From e54462d9de36a2f2feeecc0148af9eef487a96d3 Mon Sep 17 00:00:00 2001 From: Wing-Kam Wong Date: Fri, 17 Feb 2023 18:12:15 +0800 Subject: [PATCH 01/10] docs: add NC_DISABLE_AUDIT --- .../getting-started/environment-variables.md | 103 +++++++++--------- 1 file changed, 52 insertions(+), 51 deletions(-) diff --git a/packages/noco-docs/content/en/getting-started/environment-variables.md b/packages/noco-docs/content/en/getting-started/environment-variables.md index 19cf938fe2..5ce104419c 100644 --- a/packages/noco-docs/content/en/getting-started/environment-variables.md +++ b/packages/noco-docs/content/en/getting-started/environment-variables.md @@ -13,54 +13,55 @@ For production usecases, it is **recommended** to configure - `NC_PUBLIC_URL`, - `NC_REDIS_URL` -| Variable | Comments | If absent | | -|------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------|---| -| NC_DB | See our database URLs | A local SQLite will be created in root folder if `NC_DB` is not provided | | -| NC_DB_JSON | Can be used instead of `NC_DB` and value should be valid knex connection JSON | | | -| NC_DB_JSON_FILE | Can be used instead of `NC_DB` and value should be a valid path to knex connection JSON | | | -| DATABASE_URL | JDBC URL Format. Can be used instead of NC_DB. | | | -| DATABASE_URL_FILE | Can be used instead of DATABASE_URL: path to file containing JDBC URL Format. | | | -| NC_AUTH_JWT_SECRET | JWT secret used for auth and storing other secrets | A random secret will be generated | | -| PORT | For setting app running port | `8080` | | -| DB_QUERY_LIMIT_DEFAULT | Default pagination limit | 25 | | -| DB_QUERY_LIMIT_MAX | Maximum allowed pagination limit | 1000 | | -| DB_QUERY_LIMIT_MIN | Minimum allowed pagination limit | 1 | | -| NC_TOOL_DIR | App directory to keep metadata and app related files | Defaults to current working directory. In docker maps to `/usr/app/data/` for mounting volume. | | -| NC_PUBLIC_URL | Used for sending Email invitations | Best guess from http request params | | -| NC_JWT_EXPIRES_IN | JWT token expiry time | `10h` | | -| NC_CONNECT_TO_EXTERNAL_DB_DISABLED | Disable Project creation with external database | | | -| NC_INVITE_ONLY_SIGNUP | Removed since version 0.99.0 and now it's recommended to use [super admin settings menu](/setup-and-usages/account-settings#enable--disable-signup). Allow users to signup only via invite url, value should be any non-empty string. | | | -| NUXT_PUBLIC_NC_BACKEND_URL | Custom Backend URL | ``http://localhost:8080`` will be used | | -| NC_REQUEST_BODY_SIZE | Request body size [limit](https://expressjs.com/en/resources/middleware/body-parser.html#limit) | `1048576` | | -| NC_EXPORT_MAX_TIMEOUT | After NC_EXPORT_MAX_TIMEOUT csv gets downloaded in batches | Default value 5000(in millisecond) will be used | | -| NC_DISABLE_TELE | Disable telemetry | | | -| NC_DASHBOARD_URL | Custom dashboard url path | `/dashboard` | | -| NC_GOOGLE_CLIENT_ID | Google client id to enable google authentication | | | -| NC_GOOGLE_CLIENT_SECRET | Google client secret to enable google authentication | | | -| NC_MIGRATIONS_DISABLED | Disable NocoDB migration | | | -| NC_MIN | If set to any non-empty string the default splash screen(initial welcome animation) and matrix screensaver will disable | | | -| NC_SENTRY_DSN | For Sentry monitoring | | | -| NC_REDIS_URL | Custom Redis URL. Example: `redis://:authpassword@127.0.0.1:6380/4` | Meta data will be stored in memory | | -| NC_DISABLE_ERR_REPORT | Disable error reporting | | | -| NC_DISABLE_CACHE | To be used only while debugging. On setting this to `true` - meta data be fetched from db instead of redis/cache. | `false` | | -| NC_BASEURL_INTERNAL | Used as base url for internal(server) API calls | Default value in docker will be `http://localhost:$PORT` and in all other case it's populated from request object | | -| AWS_ACCESS_KEY_ID | For Litestream - S3 access key id | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | -| AWS_SECRET_ACCESS_KEY | For Litestream - S3 secret access key | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | -| AWS_BUCKET | For Litestream - S3 bucket | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | -| AWS_BUCKET_PATH | For Litestream - S3 bucket path (like folder within S3 bucket) | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | -| NC_SMTP_FROM | For SMTP plugin - Email sender address | | | -| NC_SMTP_HOST | For SMTP plugin - SMTP host value | | | -| NC_SMTP_PORT | For SMTP plugin - SMTP port value | | | -| NC_SMTP_USERNAME | For SMTP plugin (Optional) - SMTP username value for authentication | | | -| NC_SMTP_PASSWORD | For SMTP plugin (Optional) - SMTP password value for authentication | | | -| NC_SMTP_SECURE | For SMTP plugin (Optional) - To enable secure set value as `true` any other value treated as false | | | -| NC_SMTP_IGNORE_TLS | For SMTP plugin (Optional) - To ignore tls set value as `true` any other value treated as false. For more info visit https://nodemailer.com/smtp/ | | | -| NC_S3_BUCKET_NAME | For S3 storage plugin - AWS S3 bucket name | | | -| NC_S3_REGION | For S3 storage plugin - AWS S3 region | | | -| NC_S3_ACCESS_KEY | For S3 storage plugin - AWS access key credential for accessing resource | | | -| NC_S3_ACCESS_SECRET | For S3 storage plugin - AWS access secret credential for accessing resource | | | -| NC_ADMIN_EMAIL | For updating/creating super admin with provided email and password | | | -| NC_ATTACHMENT_FIELD_SIZE | For setting the attachment field size(in Bytes) | Defaults to 20MB | | -| NC_ADMIN_PASSWORD | For updating/creating super admin with provided email and password. Your password should have at least 8 letters with one uppercase, one number and one special letter(Allowed special chars $&+,:;=?@#\|'.^*()%!_-" ) | | | -| NODE_OPTIONS | For passing Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to instance | | | -| NC_MINIMAL_DBS | Create a new SQLite file for each project. All the db files are stored in `nc_minimal_dbs` folder in current working directory. (This option restricts project creation on external sources) | | | +| Variable | Comments | If absent | | +|---|---|---|---| +| NC_DB | See our database URLs | A local SQLite will be created in root folder if `NC_DB` is not provided | | +| NC_DB_JSON | Can be used instead of `NC_DB` and value should be valid knex connection JSON | | | +| NC_DB_JSON_FILE | Can be used instead of `NC_DB` and value should be a valid path to knex connection JSON | | | +| DATABASE_URL | JDBC URL Format. Can be used instead of NC_DB. | | | +| DATABASE_URL_FILE | Can be used instead of DATABASE_URL: path to file containing JDBC URL Format. | | | +| NC_AUTH_JWT_SECRET | JWT secret used for auth and storing other secrets | A random secret will be generated | | +| PORT | For setting app running port | `8080` | | +| DB_QUERY_LIMIT_DEFAULT | Default pagination limit | 25 | | +| DB_QUERY_LIMIT_MAX | Maximum allowed pagination limit | 1000 | | +| DB_QUERY_LIMIT_MIN | Minimum allowed pagination limit | 1 | | +| NC_TOOL_DIR | App directory to keep metadata and app related files | Defaults to current working directory. In docker maps to `/usr/app/data/` for mounting volume. | | +| NC_PUBLIC_URL | Used for sending Email invitations | Best guess from http request params | | +| NC_JWT_EXPIRES_IN | JWT token expiry time | `10h` | | +| NC_CONNECT_TO_EXTERNAL_DB_DISABLED | Disable Project creation with external database | | | +| NC_INVITE_ONLY_SIGNUP | Removed since version 0.99.0 and now it's recommended to use [super admin settings