Security
Retraced is the easiest way to integrate a compliant audit log into your application. It provides a searchable, exportable record of read/write events. Client libraries are available for Go and Javascript.
Please head to https://boxyhq.com/docs/retraced/overview for detailed documentation on how to get started with Retraced.
docker-compose up -d
ornpm run dev
Note: ADMIN_ROOT_TOKEN
has been set to dev
so you can test the setup locally. Please remember to change this (and other relevant sensitive env vars/secrets) in production.
Git checkout the Logs Viewer repo and run npm i
followed by npm run dev
to start an example which uses Retraced to show you some auto generated events. Refresh the UI a few times for the auto-generated audit logs to kick in. You can also ingest a few custom logs using the following curl command:-
curl -X POST -H "Content-Type: application/json" -H "Authorization: token=dev" -d '{
"action": "some.record.created",
"teamId": "boxyhq",
"group": {
"id": "dev",
"name": "dev"
},
"crud": "c",
"created": "2023-01-16T15:48:44.573Z",
"source_ip": "127.0.0.1",
"actor": {
"id": "jackson@boxyhq.com",
"name": "Jackson"
},
"target": {
"id": "100",
"name": "tasks",
"type": "Tasks"
}
}' http://localhost:3000/auditlog/publisher/v1/project/dev/event
You can also use the Admin Portal but will need to setup the SMTP env vars so that you can use the magic link to log into the Portal, we are working to support other forms of authentication and would love to hear which provider you'd like supported next.
You could alternatively use Skaffold instead of docker-compose to run Retraced locally.
npm run run:skaffold
orskaffold run -f skaffold-dev.yaml --status-check=false --force=true
Swagger spec is generated from source using TSOA
By default, a swagger spec is built as part of npm run build
, and is served by express at /publisher/v1/swagger.json
.
To generate swagger.json from Typescript sources use
npm run swagger
The outputs will be written to build/swagger.json
Thanks for taking the time to contribute! Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make will benefit everybody else and are appreciated.
Please try to create bug reports that are:
Reach out to the maintainers at one of the following places: