Merge pull request #150 from cephie-studios/canary

Canary

Author: dev-banane

server/db/apiLogs.ts

@@ -3,6 +3,32 @@ import { decrypt } from '../utils/encryption.js';
 import { redisConnection } from './connection.js';
 import { sql } from 'kysely';
 
+// Decrypts the raw text field in the api_logs table
+function readApiLogTextField(raw: string | null): string | null {
+  if (raw == null) return null;
+  try {
+    const parsed: unknown = JSON.parse(raw);
+    if (
+      parsed &&
+      typeof parsed === 'object' &&
+      'iv' in parsed &&
+      'data' in parsed &&
+      'authTag' in parsed
+    ) {
+      const decrypted = decrypt(
+        parsed as { iv: string; data: string; authTag: string }
+      );
+      if (decrypted == null) return null;
+      return typeof decrypted === 'string'
+        ? decrypted
+        : JSON.stringify(decrypted);
+    }
+  } catch {
+    /* not legacy ciphertext JSON */
+  }
+  return raw;
+}
+
 export interface ApiLogFilters {
   userId?: string;
   username?: string;
@@ -157,16 +183,10 @@ export async function getApiLogs(
 
     const decryptedLogs = logs.map((log) => ({
       ...log,
-      ip_address: log.ip_address ? decrypt(JSON.parse(log.ip_address)) : null,
-      request_body: log.request_body
-        ? decrypt(JSON.parse(log.request_body))
-        : null,
-      response_body: log.response_body
-        ? decrypt(JSON.parse(log.response_body))
-        : null,
-      error_message: log.error_message
-        ? decrypt(JSON.parse(log.error_message))
-        : null,
+      ip_address: readApiLogTextField(log.ip_address),
+      request_body: readApiLogTextField(log.request_body),
+      response_body: readApiLogTextField(log.response_body),
+      error_message: readApiLogTextField(log.error_message),
     }));
 
     return {
@@ -194,19 +214,12 @@ export async function getApiLogById(logId: number | string) {
 
     if (!log) return null;
 
-    // Decrypt sensitive fields
     return {
       ...log,
-      ip_address: log.ip_address ? decrypt(JSON.parse(log.ip_address)) : null,
-      request_body: log.request_body
-        ? decrypt(JSON.parse(log.request_body))
-        : null,
-      response_body: log.response_body
-        ? decrypt(JSON.parse(log.response_body))
-        : null,
-      error_message: log.error_message
-        ? decrypt(JSON.parse(log.error_message))
-        : null,
+      ip_address: readApiLogTextField(log.ip_address),
+      request_body: readApiLogTextField(log.request_body),
+      response_body: readApiLogTextField(log.response_body),
+      error_message: readApiLogTextField(log.error_message),
     };
   } catch (error) {
     console.error('Error fetching API log by ID:', error);

server/db/updateModals.ts

@@ -1,6 +1,7 @@
 import { mainDb } from './connection.js';
 import { sql } from 'kysely';
 import { redisConnection } from './connection.js';
+import { UPDATE_MODAL_REDIS_SEC } from '../utils/cacheTtl.js';
 
 const ACTIVE_MODAL_CACHE_KEY = 'update_modal:active';
 
@@ -28,7 +29,7 @@ export async function getActiveUpdateModal() {
       ACTIVE_MODAL_CACHE_KEY,
       JSON.stringify(result),
       'EX',
-      24 * 60 * 60
+      UPDATE_MODAL_REDIS_SEC
     );
   } catch (error) {
     console.warn('[Redis] Failed to cache active modal:', error);

server/db/version.ts

@@ -1,4 +1,5 @@
 import { mainDb } from './connection.js';
+import { APP_VERSION_REDIS_SEC } from '../utils/cacheTtl.js';
 
 export async function getAppVersion() {
   const result = await mainDb
@@ -27,7 +28,12 @@ export async function getAppVersion() {
 
     try {
       const { redisConnection } = await import('./connection.js');
-      await redisConnection.set('app:version', JSON.stringify(defaultVersion));
+      await redisConnection.set(
+        'app:version',
+        JSON.stringify(defaultVersion),
+        'EX',
+        APP_VERSION_REDIS_SEC
+      );
     } catch (error) {
       console.warn('[Redis] Failed to set version cache:', error);
     }
@@ -42,7 +48,12 @@ export async function getAppVersion() {
 
   try {
     const { redisConnection } = await import('./connection.js');
-    await redisConnection.set('app:version', JSON.stringify(versionData));
+    await redisConnection.set(
+      'app:version',
+      JSON.stringify(versionData),
+      'EX',
+      APP_VERSION_REDIS_SEC
+    );
   } catch (error) {
     console.warn('[Redis] Failed to set version cache:', error);
   }

server/middleware/apiLogger.ts

@@ -1,6 +1,5 @@
 import { Request, Response, NextFunction } from 'express';
 import { mainDb } from '../db/connection.js';
-import { encrypt } from '../utils/encryption.js';
 import { getClientIp } from '../utils/getIpAddress.js';
 import { JwtPayloadClient } from '../types/JwtPayload.js';
 import { sql } from 'kysely';
@@ -89,20 +88,6 @@ export async function logApiCall(logEntry: ApiLogEntry): Promise<void> {
       ? logEntry.ip_address.join(', ')
       : logEntry.ip_address;
 
-    const encryptedIpAddress = encrypt(ipAddress);
-
-    const encryptedRequestBody = logEntry.request_body
-      ? encrypt(logEntry.request_body)
-      : null;
-
-    const encryptedResponseBody = logEntry.response_body
-      ? encrypt(logEntry.response_body)
-      : null;
-
-    const encryptedErrorMessage = logEntry.error_message
-      ? encrypt(logEntry.error_message)
-      : null;
-
     await mainDb
       .insertInto('api_logs')
       .values({
@@ -113,17 +98,11 @@ export async function logApiCall(logEntry: ApiLogEntry): Promise<void> {
         path: logEntry.path,
         status_code: logEntry.status_code,
         response_time: logEntry.response_time,
-        ip_address: JSON.stringify(encryptedIpAddress),
+        ip_address: ipAddress,
         user_agent: logEntry.user_agent,
-        request_body: encryptedRequestBody
-          ? JSON.stringify(encryptedRequestBody)
-          : null,
-        response_body: encryptedResponseBody
-          ? JSON.stringify(encryptedResponseBody)
-          : null,
-        error_message: encryptedErrorMessage
-          ? JSON.stringify(encryptedErrorMessage)
-          : null,
+        request_body: logEntry.request_body,
+        response_body: logEntry.response_body,
+        error_message: logEntry.error_message,
         timestamp: logEntry.timestamp,
       })
       .execute();

server/routes/admin/index.ts

@@ -5,6 +5,7 @@ import { requirePermission } from '../../middleware/rolePermissions.js';
 import { getDailyStatistics, getTotalStatistics } from '../../db/admin.js';
 import { getAppVersion, updateAppVersion } from '../../db/version.js';
 import { redisConnection } from '../../db/connection.js';
+import { APP_VERSION_REDIS_SEC } from '../../utils/cacheTtl.js';
 
 import usersRouter from './users.js';
 import sessionsRouter from './sessions.js';
@@ -107,7 +108,7 @@ router.put(
           cacheKey,
           JSON.stringify(updatedVersion),
           'EX',
-          86400
+          APP_VERSION_REDIS_SEC
         );
       } catch (error) {
         if (error instanceof Error) {