feat(server): asset entity audit (#3824)

* feat(server): audit log

* feedback

* Insert to database

* migration

* test

* controller/repository/service

* test

* module

* feat(server): implement audit endpoint

* directly return changed assets

* add daily cleanup of audit table

* fix tests

* review feedback

* ci

* refactor(server): audit implementation

* chore: open api

---------

Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
Co-authored-by: Fynn Petersen-Frey <zoodyy@users.noreply.github.com>
Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>

server/src/domain/audit/audi.service.spec.ts

@@ -0,0 +1,61 @@
+import { DatabaseAction, EntityType } from '@app/infra/entities';
+import { auditStub, authStub, IAccessRepositoryMock, newAccessRepositoryMock, newAuditRepositoryMock } from '@test';
+import { IAuditRepository } from './audit.repository';
+import { AuditService } from './audit.service';
+
+describe(AuditService.name, () => {
+  let sut: AuditService;
+  let accessMock: IAccessRepositoryMock;
+  let auditMock: jest.Mocked<IAuditRepository>;
+
+  beforeEach(async () => {
+    accessMock = newAccessRepositoryMock();
+    auditMock = newAuditRepositoryMock();
+    sut = new AuditService(accessMock, auditMock);
+  });
+
+  it('should work', () => {
+    expect(sut).toBeDefined();
+  });
+
+  describe('handleCleanup', () => {
+    it('should delete old audit entries', async () => {
+      await expect(sut.handleCleanup()).resolves.toBe(true);
+      expect(auditMock.removeBefore).toBeCalledWith(expect.any(Date));
+    });
+  });
+
+  describe('getDeletes', () => {
+    it('should require full sync if the request is older than 100 days', async () => {
+      auditMock.getAfter.mockResolvedValue([]);
+
+      const date = new Date(2022, 0, 1);
+      await expect(sut.getDeletes(authStub.admin, { after: date, entityType: EntityType.ASSET })).resolves.toEqual({
+        needsFullSync: true,
+        ids: [],
+      });
+
+      expect(auditMock.getAfter).toHaveBeenCalledWith(date, {
+        action: DatabaseAction.DELETE,
+        ownerId: authStub.admin.id,
+        entityType: EntityType.ASSET,
+      });
+    });
+
+    it('should get any new or updated assets and deleted ids', async () => {
+      auditMock.getAfter.mockResolvedValue([auditStub.delete]);
+
+      const date = new Date();
+      await expect(sut.getDeletes(authStub.admin, { after: date, entityType: EntityType.ASSET })).resolves.toEqual({
+        needsFullSync: false,
+        ids: ['asset-deleted'],
+      });
+
+      expect(auditMock.getAfter).toHaveBeenCalledWith(date, {
+        action: DatabaseAction.DELETE,
+        ownerId: authStub.admin.id,
+        entityType: EntityType.ASSET,
+      });
+    });
+  });
+});

server/src/domain/audit/audit.dto.ts

@@ -0,0 +1,24 @@
+import { EntityType } from '@app/infra/entities';
+import { ApiProperty } from '@nestjs/swagger';
+import { Type } from 'class-transformer';
+import { IsDate, IsEnum, IsOptional, IsUUID } from 'class-validator';
+
+export class AuditDeletesDto {
+  @IsDate()
+  @Type(() => Date)
+  after!: Date;
+
+  @ApiProperty({ enum: EntityType, enumName: 'EntityType' })
+  @IsEnum(EntityType)
+  entityType!: EntityType;
+
+  @IsOptional()
+  @IsUUID('4')
+  @ApiProperty({ format: 'uuid' })
+  userId?: string;
+}
+
+export class AuditDeletesResponseDto {
+  needsFullSync!: boolean;
+  ids!: string[];
+}

server/src/domain/audit/audit.repository.ts

@@ -0,0 +1,14 @@
+import { AuditEntity, DatabaseAction, EntityType } from '@app/infra/entities';
+
+export const IAuditRepository = 'IAuditRepository';
+
+export interface AuditSearch {
+  action?: DatabaseAction;
+  entityType?: EntityType;
+  ownerId?: string;
+}
+
+export interface IAuditRepository {
+  getAfter(since: Date, options: AuditSearch): Promise<AuditEntity[]>;
+  removeBefore(before: Date): Promise<void>;
+}

server/src/domain/audit/audit.service.ts

@@ -0,0 +1,43 @@
+import { DatabaseAction } from '@app/infra/entities';
+import { Inject, Injectable } from '@nestjs/common';
+import { DateTime } from 'luxon';
+import { AccessCore, IAccessRepository, Permission } from '../access';
+import { AuthUserDto } from '../auth';
+import { AUDIT_LOG_MAX_DURATION } from '../domain.constant';
+import { AuditDeletesDto, AuditDeletesResponseDto } from './audit.dto';
+import { IAuditRepository } from './audit.repository';
+
+@Injectable()
+export class AuditService {
+  private access: AccessCore;
+
+  constructor(
+    @Inject(IAccessRepository) accessRepository: IAccessRepository,
+    @Inject(IAuditRepository) private repository: IAuditRepository,
+  ) {
+    this.access = new AccessCore(accessRepository);
+  }
+
+  async handleCleanup(): Promise<boolean> {
+    await this.repository.removeBefore(DateTime.now().minus(AUDIT_LOG_MAX_DURATION).toJSDate());
+    return true;
+  }
+
+  async getDeletes(authUser: AuthUserDto, dto: AuditDeletesDto): Promise<AuditDeletesResponseDto> {
+    const userId = dto.userId || authUser.id;
+    await this.access.requirePermission(authUser, Permission.LIBRARY_READ, userId);
+
+    const audits = await this.repository.getAfter(dto.after, {
+      ownerId: userId,
+      entityType: dto.entityType,
+      action: DatabaseAction.DELETE,
+    });
+
+    const duration = DateTime.now().diff(DateTime.fromJSDate(dto.after));
+
+    return {
+      needsFullSync: duration > AUDIT_LOG_MAX_DURATION,
+      ids: audits.map(({ entityId }) => entityId),
+    };
+  }
+}

server/src/domain/audit/index.ts

@@ -0,0 +1,3 @@
+export * from './audit.dto';
+export * from './audit.repository';
+export * from './audit.service';