Skip to content

Commit 80758dd

Browse files
hfcemalkilic
hf
and
cemalkilic
authored
feat: add option to disable writing to audit_log_entries (#2073)
Adds a new config option `GOTRUE_AUDIT_LOG_DISABLE_POSTGRES` which when set to true will cause the server to no longer write to the `audit_log_entries` table. --------- Co-authored-by: Cemal Kilic <[email protected]>
1 parent fca8ea4 commit 80758dd

22 files changed

+87
-54
lines changed

internal/api/admin.go

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -304,7 +304,7 @@ func (a *API) adminUserUpdate(w http.ResponseWriter, r *http.Request) error {
304304
}
305305
}
306306

307-
if terr := models.NewAuditLogEntry(r, tx, adminUser, models.UserModifiedAction, "", map[string]interface{}{
307+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, adminUser, models.UserModifiedAction, "", map[string]interface{}{
308308
"user_id": user.ID,
309309
"user_email": user.Email,
310310
"user_phone": user.Phone,
@@ -457,7 +457,7 @@ func (a *API) adminUserCreate(w http.ResponseWriter, r *http.Request) error {
457457

458458
user.Identities = identities
459459

460-
if terr := models.NewAuditLogEntry(r, tx, adminUser, models.UserSignedUpAction, "", map[string]interface{}{
460+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, adminUser, models.UserSignedUpAction, "", map[string]interface{}{
461461
"user_id": user.ID,
462462
"user_email": user.Email,
463463
"user_phone": user.Phone,
@@ -512,6 +512,7 @@ func (a *API) adminUserCreate(w http.ResponseWriter, r *http.Request) error {
512512
func (a *API) adminUserDelete(w http.ResponseWriter, r *http.Request) error {
513513
ctx := r.Context()
514514
user := getUser(ctx)
515+
config := a.config
515516
adminUser := getAdminUser(ctx)
516517

517518
// ShouldSoftDelete defaults to false
@@ -525,7 +526,7 @@ func (a *API) adminUserDelete(w http.ResponseWriter, r *http.Request) error {
525526
}
526527

527528
err := a.db.Transaction(func(tx *storage.Connection) error {
528-
if terr := models.NewAuditLogEntry(r, tx, adminUser, models.UserDeletedAction, "", map[string]interface{}{
529+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, adminUser, models.UserDeletedAction, "", map[string]interface{}{
529530
"user_id": user.ID,
530531
"user_email": user.Email,
531532
"user_phone": user.Phone,
@@ -571,11 +572,12 @@ func (a *API) adminUserDelete(w http.ResponseWriter, r *http.Request) error {
571572

572573
func (a *API) adminUserDeleteFactor(w http.ResponseWriter, r *http.Request) error {
573574
ctx := r.Context()
575+
config := a.config
574576
user := getUser(ctx)
575577
factor := getFactor(ctx)
576578

577579
err := a.db.Transaction(func(tx *storage.Connection) error {
578-
if terr := models.NewAuditLogEntry(r, tx, user, models.DeleteFactorAction, r.RemoteAddr, map[string]interface{}{
580+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.DeleteFactorAction, r.RemoteAddr, map[string]interface{}{
579581
"user_id": user.ID,
580582
"factor_id": factor.ID,
581583
}); terr != nil {
@@ -601,6 +603,7 @@ func (a *API) adminUserGetFactors(w http.ResponseWriter, r *http.Request) error
601603
// adminUserUpdate updates a single factor object
602604
func (a *API) adminUserUpdateFactor(w http.ResponseWriter, r *http.Request) error {
603605
ctx := r.Context()
606+
config := a.config
604607
factor := getFactor(ctx)
605608
user := getUser(ctx)
606609
adminUser := getAdminUser(ctx)
@@ -627,7 +630,7 @@ func (a *API) adminUserUpdateFactor(w http.ResponseWriter, r *http.Request) erro
627630
}
628631
}
629632

630-
if terr := models.NewAuditLogEntry(r, tx, adminUser, models.UpdateFactorAction, "", map[string]interface{}{
633+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, adminUser, models.UpdateFactorAction, "", map[string]interface{}{
631634
"user_id": user.ID,
632635
"factor_id": factor.ID,
633636
"factor_type": factor.FactorType,

internal/api/external.go

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -382,7 +382,7 @@ func (a *API) createAccountFromExternalIdentity(tx *storage.Connection, r *http.
382382
return nil, apierrors.NewInternalServerError("Error updating user").WithInternalError(terr)
383383
}
384384
if decision.CandidateEmail.Verified || config.Mailer.Autoconfirm {
385-
if terr := models.NewAuditLogEntry(r, tx, user, models.UserSignedUpAction, "", map[string]interface{}{
385+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.UserSignedUpAction, "", map[string]interface{}{
386386
"provider": providerType,
387387
}); terr != nil {
388388
return nil, terr
@@ -411,7 +411,7 @@ func (a *API) createAccountFromExternalIdentity(tx *storage.Connection, r *http.
411411
}
412412
}
413413
} else {
414-
if terr := models.NewAuditLogEntry(r, tx, user, models.LoginAction, "", map[string]interface{}{
414+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.LoginAction, "", map[string]interface{}{
415415
"provider": providerType,
416416
}); terr != nil {
417417
return nil, terr
@@ -422,6 +422,8 @@ func (a *API) createAccountFromExternalIdentity(tx *storage.Connection, r *http.
422422
}
423423

