github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Merge pull request #5137 from nocodb/feat/nc-disable-audit 

feat: implement NC_DISABLE_AUDIT
refactor/icons-update
Raju Udava 2 years ago committed by GitHub
parent
b0a386cc3a 809d60a5ad
commit
34aa7caa8a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 75 additions and 59 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      packages/nc-gui/components/dashboard/settings/AuditTab.vue
  2. 1
      packages/nc-gui/composables/useGlobal/state.ts
  3. 1
      packages/nc-gui/composables/useGlobal/types.ts
  4. 103
      packages/noco-docs/content/en/getting-started/environment-variables.md
  5. 4
      packages/noco-docs/content/en/setup-and-usages/audit.md
  6. 3
      packages/nocodb/src/lib/meta/api/utilApis.ts
  7. 3
      packages/nocodb/src/lib/models/Audit.ts
  8. 11
      tests/playwright/tests/projectOperations.spec.ts

8
packages/nc-gui/components/dashboard/settings/AuditTab.vue
Unescape View File

@ -1,7 +1,7 @@
<script setup lang="ts"> <script setup lang="ts">
import { Tooltip as ATooltip, Empty } from 'ant-design-vue' import { Tooltip as ATooltip, Empty } from 'ant-design-vue'
import type { AuditType } from 'nocodb-sdk' import type { AuditType } from 'nocodb-sdk'
import { h, onMounted, timeAgo, useI18n, useNuxtApp, useProject } from '#imports' import { h, onMounted, timeAgo, useGlobal, useI18n, useNuxtApp, useProject } from '#imports'
const { $api } = useNuxtApp() const { $api } = useNuxtApp()
@ -16,8 +16,11 @@ let audits = $ref<null | Array<AuditType>>(null)
let totalRows = $ref(0) let totalRows = $ref(0)
const currentPage = $ref(1) const currentPage = $ref(1)
const currentLimit = $ref(25) const currentLimit = $ref(25)
const { appInfo } = useGlobal()
async function loadAudits(page = currentPage, limit = currentLimit) { async function loadAudits(page = currentPage, limit = currentLimit) {
try { try {
if (!project.value?.id) return if (!project.value?.id) return
@ -86,9 +89,10 @@ const columns = [
<template> <template>
<div class="flex flex-col gap-4 w-full"> <div class="flex flex-col gap-4 w-full">
<div v-if="!appInfo.auditEnabled" class="text-red-500">Audit logs are currently disabled by administrators.</div>
<div class="flex flex-row justify-between items-center"> <div class="flex flex-row justify-between items-center">
<a-button class="self-start" @click="loadAudits"> <a-button class="self-start" @click="loadAudits">
<!-- Reload --> <!-- Reload -->
<div class="flex items-center gap-2 text-gray-600 font-light"> <div class="flex items-center gap-2 text-gray-600 font-light">
<MdiReload :class="{ 'animate-infinite animate-spin !text-success': isLoading }" /> <MdiReload :class="{ 'animate-infinite animate-spin !text-success': isLoading }" />

1
packages/nc-gui/composables/useGlobal/state.ts
Unescape View File

@ -94,6 +94,7 @@ export function useGlobalState(storageKey = 'nocodb-gui-v2'): State {
oneClick: false, oneClick: false,
projectHasAdmin: false, projectHasAdmin: false,
teleEnabled: true, teleEnabled: true,
auditEnabled: true,
type: 'nocodb', type: 'nocodb',
version: '0.0.0', version: '0.0.0',
ncAttachmentFieldSize: 20, ncAttachmentFieldSize: 20,

1
packages/nc-gui/composables/useGlobal/types.ts
Unescape View File

@ -16,6 +16,7 @@ export interface AppInfo {
oneClick: boolean oneClick: boolean
projectHasAdmin: boolean projectHasAdmin: boolean
teleEnabled: boolean teleEnabled: boolean
auditEnabled: boolean
type: string type: string
version: string version: string
ee?: boolean ee?: boolean

103
packages/noco-docs/content/en/getting-started/environment-variables.md
Unescape View File

