Merge pull request #3675 from uselagoon/user-last-accessed

feat: store user last accessed, and sshkey last used timestamps
uselagoon · Jun 30, 2024 · ea51af4 · ea51af4
2 parents c8418d2 + 828c247
commit ea51af4
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 0 deletions.
diff --git a/services/api/database/migrations/20240512000000_sshkeyused.js b/services/api/database/migrations/20240512000000_sshkeyused.js
@@ -0,0 +1,21 @@
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.up = async function(knex) {
+    return knex.schema
+    .alterTable('ssh_key', (table) => {
+        table.datetime('last_used');
+    })
+};
+
+/**
+ * @param { import("knex").Knex } knex
+ * @returns { Promise<void> }
+ */
+exports.down = async function(knex) {
+    return knex.schema
+    .alterTable('ssh_key', (table) => {
+        table.dropColumn('last_used');
+    })
+};
diff --git a/services/api/src/models/user.ts b/services/api/src/models/user.ts
@@ -21,6 +21,7 @@ export interface User {
   firstName?: string;
   lastName?: string;
   comment?: string;
+  lastAccessed?: string;
   gitlabId?: string;
   attributes?: IUserAttributes;
   owner?: boolean;
@@ -55,6 +56,7 @@ interface UserModel {
   updateUser: (userInput: UserEdit) => Promise<User>;
   deleteUser: (id: string) => Promise<void>;
   resetUserPassword: (id: string) => Promise<void>;
+  userLastAccessed: (userInput: User) => Promise<Boolean>;
   transformKeycloakUsers: (keycloakUsers: UserRepresentation[]) => Promise<User[]>;
 }
 
@@ -180,8 +182,14 @@ export const User = (clients: {
     let usersWithGitlabIdFetch = [];
 
     for (const user of users) {
+      // set the lastaccessed attribute
+      let date = null;
+      if (user['attributes']['last_accessed']) {
+        date = new Date(user['attributes']['last_accessed']*1000).toISOString()
+      }
       usersWithGitlabIdFetch.push({
         ...user,
+        lastAccessed: date,
         gitlabId: await fetchGitlabId(user)
       });
     }
@@ -534,6 +542,31 @@ export const User = (clients: {
     }
   };
 
+  const userLastAccessed = async (userInput: User): Promise<Boolean> => {
+    // set the last accessed as a unix timestamp on the user attributes
+    try {
+      const lastAccessed = {last_accessed: Math.floor(Date.now() / 1000)}
+      await keycloakAdminClient.users.update(
+        {
+          id: userInput.id
+        },
+        {
+          attributes: {
+            ...userInput.attributes,
+            ...lastAccessed
+          }
+        }
+      );
+    } catch (err) {
+      if (err.response.status && err.response.status === 404) {
+        throw new UserNotFoundError(`User not found: ${userInput.id}`);
+      } else {
+        logger.warn(`Error updating Keycloak user: ${err.message}`);
+      }
+    }
+    return true
+  };
+
   const updateUser = async (userInput: UserEdit): Promise<User> => {
     // comments used to be removed when updating a user, now they aren't
     let organizations = null;
@@ -680,6 +713,7 @@ export const User = (clients: {
     getUserRolesForProject,
     addUser,
     updateUser,
+    userLastAccessed,
     deleteUser,
     resetUserPassword,
     transformKeycloakUsers

diff --git a/services/api/src/routes/keys.ts b/services/api/src/routes/keys.ts
@@ -60,6 +60,28 @@ const keysRoute = async (
     logger.debug(`Unknown fingerprint: ${fingerprint}`);
   }
 
+  // update key used timestamp
+  const foundkey = await query(
+    sqlClientPool,
+    knex('ssh_key')
+      .select('id')
+      .where('key_fingerprint', fingerprint)
+      .toString(),
+  );
+  // check if a key is found
+  if (foundkey.length > 0) {
+    var date = new Date();
+    const convertDateFormat = R.init;
+    var lastUsed = convertDateFormat(date.toISOString());
+    await query(
+      sqlClientPool,
+      knex('ssh_key')
+        .where('id', foundkey[0].id)
+        .update({lastUsed: lastUsed})
+        .toString(),
+    );
+  }
+
   res.send(result);
 };
 

diff --git a/services/api/src/typeDefs.js b/services/api/src/typeDefs.js
@@ -438,6 +438,7 @@ const typeDefs = gql`
     keyType: String
     keyFingerprint: String
     created: String
+    lastUsed: String
   }
 
   type User {
@@ -452,6 +453,7 @@ const typeDefs = gql`
     # This just returns the group name, id and the role the user has in that group.
     # This is a neat way to visualize a users specific access without having to get all members of a group
     groupRoles: [GroupRoleInterface]
+    lastAccessed: String
   }
 
   type GroupMembership {

diff --git a/services/api/src/util/auth.ts b/services/api/src/util/auth.ts
@@ -187,6 +187,7 @@ export const keycloakHasPermission = (grant, requestCache, modelClients, service
       currentUser: [currentUser.id]
     };
 
+    await UserModel.userLastAccessed(currentUser);
 
     const usersAttribute = R.prop('users', attributes);
     if (usersAttribute && usersAttribute.length) {