284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
104 lines
3.7 KiB
JavaScript
104 lines
3.7 KiB
JavaScript
/**
|
|
* Creates the extension_audit_logs table for tracking ALL extension activity.
|
|
* Provides security audit trail and usage analytics for the Nine Minds reporting extension.
|
|
*
|
|
* Supports:
|
|
* - Platform reports (report.list, report.create, report.execute, etc.)
|
|
* - Tenant management (tenant.create, tenant.resend_email, tenant.cancel_subscription, etc.)
|
|
* - Any future extension features
|
|
*/
|
|
|
|
exports.up = async function up(knex) {
|
|
await knex.schema.createTable('extension_audit_logs', (table) => {
|
|
table.uuid('tenant').notNullable(); // MASTER_BILLING_TENANT_ID
|
|
table.uuid('log_id').notNullable().defaultTo(knex.raw('gen_random_uuid()'));
|
|
|
|
// Event type examples:
|
|
// Reports: report.list, report.view, report.create, report.update, report.delete, report.execute, schema.view
|
|
// Tenant management: tenant.list, tenant.create, tenant.resend_email, tenant.cancel_subscription
|
|
// General: extension.access
|
|
table.string('event_type', 100).notNullable();
|
|
|
|
// User who performed the action
|
|
table.uuid('user_id').nullable();
|
|
table.string('user_email', 255).nullable();
|
|
|
|
// Resource context (generic - can be report, tenant, user, subscription, etc.)
|
|
table.string('resource_type', 50).nullable(); // 'report', 'tenant', 'user', 'subscription'
|
|
table.string('resource_id', 255).nullable(); // UUID or external ID
|
|
table.string('resource_name', 255).nullable(); // Human-readable name
|
|
|
|
// Workflow tracking (for Temporal workflows)
|
|
table.string('workflow_id', 255).nullable();
|
|
table.string('status', 50).nullable(); // 'pending', 'completed', 'failed', 'running'
|
|
table.text('error_message').nullable();
|
|
|
|
// Additional event details (parameters, filters, execution time, etc.)
|
|
table.jsonb('details').nullable();
|
|
|
|
// Client information
|
|
table.string('ip_address', 45).nullable(); // IPv6 max length
|
|
table.text('user_agent').nullable();
|
|
|
|
// Timestamp
|
|
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
|
|
|
|
// Composite primary key
|
|
table.primary(['tenant', 'log_id'], {
|
|
constraintName: 'extension_audit_logs_pk',
|
|
});
|
|
});
|
|
|
|
// Citus distribution
|
|
const citusEnabled = await knex.raw(`
|
|
SELECT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'citus') as enabled
|
|
`);
|
|
|
|
if (citusEnabled.rows?.[0]?.enabled) {
|
|
const isDistributed = await knex.raw(`
|
|
SELECT EXISTS (
|
|
SELECT 1 FROM pg_dist_partition
|
|
WHERE logicalrelid = 'extension_audit_logs'::regclass
|
|
) as distributed
|
|
`);
|
|
|
|
if (!isDistributed.rows?.[0]?.distributed) {
|
|
await knex.raw(`
|
|
SELECT create_distributed_table('extension_audit_logs', 'tenant', colocate_with => 'tenants')
|
|
`);
|
|
}
|
|
}
|
|
|
|
// Indexes for common queries
|
|
await knex.schema.raw(`
|
|
CREATE INDEX IF NOT EXISTS extension_audit_logs_tenant_created_idx
|
|
ON extension_audit_logs (tenant, created_at DESC);
|
|
`);
|
|
|
|
await knex.schema.raw(`
|
|
CREATE INDEX IF NOT EXISTS extension_audit_logs_tenant_event_type_idx
|
|
ON extension_audit_logs (tenant, event_type);
|
|
`);
|
|
|
|
await knex.schema.raw(`
|
|
CREATE INDEX IF NOT EXISTS extension_audit_logs_tenant_user_idx
|
|
ON extension_audit_logs (tenant, user_id) WHERE user_id IS NOT NULL;
|
|
`);
|
|
|
|
await knex.schema.raw(`
|
|
CREATE INDEX IF NOT EXISTS extension_audit_logs_tenant_resource_idx
|
|
ON extension_audit_logs (tenant, resource_type, resource_id) WHERE resource_id IS NOT NULL;
|
|
`);
|
|
|
|
await knex.schema.raw(`
|
|
CREATE INDEX IF NOT EXISTS extension_audit_logs_tenant_status_idx
|
|
ON extension_audit_logs (tenant, status) WHERE status IS NOT NULL;
|
|
`);
|
|
};
|
|
|
|
exports.down = async function down(knex) {
|
|
await knex.schema.dropTableIfExists('extension_audit_logs');
|
|
};
|
|
|
|
exports.config = { transaction: false }; // Required for Citus DDL
|