@ -13,54 +13,55 @@ For production usecases, it is **recommended** to configure
- `NC_PUBLIC_URL`, - `NC_PUBLIC_URL`,
- `NC_REDIS_URL` - `NC_REDIS_URL`
| Variable | Comments | If absent | | | Variable | Comments | If absent | |
|------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------|---| |---|---|---|---|
| NC_DB | See our database URLs | A local SQLite will be created in root folder if `NC_DB` is not provided | | | NC_DB | See our database URLs | A local SQLite will be created in root folder if `NC_DB` is not provided | |
| NC_DB_JSON | Can be used instead of `NC_DB` and value should be valid knex connection JSON | | | | NC_DB_JSON | Can be used instead of `NC_DB` and value should be valid knex connection JSON | | |
| NC_DB_JSON_FILE | Can be used instead of `NC_DB` and value should be a valid path to knex connection JSON | | | | NC_DB_JSON_FILE | Can be used instead of `NC_DB` and value should be a valid path to knex connection JSON | | |
| DATABASE_URL | JDBC URL Format. Can be used instead of NC_DB. | | | | DATABASE_URL | JDBC URL Format. Can be used instead of NC_DB. | | |
| DATABASE_URL_FILE | Can be used instead of DATABASE_URL: path to file containing JDBC URL Format. | | | | DATABASE_URL_FILE | Can be used instead of DATABASE_URL: path to file containing JDBC URL Format. | | |
| NC_AUTH_JWT_SECRET | JWT secret used for auth and storing other secrets | A random secret will be generated | | | NC_AUTH_JWT_SECRET | JWT secret used for auth and storing other secrets | A random secret will be generated | |
| PORT | For setting app running port | `8080` | | | PORT | For setting app running port | `8080` | |
| DB_QUERY_LIMIT_DEFAULT | Default pagination limit | 25 | | | DB_QUERY_LIMIT_DEFAULT | Default pagination limit | 25 | |
| DB_QUERY_LIMIT_MAX | Maximum allowed pagination limit | 1000 | | | DB_QUERY_LIMIT_MAX | Maximum allowed pagination limit | 1000 | |
| DB_QUERY_LIMIT_MIN | Minimum allowed pagination limit | 1 | | | DB_QUERY_LIMIT_MIN | Minimum allowed pagination limit | 1 | |
| NC_TOOL_DIR | App directory to keep metadata and app related files | Defaults to current working directory. In docker maps to `/usr/app/data/` for mounting volume. | | | NC_TOOL_DIR | App directory to keep metadata and app related files | Defaults to current working directory. In docker maps to `/usr/app/data/` for mounting volume. | |
| NC_PUBLIC_URL | Used for sending Email invitations | Best guess from http request params | | | NC_PUBLIC_URL | Used for sending Email invitations | Best guess from http request params | |
| NC_JWT_EXPIRES_IN | JWT token expiry time | `10h` | | | NC_JWT_EXPIRES_IN | JWT token expiry time | `10h` | |
| NC_CONNECT_TO_EXTERNAL_DB_DISABLED | Disable Project creation with external database | | | | NC_CONNECT_TO_EXTERNAL_DB_DISABLED | Disable Project creation with external database | | |
| NC_INVITE_ONLY_SIGNUP | Removed since version 0.99.0 and now it's recommended to use [super admin settings menu](/setup-and-usages/account-settings#enable--disable-signup). Allow users to signup only via invite url, value should be any non-empty string. | | | | NC_INVITE_ONLY_SIGNUP | Removed since version 0.99.0 and now it's recommended to use [super admin settings menu](/setup-and-usages/account-settings#enable--disable-signup). Allow users to signup only via invite url, value should be any non-empty string. | | |
| NUXT_PUBLIC_NC_BACKEND_URL | Custom Backend URL | ``http://localhost:8080`` will be used | | | NUXT_PUBLIC_NC_BACKEND_URL | Custom Backend URL | ``http://localhost:8080`` will be used | |
| NC_REQUEST_BODY_SIZE | Request body size [limit](https://expressjs.com/en/resources/middleware/body-parser.html#limit) | `1048576` | | | NC_REQUEST_BODY_SIZE | Request body size [limit](https://expressjs.com/en/resources/middleware/body-parser.html#limit) | `1048576` | |
| NC_EXPORT_MAX_TIMEOUT | After NC_EXPORT_MAX_TIMEOUT csv gets downloaded in batches | Default value 5000(in millisecond) will be used | | | NC_EXPORT_MAX_TIMEOUT | After NC_EXPORT_MAX_TIMEOUT csv gets downloaded in batches | Default value 5000(in millisecond) will be used | |
| NC_DISABLE_TELE | Disable telemetry | | | | NC_DISABLE_TELE | Disable telemetry | | |
| NC_DASHBOARD_URL | Custom dashboard url path | `/dashboard` | | | NC_DASHBOARD_URL | Custom dashboard url path | `/dashboard` | |
| NC_GOOGLE_CLIENT_ID | Google client id to enable google authentication | | | | NC_GOOGLE_CLIENT_ID | Google client id to enable google authentication | | |
| NC_GOOGLE_CLIENT_SECRET | Google client secret to enable google authentication | | | | NC_GOOGLE_CLIENT_SECRET | Google client secret to enable google authentication | | |
| NC_MIGRATIONS_DISABLED | Disable NocoDB migration | | | | NC_MIGRATIONS_DISABLED | Disable NocoDB migration | | |
| NC_MIN | If set to any non-empty string the default splash screen(initial welcome animation) and matrix screensaver will disable | | | | NC_MIN | If set to any non-empty string the default splash screen(initial welcome animation) and matrix screensaver will disable | | |
| NC_SENTRY_DSN | For Sentry monitoring | | | | NC_SENTRY_DSN | For Sentry monitoring | | |
| NC_REDIS_URL | Custom Redis URL. Example: `redis://:authpassword@127.0.0.1:6380/4` | Meta data will be stored in memory | | | NC_REDIS_URL | Custom Redis URL. Example: `redis://:authpassword@127.0.0.1:6380/4` | Meta data will be stored in memory | |