424424
func (a *API) processInvite(r *http.Request, tx *storage.Connection, userData *provider.UserProvidedData, inviteToken, providerType string) (*models.User, error) {
425+
config := a.config
426+
425427
user, err := models.FindUserByConfirmationToken(tx, inviteToken)
426428
if err != nil {
427429
if models.IsNotFoundError(err) {
@@ -464,7 +466,7 @@ func (a *API) processInvite(r *http.Request, tx *storage.Connection, userData *p
464466
return nil, apierrors.NewInternalServerError("Database error updating user").WithInternalError(err)
465467
}
466468

467-
if err := models.NewAuditLogEntry(r, tx, user, models.InviteAcceptedAction, "", map[string]interface{}{
469+
if err := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.InviteAcceptedAction, "", map[string]interface{}{
468470
"provider": providerType,
469471
}); err != nil {
470472
return nil, err

internal/api/identity.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ import (
1515

1616
func (a *API) DeleteIdentity(w http.ResponseWriter, r *http.Request) error {
1717
ctx := r.Context()
18+
config := a.config
1819

1920
claims := getClaims(ctx)
2021
if claims == nil {
@@ -49,7 +50,7 @@ func (a *API) DeleteIdentity(w http.ResponseWriter, r *http.Request) error {
4950
}
5051

5152
err = a.db.Transaction(func(tx *storage.Connection) error {
52-
if terr := models.NewAuditLogEntry(r, tx, user, models.IdentityUnlinkAction, "", map[string]interface{}{
53+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.IdentityUnlinkAction, "", map[string]interface{}{
5354
"identity_id": identityToBeDeleted.ID,
5455
"provider": identityToBeDeleted.Provider,
5556
"provider_id": identityToBeDeleted.ProviderID,

internal/api/invite.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ type InviteParams struct {
2020
func (a *API) Invite(w http.ResponseWriter, r *http.Request) error {
2121
ctx := r.Context()
2222
db := a.db.WithContext(ctx)
23+
config := a.config
2324
adminUser := getAdminUser(ctx)
2425
params := &InviteParams{}
2526
if err := retrieveRequestParams(r, params); err != nil {
@@ -82,7 +83,7 @@ func (a *API) Invite(w http.ResponseWriter, r *http.Request) error {
8283
user.Identities = []models.Identity{*identity}
8384
}
8485

85-
if terr := models.NewAuditLogEntry(r, tx, adminUser, models.UserInvitedAction, "", map[string]interface{}{
86+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, adminUser, models.UserInvitedAction, "", map[string]interface{}{
8687
"user_id": user.ID,
8788
"user_email": user.Email,
8889
}); terr != nil {

internal/api/logout.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ const (
2121
// Logout is the endpoint for logging out a user and thereby revoking any refresh tokens
2222
func (a *API) Logout(w http.ResponseWriter, r *http.Request) error {
2323
ctx := r.Context()
24+
config := a.config
2425
db := a.db.WithContext(ctx)
2526
scope := LogoutGlobal
2627

@@ -44,7 +45,7 @@ func (a *API) Logout(w http.ResponseWriter, r *http.Request) error {
4445
u := getUser(ctx)
4546

4647
err := db.Transaction(func(tx *storage.Connection) error {
47-
if terr := models.NewAuditLogEntry(r, tx, u, models.LogoutAction, "", nil); terr != nil {
48+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, u, models.LogoutAction, "", nil); terr != nil {
4849
return terr
4950
}
5051

internal/api/magic_link.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -136,7 +136,7 @@ func (a *API) MagicLink(w http.ResponseWriter, r *http.Request) error {
136136
}
137137

