Comments (3)
thepirat000
commented on June 23, 2024
1
The problem is that the configuration is independent between the AuditApiAttribute (filter) and the AuditMiddleware.
You're configuring the AuditApi filter not to log the response for that action, but the middleware will still log it since it has the IncludeResponseBody with no restrictions (UseAuditMiddleware(_ => _.IncludeResponseBody()))
On the other hand, the AuditIgnoreAttribute is globally used by both, the filter and the middleware.
I think you still have more options, one is including the logic to determine whether the response body should be logged by the audit middleware:
applicationBuilder.UseAuditMiddleware(config => config
.IncludeResponseBody(ctx => !ctx.Request.Path.Value.Contains("/sample/action"))
//...
);Or you can even try to get the action filter in the middleware configuration and use its value:
applicationBuilder.UseAuditMiddleware(config => config
.IncludeResponseBody(ctx =>
{
var auditApiAttribute = ctx.GetEndpoint()?.Metadata.GetMetadata<ControllerActionDescriptor>()?
.FilterDescriptors
.Select(f => f.Filter)
.OfType<AuditApiAttribute>()
.FirstOrDefault();
return auditApiAttribute?.IncludeResponseBody ?? true;
})Another option could be to exclude the response body from the audit event after it's created, but before it's saved with a custom action, for example:
Audit.Core.Configuration.AddOnSavingAction(scope =>
{
var apiAction = scope.GetWebApiAuditAction();
if (apiAction?.ActionName == "SampleAction")
{
apiAction.ResponseBody.Value = null;
}
});from audit.net.
SerhiyBalan
commented on June 23, 2024
1
@thepirat000 thank you very much for the tips!
Solutions 1 and 3 are not ideal for big projects. It is hard to maintain them if I use controller/action names as strings for filtering.
Solution 2 is a good one (with GetEndpoint).
It improves project maintainability a lot.
However, I decided to introduce two new attributes in my project: AuditIgnoreRequestBodyAttributeand AuditIgnoreResponseBodyAttribute.
For me, it is much easier to work with rather than working with the master attribute like [AuditApi(IncludeResponseBody = true)]
You can close this issue if you want
from audit.net.
SerhiyBalan
commented on June 23, 2024
I managed to find an another workaround
and it is kinda weird
[AuditApi]
public class SampleController : BaseController
{
[HttpGet]
[AllowAnonymous]
[return:AuditIgnore]
[AuditApi(IncludeResponseBody = true)]
public Task<SomeModel> ([FromBody] SomeOtherModel model)
{
...
}
}
so for some strange reason this combination works
[return:AuditIgnore]
[AuditApi(IncludeResponseBody = true)]
and this one doesn't work
[return:AuditIgnore]
[AuditApi(IncludeResponseBody = false)]
this one doesn't work too
[return:AuditIgnore] // single attribute, without [AuditApi]
from audit.net.
Related Issues (20)
- Override feature doesn't work. HOT 2
- EventEntry.EntityType is null HOT 2
- If EF Core configures different column name for a entity property , the corresponding value of audit property is null HOT 2
- EF Interceptor should not crash the workflow if something fails during audit HOT 5
- I need help with EF Core HOT 9
- UseElasticsearch entity update issue HOT 8
- Is there a UI code to show these logs? HOT 1
- ElasticSearch provider create json file in working directory HOT 8
- Migration doesn't create Audit_ tables HOT 4
- Support CancellationToken on all async methods HOT 3
- I get a missing method Exception when saving HOT 11
- Response content not capturing correctly when Exception Handlers is used HOT 1
- Error on inserting Audit Data HOT 2
- EF Core value updates not audited HOT 3
- EF Core value updates are not audited HOT 13
- Custom field empty in Entries Array HOT 3
- Bump Microsoft.Bcl.AsyncInterfaces HOT 1
- Limited configuration of MongoDB provider HOT 1
- Related object causes multiple audit entries HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from audit.net.