Hide IP addresses from activity logs not generated by the user themselves

DaneEveritt · DaneEveritt · commit 4aa163b76f6c · 2022-06-27T20:52:27.000-04:00
diff --git a/app/Http/Controllers/Api/Client/ActivityLogController.php b/app/Http/Controllers/Api/Client/ActivityLogController.php
@@ -16,10 +16,7 @@ public function __invoke(ClientApiRequest $request): array
     {
         $activity = QueryBuilder::for($request->user()->activity())
             ->with('actor')
-            ->allowedFilters([
-                AllowedFilter::exact('ip'),
-                AllowedFilter::partial('event'),
-            ])
+            ->allowedFilters([AllowedFilter::partial('event')])
             ->allowedSorts(['timestamp'])
             ->paginate(min($request->query('per_page', 25), 100))
             ->appends($request->query());
diff --git a/app/Http/Controllers/Api/Client/Servers/ActivityLogController.php b/app/Http/Controllers/Api/Client/Servers/ActivityLogController.php
@@ -25,10 +25,7 @@ public function __invoke(ClientApiRequest $request, Server $server): array
         $activity = QueryBuilder::for($server->activity())
             ->with('actor')
             ->allowedSorts(['timestamp'])
-            ->allowedFilters([
-                AllowedFilter::exact('ip'),
-                AllowedFilter::partial('event'),
-            ])
+            ->allowedFilters([AllowedFilter::partial('event')])
             ->when(config('activity.hide_admin_activity'), function (Builder $builder) use ($server) {
                 // We could do this with a query and a lot of joins, but that gets pretty
                 // painful so for now we'll execute a simpler query.
diff --git a/app/Transformers/Api/Client/ActivityLogTransformer.php b/app/Transformers/Api/Client/ActivityLogTransformer.php
@@ -21,7 +21,7 @@ public function transform(ActivityLog $model): array
             'batch' => $model->batch,
             'event' => $model->event,
             'is_api' => !is_null($model->api_key_id),
-            'ip' => $model->ip,
+            'ip' => optional($model->actor)->is($this->request->user()) ? $model->ip : null,
             'description' => $model->description,
             'properties' => $this->properties($model),
             'has_additional_metadata' => $this->hasAdditionalMetadata($model),
@@ -49,7 +49,11 @@ protected function properties(ActivityLog $model): array
         }
 
         $properties = $model->properties
-            ->mapWithKeys(function ($value, $key) {
+            ->mapWithKeys(function ($value, $key) use ($model) {
+                if ($key === 'ip' && !optional($model->actor)->is($this->request->user())) {
+                    return [$key => '[hidden]'];
+                }
+
                 if (!is_array($value)) {
                     return [$key => $value];
                 }
diff --git a/resources/scripts/api/definitions/user/models.d.ts b/resources/scripts/api/definitions/user/models.d.ts
@@ -22,7 +22,7 @@ interface SSHKey extends Model {
 interface ActivityLog extends Model<'actor'> {
     batch: UUID | null;
     event: string;
-    ip: string;
+    ip: string | null;
     isApi: boolean;
     description: string | null;
     properties: Record<string, string | unknown>;
diff --git a/resources/scripts/components/elements/activity/ActivityLogEntry.tsx b/resources/scripts/components/elements/activity/ActivityLogEntry.tsx
@@ -75,13 +75,12 @@ export default ({ activity, children }: Props) => {
                         <Translate ns={'activity'} values={properties} i18nKey={activity.event.replace(':', '.')} />
                     </p>
                     <div className={'mt-1 flex items-center text-sm'}>
-                        <Link
-                            to={`#${pathTo({ ip: activity.ip })}`}
-                            className={'transition-colors duration-75 active:text-cyan-400 hover:text-cyan-400'}
-                        >
-                            {activity.ip}
-                        </Link>
-                        <span className={'text-gray-400'}>&nbsp;|&nbsp;</span>
+                        {activity.ip && (
+                            <span>
+                                {activity.ip}
+                                <span className={'text-gray-400'}>&nbsp;|&nbsp;</span>
+                            </span>
+                        )}
                         <Tooltip placement={'right'} content={format(activity.timestamp, 'MMM do, yyyy H:mm:ss')}>
                             <span>{formatDistanceToNowStrict(activity.timestamp, { addSuffix: true })}</span>
                         </Tooltip>
