boxyhq · ukrocks007 · Nov 17, 2023 · Nov 20, 2023 · Nov 20, 2023 · Nov 20, 2023
diff --git a/.env.example b/.env.example
@@ -45,6 +45,9 @@ NEXTAUTH_ADMIN_CREDENTIALS=
 RETRACED_HOST_URL=
 RETRACED_EXTERNAL_URL=
 RETRACED_ADMIN_ROOT_TOKEN=
+RETRACED_API_KEY=
+RETRACED_PROJECT_ID=
+AUDIT_LOG_TEAMS=
 
 # Admin Portal for Terminus (Privacy Vault)
 TERMINUS_PROXY_HOST_URL=

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -452,3 +452,20 @@ jobs:
         working-directory: ./${{ matrix.package }}
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - run: npm install
+        working-directory: ./ee/security-sinks
+
+      - name: Publish Security_Sink
+        if: github.ref == 'refs/heads/release' || contains(github.ref, 'refs/tags/beta-v')
+        run: |
+          npm install -g json
+          JACKSON_VERSION=${{ needs.ci.outputs.NPM_VERSION }}
+          json -I -f package.json -e "this.main=\"dist/index.js\""
+          json -I -f package.json -e "this.types=\"dist/index.d.ts\""
+          json -I -f package.json -e "this.version=\"${JACKSON_VERSION}\""
+
+          npm publish --tag ${{ needs.ci.outputs.PUBLISH_TAG }} --access public
+        working-directory: ./ee/security-sinks
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/Dockerfile b/Dockerfile
@@ -11,6 +11,7 @@ WORKDIR /app
 COPY package.json package-lock.json  ./
 COPY npm npm
 COPY internal-ui internal-ui
+COPY ee/security-sinks ee/security-sinks
 COPY migrate.sh prebuild.ts ./
 RUN npm install
 RUN npm rebuild --arch=x64 --platform=linux --libc=musl sharp
@@ -22,6 +23,7 @@ WORKDIR /app
 
 COPY --from=deps /app/npm ./npm
 COPY --from=deps /app/internal-ui ./internal-ui
+COPY --from=deps /app/ee/security-sinks ./ee/security-sinks
 COPY --from=deps /app/node_modules ./node_modules
 COPY . .
 

diff --git a/check-locale.js b/check-locale.js
@@ -2,6 +2,12 @@ const fs = require('fs');
 const path = require('path');
 const regExp = /\bt\('(.*?)'/gm;
 const altRegExp = /\bi18nKey='(.*?)'/gm;
+const exceptionList = [
+  'splunk_event_collector_url',
+  'splunk_hec_endpoint_placeholder',
+  'default_token',
+  'default_token_placeholder',
+];
 
 const allStrings = {};
 
@@ -43,7 +49,7 @@ files.forEach((file) => {
 });
 
 Object.keys(localeFile).forEach((key) => {
-  if (!allStrings[key]) {
+  if (!allStrings[key] && !exceptionList.includes(key)) {
     error = true;
     console.error(`Unused key: ${key}`);
   }

diff --git a/components/Sidebar.tsx b/components/Sidebar.tsx
@@ -128,6 +128,11 @@ export const Sidebar = ({ isOpen, setIsOpen }: SidebarProps) => {
           text: 'Branding',
           active: asPath.includes('/admin/settings/branding'),
         },
+        {
+          href: '/admin/settings/security-logs',
+          text: 'Security Logs',
+          active: asPath.includes('/admin/settings/security-logs'),
+        },
       ],
     },
   ];

diff --git a/ee/branding/api/admin/index.ts b/ee/branding/api/admin/index.ts
@@ -1,6 +1,7 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 
 import jackson from '@lib/jackson';
+import retraced from '@ee/retraced';
 import { defaultHandler } from '@lib/api';
 
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
@@ -15,6 +16,12 @@ const handlePOST = async (req: NextApiRequest, res: NextApiResponse) => {
 
   const { logoUrl, faviconUrl, companyName, primaryColor } = req.body;
 
+  retraced.reportAdminPortalEvent({
+    action: 'portal.branding.update',
+    crud: 'u',
+    req,
+  });
+
   res.json({
     data: await brandingController.update({ logoUrl, faviconUrl, companyName, primaryColor }),
   });

diff --git a/ee/federated-saml/api/admin/[id]/index.ts b/ee/federated-saml/api/admin/[id]/index.ts
@@ -1,6 +1,7 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 
 import jackson from '@lib/jackson';
+import retraced from '@ee/retraced';
 import { defaultHandler } from '@lib/api';
 
 const handler = async (req: NextApiRequest, res: NextApiResponse) => {
@@ -34,6 +35,15 @@ const handlePATCH = async (req: NextApiRequest, res: NextApiResponse) => {
 
   const updatedApp = await samlFederatedController.app.update(req.body);
 
+  retraced.reportAdminPortalEvent({
+    action: 'federation.app.update',
+    crud: 'u',
+    req,
+    target: {
+      id: updatedApp.id,
+    },
+  });
+
   res.json({ data: updatedApp });
 };
 
@@ -45,6 +55,15 @@ const handleDELETE = async (req: NextApiRequest, res: NextApiResponse) => {
 
   await samlFederatedController.app.delete({ id });
 
+  retraced.reportAdminPortalEvent({
+    action: 'federation.app.delete',
+    crud: 'd',
+    req,
+    target: {
+      id,
+    },
+  });
+
   res.json({ data: null });
 };
 

diff --git a/ee/federated-saml/api/admin/index.ts b/ee/federated-saml/api/admin/index.ts
@@ -1,6 +1,7 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
 
 import jackson from '@lib/jackson';
+import retraced from '@ee/retraced';
 import { defaultHandler } from '@lib/api';
 import { parsePaginateApiParams } from '@lib/utils';
 
@@ -17,6 +18,15 @@ const handlePOST = async (req: NextApiRequest, res: NextApiResponse) => {
 
   const app = await samlFederatedController.app.create(req.body);
 
+  retraced.reportAdminPortalEvent({
+    action: 'federation.app.create',
+    crud: 'c',
+    req,
+    target: {
+      id: app.id,
+    },
+  });
+
   res.status(201).json({ data: app });
 };