug("got response from encryption method: ",resp);
-			log.info('Sending ok response: ', data);
-			res.status(200).json({status: 'success', data: resp, secure: true});
-		})
-		.catch(function(err){
-			debug("got error from encryption method: ", err);
-			res.serverError(err,'Error encrypting response.');
-		});
-	}else{
-		log.info('Sending ok response: ', data);
-		if(data){
-			res.status(200).json({status: 'success', data: data});
-		}else{
-			res.status(200).json({status: 'success'});
-		}
-	}
+    RequestLogs.update({RequestId: req.requestId},{response: {status: 'success', data: data}})
+    .then(function(res){
+        return _.identity(res);
+    });
+
+    
+
+    if(req.header('x-tag') && req.method === 'POST' && config.secureMode && data){
+      debug("i want to encrypt");
+      var key = req.header('x-tag');
+      debug('our encryption key: ', key);
+      var text = JSON.stringify(data);
+      debug("about to call encryption method");
+      encryption.encrypt(text, key)
+      .then(function(resp){
+       debug("got response from encryption method: ",resp);
+       log.info('Sending ok response: ', data);
+       res.status(200).json({status: 'success', data: resp, secure: true});
+   })
+      .catch(function(err){
+       debug("got error from encryption method: ", err);
+       res.serverError(err,'Error encrypting response.');
+   });
+  }else{
+      log.info('Sending ok response: ', data);
+      if(data){
+       res.status(200).json({status: 'success', data: data});
+   }else{
+       res.status(200).json({status: 'success'});
+   }
+}
 };