Azure Functions-based tRPC API for AuditSphere - SharePoint Security & Compliance Monitoring.
This is a standalone API service that provides tRPC endpoints for the AuditSphere platform. It can be deployed to Azure Functions for serverless operation.
- Node.js 18+
- Azure Functions Core Tools v4
- PostgreSQL database (Neon recommended)
- Azure subscription (for deployment)
npm installnpm run db:generateCopy and edit the local settings:
cp local.settings.json.example local.settings.jsonEdit local.settings.json with your values:
{
"IsEncrypted": false,
"Values": {
"FUNCTIONS_WORKER_RUNTIME": "node",
"AzureWebJobsStorage": "UseDevelopmentStorage=true",
"DATABASE_URL": "postgresql://...",
"MICROSOFT_TENANT_ID": "your-tenant-id",
"MICROSOFT_CLIENT_ID": "your-client-id",
"MICROSOFT_CLIENT_SECRET": "your-client-secret",
"ENCRYPTION_KEY": "your-encryption-key"
},
"Host": {
"CORS": "*",
"CORSCredentials": false
}
}npm run devThe API will be available at http://localhost:7071/api/trpc/*
All tRPC procedures are available at /api/trpc/{procedure}:
| Router | Procedures |
|---|---|
dashboard |
overview, quickStats, activityFeed |
auditEvents |
list, getById, stats, getUsers |
anomalies |
list, getById, updateStatus, stats |
compliance |
run, summary, runs, runById, latestChecks, clear |
alerts |
list, getById, updateStatus, stats, markAllRead |
reports |
list, getById, generate, delete, types |
microsoft |
status, sites, disconnect, health |
sites |
list, getById, stats |
settings |
getCredentials, saveCredentials, deleteCredentials, toggleCustomCredentials |
curl http://localhost:7071/api/healthThe API validates Azure AD tokens from the Authorization header:
Authorization: Bearer <azure-ad-token>
Tokens are validated against:
- Audience: Your Microsoft Client ID
- Issuer: Your Microsoft Tenant
auditsphere-api/
├── src/
│ ├── functions/
│ │ └── trpc.ts # Azure Function handler
│ ├── trpc/
│ │ ├── init.ts # tRPC initialization & auth
│ │ ├── index.ts # Exports
│ │ └── routers/ # tRPC routers
│ │ ├── _app.ts # Root router
│ │ ├── dashboard.ts
│ │ ├── auditEvents.ts
│ │ ├── anomalies.ts
│ │ ├── compliance.ts
│ │ ├── alerts.ts
│ │ ├── reports.ts
│ │ ├── microsoft.ts
│ │ ├── sites.ts
│ │ └── settings.ts
│ └── lib/
│ └── db/
│ └── prisma.ts # Database client
├── prisma/
│ └── schema.prisma # Database schema
├── host.json # Azure Functions config
├── local.settings.json # Local environment (gitignored)
├── package.json
└── tsconfig.json
The repository includes a GitHub Actions workflow for automatic deployment.
Setup:
-
Create an Azure Function App in Azure Portal:
- Runtime: Node.js 20
- OS: Linux
- Plan: Consumption (serverless) or Premium
-
Get your Publish Profile:
- Go to your Function App in Azure Portal
- Click "Get publish profile" and download
-
Add GitHub Secrets:
- Go to your repo → Settings → Secrets → Actions
- Add
AZURE_FUNCTIONAPP_PUBLISH_PROFILEwith the publish profile content
-
Configure Azure App Settings:
DATABASE_URL- PostgreSQL connection stringMICROSOFT_TENANT_ID- Azure AD tenant IDMICROSOFT_CLIENT_ID- App registration client IDMICROSOFT_CLIENT_SECRET- App registration secretENCRYPTION_KEY- Generate withopenssl rand -base64 32
-
Update workflow:
- Edit
.github/workflows/deploy.yml - Change
AZURE_FUNCTIONAPP_NAMEto your Function App name
- Edit
-
Push to
mainbranch to trigger deployment.
# Build the project
npm run build
# Deploy using Azure Functions Core Tools
func azure functionapp publish <your-function-app-name>- Install Azure Functions extension
- Sign in to Azure
- Right-click on the project → Deploy to Function App
| Command | Description |
|---|---|
npm run dev |
Build and start locally |
npm run build |
Compile TypeScript |
npm run start |
Start Azure Functions |
npm run db:generate |
Generate Prisma client |
npm run db:push |
Push schema to database |
npm run db:studio |
Open Prisma Studio |
- AuditSphere - Main web application
- AuditSphere SPFx - SharePoint web part
- AuditSphere ML - Machine learning service