138138
err = db.Transaction(func(tx *storage.Connection) error {
139-
if terr := models.NewAuditLogEntry(r, tx, user, models.UserRecoveryRequestedAction, "", nil); terr != nil {
139+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.UserRecoveryRequestedAction, "", nil); terr != nil {
140140
return terr
141141
}
142142
return a.sendMagicLink(r, tx, user, flowType)

internal/api/mail.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@ func (a *API) adminGenerateLink(w http.ResponseWriter, r *http.Request) error {
139139
var terr error
140140
switch params.Type {
141141
case mail.MagicLinkVerification, mail.RecoveryVerification:
142-
if terr = models.NewAuditLogEntry(r, tx, user, models.UserRecoveryRequestedAction, "", nil); terr != nil {
142+
if terr = models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.UserRecoveryRequestedAction, "", nil); terr != nil {
143143
return terr
144144
}
145145
user.RecoveryToken = hashedToken
@@ -174,7 +174,7 @@ func (a *API) adminGenerateLink(w http.ResponseWriter, r *http.Request) error {
174174
}
175175
user.Identities = []models.Identity{*identity}
176176
}
177-
if terr = models.NewAuditLogEntry(r, tx, adminUser, models.UserInvitedAction, "", map[string]interface{}{
177+
if terr = models.NewAuditLogEntry(config.AuditLog, r, tx, adminUser, models.UserInvitedAction, "", map[string]interface{}{
178178
"user_id": user.ID,
179179
"user_email": user.Email,
180180
}); terr != nil {

internal/api/mfa.go

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -169,6 +169,7 @@ func validateFactors(db *storage.Connection, user *models.User, newFactorName st
169169

170170
func (a *API) enrollPhoneFactor(w http.ResponseWriter, r *http.Request, params *EnrollFactorParams) error {
171171
ctx := r.Context()
172+
config := a.config
172173
user := getUser(ctx)
173174
session := getSession(ctx)
174175
db := a.db.WithContext(ctx)
@@ -208,7 +209,7 @@ func (a *API) enrollPhoneFactor(w http.ResponseWriter, r *http.Request, params *
208209
if terr := tx.Create(factor); terr != nil {
209210
return terr
210211
}
211-
if terr := models.NewAuditLogEntry(r, tx, user, models.EnrollFactorAction, r.RemoteAddr, map[string]interface{}{
212+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.EnrollFactorAction, r.RemoteAddr, map[string]interface{}{
212213
"factor_id": factor.ID,
213214
"factor_type": factor.FactorType,
214215
}); terr != nil {
@@ -230,6 +231,7 @@ func (a *API) enrollPhoneFactor(w http.ResponseWriter, r *http.Request, params *
230231
func (a *API) enrollWebAuthnFactor(w http.ResponseWriter, r *http.Request, params *EnrollFactorParams) error {
231232
ctx := r.Context()
232233
user := getUser(ctx)
234+
config := a.config
233235
session := getSession(ctx)
234236
db := a.db.WithContext(ctx)
235237

@@ -242,7 +244,7 @@ func (a *API) enrollWebAuthnFactor(w http.ResponseWriter, r *http.Request, param
242244
if terr := tx.Create(factor); terr != nil {
243245
return terr
244246
}
245-
if terr := models.NewAuditLogEntry(r, tx, user, models.EnrollFactorAction, r.RemoteAddr, map[string]interface{}{
247+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.EnrollFactorAction, r.RemoteAddr, map[string]interface{}{
246248
"factor_id": factor.ID,
247249
"factor_type": factor.FactorType,
248250
}); terr != nil {
@@ -311,7 +313,7 @@ func (a *API) enrollTOTPFactor(w http.ResponseWriter, r *http.Request, params *E
311313
return terr
312314
}
313315

314-
if terr := models.NewAuditLogEntry(r, tx, user, models.EnrollFactorAction, r.RemoteAddr, map[string]interface{}{
316+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.EnrollFactorAction, r.RemoteAddr, map[string]interface{}{
315317
"factor_id": factor.ID,
316318
}); terr != nil {
317319
return terr
@@ -435,7 +437,7 @@ func (a *API) challengePhoneFactor(w http.ResponseWriter, r *http.Request) error
435437
return terr
436438
}
437439

438-
if terr := models.NewAuditLogEntry(r, tx, user, models.CreateChallengeAction, r.RemoteAddr, map[string]interface{}{
440+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.CreateChallengeAction, r.RemoteAddr, map[string]interface{}{
439441
"factor_id": factor.ID,
440442
"factor_status": factor.Status,
441443
}); terr != nil {
@@ -467,7 +469,7 @@ func (a *API) challengeTOTPFactor(w http.ResponseWriter, r *http.Request) error
467469
if terr := factor.WriteChallengeToDatabase(tx, challenge); terr != nil {
468470
return terr
469471
}
470-
if terr := models.NewAuditLogEntry(r, tx, user, models.CreateChallengeAction, r.RemoteAddr, map[string]interface{}{
472+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.CreateChallengeAction, r.RemoteAddr, map[string]interface{}{
471473
"factor_id": factor.ID,
472474
"factor_status": factor.Status,
473475
}); terr != nil {
@@ -672,7 +674,7 @@ func (a *API) verifyTOTPFactor(w http.ResponseWriter, r *http.Request, params *V
672674

