Release 4.6.0

Added allowInternals: true for injected requests, allows access to routes with options.isInternal set to true.

Release 4.5.0

Improve error handling of injected requests to be processed by one standard handler.

Release 4.4.0

Improve handling on internal injected GET requests and response parsing. On application json try to parse response payload, if not possible fallback to result.

Release 4.3.0

Due to a problem, 4.2.0 was unpublished from npm registry. The fixed new release was published again as 4.3.0.

Release 4.2.0

Separated cache logic from audit. Added response caching of any GET request with path params, even if auditing of GET requests is disabled by the user. Previously, the request would be cached only if it could be audited.

Release 4.1.0

Added isAuditable function on routeOptions, invoked with one parameter, the current request.

Release 4.0.1

fix to set request payload as default source of auditing data on POST 204 with empty string response

Release 4.0.0

Breaking changes v4

Node.js

Dropped support for Node.js 12. Minimum Node.js version is now 14

API changes

Registration Options

• auditAuthOnly -> removed (can be filtered with isAuditable, check example below)
• auditGetRequests -> removed (can be filtered with isAuditable, check example below)
• showErrorsOnStdErr -> renamed to debug (false by default)
• isAuditable -> invoked with request as parameter (arity 1) to handle all cases (audits all by default, check example below for filtering)
• getEntity -> renamed to setEntity. Returns by default the endpoint path
• cacheEnabled -> renamed to isCacheEnabled

Example using isAuditable (auditAuthOnly, auditGetRequests cases and path filtering)

await server.register({
    plugin: require("hapi-audit-rest"),
    options: {
        isAuditable: ({ auth: { isAuthenticated }, method, url: { pathname } }) => {
            // do not audit unauthenticated requests
            if (!isAuthenticated) {
                return false
            }
            
            // do not audit GET requests
            if (method === "get") {
                return false
            }
            
            // do not audit requests when path does not start from /api
            if (!pathname.startsWith("/api")) {
                return false
            }
            
            // return true to audit all other cases
            return true
        }
    },
});

Example using setEntity option:

await server.register({
    plugin: require("hapi-audit-rest"),
    options: {
        // use the standard pattern of an api i.e. /api/v1.0/users, to refine the entity name
        // will have 'entity: users' in audit log
        setEntity: (path) => path.split("/")[3], 
        }
    },
});

Route Options

• getPath -> renamed to setInjectedPath

Release 3.5.2

v3.5.2

Merge branch 'master' of https://github.com/denlap007/hapi-audit-rest

Release 3.5.1

v3.5.1

packages and version