| NC_DISABLE_ERR_REPORT | Disable error reporting | | | | NC_DISABLE_ERR_REPORT | Disable error reporting | | |
| NC_DISABLE_CACHE | To be used only while debugging. On setting this to `true` - meta data be fetched from db instead of redis/cache. | `false` | | | NC_DISABLE_CACHE | To be used only while debugging. On setting this to `true` - meta data be fetched from db instead of redis/cache. | `false` | |
| NC_BASEURL_INTERNAL | Used as base url for internal(server) API calls | Default value in docker will be `http://localhost:$PORT` and in all other case it's populated from request object | | | NC_BASEURL_INTERNAL | Used as base url for internal(server) API calls | Default value in docker will be `http://localhost:$PORT` and in all other case it's populated from request object | |
| AWS_ACCESS_KEY_ID | For Litestream - S3 access key id | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | | AWS_ACCESS_KEY_ID | For Litestream - S3 access key id | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | |
| AWS_SECRET_ACCESS_KEY | For Litestream - S3 secret access key | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | | AWS_SECRET_ACCESS_KEY | For Litestream - S3 secret access key | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | |
| AWS_BUCKET | For Litestream - S3 bucket | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | | AWS_BUCKET | For Litestream - S3 bucket | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | |
| AWS_BUCKET_PATH | For Litestream - S3 bucket path (like folder within S3 bucket) | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | | | AWS_BUCKET_PATH | For Litestream - S3 bucket path (like folder within S3 bucket) | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | |
| NC_SMTP_FROM | For SMTP plugin - Email sender address | | | | NC_SMTP_FROM | For SMTP plugin - Email sender address | | |
| NC_SMTP_HOST | For SMTP plugin - SMTP host value | | | | NC_SMTP_HOST | For SMTP plugin - SMTP host value | | |
| NC_SMTP_PORT | For SMTP plugin - SMTP port value | | | | NC_SMTP_PORT | For SMTP plugin - SMTP port value | | |
| NC_SMTP_USERNAME | For SMTP plugin (Optional) - SMTP username value for authentication | | | | NC_SMTP_USERNAME | For SMTP plugin (Optional) - SMTP username value for authentication | | |
| NC_SMTP_PASSWORD | For SMTP plugin (Optional) - SMTP password value for authentication | | | | NC_SMTP_PASSWORD | For SMTP plugin (Optional) - SMTP password value for authentication | | |
| NC_SMTP_SECURE | For SMTP plugin (Optional) - To enable secure set value as `true` any other value treated as false | | | | NC_SMTP_SECURE | For SMTP plugin (Optional) - To enable secure set value as `true` any other value treated as false | | |
| NC_SMTP_IGNORE_TLS | For SMTP plugin (Optional) - To ignore tls set value as `true` any other value treated as false. For more info visit https://nodemailer.com/smtp/ | | | | NC_SMTP_IGNORE_TLS | For SMTP plugin (Optional) - To ignore tls set value as `true` any other value treated as false. For more info visit https://nodemailer.com/smtp/ | | |
| NC_S3_BUCKET_NAME | For S3 storage plugin - AWS S3 bucket name | | | | NC_S3_BUCKET_NAME | For S3 storage plugin - AWS S3 bucket name | | |
| NC_S3_REGION | For S3 storage plugin - AWS S3 region | | | | NC_S3_REGION | For S3 storage plugin - AWS S3 region | | |
| NC_S3_ACCESS_KEY | For S3 storage plugin - AWS access key credential for accessing resource | | | | NC_S3_ACCESS_KEY | For S3 storage plugin - AWS access key credential for accessing resource | | |
| NC_S3_ACCESS_SECRET | For S3 storage plugin - AWS access secret credential for accessing resource | | | | NC_S3_ACCESS_SECRET | For S3 storage plugin - AWS access secret credential for accessing resource | | |
| NC_ADMIN_EMAIL | For updating/creating super admin with provided email and password | | | | NC_ADMIN_EMAIL | For updating/creating super admin with provided email and password | | |
| NC_ATTACHMENT_FIELD_SIZE | For setting the attachment field size(in Bytes) | Defaults to 20MB | | | NC_ATTACHMENT_FIELD_SIZE | For setting the attachment field size(in Bytes) | Defaults to 20MB | |
| NC_ADMIN_PASSWORD | For updating/creating super admin with provided email and password. Your password should have at least 8 letters with one uppercase, one number and one special letter(Allowed special chars $&+,:;=?@#\|'.^*()%!_-" ) | | | | NC_ADMIN_PASSWORD | For updating/creating super admin with provided email and password. Your password should have at least 8 letters with one uppercase, one number and one special letter(Allowed special chars $&+,:;=?@#\|'.^*()%!_-" ) | | |
| NODE_OPTIONS | For passing Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to instance | | | | NODE_OPTIONS | For passing Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to instance | | |
| NC_MINIMAL_DBS | Create a new SQLite file for each project. All the db files are stored in `nc_minimal_dbs` folder in current working directory. (This option restricts project creation on external sources) | | | | NC_MINIMAL_DBS | Create a new SQLite file for each project. All the db files are stored in `nc_minimal_dbs` folder in current working directory. (This option restricts project creation on external sources) | | |
| NC_DISABLE_AUDIT | Disable Audit Log | `false` | |

