feature: add GDPR compliance by dblythy · Pull Request #9865 · parse-community/parse-server
📝 Walkthrough
Walkthrough
This PR introduces comprehensive GDPR-compliant audit logging for Parse Server. It adds infrastructure to log user authentication, data access, data modifications, ACL changes, schema modifications, and push notifications. The implementation includes a Winston-based daily-rotating file adapter, configurable event filtering, TypeScript-based event types, and integration points across multiple routers to capture relevant operations.
Changes
| Cohort / File(s) | Change Summary |
|---|---|
Documentation & Configuration GDPR_COMPLIANCE_GUIDE.md, src/Options/Definitions.js, src/Options/index.js, src/Options/docs.js, resources/buildConfigDefinitions.js |
Introduces GDPR compliance guide with audit logging patterns, code examples, and organizational guidance. Adds new auditLog configuration option with nested AuditLogOptions, AuditLogFilterOptions, and WinstonFileAuditLogAdapterOptions types for controlling adapter behavior, event filtering, and log retention. |
Core Audit Logging Infrastructure src/Adapters/Logger/AuditLogger.js, src/Adapters/Logger/AuditLogAdapter.js |
Implements base audit logger using Winston with daily log rotation and AuditLogAdapter class that routes audit events through the logger with methods for each event type (login, data access/modify, schema/ACL changes). |
TypeScript Adapter & Filter Interfaces src/Adapters/AuditLog/AuditLogAdapterInterface.ts, src/Adapters/AuditLog/AuditLogFilter.ts, src/Adapters/AuditLog/index.ts |
Defines strongly-typed audit event interfaces (UserLoginEvent, DataViewEvent, DataCreate/Update/DeleteEvent, ACLModifyEvent, SchemaModifyEvent, PushSendEvent) and AuditLogAdapterInterface abstract contract. Implements AuditLogFilter with multi-stage filtering pipeline for event types, class names, master-key exclusion, and roles. |
Winston File Adapter Implementation src/Adapters/AuditLog/WinstonFileAuditLogAdapter.ts |
Concrete implementation of audit log adapter using Winston with daily-rotating file transport, folder creation, and masking of sensitive fields in logged events. |
Audit Log Controller src/Controllers/AuditLogController.ts, src/Controllers/index.js |
Introduces AuditLogController extending AdaptableController with public methods for each event type, IP extraction, user context derivation, sensitive data masking, and configurable filtering. Exports getAuditLogController factory function. |
Router & Query Integration src/RestQuery.js, src/RestWrite.js, src/Routers/UsersRouter.js, src/Routers/PushRouter.js, src/Routers/SchemasRouter.js, src/rest.js |
Integrates audit logging into data access (RestQuery), write operations (RestCreate/Update/Delete), user authentication (login/loginAs), push sending, schema modifications, and data deletion; includes error handling to prevent audit failures from affecting main operations. |
Comprehensive Test Suite spec/AuditLogAdapter.spec.js, spec/AuditLogController.spec.js, spec/AuditLogSchemas.spec.js, spec/AuditLogging.e2e.spec.js, spec/Auth.spec.js, spec/ParseObject.spec.js, spec/ParseQuery.spec.js, spec/AuditLogFilter.spec.js |
End-to-end and unit tests validating adapter initialization, controller behavior, event logging for schema/auth/CRUD/query operations, log file management, masking, filtering, and concurrent operation handling. |
Sequence Diagram(s)
sequenceDiagram
participant User as User/Client
participant Parse as Parse Server<br/>(Router)
participant Audit as AuditLogController
participant Filter as AuditLogFilter
participant Adapter as WinstonFileAuditLogAdapter
participant Logger as Winston Logger
participant FS as File System
User->>Parse: Login / Data Access / Write
Parse->>Parse: Process Operation
Parse->>Audit: log[EventType](params)
Audit->>Audit: Build AuditEvent
Audit->>Filter: shouldLog(event)
Filter->>Filter: Check eventType, class,<br/>masterKey, roles, custom
Filter-->>Audit: true/false
alt shouldLog() returns true
Audit->>Adapter: log[EventType](event)
Adapter->>Adapter: maskSensitiveData(event)
Adapter->>Logger: logger.info('audit_event',<br/>auditEntry)
Logger->>FS: Write to daily rotation file<br/>(parse-server-audit-YYYY-MM-DD.log)
FS-->>Logger: ✓ Written
Logger-->>Adapter: ✓ Complete
Adapter-->>Audit: Promise resolved
Audit-->>Parse: (fire-and-forget)
end
Parse-->>User: Return Response
Note over Parse: Audit logging errors<br/>do not affect main flow
Estimated code review effort
🎯 4 (Complex) | ⏱️ ~60 minutes
-
Complexity factors:
- Large scope: ~30 files modified/created across multiple subsystems
- Heterogeneous changes: New adapter infrastructure, controller logic, integration points across 6+ routers, TypeScript interfaces, filtering pipeline, masking logic
- High logic density: Multi-stage filtering (event type, class, master-key, roles, custom filter), sensitive data masking, error propagation in fire-and-forget patterns
-
Areas requiring extra attention:
- AuditLogFilter filtering logic (
src/Adapters/AuditLog/AuditLogFilter.ts): Verify correct precedence and behavior across all filter combinations (event type whitelist, include/exclude class filtering, master-key exclusion, role whitelisting/blacklisting, custom filter fail-open semantics) - Masking implementation (across AuditLogController and WinstonFileAuditLogAdapter): Confirm sensitive fields (sessionToken, authData, passwords) are consistently masked across all event types
- Router integration points (UsersRouter.js, RestWrite.js, PushRouter.js, SchemasRouter.js, RestQuery.js): Verify audit logging does not introduce race conditions, exception handling is robust, and fire-and-forget promises do not mask errors in tests
- Type safety (src/Adapters/AuditLog/*): Ensure TypeScript event interfaces align across adapter, controller, and router usage
- Test coverage: Validate that e2e tests adequately cover concurrent operations, file rotation edge cases, and filter precedence scenarios
- AuditLogFilter filtering logic (
Suggested reviewers
@mtrezza
Pre-merge checks and finishing touches
❌ Failed checks (1 inconclusive)
| Check name | Status | Explanation | Resolution |
|---|---|---|---|
| Description check | ❓ Inconclusive | The PR description includes the required template structure with linked issue #5378 explicitly referenced, but the 'Approach' section explaining the implementation details is empty. | Fill in the 'Approach' section with a brief summary of how GDPR compliance is implemented (e.g., audit logging infrastructure, adapter pattern, event types covered). |
✅ Passed checks (3 passed)
| Check name | Status | Explanation |
|---|---|---|
| Title check | ✅ Passed | The PR title 'feature: add GDPR compliance' clearly summarizes the main change—introducing GDPR audit logging infrastructure. |
| Linked Issues check | ✅ Passed | The PR substantially implements all requirements from #5378: logging user login, data access/views, data manipulation (CRUD), schema changes, ACL modifications, and push events via a configurable audit logging adapter with separate file storage. |
| Out of Scope Changes check | ✅ Passed | All changes are within scope of GDPR compliance logging: new audit adapters, controllers, filters, type definitions, and integration into existing routers (RestQuery, RestWrite, UsersRouter, etc.) for event capture, plus comprehensive tests and documentation. |
✨ Finishing touches
- 📝 Generate docstrings
🧪 Generate unit tests (beta)
- Create PR with unit tests
- Post copyable unit tests in a comment
Warning
There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.
🔧 ast-grep (0.39.7)
spec/ParseQuery.spec.js
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.
Comment @coderabbitai help to get the list of available commands and usage tips.