update migrations, add status and ua, unique entries

mafredri · mafredri · commit 217a0d3d4c3b · 2025-03-17T12:42:48.000Z
diff --git a/coderd/database/migrations/000301_add_workspace_app_audit_sessions.up.sql b/coderd/database/migrations/000301_add_workspace_app_audit_sessions.up.sql
@@ -1,27 +1,33 @@
+-- Keep all unique fields as non-null because `UNIQUE NULLS NOT DISTINCT`
+-- requires PostgreSQL 15+.
 CREATE UNLOGGED TABLE workspace_app_audit_sessions (
-	id UUID PRIMARY KEY NOT NULL DEFAULT gen_random_uuid(),
 	agent_id UUID NOT NULL,
-	app_id UUID NULL,
-	user_id UUID NULL,
-	ip inet NULL,
+	app_id UUID NOT NULL, -- Can be NULL, but must be uuid.Nil.
+	user_id UUID NOT NULL, -- Can be NULL, but must be uuid.Nil.
+	ip inet NOT NULL,
+	user_agent TEXT NOT NULL,
 	slug_or_port TEXT NOT NULL,
+	status_code int4 NOT NULL,
 	started_at TIMESTAMP WITH TIME ZONE NOT NULL,
 	updated_at TIMESTAMP WITH TIME ZONE NOT NULL,
-	FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE,
 	FOREIGN KEY (agent_id) REFERENCES workspace_agents (id) ON DELETE CASCADE,
-	FOREIGN KEY (app_id) REFERENCES workspace_apps (id) ON DELETE CASCADE
+	-- Skip foreign keys that we can't enforce due to NOT NULL constraints.
+	-- FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE,
+	-- FOREIGN KEY (app_id) REFERENCES workspace_apps (id) ON DELETE CASCADE,
+	UNIQUE (agent_id, app_id, user_id, ip, user_agent, slug_or_port, status_code)
 );
 
-COMMENT ON TABLE workspace_app_audit_sessions IS 'Audit sessions for workspace apps, the data in this table is ephemeral and is used to track the current session of a user in a workspace app.';
-COMMENT ON COLUMN workspace_app_audit_sessions.id IS 'Unique identifier for the workspace app audit session.';
-COMMENT ON COLUMN workspace_app_audit_sessions.agent_id IS 'The agent that is currently in the workspace app.';
-COMMENT ON COLUMN workspace_app_audit_sessions.app_id IS 'The app that is currently in the workspace app. This is nullable because ports are not associated with an app.';
-COMMENT ON COLUMN workspace_app_audit_sessions.user_id IS 'The user that is currently using the workspace app. This is nullable because the app may be public.';
+COMMENT ON TABLE workspace_app_audit_sessions IS 'Audit sessions for workspace apps, the data in this table is ephemeral and is used to deduplicate audit log entries for workspace apps. While a session is active, the same data will not be logged again. This table does not store historical data.';
+COMMENT ON COLUMN workspace_app_audit_sessions.agent_id IS 'The agent that the workspace app or port forward belongs to.';
+COMMENT ON COLUMN workspace_app_audit_sessions.app_id IS 'The app that is currently in the workspace app. This is may be uuid.Nil because ports are not associated with an app.';
+COMMENT ON COLUMN workspace_app_audit_sessions.user_id IS 'The user that is currently using the workspace app. This is may be uuid.Nil if we cannot determine the user.';
 COMMENT ON COLUMN workspace_app_audit_sessions.ip IS 'The IP address of the user that is currently using the workspace app.';
+COMMENT ON COLUMN workspace_app_audit_sessions.user_agent IS 'The user agent of the user that is currently using the workspace app.';
 COMMENT ON COLUMN workspace_app_audit_sessions.slug_or_port IS 'The slug or port of the workspace app that the user is currently using.';
+COMMENT ON COLUMN workspace_app_audit_sessions.status_code IS 'The HTTP status produced by the token authorization. Defaults to 200 if no status is provided.';
 COMMENT ON COLUMN workspace_app_audit_sessions.started_at IS 'The time the user started the session.';
 COMMENT ON COLUMN workspace_app_audit_sessions.updated_at IS 'The time the session was last updated.';
 
-CREATE INDEX workspace_app_audit_sessions_agent_id_app_id_slug_or_port ON workspace_app_audit_sessions (agent_id, app_id, slug_or_port);
+CREATE UNIQUE INDEX workspace_app_audit_sessions_unique_index ON workspace_app_audit_sessions (agent_id, app_id, user_id, ip, user_agent, slug_or_port, status_code);
 
-COMMENT ON INDEX workspace_app_audit_sessions_agent_id_app_id_slug_or_port IS 'Index for the agent_id and app_id columns to perform updates.';
+COMMENT ON INDEX workspace_app_audit_sessions_unique_index IS 'Unique index to ensure that we do not allow duplicate entries from multiple transactions.';
diff --git a/coderd/database/migrations/testdata/fixtures/000301_add_workspace_app_audit_sessions.up.sql b/coderd/database/migrations/testdata/fixtures/000301_add_workspace_app_audit_sessions.up.sql
@@ -1,6 +1,6 @@
 INSERT INTO workspace_app_audit_sessions
-	(agent_id, app_id, user_id, ip, slug_or_port, started_at, updated_at)
+	(agent_id, app_id, user_id, ip, user_agent, slug_or_port, status_code, started_at, updated_at)
 VALUES
-	('45e89705-e09d-4850-bcec-f9a937f5d78d', '36b65d0c-042b-4653-863a-655ee739861c', '30095c71-380b-457a-8995-97b8ee6e5307', '127.0.0.1', '', '2025-03-04 15:08:38.579772+02', '2025-03-04 15:06:48.755158+02'),
-	('45e89705-e09d-4850-bcec-f9a937f5d78d', '36b65d0c-042b-4653-863a-655ee739861c', NULL, '127.0.0.1', '', '2025-03-04 15:08:44.411389+02', '2025-03-04 15:08:44.411389+02'),
-	('45e89705-e09d-4850-bcec-f9a937f5d78d', NULL, NULL, '::1', 'terminal', '2025-03-04 15:25:55.555306+02', '2025-03-04 15:25:55.555306+02');
+	('45e89705-e09d-4850-bcec-f9a937f5d78d', '36b65d0c-042b-4653-863a-655ee739861c', '30095c71-380b-457a-8995-97b8ee6e5307', '127.0.0.1', 'curl', '', 200, '2025-03-04 15:08:38.579772+02', '2025-03-04 15:06:48.755158+02'),
+	('45e89705-e09d-4850-bcec-f9a937f5d78d', '36b65d0c-042b-4653-863a-655ee739861c', NULL, '127.0.0.1', 'curl', '', 200, '2025-03-04 15:08:44.411389+02', '2025-03-04 15:08:44.411389+02'),
+	('45e89705-e09d-4850-bcec-f9a937f5d78d', NULL, NULL, '::1', 'curl', 'terminal', 0, '2025-03-04 15:25:55.555306+02', '2025-03-04 15:25:55.555306+02');
