From 05ac99d7ea54aec85c74955b43efb25b71aae29f Mon Sep 17 00:00:00 2001 From: Andie Swift Date: Tue, 17 Dec 2024 14:48:08 -0600 Subject: [PATCH] Added Logs to user functions in BE (#1568) * added function to console log attemp/userIP/role; put in getUser, getUserList, updateUserStatus * changed the ipAddress to use events.requestContext.identity.sourceIp * removed the andie console logs --- services/app-api/getMyUserList.js | 5 +++++ services/app-api/getUser.js | 14 +++++++++++--- services/app-api/updateUserStatus.js | 6 ++++++ services/app-api/utils/logAttempt.js | 8 ++++++++ 4 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 services/app-api/utils/logAttempt.js diff --git a/services/app-api/getMyUserList.js b/services/app-api/getMyUserList.js index d6584e30a..96e39094b 100644 --- a/services/app-api/getMyUserList.js +++ b/services/app-api/getMyUserList.js @@ -8,6 +8,7 @@ import { getActiveTerritories, } from "cmscommonlib"; import { getUser } from "./getUser"; +import { logAttempt } from "./utils/logAttempt"; export const buildParams = (role, territory) => { const startParams = { @@ -52,15 +53,18 @@ export const buildParams = (role, territory) => { }; export const getMyUserList = async (event) => { + const ipAddress = event.requestContext.identity.sourceIp; try { // get the rest of the details about the current user const doneBy = await getUser(event.queryStringParameters.email); if (!doneBy) { + logAttempt("getMyUserList", false, ipAddress); return RESPONSE_CODE.USER_NOT_FOUND; } if (!getUserRoleObj(doneBy?.roleList).canAccessUserManagement) { + logAttempt("getMyUserList", false, ipAddress, doneBy); return RESPONSE_CODE.USER_NOT_AUTHORIZED; } @@ -76,6 +80,7 @@ export const getMyUserList = async (event) => { buildParams(umRole, territories.shift()) ); + logAttempt("getMyUserList", true, ipAddress, doneBy); return listResult.Items; } catch (e) { console.log("getMyUserList exception? ", e); diff --git a/services/app-api/getUser.js b/services/app-api/getUser.js index c15d88883..7bdd0659a 100644 --- a/services/app-api/getUser.js +++ b/services/app-api/getUser.js @@ -2,13 +2,15 @@ import handler from "./libs/handler-lib"; import dynamoDb from "./libs/dynamodb-lib"; import { getUserRoleObj } from "cmscommonlib"; +import { logAttempt } from "./utils/logAttempt"; /** * returns the User Table entry who's id is this email * @param {String} userEmail User to return + * @param {String} ipAddress users ip address * @returns {Object} the User json object */ -export const getUser = async (userEmail) => { +export const getUser = async (userEmail, ipAddress) => { const cParams = { TableName: process.env.oneMacTableName, // 'Key' defines the partition key and sort key of the item to be retrieved @@ -20,6 +22,7 @@ export const getUser = async (userEmail) => { ProjectionExpression: "email, fullName, phoneNumber", }; + console.log("cParams", cParams); const params = { TableName: process.env.oneMacTableName, // 'Key' defines the partition key and sort key of the item to be retrieved @@ -48,6 +51,7 @@ export const getUser = async (userEmail) => { } } catch (dbError) { console.log(`Error happened while reading from DB: ${dbError}`); + logAttempt("getUser", false, ipAddress); throw dbError; } @@ -63,13 +67,17 @@ export const getUser = async (userEmail) => { const returnUser = cResult.Item; returnUser.roleList = result.Items; console.log(`Selected User ${userEmail}: ${JSON.stringify(returnUser)}`); + logAttempt("getUser", true, ipAddress); return returnUser; }; // Gets owns user data from User DynamoDB table export const main = handler(async (event) => { - const userItem = (await getUser(event.queryStringParameters.email)) ?? {}; + const userItem = + (await getUser( + event.queryStringParameters.email, + event.requestContext.identity.sourceIp + )) ?? {}; userItem.validRoutes = getUserRoleObj(userItem.roleList).getAccesses(); - return userItem; }); diff --git a/services/app-api/updateUserStatus.js b/services/app-api/updateUserStatus.js index a9caad838..49a5c7231 100644 --- a/services/app-api/updateUserStatus.js +++ b/services/app-api/updateUserStatus.js @@ -13,6 +13,7 @@ import { saveEmail } from "./utils/saveEmail"; import { getUser } from "./getUser"; import { changeUserStatus } from "./utils/changeUserStatus"; import { getMyApprovers } from "./getMyApprovers"; +import { logAttempt } from "./utils/logAttempt"; const statusLabels = { [USER_STATUS.ACTIVE]: "granted", @@ -84,10 +85,12 @@ export const doUpdate = async (body, doneBy, doneTo) => { export const updateUserStatus = async (event) => { let body; const rightNowNormalized = Date.now(); + const ipAddress = event.requestContext.identity.sourceIp; try { body = JSON.parse(event.body); } catch (e) { + logAttempt("updateUserStatus", false, ipAddress); console.error("Failed to parse body", e); return RESPONSE_CODE.USER_SUBMISSION_FAILED; } @@ -100,6 +103,7 @@ export const updateUserStatus = async (event) => { getUser(body.email), ]); } catch (e) { + logAttempt("updateUserStatus", false, ipAddress); console.error("Could not fetch relevant user info", e); return RESPONSE_CODE.USER_NOT_FOUND; } @@ -155,9 +159,11 @@ export const updateUserStatus = async (event) => { ); } } catch (e) { + logAttempt("updateUserStatus", false, ipAddress, body.user); console.log("failed to send email: ", e); } + logAttempt("updateUserStatus", true, ipAddress, body.user); return RESPONSE_CODE.USER_SUBMITTED; }; diff --git a/services/app-api/utils/logAttempt.js b/services/app-api/utils/logAttempt.js new file mode 100644 index 000000000..80eb52ac2 --- /dev/null +++ b/services/app-api/utils/logAttempt.js @@ -0,0 +1,8 @@ +export const logAttempt = (functionName, attemptType, ipAddress, user) => { + const currentTimeStamp = new Date().toISOString(); + ipAddress = ipAddress ?? "Not found"; + const attemptStatus = attemptType ? "success" : "failure"; + const role = user ? user.role : "Not found"; + const message = `attempts ${functionName}: ${attemptStatus} | request timestamp: ${currentTimeStamp} | userRole: ${role} | IP address: ${ipAddress}`; + console.log(message); +};