Add audit logs example application (#24)

* Add audit logs example application

* Update README

* Update readme step numbers

Co-authored-by: Adam Wolfman <[email protected]>

Author: awolfden

python-flask-admin-portal-example/requirements.txt

@@ -9,5 +9,5 @@ MarkupSafe==2.0.1
 requests==2.26.0
 urllib3==1.26.7
 Werkzeug==2.0.1
-workos==1.14.0
+workos==1.16.0
 python-dotenv

python-flask-audit-logs-example/.gitignore

@@ -0,0 +1,129 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/

python-flask-audit-logs-example/.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "python.formatting.provider": "black"
+}

python-flask-audit-logs-example/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 WorkOS
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

python-flask-audit-logs-example/README.md

@@ -0,0 +1,125 @@
+# python-flask-audit-logs-example
+
+An example Flask application demonstrating how to use the [WorkOS Python SDK](https://github.com/workos/workos-python) to send and retrieve Audit Log events. This example is not meant to show a real-world example of an Audit Logs implementation, but rather to show concrete examples of how events can be sent using the Python SDK.
+
+## Prerequisites
+
+- Python 3.6+
+
+## Flask Project Setup
+
+1. Clone the main git repo for these Python example apps using your preferred secure method (HTTPS or SSH).
+
+   ```bash
+   # HTTPS
+   $ git clone https://github.com/workos/python-flask-example-applications.git
+   ```
+
+   or
+
+   ```bash
+   # SSH
+   $ git clone [email protected]:workos/python-flask-example-applications.git
+   ```
+
+2. Navigate to the Audit Logs app within the cloned repo.
+
+   ```bash
+   $ cd python-flask-example-applications/python-flask-audit-logs-example
+   ```
+
+3. Create and source a Python virtual environment. You should then see `(env)` at the beginning of your command-line prompt.
+
+   ```bash
+   $ python3 -m venv env
+   $ source env/bin/activate
+   (env) $
+   ```
+
+4. Install the cloned app's dependencies.
+
+   ```bash
+   (env) $ pip install -r requirements.txt
+   ```
+
+5. Obtain and make note of the following values. In the next step, these will be set as environment variables.
+
+   - Your [WorkOS API key](https://dashboard.workos.com/api-keys)
+   - Your [WorkOS Client ID](https://dashboard.workos.com/configuration)
+
+6. Ensure you're in the root directory for the example app, `python-flask-audit-logs-example/`. Create a `.env` file to securely store the environment variables. Open this file with the Nano text editor. (This file is listed in this repo's `.gitignore` file, so your sensitive information will not be checked into version control.)
+
+   ```bash
+   (env) $ touch .env
+   (env) $ nano .env
+   ```
+
+7. Once the Nano text editor opens, you can directly edit the `.env` file by listing the environment variables:
+
+   ```bash
+   WORKOS_API_KEY=<value found in step 6>
+   WORKOS_CLIENT_ID=<value found in step 6>
+   APP_SECRET_KEY=<any string value you\'d like>
+   ```
+
+   To exit the Nano text editor, type `CTRL + x`. When prompted to "Save modified buffer", type `Y`, then press the `Enter` or `Return` key.
+
+8. Source the environment variables so they are accessible to the operating system.
+
+   ```bash
+   (env) $ source .env
+   ```
+
+   You can ensure the environment variables were set correctly by running the following commands. The output should match the corresponding values.
+
+   ```bash
+   (env) $ echo $WORKOS_API_KEY
+   (env) $ echo $WORKOS_CLIENT_ID
+   ```
+
+9. The final setup step is to start the server.
+
+```bash
+(env) $ flask run
+```
+
+If you are using macOS Monterey and port 5000 is not available and you'll need to start the app on a different port with this slightly different command.
+
+```bash
+(env) $ flask run -p 5001
+```
+
+You'll know the server is running when you see no errors in the CLI, and output similar to the following is displayed:
+
+```bash
+* Tip: There are .env or .flaskenv files present. Do "pip install python-dotenv" to use them.
+* Environment: production
+WARNING: This is a development server. Do not use it in a production deployment.
+Use a production WSGI server instead.
+* Debug mode: off
+* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
+```
+
+Navigate to `localhost:5000`, or `localhost:5001` depending on which port you launched the server, in your web browser. You should see the WorkOS logo and a place to enter your Organization ID. The next steps occur in your WorkOS dashboard.
+
+You can stop the local Flask server for now by entering `CTRL + c` on the command line.
+
+## Audit Logs Setup with WorkOS
+
+10. Follow the [Audit Logs configuration steps](https://workos.com/docs/audit-logs/emit-an-audit-log-event/sign-in-to-your-workos-dashboard-account-and-configure-audit-log-event-schemas) to set up the following 5 events that are sent with this example:
+
+Action title: "user.signed_in" | Target type: "team"
+Action title: "user.logged_out" | Target type: "team"
+Action title: "user.organization_set" | Target type: "team"
+Action title: "user.organization_deleted" | Target type: "team"
+Action title: "user.connection_deleted" | Target type: "team"
+
+11. Next, take note of the Organization ID for the Org which you will be sending the Audit Log events for. This ID gets entered into the splash page of the example application.
+
+12. Once you enter the Organization ID and submit it, you will be brought to the page where you'll be able to send the audit log events that were just configured. You'll also notice that the action of setting the Organization triggered an Audit Log already. Click the buttons to send the respective events.
+
+13. To obtain a CSV of the Audit Log events that were sent for the last 30 days, click the "Export Events" button. This will bring you to a new page where you can download the events. Downloading the events is a 2 step process. First you need to create the report by clicking the "Generate CSV" button. Then click the "Access CSV" button to download a CSV of the Audit Log events for the selected Organization for the past 30 days.
+
+## Need help?
+
+If you get stuck and aren't able to resolve the issue by reading our API reference or tutorials, you can reach out to us at [email protected] and we'll lend a hand.

