Configure connection log retention time

2026-03-31 06:56:39 +00:00 · 2026-03-30 11:31:46 -07:00
parent caacd1e677
commit e0c96e7224
8 changed files with 162 additions and 6 deletions
--- a/server/db/pg/schema/privateSchema.ts
+++ b/server/db/pg/schema/privateSchema.ts
@@ -291,6 +291,7 @@ export const accessAuditLog = pgTable(
        actor: varchar("actor", { length: 255 }),
        actorId: varchar("actorId", { length: 255 }),
        resourceId: integer("resourceId"),
+        siteResourceId: integer("siteResourceId"),
        ip: varchar("ip", { length: 45 }),
        type: varchar("type", { length: 100 }).notNull(),
        action: boolean("action").notNull(),
--- a/server/db/sqlite/schema/privateSchema.ts
+++ b/server/db/sqlite/schema/privateSchema.ts
@@ -279,6 +279,7 @@ export const accessAuditLog = sqliteTable(
        actor: text("actor"),
        actorId: text("actorId"),
        resourceId: integer("resourceId"),
+        siteResourceId: integer("siteResourceId"),
        ip: text("ip"),
        location: text("location"),
        type: text("type").notNull(),
--- a/server/private/lib/logAccessAudit.ts
+++ b/server/private/lib/logAccessAudit.ts
@@ -74,6 +74,7 @@ export async function logAccessAudit(data: {
    type: string;
    orgId: string;
    resourceId?: number;
+    siteResourceId?: number;
    user?: { username: string; userId: string };
    apiKey?: { name: string | null; apiKeyId: string };
    metadata?: any;
@@ -134,6 +135,7 @@ export async function logAccessAudit(data: {
            type: data.type,
            metadata,
            resourceId: data.resourceId,
+            siteResourceId: data.siteResourceId,
            userAgent: data.userAgent,
            ip: clientIp,
            location: countryCode
--- a/server/private/routers/billing/featureLifecycle.ts
+++ b/server/private/routers/billing/featureLifecycle.ts
@@ -120,6 +120,18 @@ async function capRetentionDays(
        );
    }

+    // Cap action log retention if it exceeds the limit
+    if (
+        org.settingsLogRetentionDaysConnection !== null &&
+        org.settingsLogRetentionDaysConnection > maxRetentionDays
+    ) {
+        updates.settingsLogRetentionDaysConnection = maxRetentionDays;
+        needsUpdate = true;
+        logger.info(
+            `Capping connection log retention from ${org.settingsLogRetentionDaysConnection} to ${maxRetentionDays} days for org ${orgId}`
+        );
+    }
+
    // Apply updates if needed
    if (needsUpdate) {
        await db.update(orgs).set(updates).where(eq(orgs.orgId, orgId));
@@ -262,6 +274,10 @@ async function disableFeature(
                await disableActionLogs(orgId);
                break;

+            case TierFeature.ConnectionLogs:
+                await disableConnectionLogs(orgId);
+                break;
+
            case TierFeature.RotateCredentials:
                await disableRotateCredentials(orgId);
                break;
@@ -458,6 +474,15 @@ async function disableActionLogs(orgId: string): Promise<void> {
    logger.info(`Disabled action logs for org ${orgId}`);
 }

+async function disableConnectionLogs(orgId: string): Promise<void> {
+    await db
+        .update(orgs)
+        .set({ settingsLogRetentionDaysConnection: 0 })
+        .where(eq(orgs.orgId, orgId));
+
+    logger.info(`Disabled connection logs for org ${orgId}`);
+}
+
 async function disableRotateCredentials(orgId: string): Promise<void> {}

 async function disableMaintencePage(orgId: string): Promise<void> {
--- a/server/private/routers/ssh/signSshKey.ts
+++ b/server/private/routers/ssh/signSshKey.ts
@@ -488,7 +488,7 @@ export async function signSshKey(
            action: true,
            type: "ssh",
            orgId: orgId,
-            resourceId: resource.siteResourceId,
+            siteResourceId: resource.siteResourceId,
            user: req.user
                ? { username: req.user.username ?? "", userId: req.user.userId }
                : undefined,
--- a/server/routers/org/updateOrg.ts
+++ b/server/routers/org/updateOrg.ts
@@ -34,6 +34,10 @@ const updateOrgBodySchema = z
            .min(build === "saas" ? 0 : -1)
            .optional(),
        settingsLogRetentionDaysAction: z
+            .number()
+            .min(build === "saas" ? 0 : -1)
+            .optional(),
+        settingsLogRetentionDaysConnection: z
            .number()
            .min(build === "saas" ? 0 : -1)
            .optional()
@@ -164,6 +168,17 @@ export async function updateOrg(
                        )
                    );
                }
+                if (
+                    parsedBody.data.settingsLogRetentionDaysConnection !== undefined &&
+                    parsedBody.data.settingsLogRetentionDaysConnection > maxRetentionDays
+                ) {
+                    return next(
+                        createHttpError(
+                            HttpCode.FORBIDDEN,
+                            `You are not allowed to set log retention days greater than ${maxRetentionDays} with your current subscription`
+                        )
+                    );
+                }
            }
        }

@@ -179,7 +194,9 @@ export async function updateOrg(
                settingsLogRetentionDaysAccess:
                    parsedBody.data.settingsLogRetentionDaysAccess,
                settingsLogRetentionDaysAction:
-                    parsedBody.data.settingsLogRetentionDaysAction
+                    parsedBody.data.settingsLogRetentionDaysAction,
+                settingsLogRetentionDaysConnection:
+                    parsedBody.data.settingsLogRetentionDaysConnection
            })
            .where(eq(orgs.orgId, orgId))
            .returning();
@@ -197,6 +214,7 @@ export async function updateOrg(
        await cache.del(`org_${orgId}_retentionDays`);
        await cache.del(`org_${orgId}_actionDays`);
        await cache.del(`org_${orgId}_accessDays`);
+        await cache.del(`org_${orgId}_connectionDays`);

        return response(res, {
            data: updatedOrg[0],