davepi-plugin-audit 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/lib/diff.js +17 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -57,7 +57,7 @@ Each row carries these fields (schema declared at boot):
|
|
|
57
57
|
| `ip`, `userAgent`, `reqId` | Request metadata captured at the producing handler. May be `null` for non-HTTP producers (the MCP tools, internal jobs). |
|
|
58
58
|
| `at` | Timestamp the row was written (also drives the TTL index). |
|
|
59
59
|
|
|
60
|
-
The standard `createdAt` / `updatedAt` are also there from the framework's
|
|
60
|
+
The standard `createdAt` / `updatedAt` are also there from the framework's built-in `timestamps`, but `at` is the canonical time-of-event field — it's what the TTL is keyed on, and it's what you sort by when reconstructing a history.
|
|
61
61
|
|
|
62
62
|
## Reading the audit log
|
|
63
63
|
|
package/lib/diff.js
CHANGED
|
@@ -23,10 +23,24 @@
|
|
|
23
23
|
|
|
24
24
|
const jsonpatch = require('fast-json-patch');
|
|
25
25
|
|
|
26
|
+
/**
|
|
27
|
+
* JSON-normalise a snapshot before diffing. `fast-json-patch` walks own
|
|
28
|
+
* enumerable keys, and a `Date` has none — so it sees two different
|
|
29
|
+
* `Date` instances as equal empty objects and emits no op for a changed
|
|
30
|
+
* timestamp. Serialising through JSON turns Dates into ISO strings (the
|
|
31
|
+
* exact shape the snapshots are read back as over REST), so a changed
|
|
32
|
+
* `updatedAt` / `createdAt` / `deletedAt` is captured as a real
|
|
33
|
+
* `replace` op and the diff round-trips (`applyPatch(before, diff)` ===
|
|
34
|
+
* `after`). `null` / `undefined` coerce to `{}` so the patch is a
|
|
35
|
+
* top-level add/remove series rather than a root-replace.
|
|
36
|
+
*/
|
|
37
|
+
function normalise(snapshot) {
|
|
38
|
+
if (snapshot === null || snapshot === undefined) return {};
|
|
39
|
+
return JSON.parse(JSON.stringify(snapshot));
|
|
40
|
+
}
|
|
41
|
+
|
|
26
42
|
function compare(before, after) {
|
|
27
|
-
|
|
28
|
-
const a = after === null || after === undefined ? {} : after;
|
|
29
|
-
return jsonpatch.compare(b, a);
|
|
43
|
+
return jsonpatch.compare(normalise(before), normalise(after));
|
|
30
44
|
}
|
|
31
45
|
|
|
32
46
|
module.exports = { compare };
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "davepi-plugin-audit",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.1",
|
|
4
4
|
"description": "Immutable append-only audit log for dAvePi. Subscribes to the in-process record event bus and writes one row per CRUD mutation (with before/after, JSON-patch diff, actor, IP, user-agent, and request ID) into an auto-registered `audit` collection that's queryable through the standard REST + GraphQL surface. Admin-only list bypass, no API-level writes, optional TTL retention, redaction, and per-resource allow/deny lists.",
|
|
5
5
|
"license": "ISC",
|
|
6
6
|
"homepage": "https://docs.davepi.dev/features/plugins/",
|