menu](/setup-and-usages/account-settings#enable--disable-signup). Allow users to signup only via invite url, value should be any non-empty string. | | | +| NUXT_PUBLIC_NC_BACKEND_URL | Custom Backend URL | ``http://localhost:8080`` will be used | | +| NC_REQUEST_BODY_SIZE | Request body size [limit](https://expressjs.com/en/resources/middleware/body-parser.html#limit) | `1048576` | | +| NC_EXPORT_MAX_TIMEOUT | After NC_EXPORT_MAX_TIMEOUT csv gets downloaded in batches | Default value 5000(in millisecond) will be used | | +| NC_DISABLE_TELE | Disable telemetry | | | +| NC_DASHBOARD_URL | Custom dashboard url path | `/dashboard` | | +| NC_GOOGLE_CLIENT_ID | Google client id to enable google authentication | | | +| NC_GOOGLE_CLIENT_SECRET | Google client secret to enable google authentication | | | +| NC_MIGRATIONS_DISABLED | Disable NocoDB migration | | | +| NC_MIN | If set to any non-empty string the default splash screen(initial welcome animation) and matrix screensaver will disable | | | +| NC_SENTRY_DSN | For Sentry monitoring | | | +| NC_REDIS_URL | Custom Redis URL. Example: `redis://:authpassword@127.0.0.1:6380/4` | Meta data will be stored in memory | | +| NC_DISABLE_ERR_REPORT | Disable error reporting | | | +| NC_DISABLE_CACHE | To be used only while debugging. On setting this to `true` - meta data be fetched from db instead of redis/cache. | `false` | | +| NC_BASEURL_INTERNAL | Used as base url for internal(server) API calls | Default value in docker will be `http://localhost:$PORT` and in all other case it's populated from request object | | +| AWS_ACCESS_KEY_ID | For Litestream - S3 access key id | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | +| AWS_SECRET_ACCESS_KEY | For Litestream - S3 secret access key | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | +| AWS_BUCKET | For Litestream - S3 bucket | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | +| AWS_BUCKET_PATH | For Litestream - S3 bucket path (like folder within S3 bucket) | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | +| NC_SMTP_FROM | For SMTP plugin - Email sender address | | | +| NC_SMTP_HOST | For SMTP plugin - SMTP host value | | | +| NC_SMTP_PORT | For SMTP plugin - SMTP port value | | | +| NC_SMTP_USERNAME | For SMTP plugin (Optional) - SMTP username value for authentication | | | +| NC_SMTP_PASSWORD | For SMTP plugin (Optional) - SMTP password value for authentication | | | +| NC_SMTP_SECURE | For SMTP plugin (Optional) - To enable secure set value as `true` any other value treated as false | | | +| NC_SMTP_IGNORE_TLS | For SMTP plugin (Optional) - To ignore tls set value as `true` any other value treated as false. For more info visit https://nodemailer.com/smtp/ | | | +| NC_S3_BUCKET_NAME | For S3 storage plugin - AWS S3 bucket name | | | +| NC_S3_REGION | For S3 storage plugin - AWS S3 region | | | +| NC_S3_ACCESS_KEY | For S3 storage plugin - AWS access key credential for accessing resource | | | +| NC_S3_ACCESS_SECRET | For S3 storage plugin - AWS access secret credential for accessing resource | | | +| NC_ADMIN_EMAIL | For updating/creating super admin with provided email and password | | | +| NC_ATTACHMENT_FIELD_SIZE | For setting the attachment field size(in Bytes) | Defaults to 20MB | | +| NC_ADMIN_PASSWORD | For updating/creating super admin with provided email and password. Your password should have at least 8 letters with one uppercase, one number and one special letter(Allowed special chars $&+,:;=?@#\|'.^*()%!