Create audit log record on every request

CDCgov / prime-simplereport

SimpleReport is a fast, free, and easy way for COVID-19 testing facilities to report results to public health departments.

https://simplereport.gov

Creative Commons Zero v1.0 Universal

58 stars 53 forks source link

Create audit log record on every request #798

Closed timbest-cdc closed 3 years ago

timbest-cdc commented 3 years ago

Every call to the /graphql endpoints should be recorded in the audit log

Find a central point in the graphql server logic to grab every inbound request and create a audit log record with the operationName, the requesting users permissions, and the query

TomNUSDS commented 3 years ago

@benwarfield-usds We should consider running the audit log on a different database server so it can be tuned specifically for write optimization and other such things.

Also, I'm wondering if anyone has used Timescale. It seems to be a pre-optimized postgres database variant. It says it has "SOC2, ISO27001, HIPAA compliance". There is a free community edition what we'd be able to install/manage.

benwarfield-usds commented 3 years ago

Assumed: this now also applies to every call to the /pxp controllers (but not the unauthenticated sign-up forms).

timbest-cdc commented 3 years ago

Done.