package audit import ( "bytes" "context" "github.com/99designs/gqlgen/graphql" "github.com/vektah/gqlparser/v2/formatter" "edge-infra.dev/pkg/edge/api/graphqlhelpers" "edge-infra.dev/pkg/edge/api/middleware" "edge-infra.dev/pkg/edge/api/middleware/request" "edge-infra.dev/pkg/edge/audit" "edge-infra.dev/pkg/edge/bsl" ) func (a Provider) ExtensionName() string { return "AuditLog" } func (a Provider) Validate(_ graphql.ExecutableSchema) error { return nil } func (a Provider) InterceptResponse(ctx context.Context, next graphql.ResponseHandler) *graphql.Response { user := middleware.ForContext(ctx) resp := next(ctx) auditlogger := audit.New("edge-api") opts := []audit.Option{ audit.WithStatus(graphqlhelpers.GetResponseStatus(resp)), audit.WithUserIP(request.FromContext(ctx, request.IPCtxKey{})), audit.WithUserAgent(request.FromContext(ctx, request.UserAgentCtxKey{})), audit.WithRequestURL(request.FromContext(ctx, request.URLCtxKey{})), audit.WithMethod(request.FromContext(ctx, request.MethodCtxKey{})), audit.WithIdentifier(request.FromContext(ctx, request.CorrelationIDCtxKey{})), } if user != nil { opts = append(opts, audit.WithActor(user.Username), audit.WithAuthProvider(user.AuthProvider), audit.WithTenant(bsl.GetOrgShortName(user.Organization))) } opctx := graphql.GetOperationContext(ctx) op := graphqlhelpers.GetOperation(opctx) if op != nil { opts = append(opts, audit.WithOperationName(string(*op))) } rawquery := graphqlhelpers.GetRawQuery(opctx) schema, err := graphqlhelpers.ParseQuery(rawquery) if err != nil { return resp } graphqlhelpers.SanitizeDocument(schema) variables := graphqlhelpers.GetVariables(opctx) graphqlhelpers.UpdateQueryWithVariables(schema, variables) buf := bytes.NewBuffer(nil) formatter.NewFormatter(buf).FormatQueryDocument(schema) opts = append(opts, audit.WithInput(buf.String())) params := graphqlhelpers.GetParams(opctx, schema) auditlogger.Log(append(opts, audit.WithParameters(params))...) return resp }