Merge pull request #6 from github/add-file-feature

Add file feature

Author: droidpl

README.md

@@ -20,6 +20,7 @@ Options:
   -cfg, --config <string>  location for the config yaml file. Default ".ghec-audit-log" (default: "./.ghec-audit-log")
   -p, --pretty             prints the json data in a readable format (default: false)
   -l, --limit              a maximum limit on the number of items retrieved
+  -f, --file               the name of the file where you want to output the result
   -c, --cursor <string>    if provided, this cursor will be used to query the newest entries from the cursor provided. If not present,
                 the result will contain all the audit log from the org
   -h, --help               display help for command

ghec-audit-log-cli.js

@@ -3,17 +3,18 @@ const YAML = require('yaml');
 const fs = require('fs');
 const {graphql} = require('@octokit/graphql');
 const {requestEntries} = require('./ghec-audit-log-client');
+const {validateInput} = require('./ghec-audit-log-utils');
 
-//---- Obtain configuration
+// Obtain configuration
 const { program } = require('commander');
 program.version('1.0.0',  '-v, --version', 'Output the current version')
-    .option('-t, --token <string>', 'the token to access the API (mandatory)')
-    .option('-o, --org <string>', 'the organization we want to extract the audit log from')
-    .option('-cfg, --config <string>', 'location for the config yaml file. Default ".ghec-audit-log"', './.ghec-audit-log')
-    .option('-p, --pretty', 'prints the json data in a readable format', false)
-    .option('-l, --limit <number>', 'a maximum limit on the number of items retrieved')
-    .option('-c, --cursor <string>', 'if provided, this cursor will be used to query the newest entries from the cursor provided. If not present,\n' +
-        '              the result will contain all the audit log from the org');
+  .option('-t, --token <string>', 'the token to access the API (mandatory)')
+  .option('-o, --org <string>', 'the organization we want to extract the audit log from')
+  .option('-cfg, --config <string>', 'location for the config yaml file. Default ".ghec-audit-log"', './.ghec-audit-log')
+  .option('-p, --pretty', 'prints the json data in a readable format', false)
+  .option('-l, --limit <number>', 'a maximum limit on the number of items retrieved')
+  .option('-f, --file <string>', 'the output file where the result should be printed')
+  .option('-c, --cursor <string>', 'if provided, this cursor will be used to query the newest entries from the cursor provided. If not present, the result will contain all the audit log from the org');
 
 program.parse(process.argv);
 
@@ -22,26 +23,12 @@ let config = {};
 try {
     config = YAML.parse(fs.readFileSync(configLocation, 'utf8'));
 } catch(e) {
-    console.log(`${configLocation} file missing. Path parameters will apply`);
+    console.log(`${configLocation} file missing. Path parameters will apply`)
 }
 
-const cursor = program.cursor || null;
-const pretty = program.pretty || false;
-const limit = program.limit;
-const token = program.token || config.token;
-const org = program.org || config.org;
-
 //TODO idea: maybe add support for other formats like PUTVAL to forward the data in an easier way
+const {cursor, pretty, limit, token, org, outputFile} = validateInput(program, config)
 
-//---- Run validation
-if (!token) {
-    throw new Error("Token must be provided in the configuration or as a --token argument");
-}
-if (!org) {
-    throw new Error("Organization must be provided in the configuration or as a --org argument");
-}
-
-//---- Helper function
 /**
  * Function containing all the queries
  */
@@ -60,23 +47,29 @@ async function queryAuditLog() {
     if(newestCursorId) fs.writeFileSync('.last-cursor-update', newestCursorId);
 
     // Return the data
-    if (pretty) {
+    if (pretty === true) {
         return JSON.stringify(entries, null, 4);
     } else {
         return JSON.stringify(entries);
     }
 }
 
