dalssoft
commented
1 year ago The way I see it, these are the problems with the current implementation
- not configurable on the small details of the audit trail
- not able to disable the audit trail for a specific step
- doesn't handle big number of returned data
- doesn't handle sensitive data
- can be hard to read
With that, here are some ideas to improve the audit trail:
- make the audit trail configurable
const changeUserToAdmin = injection =>
usecase('Change User to Admin', {
auditTrail: {
step: (step, auditTrail) => delete auditTrail.password, // function to be executed on each step
usecase: (auditTrail) => delete auditTrail.return, // function to be executed on the end of the usecase
auditUseCaseReturn: false, // if the audit trail should return the usecase return
auditStepReturn: false, // if the audit trail should return the step return,
auditElapsedTime: false, // if the audit trail should return the elapsed time
},
'Retrieve the User': step(async ctx => {
it could have multiple options, for each environment, for example:
config.auditTrail = isProd ? {
auditStepReturn: false,
} : {
}
const changeUserToAdmin = injection =>
usecase('Change User to Admin', {
auditTrail: config.auditTrail,
'Retrieve the User': step(async ctx => {
- make audit trail easier to read
uc.auditTrail.format()
// would output a readable audit trail
- handle sensitive data
Audit Trail should, by default, not log sensitive data, like passwords, credit card numbers, etc. and have some convention to handle it.
This could be turned off by the user, but by default, it should be on.
jhomarolo
Is your feature request related to a problem? Please describe. Today the herbs audit trail provided us with many inputs, but sometimes too much, especially when we are in a local environment (debug).
This has already generated some problems, such as writing bottlenecks, unnecessary information traffic, etc.
It would be nice to have the option of not displaying/generating a field in the audit trail.