Upstream/Plan
1
0
Fork 0
mirror of https://github.com/plan-player-analytics/Plan.git synced 2025-01-30 03:51:45 +01:00
Code Issues Projects Releases Wiki Activity

Remove usernames from access log table

Browse Source 
This is a GDPR liability since the usernames could be linked to the players.
This commit is contained in:
Aurora Lahtela 2022-08-28 19:11:51 +03:00
parent cc326ddb84
commit fd6f96be89
4 changed files with 74 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Plan/common/src/main/java/com/djrapitops/plan/storage/database/SQLDB.java
View File

@ -233,7 +233,8 @@ public abstract class SQLDB extends AbstractDatabase {
new UserInfoHostnameAllowNullPatch(), new UserInfoHostnameAllowNullPatch(),
new RegisterDateMinimizationPatch(), new RegisterDateMinimizationPatch(),
new UsersTableNameLengthPatch(), new UsersTableNameLengthPatch(),
new SessionJoinAddressPatch() new SessionJoinAddressPatch(),
new RemoveUsernameFromAccessLogPatch()
}; };
} }

5
Plan/common/src/main/java/com/djrapitops/plan/storage/database/sql/tables/AccessLogTable.java
View File

@ -29,10 +29,6 @@ public class AccessLogTable {
public static final String REQUEST_METHOD = "request_method"; public static final String REQUEST_METHOD = "request_method";
public static final String REQUEST_URI = "request_uri"; public static final String REQUEST_URI = "request_uri";
public static final String RESPONSE_CODE = "response_code"; public static final String RESPONSE_CODE = "response_code";
public static final String USERNAME = "username";
public static final String INSERT_WITH_USER = "INSERT INTO " + TABLE_NAME + " (" +
TIME + ',' + FROM_IP + ',' + REQUEST_METHOD + ',' + REQUEST_URI + ',' + RESPONSE_CODE + ',' + USERNAME +
") VALUES (?, ?, ?, ?, ?, ?)";
public static final String INSERT_NO_USER = "INSERT INTO " + TABLE_NAME + " (" + public static final String INSERT_NO_USER = "INSERT INTO " + TABLE_NAME + " (" +
TIME + ',' + FROM_IP + ',' + REQUEST_METHOD + ',' + REQUEST_URI + ',' + RESPONSE_CODE + TIME + ',' + FROM_IP + ',' + REQUEST_METHOD + ',' + REQUEST_URI + ',' + RESPONSE_CODE +
") VALUES (?, ?, ?, ?, ?)"; ") VALUES (?, ?, ?, ?, ?)";
@ -49,7 +45,6 @@ public class AccessLogTable {
.column(REQUEST_METHOD, Sql.varchar(8)).notNull() .column(REQUEST_METHOD, Sql.varchar(8)).notNull()
.column(REQUEST_URI, Sql.TEXT).notNull() .column(REQUEST_URI, Sql.TEXT).notNull()
.column(RESPONSE_CODE, Sql.INT) .column(RESPONSE_CODE, Sql.INT)
.column(USERNAME, Sql.varchar(100))
.build(); .build();
} }
} }

45
Plan/common/src/main/java/com/djrapitops/plan/storage/database/transactions/events/StoreRequestTransaction.java
View File