 
-//---- Execute the request and print the result
+// Execute the request and print the result
 const graphqlWithAuth = graphql.defaults({
     headers: {
         authorization: `token ${token}`,
     },
 });
 queryAuditLog()
-    .then((data) => console.log(data))
-    .catch((err) => {
-        console.error(err);
-        process.exit(1);
-    });
+  .then((data) => {
+      if(outputFile){
+          fs.writeFileSync(outputFile, data);
+      } else {
+          console.log(data)
+      }
+  })
+  .catch((err) => {
+      console.error(err);
+      process.exit(1);
+  });

ghec-audit-log-utils.js

@@ -0,0 +1,88 @@
+const validate = require('validate.js')
+const fs = require('fs')
+const path = require('path')
+
+function validateInput (program, config) {
+  const parsed = {
+    cursor: program.cursor || null,
+    pretty: program.pretty || false,
+    limit: program.limit || null,
+    token: program.token || config.token,
+    org: program.org || config.org,
+    outputFile: program.file
+  }
+
+  // Validate correctness
+  const alphanumericRegex = /^[a-z0-9]+$/i
+  const base64Regex = '(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)';
+  const orgRegex = /^[a-z\d]+(?:-?[a-z\d]+)*$/i
+  const constraints = {
+    cursor: {
+      type: 'string',
+      presence: false,
+      format: base64Regex
+    },
+    pretty: {
+      type: 'boolean',
+      presence: true,
+    },
+    limit: {
+      presence: false,
+      numericality: {
+        onlyInteger: true,
+        greaterThan: 0,
+      }
+    },
+    token: {
+      type: 'string',
+      presence: { allowEmpty: false },
+      length: {
+        is: 40
+      },
+      format: alphanumericRegex
+    },
+    org: {
+      type: 'string',
+      presence: { allowEmpty: false },
+      length: {
+        maximum: 39,
+        minimum: 1
+      },
+      format: orgRegex
+    },
+    outputFile: {
+      type: 'string',
+      presence: false,
+    }
+  }
+
+  //Verify validation
+  const validation = validate(parsed, constraints)
+  if(!validate.isEmpty(validation)) {
+    throw new Error(JSON.stringify(validation))
+  }
+
+  //Check that we can write into that file
+  if(parsed.outputFile){
+    try {
+      fs.openSync(parsed.outputFile, 'w')
+    }catch (e) {
+      throw new Error(`The output file ${parsed.outputFile} cannot be written or the path does not exist. ${e.message}`)
+    }
+  }
+  //Check that if we are in GitHub actions the file is expected to be within the workspace
+  if(process.env.GITHUB_ACTIONS) {
+    const filePath = path.join(process.env.GITHUB_WORKSPACE, parsed.outputFile)
+    const {dir} = path.parse(filePath)
+
+    if (dir.indexOf(process.env.GITHUB_WORKSPACE) < 0) {
+      throw new Error(`${parsed.outputFile} is not allowed. The directory should be within ${process.env.GITHUB_WORKSPACE}`)
+    }
+  }
+
+  return parsed
+}
+
+module.exports = {
+  validateInput
+}

package-lock.json

@@ -27,6 +27,7 @@
   "dependencies": {
     "@octokit/graphql": "^4.3.1",
     "commander": "^5.1.0",
+    "validate.js": "^0.13.1",
     "yaml": "^1.9.2"
   },
   "bin": {

package.json

@@ -21,10 +21,10 @@ jobs:
       - run: |
           if [ -z "$LAST_CURSOR" ]; then
             echo "FIRST TIME RUNNING AUDIT LOG POLL"
-            npm start -- --pretty --token ${{secrets.AUDIT_LOG_TOKEN}} --org ${{secrets.ORG_NAME}} >> audit-log-output.json
+            npm start -- --pretty --token ${{secrets.AUDIT_LOG_TOKEN}} --org ${{secrets.ORG_NAME}} --file 'audit-log-output.json'
           else
             echo "RUNNING AUDIT LOG POLL FROM $LAST_CURSOR"
-            npm start -- --pretty --token ${{secrets.AUDIT_LOG_TOKEN}} --org ${{secrets.ORG_NAME}} --cursor $LAST_CURSOR >> audit-log-output.json
+            npm start -- --pretty --token ${{secrets.AUDIT_LOG_TOKEN}} --org ${{secrets.ORG_NAME}} --file 'audit-log-output.json'
           fi
       # Cat the output. Optionally send it somewhere else
       - run: cat audit-log-output.json