_-" ) | | | +| NODE_OPTIONS | For passing Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to instance | | | +| NC_MINIMAL_DBS | Create a new SQLite file for each project. All the db files are stored in `nc_minimal_dbs` folder in current working directory. (This option restricts project creation on external sources) | | | +| NC_DISABLE_AUDIT | Disable Audit Log | `false` | | \ No newline at end of file From 2ec82f0972525e4e531619546ebc135749ee2211 Mon Sep 17 00:00:00 2001 From: Wing-Kam Wong Date: Fri, 17 Feb 2023 18:12:32 +0800 Subject: [PATCH 02/10] feat(nc-gui): add auditEnabled in global --- packages/nc-gui/composables/useGlobal/state.ts | 1 + packages/nc-gui/composables/useGlobal/types.ts | 1 + 2 files changed, 2 insertions(+) diff --git a/packages/nc-gui/composables/useGlobal/state.ts b/packages/nc-gui/composables/useGlobal/state.ts index 2b1f7bc036..df6e886e85 100644 --- a/packages/nc-gui/composables/useGlobal/state.ts +++ b/packages/nc-gui/composables/useGlobal/state.ts @@ -94,6 +94,7 @@ export function useGlobalState(storageKey = 'nocodb-gui-v2'): State { oneClick: false, projectHasAdmin: false, teleEnabled: true, + auditEnabled: true, type: 'nocodb', version: '0.0.0', ncAttachmentFieldSize: 20, diff --git a/packages/nc-gui/composables/useGlobal/types.ts b/packages/nc-gui/composables/useGlobal/types.ts index 9ef6ab3ddb..584b2ca9ec 100644 --- a/packages/nc-gui/composables/useGlobal/types.ts +++ b/packages/nc-gui/composables/useGlobal/types.ts @@ -16,6 +16,7 @@ export interface AppInfo { oneClick: boolean projectHasAdmin: boolean teleEnabled: boolean + auditEnabled: boolean type: string version: string ee?: boolean From c22e8fff5af062a9bb6770fb8978122d2abcfa8f Mon Sep 17 00:00:00 2001 From: Wing-Kam Wong Date: Fri, 17 Feb 2023 18:12:56 +0800 Subject: [PATCH 03/10] feat(nocodb): add auditEnabled in appInfo --- packages/nocodb/src/lib/meta/api/utilApis.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/nocodb/src/lib/meta/api/utilApis.ts b/packages/nocodb/src/lib/meta/api/utilApis.ts index b7a9f0d601..1ae19d2640 100644 --- a/packages/nocodb/src/lib/meta/api/utilApis.ts +++ b/packages/nocodb/src/lib/meta/api/utilApis.ts @@ -54,6 +54,7 @@ export async function appInfo(req: Request, res: Response) { timezone: defaultConnectionConfig.timezone, ncMin: !!process.env.NC_MIN, teleEnabled: !process.env.NC_DISABLE_TELE, + auditEnabled: !process.env.NC_DISABLE_AUDIT, ncSiteUrl: (req as any).ncSiteUrl, ee: Noco.isEE(), ncAttachmentFieldSize: NC_ATTACHMENT_FIELD_SIZE, From b9000163fcf8ba0d0ba77613a686184e2e36e0d7 Mon Sep 17 00:00:00 2001 From: Wing-Kam Wong Date: Fri, 17 Feb 2023 18:43:21 +0800 Subject: [PATCH 04/10] docs: add content to show how to disable audit logs --- packages/noco-docs/content/en/setup-and-usages/audit.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/noco-docs/content/en/setup-and-usages/audit.md b/packages/noco-docs/content/en/setup-and-usages/audit.md index 23b3c0e96e..191b5e7d9d 100644 --- a/packages/noco-docs/content/en/setup-and-usages/audit.md +++ b/packages/noco-docs/content/en/setup-and-usages/audit.md @@ -10,6 +10,10 @@ menuTitle: 'Team & Settings > Audit' We are keeping all the user operation logs under Audit. To access it, click the down arrow button next to Project Name on the top left side, then select `Team & Settings`. + +We can disable audit logs by setting `NC_DISABLE_AUDIT` to `true`. + + image Then, under SETTINGS, click `Audit`. From 84e1bfc1829999c98294cfbf08f1b7635b985457 Mon Sep 17 00:00:00 2001 From: Wing-Kam Wong Date: Fri, 17 Feb 2023 18:43:39 +0800 Subject: [PATCH 05/10] feat(nc-gui): show the audit log disabled message --- .../nc-gui/components/dashboard/settings/AuditTab.vue | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/packages/nc-gui/components/dashboard/settings/AuditTab.vue b/packages/nc-gui/components/dashboard/settings/AuditTab.vue index 389b5e02f6..124716685f 100644 --- a/packages/nc-gui/components/dashboard/settings/AuditTab.vue +++ b/packages/nc-gui/components/dashboard/settings/AuditTab.vue @@ -1,7 +1,7 @@