python-flask-audit-logs-example/app.py

@@ -0,0 +1,104 @@
+import json
+import os
+from urllib.parse import urlparse, parse_qs
+from flask import Flask, session, redirect, render_template, request, url_for
+import workos
+from datetime import datetime, timedelta
+from audit_log_events import (
+    user_signed_in,
+    user_logged_out,
+    user_connection_deleted,
+    user_organization_deleted,
+    user_organization_set,
+)
+
+# Flask Setup
+DEBUG = False
+app = Flask(__name__)
+app.secret_key = os.getenv("APP_SECRET_KEY")
+
+# WorkOS Setup
+
+workos.api_key = os.getenv("WORKOS_API_KEY")
+workos.project_id = os.getenv("WORKOS_CLIENT_ID")
+workos.base_api_url = "http://localhost:7000/" if DEBUG else workos.base_api_url
+
+
+def to_pretty_json(value):
+    return json.dumps(value, sort_keys=True, indent=4)
+
+
+app.jinja_env.filters["tojson_pretty"] = to_pretty_json
+
+
+@app.route("/", methods=["POST", "GET"])
+def index():
+    try:
+        return render_template(
+            "send_events.html",
+            organization_id=session["organization_id"],
+        )
+    except KeyError:
+        return render_template("login.html")
+
+
+@app.route("/set_org", methods=["POST", "GET"])
+def set_org():
+    organization_id = request.form["org"]
+    session["organization_id"] = organization_id
+    organization_set = workos.client.audit_logs.create_event(
+        organization_id, user_organization_set
+    )
+    return redirect("/")
+
+
+@app.route("/send_event", methods=["POST", "GET"])
+def send_event():
+    event_type = request.form["event"]
+    organization_id = session["organization_id"]
+    events = [
+        user_signed_in,
+        user_logged_out,
+        user_organization_deleted,
+        user_connection_deleted,
+    ]
+    event = events[int(event_type)]
+    organization_set = workos.client.audit_logs.create_event(organization_id, event)
+    return redirect("/")
+
+
+@app.route("/export_events", methods=["POST", "GET"])
+def export_events():
+    organization_id = session["organization_id"]
+    return render_template("export_events.html", organization_id=organization_id)
+
+
+@app.route("/get_events", methods=["POST", "GET"])
+def get_events():
+    organization_id = session["organization_id"]
+    event_type = request.form["event"]
+    today = datetime.today()
+    last_month = today - timedelta(days=30)
+    last_month_iso = last_month.isoformat()
+    today_iso = today.isoformat()
+
+    if event_type == "generate_csv":
+        create_export_response = workos.client.audit_logs.create_export(
+            organization=organization_id,
+            range_start=last_month_iso,
+            range_end=today_iso,
+        )
+        session["export_id"] = create_export_response.to_dict()["id"]
+
+    if event_type == "access_csv":
+        export_id = session["export_id"]
+        fetch_export_response = workos.client.audit_logs.get_export(export_id)
+        return redirect(fetch_export_response.to_dict()["url"])
+
+    return redirect("export_events")
+
+
+@app.route("/logout")
+def logout():
+    session.clear()
+    return redirect("/")