A middleware library for audit logging in SAP Cloud Application Programming (CAP) applications.
- Entity-based or global audit logging
- Configurable logging for CREATE, UPDATE, and DELETE operations
- Multiple storage options:
- Database storage (via CAP service)
- JSON file storage
- Webhook integration with external systems
- Tracking of pre-operation and post-operation data
- Filtering of unwanted or sensitive data
- Customizable user resolution
npm install cap-audit-middlewareconst cds = require('@sap/cds');
const { AuditMiddleware, storage } = require('cap-audit-middleware');
//server.js
cds.on("bootstrap", async(app) => {
// Configure the audit middleware
setupWithDatabaseStorage();
});
async function setupWithDatabaseStorage() {
const srv = await cds.connect.to('db');
const auditMiddleware = new AuditMiddleware({
storage: new storage.DatabaseStorage({
db: srv,
table: 'AuditLogs'
}),
// At least one entity must be specified in entities parameter
entities: ['ProductService.Products', 'OrderService.Orders'],
// Optional: log only specific operations
operations: ['CREATE', 'UPDATE', 'DELETE'],
// Optional: user resolution
userResolver: (req) => req.user?.id || 'anonymous',
// Optional: log request/response payload
logPayload: true
});
// Initialize middleware with the service
auditMiddleware.initialize(srv);
}Stores audit logs using your CDS database.
const dbStorage = new storage.DatabaseStorage({
db: srv, // CDS database service
table: 'AuditLogs', // Optional: table name (default: 'ServiceLogs')
autoCreateTable: true // Optional: create table if it doesn't exist (default: true)
});You can use the AuditLogs aspect defined in the index.cds file:
using { sap.cap.auditLogs } from 'cap-audit-middleware';
entity MyAuditLogs : auditLogs.AuditLogs {
// Add your custom fields
timestamp : Timestamp;
ipAddress : String;
}Stores audit logs in a local JSON file.
const fileStorage = new storage.JsonFileStorage({
filePath: './logs', // File path
prettyPrint: true, // Optional: format JSON for readability
appendMode: true // Optional: append mode (true) or overwrite (false)
});Sends audit logs as HTTP requests to an external API.
const webhookStorage = new storage.WebhookStorage({
url: 'https://example.com/audit-webhook', // Webhook URL
headers: { // Optional: HTTP headers
'Content-Type': 'application/json',
'Authorization': 'Bearer YOUR_API_KEY'
},
timeout: 3000 // Optional: request timeout (ms)
});To modify or enrich audit data before it's stored:
const auditMiddleware = new AuditMiddleware({
storage: myStorage,
// ... other options ...
beforeLog: async (logEntry, req) => {
// Clean sensitive data
if (logEntry.entity === 'Users' && logEntry.data) {
delete logEntry.data.password;
}
// Add additional information
logEntry.applicationName = 'MyCapApp';
logEntry.environment = process.env.NODE_ENV;
}
});const auditMiddleware = new AuditMiddleware({
storage: myStorage,
entities: ['ProductService.Products', 'OrderService.Orders', 'CustomerService.Customers'],
operations: ['CREATE', 'UPDATE', 'DELETE']
});const auditMiddleware = new AuditMiddleware({
storage: myStorage,
operations: ['CREATE', 'DELETE'] // Only log create and delete operations
});const auditMiddleware = new AuditMiddleware({
storage: myStorage,
beforeLog: (logEntry) => {
// Clean sensitive fields from user data
if (logEntry.entity === 'Users' && logEntry.data) {
delete logEntry.data.password;
delete logEntry.data.creditCardNumber;
}
}
});