e115934061
Publish `@librechat/data-schemas` to NPM / pack (push) Failing after 8s
Publish `@librechat/client` to NPM / pack (push) Failing after 0s
GitNexus Index / index (push) Failing after 1s
Sync Locize Translations & Create Translation PR / Create Translation PR on Version Published (push) Has been skipped
Sync Helm Chart Tags / Sync chart tags (push) Failing after 2s
Publish `librechat-data-provider` to NPM / pack (push) Failing after 1s
Docker Dev Images Build / build (Dockerfile, librechat-dev, node) (push) Failing after 1s
Docker Dev Images Build / build (Dockerfile.multi, librechat-dev-api, api-build) (push) Failing after 0s
Sync Helm Chart Tags / Ignore non-main push (push) Has been skipped
Sync Locize Translations & Create Translation PR / Sync Translation Keys with Locize (push) Failing after 1s
Publish `@librechat/client` to NPM / publish-npm (push) Has been cancelled
Publish `librechat-data-provider` to NPM / publish-npm (push) Has been cancelled
GitNexus Index / post-index (push) Has been cancelled
Publish `@librechat/data-schemas` to NPM / publish-npm (push) Has been cancelled
36 lines
1.5 KiB
JavaScript
36 lines
1.5 KiB
JavaScript
const express = require('express');
|
|
const { createAdminAuditLogHandlers } = require('@librechat/api');
|
|
const { SystemCapabilities } = require('@librechat/data-schemas');
|
|
const { requireCapability } = require('~/server/middleware/roles/capabilities');
|
|
const { requireJwtAuth } = require('~/server/middleware');
|
|
const db = require('~/models');
|
|
|
|
const router = express.Router();
|
|
|
|
const requireAdminAccess = requireCapability(SystemCapabilities.ACCESS_ADMIN);
|
|
const requireAuditLogRead = requireCapability(SystemCapabilities.READ_AUDIT_LOG);
|
|
|
|
const handlers = createAdminAuditLogHandlers({
|
|
listAuditLogPage: db.listAuditLogPage,
|
|
findAuditLogEntry: db.findAuditLogEntry,
|
|
streamAuditLogEntries: db.streamAuditLogEntries,
|
|
verifyAuditChain: db.verifyAuditChain,
|
|
});
|
|
|
|
/**
|
|
* `ACCESS_ADMIN` gates entry to the admin surface; `READ_AUDIT_LOG` then gates
|
|
* this specific feature within that surface. The two capabilities are
|
|
* independent in `CapabilityImplications`, so a role delegated only
|
|
* `READ_AUDIT_LOG` without `ACCESS_ADMIN` would otherwise bypass the admin
|
|
* boundary on this router — every other admin router enforces the same pair.
|
|
*/
|
|
router.use(requireJwtAuth, requireAdminAccess, requireAuditLogRead);
|
|
|
|
router.get('/', handlers.listAuditLog);
|
|
/** Literal sub-paths MUST precede `/:id` so they aren't matched as `{ id }`. */
|
|
router.get('/export.csv', handlers.exportAuditLogCsv);
|
|
router.get('/verify', handlers.verifyAuditLog);
|
|
router.get('/:id', handlers.getAuditLogEntry);
|
|
|
|
module.exports = router;
|