@ -18,7 +18,6 @@ package com.djrapitops.plan.storage.database.transactions.events;
import com.djrapitops.plan.delivery.web.resolver.Response; import com.djrapitops.plan.delivery.web.resolver.Response;
import com.djrapitops.plan.delivery.web.resolver.request.Request; import com.djrapitops.plan.delivery.web.resolver.request.Request;
import com.djrapitops.plan.delivery.web.resolver.request.WebUser;
import com.djrapitops.plan.delivery.webserver.configuration.WebserverConfiguration; import com.djrapitops.plan.delivery.webserver.configuration.WebserverConfiguration;
import com.djrapitops.plan.delivery.webserver.http.InternalRequest; import com.djrapitops.plan.delivery.webserver.http.InternalRequest;
import com.djrapitops.plan.storage.database.sql.tables.AccessLogTable; import com.djrapitops.plan.storage.database.sql.tables.AccessLogTable;
@ -28,8 +27,6 @@ import org.apache.commons.lang3.StringUtils;
import java.sql.PreparedStatement; import java.sql.PreparedStatement;
import java.sql.SQLException; import java.sql.SQLException;
import java.sql.Types;
import java.util.Optional;
public class StoreRequestTransaction extends Transaction { public class StoreRequestTransaction extends Transaction {
@ -48,37 +45,17 @@ public class StoreRequestTransaction extends Transaction {
@Override @Override
protected void performOperations() { protected void performOperations() {
if (request == null || request.getUser().isEmpty()) { // login failed / auth disabled execute(new ExecStatement(AccessLogTable.INSERT_NO_USER) {
execute(new ExecStatement(AccessLogTable.INSERT_NO_USER) { @Override
@Override public void prepare(PreparedStatement statement) throws SQLException {
public void prepare(PreparedStatement statement) throws SQLException { statement.setLong(1, internalRequest.getTimestamp());
statement.setLong(1, internalRequest.getTimestamp()); statement.setString(2, internalRequest.getAccessAddress(webserverConfiguration));
statement.setString(2, internalRequest.getAccessAddress(webserverConfiguration)); String method = internalRequest.getMethod();
String method = internalRequest.getMethod(); statement.setString(3, method != null ? method : "?");
statement.setString(3, method != null ? method : "?"); statement.setString(4, getTruncatedURI());
statement.setString(4, getTruncatedURI()); statement.setInt(5, response.getCode());
statement.setInt(5, response.getCode()); }
} });
});
} else {
execute(new ExecStatement(AccessLogTable.INSERT_WITH_USER) {
@Override
public void prepare(PreparedStatement statement) throws SQLException {
statement.setLong(1, internalRequest.getTimestamp());
statement.setString(2, internalRequest.getAccessAddress(webserverConfiguration));
statement.setString(3, request.getMethod());
statement.setString(4, getTruncatedURI());
statement.setInt(5, response.getCode());
Optional<String> webUsername = request.getUser().map(WebUser::getUsername);
if (webUsername.isPresent()) {
statement.setString(6, webUsername.get());
} else {
statement.setNull(6, Types.VARCHAR);
}
}
});
}
} }
private String getTruncatedURI() { private String getTruncatedURI() {

61
Plan/common/src/main/java/com/djrapitops/plan/storage/database/transactions/patches/RemoveUsernameFromAccessLogPatch.java Normal file
View File

@ -0,0 +1,61 @@
/*
* This file is part of Player Analytics (Plan).
*
* Plan is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License v3 as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Plan is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Plan. If not, see <https://www.gnu.org/licenses/>.
*/
package com.djrapitops.plan.storage.database.transactions.patches;
import com.djrapitops.plan.storage.database.queries.QueryAllStatement;
import com.djrapitops.plan.storage.database.sql.tables.AccessLogTable;
import com.djrapitops.plan.storage.database.transactions.ExecStatement;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Types;
import static com.djrapitops.plan.storage.database.sql.building.Sql.*;
/**
* @author AuroraLS3
*/
public class RemoveUsernameFromAccessLogPatch extends Patch {
@Override
public boolean hasBeenApplied() {
if (!hasColumn(AccessLogTable.TABLE_NAME, "username")) {
return true;
}
String sql = SELECT + "COUNT(*) as c" +
FROM + AccessLogTable.TABLE_NAME +
WHERE + "username" + IS_NOT_NULL;
return query(new QueryAllStatement<>(sql) {
@Override
public Boolean processResults(ResultSet set) throws SQLException {
return set.next() && set.getInt("c") > 0;
}
});
}
@Override
protected void applyPatch() {
execute(new ExecStatement("UPDATE " + AccessLogTable.TABLE_NAME + " SET username=?") {
@Override
public void prepare(PreparedStatement statement) throws SQLException {
statement.setNull(1, Types.VARCHAR);
}
});
}
}