Merge pull request #152 from silinternational/develop

Release 3.1.3 -- log API Secret error, increase log retention

Author: briskt

.github/workflows/test-and-deploy.yml

@@ -2,6 +2,9 @@ name: Test and Deploy
 
 on:
   push:
+    branches: ["**"]
+    paths-ignore:
+    - 'terraform/**'
 
 env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}

Makefile

@@ -2,7 +2,7 @@ dev-server:
 	node development/server
 
 dynamodb:
-	docker-compose up -d dynamodb
+	docker compose up -d dynamodb
 
 dynamodb-tables: dynamodb
 	./development/create-tables.sh
@@ -11,10 +11,10 @@ list-dev-api-keys:
 	./development/list-api-keys.sh
 
 do-full-recovery:
-	docker-compose run --rm do-full-recovery
+	docker compose run --rm do-full-recovery
 
 test:
-	docker-compose run --rm dev bash -c "npm ci && npm test"
+	docker compose run --rm dev bash -c "npm ci && npm test"
 
 update:
-	docker-compose run --rm dev bash -c "npm update"
+	docker compose run --rm dev bash -c "npm update"

README.md

@@ -300,7 +300,7 @@ To run this locally (such as for development)...
 To start a local container for development of Serverless configuration:
 
 ```
-docker-compose run --rm dev bash
+docker compose run --rm dev bash
 ```
 
 ## Credential Rotation

docker-compose.yml

@@ -1,5 +1,3 @@
-version: "3"
-
 services:
   do-full-recovery:
     build: recovery

models/api-key.js

@@ -182,6 +182,8 @@ const isValidApiSecret = (apiKeyRecord, apiSecret = '') => {
   const isValid = password.compare(apiSecret, apiKeyRecord.hashedApiSecret);
   if (isValid !== true) {
     console.log('The given API Secret is NOT valid for the given API Key record.');
+    const redactedApiSecret = apiSecret.substring(0, 3) + '...[snip]...' + apiSecret.substring(apiSecret.length - 3);
+    console.log(redactedApiSecret);
     return false;
   }
 

serverless.yml

@@ -175,50 +175,50 @@ resources:
     ApiKeyActivateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     ApiKeyCreateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     TotpCreateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     TotpDeleteLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     TotpValidateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     U2fCreateAuthenticationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     U2fCreateRegistrationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     U2fDeleteLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     U2fValidateAuthenticationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     U2fValidateRegistrationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}

terraform/.terraform.lock.hcl

@@ -10,10 +10,9 @@ locals {
 module "serverless_user" {
   count   = var.app_environment == "staging" ? 1 : 0
   source  = "silinternational/serverless-user/aws"
-  version = "0.3.2"
+  version = "0.4.2"
 
   app_name           = var.app_name
-  aws_region         = var.aws_region
   aws_region_policy  = "*"
   enable_api_gateway = true