673675
err = db.Transaction(func(tx *storage.Connection) error {
674676
var terr error
675-
if terr = models.NewAuditLogEntry(r, tx, user, models.VerifyFactorAction, r.RemoteAddr, map[string]interface{}{
677+
if terr = models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.VerifyFactorAction, r.RemoteAddr, map[string]interface{}{
676678
"factor_id": factor.ID,
677679
"challenge_id": challenge.ID,
678680
"factor_type": factor.FactorType,
@@ -811,7 +813,7 @@ func (a *API) verifyPhoneFactor(w http.ResponseWriter, r *http.Request, params *
811813

812814
err = db.Transaction(func(tx *storage.Connection) error {
813815
var terr error
814-
if terr = models.NewAuditLogEntry(r, tx, user, models.VerifyFactorAction, r.RemoteAddr, map[string]interface{}{
816+
if terr = models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.VerifyFactorAction, r.RemoteAddr, map[string]interface{}{
815817
"factor_id": factor.ID,
816818
"challenge_id": challenge.ID,
817819
"factor_type": factor.FactorType,
@@ -855,6 +857,7 @@ func (a *API) verifyPhoneFactor(w http.ResponseWriter, r *http.Request, params *
855857

856858
func (a *API) verifyWebAuthnFactor(w http.ResponseWriter, r *http.Request, params *VerifyFactorParams) error {
857859
ctx := r.Context()
860+
config := a.config
858861
user := getUser(ctx)
859862
factor := getFactor(ctx)
860863
db := a.db.WithContext(ctx)
@@ -910,7 +913,7 @@ func (a *API) verifyWebAuthnFactor(w http.ResponseWriter, r *http.Request, param
910913
var token *AccessTokenResponse
911914
err = db.Transaction(func(tx *storage.Connection) error {
912915
var terr error
913-
if terr = models.NewAuditLogEntry(r, tx, user, models.VerifyFactorAction, r.RemoteAddr, map[string]interface{}{
916+
if terr = models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.VerifyFactorAction, r.RemoteAddr, map[string]interface{}{
914917
"factor_id": factor.ID,
915918
"challenge_id": challenge.ID,
916919
"factor_type": factor.FactorType,
@@ -991,6 +994,7 @@ func (a *API) VerifyFactor(w http.ResponseWriter, r *http.Request) error {
991994
func (a *API) UnenrollFactor(w http.ResponseWriter, r *http.Request) error {
992995
var err error
993996
ctx := r.Context()
997+
config := a.config
994998
user := getUser(ctx)
995999
factor := getFactor(ctx)
9961000
session := getSession(ctx)
@@ -1009,7 +1013,7 @@ func (a *API) UnenrollFactor(w http.ResponseWriter, r *http.Request) error {
10091013
if terr := tx.Destroy(factor); terr != nil {
10101014
return terr
10111015
}
1012-
if terr = models.NewAuditLogEntry(r, tx, user, models.UnenrollFactorAction, r.RemoteAddr, map[string]interface{}{
1016+
if terr = models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.UnenrollFactorAction, r.RemoteAddr, map[string]interface{}{
10131017
"factor_id": factor.ID,
10141018
"factor_status": factor.Status,
10151019
"session_id": session.ID,

internal/api/otp.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -186,7 +186,7 @@ func (a *API) SmsOtp(w http.ResponseWriter, r *http.Request) error {
186186

187187
messageID := ""
188188
err = db.Transaction(func(tx *storage.Connection) error {
189-
if err := models.NewAuditLogEntry(r, tx, user, models.UserRecoveryRequestedAction, "", map[string]interface{}{
189+
if err := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.UserRecoveryRequestedAction, "", map[string]interface{}{
190190
"channel": params.Channel,
191191
}); err != nil {
192192
return err

internal/api/reauthenticate.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ const InvalidNonceMessage = "Nonce has expired or is invalid"
1616
// Reauthenticate sends a reauthentication otp to either the user's email or phone
1717
func (a *API) Reauthenticate(w http.ResponseWriter, r *http.Request) error {
1818
ctx := r.Context()
19+
config := a.config
1920
db := a.db.WithContext(ctx)
2021

2122
user := getUser(ctx)
@@ -37,7 +38,7 @@ func (a *API) Reauthenticate(w http.ResponseWriter, r *http.Request) error {
3738

3839
messageID := ""
3940
err := db.Transaction(func(tx *storage.Connection) error {
40-
if terr := models.NewAuditLogEntry(r, tx, user, models.UserReauthenticateAction, "", nil); terr != nil {
41+
if terr := models.NewAuditLogEntry(config.AuditLog, r, tx, user, models.UserReauthenticateAction, "", nil); terr != nil {
4142
return terr
4243
}
4344
if email != "" {

0 commit comments

Comments
 (0)