Project

audits1984

0.12
No release in over a year
audits1984basecamp/audits1984HomepageDocumentationSource CodeBug TrackerWiki
Rails engine that implements a simple auditing tool for console1984 sessions
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
1,342,623
Stars
397
Forks
27
Watchers
9
 Releases
Current version
0.1.7
Total releases
8
First release
2021-08-19
Latest release
2024-07-17
 Issues
Open Issues
0
Closed Issues
9
Total Issues
9
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
4
Closed Pull Requests
15
Merged Pull Requests
26
Pull Request Acceptance Rate
57%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2025-03-14
Reverse Dependencies
0

 Dependencies

Runtime

console1984
>= 0
rinku
>= 0
rouge
>= 0
turbo-rails
>= 0
 Project Readme

Build Status

Audits1984

A simple auditing tool for console1984.

Installation

Add it to your Gemfile:

gem 'audits1984'

Create tables to store audits in the database:

rails audits1984:install:migrations
rails db:migrate

Mount the engine in your routes.rb:

mount Audits1984::Engine => "/console"

API-only apps or apps using vite_rails and other asset pipelines outside Rails

If you want to use this gem with an API-only Rails app or an app that's using vite_ruby/vite_rails, or some other custom asset pipeline different from Sprockets and Propshaft, you need just one more thing: configure an asset pipeline so you can serve the JavaScript and CSS included in this gem. We recommend to use Propshaft. You simply need to add this line to your application's Gemfile:

gem "propshaft"

Then execute

$ bundle install

And you should be ready to go.

Application authentication for auditors

By default, the library controllers will inherit from the host application's ApplicationController. To authenticate auditors, you need to implement a method #find_current_auditor in your ApplicationController. This method must return a record representing the auditing user. It can be any model but it has to respond to #name.

For example, Imagine all the staff in your company can audit console sessions:

def find_current_auditor
  Current.user if Current.user&.staff?
end

Bearer tokens for auditors

Auditors can generate bearer tokens for API access via the token management UI at /console/auditor_token. By default, Audits1984::ApplicationController will respect a valid bearer token.

For some applications that have more complex authentication requirements, the auditor_from_bearer_token method is available in your base controller class to integrate token authentication into your own auth flow.

For example, to allow bearer token authentication before your normal auth:

class Admin::AuditController < AdminController
  private
    # Extend the existing application authentication to support bearer token
    def require_authentication
      authenticate_by_audit_bearer_token || super
    end

    def authenticate_by_audit_bearer_token
      if auditor = auditor_from_bearer_token
        Current.user = auditor
      end
    end

    def find_current_auditor
      Current.user
    end
end

Then configure audits1984 to use this controller:

config.audits1984.base_controller_class = "Admin::AuditController"

Applications using UUID primary keys

The default migration creates auditor_id as an integer column. If your application uses UUIDs as primary keys, you'll need to modify the generated migration after copying it into your application. Change the auditor reference to specify the UUID type:

# Change this:
t.references :auditor, null: false

# To this:
t.references :auditor, null: false, type: :uuid

See #47 for more details.

Usage

The main screen lists the registered console sessions. It includes a form to filter sessions by date, and also to only show that contains sensitive accesses.

Main screen listing the registered console sessions with a filter form

You can click on a session to see its commands and choose whether it was an appropiate console usage or not.

Audit session screen

After making a decision on the session, you will be redirected to the next pending session, based on the filter configured in the main screen.

That's it. I said it was simple.

Configuration

These config options are namespaced in config.audits1984:

Name Description
auditor_class The name of the auditor class. By default it's ::User.
auditor_name_attribute The attribute on the auditor class that returns the auditor's name. By default it's :name.
base_controller_class The host application base class that will be the parent of audit1984 controllers. By default it's ::ApplicationController.

Contributing

Testing against different Rails versions

This project uses Appraisal to test against multiple Rails versions. The Appraisals file defines the matrix and the generated gemfiles live in gemfiles/.

To run tests against a specific Rails version:

bundle exec appraisal rails-8-0 bin/rails test
bundle exec appraisal rails-8-1 bin/rails test

To run tests against all Rails versions:

bundle exec appraisal bin/rails test

To regenerate the appraisal gemfiles after changing the Appraisals file:

bundle exec appraisal install