Merge branch 'main' of https://github.com/Infisical/infisical

backend/src/app.ts

@@ -13,7 +13,9 @@ import { apiLimiter } from './helpers/rateLimiter';
 
 import {
   workspace as eeWorkspaceRouter,
-  secret as eeSecretRouter
+  secret as eeSecretRouter,
+  secretSnapshot as eeSecretSnapshotRouter,
+  action as eeActionRouter
 } from './ee/routes/v1';
 import {
   signup as v1SignupRouter,
@@ -70,7 +72,9 @@ if (NODE_ENV === 'production') {
 
 // (EE) routes
 app.use('/api/v1/secret', eeSecretRouter);
+app.use('/api/v1/secret-snapshot', eeSecretSnapshotRouter);
 app.use('/api/v1/workspace', eeWorkspaceRouter);
+app.use('/api/v1/action', eeActionRouter);
 
 // v1 routes
 app.use('/api/v1/signup', v1SignupRouter);

backend/src/controllers/v1/secretController.ts

@@ -123,7 +123,9 @@ export const pullSecrets = async (req: Request, res: Response) => {
 		secrets = await pull({
 			userId: req.user._id.toString(),
 			workspaceId,
-			environment
+			environment,
+			channel: channel ? channel : 'cli',
+			ipAddress: req.ip
 		});
 
 		key = await Key.findOne({
@@ -188,7 +190,9 @@ export const pullSecretsServiceToken = async (req: Request, res: Response) => {
 		secrets = await pull({
 			userId: req.serviceToken.user._id.toString(),
 			workspaceId,
-			environment
+			environment,
+			channel: 'cli',
+			ipAddress: req.ip
 		});
 
 		key = {

backend/src/controllers/v2/secretController.ts

@@ -2,7 +2,7 @@ import to from "await-to-js";
 import { Request, Response } from "express";
 import mongoose, { Types } from "mongoose";
 import Secret, { ISecret } from "../../models/secret";
-import { CreateSecretRequestBody, ModifySecretRequestBody, SanitizedSecretForCreate, SanitizedSecretModify } from "../../types/secret/types";
+import { CreateSecretRequestBody, ModifySecretRequestBody, SanitizedSecretForCreate, SanitizedSecretModify } from "../../types/secret";
 const { ValidationError } = mongoose.Error;
 import { BadRequestError, InternalServerError, UnauthorizedRequestError, ValidationError as RouteValidationError } from '../../utils/errors';
 import { AnyBulkWriteOperation } from 'mongodb';

backend/src/controllers/v2/workspaceController.ts

@@ -11,10 +11,6 @@ import {
 	ServiceToken,
 	ServiceTokenData
 } from '../../models';
-import {
-	createWorkspace as create,
-	deleteWorkspace as deleteWork
-} from '../../helpers/workspace';
 import {
 	v2PushSecrets as push,
 	pullSecrets as pull,
@@ -50,7 +46,6 @@ interface V2PushSecret {
  */
 export const pushWorkspaceSecrets = async (req: Request, res: Response) => {
 	// upload (encrypted) secrets to workspace with id [workspaceId]
-
 	try {
 		let { secrets }: { secrets: V2PushSecret[] } = req.body;
 		const { keys, environment, channel } = req.body;
@@ -70,7 +65,9 @@ export const pushWorkspaceSecrets = async (req: Request, res: Response) => {
 			userId: req.user._id,
 			workspaceId,
 			environment,
-			secrets
+			secrets,
+			channel: channel ? channel : 'cli',
+			ipAddress: req.ip
 		});
 
 		await pushKeys({
@@ -136,7 +133,9 @@ export const pullSecrets = async (req: Request, res: Response) => {
 		secrets = await pull({
 			userId,
 			workspaceId,
-			environment
+			environment,
+			channel: channel ? channel : 'cli',
+			ipAddress: req.ip
 		});
 
 		if (channel !== 'cli') {
@@ -196,7 +195,7 @@ export const getWorkspaceServiceTokenData = async (
 ) => {
 	let serviceTokenData;
 	try {
-		const { workspaceId } = req.query;
+		const { workspaceId } = req.params;
 
 		serviceTokenData = await ServiceTokenData
 			.find({

backend/src/ee/controllers/v1/actionController.ts

@@ -0,0 +1,31 @@
+import { Request, Response } from 'express';
+import * as Sentry from '@sentry/node';
+import { Action, SecretVersion } from '../../models';
+import { ActionNotFoundError } from '../../../utils/errors';
+
+export const getAction = async (req: Request, res: Response) => {
+    let action;
+    try {
+        const { actionId } = req.params;
+
+        action = await Action
+            .findById(actionId)
+            .populate([
+                'payload.secretVersions.oldSecretVersion',
+                'payload.secretVersions.newSecretVersion'
+            ]);
+
+        if (!action) throw ActionNotFoundError({
+            message: 'Failed to find action'
+        });
+
+    } catch (err) {
+        throw ActionNotFoundError({
+            message: 'Failed to find action'
+        });
+    }
+
+    return res.status(200).send({
+        action
+    });
+}

backend/src/ee/controllers/v1/index.ts

@@ -1,9 +1,13 @@
 import * as stripeController from './stripeController';
 import * as secretController from './secretController';
+import * as secretSnapshotController from './secretSnapshotController';
 import * as workspaceController from './workspaceController';
+import * as actionController from './actionController';
 
 export {
     stripeController,
     secretController,
-    workspaceController
+    secretSnapshotController,
+    workspaceController,
+    actionController
 }

backend/src/ee/controllers/v1/secretController.ts

@@ -18,6 +18,7 @@ import { SecretVersion } from '../../models';
 		secretVersions = await SecretVersion.find({
 			secret: secretId
 		})
+		.sort({ createdAt: -1 })
 		.skip(offset)
 		.limit(limit);
 

backend/src/ee/controllers/v1/secretSnapshotController.ts

@@ -0,0 +1,27 @@
+import { Request, Response } from 'express';
+import * as Sentry from '@sentry/node';
+import { SecretSnapshot } from '../../models';
+
+export const getSecretSnapshot = async (req: Request, res: Response) => {
+    let secretSnapshot;
+    try {
+        const { secretSnapshotId } = req.params;
+
+        secretSnapshot = await SecretSnapshot
+            .findById(secretSnapshotId)
+            .populate('secretVersions');
+
+        if (!secretSnapshot) throw new Error('Failed to find secret snapshot');
+
+    } catch (err) {
+        Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get secret snapshot'
+		});
+    }
+
+    return res.status(200).send({
+        secretSnapshot
+    });
+}

backend/src/ee/controllers/v1/workspaceController.ts

@@ -1,6 +1,9 @@
-import { Request, Response } from 'express';
+import e, { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
-import { SecretSnapshot } from '../../models';
+import { 
+	SecretSnapshot,
+	Log
+} from '../../models';
 
 /**
  * Return secret snapshots for workspace with id [workspaceId]
@@ -18,6 +21,7 @@ import { SecretSnapshot } from '../../models';
 		secretSnapshots = await SecretSnapshot.find({
 			workspace: workspaceId
 		})
+		.sort({ createdAt: -1 })
 		.skip(offset)
 		.limit(limit);
 
@@ -32,4 +36,77 @@ import { SecretSnapshot } from '../../models';
 	return res.status(200).send({
 		secretSnapshots
 	});
+}
+
+/**
+ * Return count of secret snapshots for workspace with id [workspaceId]
+ * @param req 
+ * @param res 
+ */
+export const getWorkspaceSecretSnapshotsCount = async (req: Request, res: Response) => {
+	let count;
+	try {
+		const { workspaceId } = req.params;
+		count = await SecretSnapshot.countDocuments({
+			workspace: workspaceId
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to count number of secret snapshots'
+		});
+	}
+
+	return res.status(200).send({
+		count
+	});
+}
+
+/**
+ * Return (audit) logs for workspace with id [workspaceId]
+ * @param req 
+ * @param res 
+ * @returns 
+ */
+export const getWorkspaceLogs = async (req: Request, res: Response) => {
+	let logs
+	try {
+		const { workspaceId } = req.params;
+
+		const offset: number = parseInt(req.query.offset as string);
+		const limit: number = parseInt(req.query.limit as string);
+		const sortBy: string = req.query.sortBy as string;
+		const userId: string = req.query.userId as string;
+		const actionNames: string = req.query.actionNames as string;
+
+		logs = await Log.find({
+			workspace: workspaceId,
+			...( userId ? { user: userId } : {}),
+			...( 
+				actionNames 
+				? { 
+					actionNames: {
+						$in: actionNames.split(',')
+					}
+				} : {}
+			)
+		})
+		.sort({ createdAt: sortBy === 'recent' ? -1 : 1 })
+		.skip(offset)
+		.limit(limit)
+		.populate('actions')
+		.populate('user');
+
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get workspace logs'
+		});
+	}
+
+	return res.status(200).send({
+		logs
+	});
 }