4
packages/noco-docs/content/en/setup-and-usages/audit.md
Unescape View File

@ -10,6 +10,10 @@ menuTitle: 'Team & Settings > Audit'
We are keeping all the user operation logs under Audit. To access it, click the down arrow button next to Project Name on the top left side, then select `Team & Settings`. We are keeping all the user operation logs under Audit. To access it, click the down arrow button next to Project Name on the top left side, then select `Team & Settings`.
<alert>
We can disable audit logs by setting `NC_DISABLE_AUDIT` to `true`.
</alert>
<img width="322" alt="image" src="https://user-images.githubusercontent.com/35857179/194856648-67936db0-ee4d-4060-be3d-af9f86ef8fc6.png"> <img width="322" alt="image" src="https://user-images.githubusercontent.com/35857179/194856648-67936db0-ee4d-4060-be3d-af9f86ef8fc6.png">
Then, under SETTINGS, click `Audit`. Then, under SETTINGS, click `Audit`.

3
packages/nocodb/src/lib/meta/api/utilApis.ts
Unescape View File

@ -53,7 +53,8 @@ export async function appInfo(req: Request, res: Response) {
), ),
timezone: defaultConnectionConfig.timezone, timezone: defaultConnectionConfig.timezone,
ncMin: !!process.env.NC_MIN, ncMin: !!process.env.NC_MIN,
teleEnabled: !process.env.NC_DISABLE_TELE, teleEnabled: process.env.NC_DISABLE_TELE === 'true' ? false : true,
auditEnabled: process.env.NC_DISABLE_AUDIT === 'true' ? false : true,
ncSiteUrl: (req as any).ncSiteUrl, ncSiteUrl: (req as any).ncSiteUrl,
ee: Noco.isEE(), ee: Noco.isEE(),
ncAttachmentFieldSize: NC_ATTACHMENT_FIELD_SIZE, ncAttachmentFieldSize: NC_ATTACHMENT_FIELD_SIZE,

3
packages/nocodb/src/lib/models/Audit.ts
Unescape View File

@ -44,6 +44,9 @@ export default class Audit implements AuditType {
forceAwait: process.env['TEST'] === 'true', forceAwait: process.env['TEST'] === 'true',
} }
) { ) {
if (process.env.NC_DISABLE_AUDIT === 'true') {
return;
}
const insertAudit = async () => { const insertAudit = async () => {
if (!audit.project_id && audit.fk_model_id) { if (!audit.project_id && audit.fk_model_id) {
audit.project_id = ( audit.project_id = (

11
tests/playwright/tests/projectOperations.spec.ts
Unescape View File

@ -19,15 +19,16 @@ test.describe('Project operations', () => {
test('rename, delete', async () => { test('rename, delete', async () => {
await dashboard.clickHome(); await dashboard.clickHome();
await projectPage.createProject({ name: 'project-1' }); await projectPage.createProject({ name: 'project-firstName', withoutPrefix: true });
await dashboard.clickHome(); await dashboard.clickHome();
await projectPage.renameProject({ await projectPage.renameProject({
title: 'project-1', title: 'project-firstName',
newTitle: 'project-new', newTitle: 'project-rename',
withoutPrefix: true,
}); });
await dashboard.clickHome(); await dashboard.clickHome();
await projectPage.openProject({ title: 'project-new' }); await projectPage.openProject({ title: 'project-rename', withoutPrefix: true });
await dashboard.clickHome(); await dashboard.clickHome();
await projectPage.deleteProject({ title: 'project-new' }); await projectPage.deleteProject({ title: 'project-rename', withoutPrefix: true });
}); });
}); });

Write Preview
Loading…
Cancel
Save