From 3275a63b9993655a8be7152d0e1ae34b2a820c17 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Mon, 27 Jun 2022 15:35:20 +0200 Subject: [PATCH 1/2] Fix #148: Add auditing tables to PowerAuth server image --- deploy/data/postgresql/powerauth-server.sql | 93 ++++++++++++++------ deploy/data/postgresql/powerauth-webflow.sql | 2 +- 2 files changed, 68 insertions(+), 27 deletions(-) diff --git a/deploy/data/postgresql/powerauth-server.sql b/deploy/data/postgresql/powerauth-server.sql index 5b9d1fe..5550c11 100644 --- a/deploy/data/postgresql/powerauth-server.sql +++ b/deploy/data/postgresql/powerauth-server.sql @@ -266,6 +266,35 @@ CREATE TABLE shedlock ( locked_by VARCHAR(255) NOT NULL ); +-- +-- Create audit log table. +-- +CREATE TABLE audit_log ( + audit_log_id VARCHAR(36) PRIMARY KEY, + application_name VARCHAR(256) NOT NULL, + audit_level VARCHAR(32) NOT NULL, + audit_type VARCHAR(256), + timestamp_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + message TEXT NOT NULL, + exception_message TEXT, + stack_trace TEXT, + param TEXT, + calling_class VARCHAR(256) NOT NULL, + thread_name VARCHAR(256) NOT NULL, + version VARCHAR(256), + build_time TIMESTAMP +); + +-- +-- Create audit parameters table. +-- +CREATE TABLE audit_param ( + audit_log_id VARCHAR(36), + timestamp_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + param_key VARCHAR(256), + param_value VARCHAR(4000) +); + -- -- Ref Constraints for Table PA_ACTIVATION -- @@ -328,57 +357,69 @@ ALTER TABLE pa_operation ADD CONSTRAINT operation_application_fk FOREIGN KEY (ap --- Indexes for better performance. PostgreSQL does not create indexes on foreign key automatically. --- -CREATE INDEX PA_ACTIVATION_APPLICATION ON PA_ACTIVATION(APPLICATION_ID); +CREATE INDEX pa_activation_application ON pa_activation(application_id); + +CREATE INDEX pa_activation_keypair ON pa_activation(master_keypair_id); -CREATE INDEX PA_ACTIVATION_KEYPAIR ON PA_ACTIVATION(MASTER_KEYPAIR_ID); +CREATE INDEX pa_activation_code ON pa_activation(activation_code); -CREATE INDEX PA_ACTIVATION_CODE ON PA_ACTIVATION(ACTIVATION_CODE); +CREATE INDEX pa_activation_user_id ON pa_activation(user_id); -CREATE INDEX PA_ACTIVATION_USER_ID ON PA_ACTIVATION(USER_ID); +CREATE INDEX pa_activation_history_act ON pa_activation_history(activation_id); -CREATE INDEX PA_ACTIVATION_HISTORY_ACT ON PA_ACTIVATION_HISTORY(ACTIVATION_ID); +CREATE INDEX pa_activation_history_created ON pa_activation_history(timestamp_created); -CREATE INDEX PA_ACTIVATION_HISTORY_CREATED ON PA_ACTIVATION_HISTORY(TIMESTAMP_CREATED); +CREATE INDEX pa_application_version_app ON pa_application_version(application_id); -CREATE INDEX PA_APPLICATION_VERSION_APP ON PA_APPLICATION_VERSION(APPLICATION_ID); +CREATE INDEX pa_master_keypair_application ON pa_master_keypair(application_id); -CREATE INDEX PA_MASTER_KEYPAIR_APPLICATION ON PA_MASTER_KEYPAIR(APPLICATION_ID); +CREATE UNIQUE INDEX pa_app_version_app_key ON pa_application_version(application_key); -CREATE UNIQUE INDEX PA_APP_VERSION_APP_KEY ON PA_APPLICATION_VERSION(APPLICATION_KEY); +CREATE INDEX pa_app_callback_app ON pa_application_callback(application_id); -CREATE INDEX PA_APP_CALLBACK_APP ON PA_APPLICATION_CALLBACK(APPLICATION_ID); +CREATE UNIQUE INDEX pa_integration_token ON pa_integration(client_token); -CREATE UNIQUE INDEX PA_INTEGRATION_TOKEN ON PA_INTEGRATION(CLIENT_TOKEN); +CREATE INDEX pa_signature_audit_activation ON pa_signature_audit(activation_id); -CREATE INDEX PA_SIGNATURE_AUDIT_ACTIVATION ON PA_SIGNATURE_AUDIT(ACTIVATION_ID); +CREATE INDEX pa_signature_audit_created ON pa_signature_audit(timestamp_created); -CREATE INDEX PA_SIGNATURE_AUDIT_CREATED ON PA_SIGNATURE_AUDIT(TIMESTAMP_CREATED); +CREATE INDEX pa_token_activation ON pa_token(activation_id); -CREATE INDEX PA_TOKEN_ACTIVATION ON PA_TOKEN(ACTIVATION_ID); +CREATE INDEX pa_recovery_code_code ON pa_recovery_code(recovery_code); -CREATE INDEX PA_RECOVERY_CODE_CODE ON PA_RECOVERY_CODE(RECOVERY_CODE); +CREATE INDEX pa_recovery_code_app ON pa_recovery_code(application_id); -CREATE INDEX PA_RECOVERY_CODE_APP ON PA_RECOVERY_CODE(APPLICATION_ID); +CREATE INDEX pa_recovery_code_user ON pa_recovery_code(user_id); -CREATE INDEX PA_RECOVERY_CODE_USER ON PA_RECOVERY_CODE(USER_ID); +CREATE INDEX pa_recovery_code_act ON pa_recovery_code(activation_id); -CREATE INDEX PA_RECOVERY_CODE_ACT ON PA_RECOVERY_CODE(ACTIVATION_ID); +CREATE UNIQUE INDEX pa_recovery_code_puk ON pa_recovery_puk(recovery_code_id, puk_index); -CREATE UNIQUE INDEX PA_RECOVERY_CODE_PUK ON PA_RECOVERY_PUK(RECOVERY_CODE_ID, PUK_INDEX); +CREATE INDEX pa_recovery_puk_code ON pa_recovery_puk(recovery_code_id); -CREATE INDEX PA_RECOVERY_PUK_CODE ON PA_RECOVERY_PUK(RECOVERY_CODE_ID); +CREATE UNIQUE INDEX pa_recovery_config_app ON pa_recovery_config(application_id); -CREATE UNIQUE INDEX PA_RECOVERY_CONFIG_APP ON PA_RECOVERY_CONFIG(APPLICATION_ID); +CREATE UNIQUE INDEX pa_application_name ON pa_application(name); -CREATE UNIQUE INDEX PA_APPLICATION_NAME ON PA_APPLICATION(NAME); +CREATE INDEX pa_operation_user ON pa_operation(user_id); -CREATE INDEX PA_OPERATION_USER ON PA_OPERATION(USER_ID); +CREATE INDEX pa_operation_ts_created_idx ON pa_operation(timestamp_created); -CREATE INDEX PA_OPERATION_TS_CREATED_IDX ON PA_OPERATION(TIMESTAMP_CREATED); +CREATE INDEX pa_operation_ts_expires_idx ON pa_operation(timestamp_expires); -CREATE INDEX PA_OPERATION_TS_EXPIRES_IDX ON PA_OPERATION(TIMESTAMP_EXPIRES); +CREATE INDEX pa_operation_template_name_idx ON pa_operation_template(template_name); -CREATE INDEX PA_OPERATION_TEMPLATE_NAME_IDX ON PA_OPERATION_TEMPLATE(TEMPLATE_NAME); +-- +-- Audit log indexes. +-- +CREATE INDEX audit_log_timestamp ON audit_log (timestamp_created); +CREATE INDEX audit_log_application ON audit_log (application_name); +CREATE INDEX audit_log_level ON audit_log (audit_level); +CREATE INDEX audit_log_type ON audit_log (audit_type); +CREATE INDEX audit_param_log ON audit_param (audit_log_id); +CREATE INDEX audit_param_timestamp ON audit_param (timestamp_created); +CREATE INDEX audit_param_key ON audit_param (param_key); +CREATE INDEX audit_param_value ON audit_param (param_value); GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO powerauth; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO powerauth; diff --git a/deploy/data/postgresql/powerauth-webflow.sql b/deploy/data/postgresql/powerauth-webflow.sql index 6179b57..4d9f9c2 100644 --- a/deploy/data/postgresql/powerauth-webflow.sql +++ b/deploy/data/postgresql/powerauth-webflow.sql @@ -615,7 +615,7 @@ CREATE TABLE audit_param ( CREATE INDEX wf_operation_hash ON wf_operation_session (operation_hash); CREATE INDEX wf_websocket_session ON wf_operation_session (websocket_session_id); CREATE INDEX ns_operation_pending ON ns_operation (user_id, result); -CREATE UNIQUE INDEX ns_operation_afs_unique on ns_operation_afs (operation_id, request_afs_action, request_step_index); +CREATE UNIQUE INDEX ns_operation_afs_unique ON ns_operation_afs (operation_id, request_afs_action, request_step_index); CREATE INDEX wf_certificate_operation ON wf_certificate_verification (operation_id); CREATE UNIQUE INDEX ns_application_name ON ns_application (name); CREATE UNIQUE INDEX ns_credential_policy_name ON ns_credential_policy (name); From 07d8da1b380e919f7443e84072799881a7bc62fd Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Mon, 27 Jun 2022 16:33:49 +0200 Subject: [PATCH 2/2] Remove obsolete constraint --- deploy/data/postgresql/powerauth-server.sql | 6 ------ 1 file changed, 6 deletions(-) diff --git a/deploy/data/postgresql/powerauth-server.sql b/deploy/data/postgresql/powerauth-server.sql index 5550c11..cd8337e 100644 --- a/deploy/data/postgresql/powerauth-server.sql +++ b/deploy/data/postgresql/powerauth-server.sql @@ -347,12 +347,6 @@ ALTER TABLE pa_recovery_puk ADD CONSTRAINT recovery_puk_code_fk FOREIGN KEY (rec -- ALTER TABLE pa_recovery_config ADD CONSTRAINT recovery_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); --- --- Ref Constraints for Table PA_OPERATION --- -ALTER TABLE pa_operation ADD CONSTRAINT operation_application_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); - - --- --- Indexes for better performance. PostgreSQL does not create indexes on foreign key automatically. ---