Move device last access handling into user resource

Co-authored-by: iammajid <[email protected]>

Author: SailReal

backend/src/main/java/org/cryptomator/hub/api/DeviceResource.java

@@ -174,10 +174,12 @@ public record DeviceDto(@JsonProperty("id") @ValidId String id,
 							@JsonProperty("publicKey") @NotNull @OnlyBase64Chars String publicKey,
 							@JsonProperty("userPrivateKey") @NotNull @ValidJWE String userPrivateKeys, // singular name for history reasons (don't break client compatibility)
 							@JsonProperty("owner") @ValidId String ownerId,
-							@JsonProperty("creationTime") Instant creationTime) {
+							@JsonProperty("creationTime") Instant creationTime,
+							@JsonProperty("lastIpAddress") String lastIpAddress,
+							@JsonProperty("lastAccessTime") Instant lastAccessTime) {
 
 		public static DeviceDto fromEntity(Device entity) {
-			return new DeviceDto(entity.getId(), entity.getName(), entity.getType(), entity.getPublickey(), entity.getUserPrivateKeys(), entity.getOwner().getId(), entity.getCreationTime().truncatedTo(ChronoUnit.MILLIS));
+			return new DeviceDto(entity.getId(), entity.getName(), entity.getType(), entity.getPublickey(), entity.getUserPrivateKeys(), entity.getOwner().getId(), entity.getCreationTime().truncatedTo(ChronoUnit.MILLIS), null, null);
 		}
 
 	}

backend/src/main/java/org/cryptomator/hub/api/UsersResource.java

@@ -24,7 +24,9 @@
 import org.cryptomator.hub.entities.User;
 import org.cryptomator.hub.entities.Vault;
 import org.cryptomator.hub.entities.WotEntry;
+import org.cryptomator.hub.entities.events.AuditEvent;
 import org.cryptomator.hub.entities.events.EventLogger;
+import org.cryptomator.hub.entities.events.VaultKeyRetrievedEvent;
 import org.eclipse.microprofile.jwt.JsonWebToken;
 import org.eclipse.microprofile.openapi.annotations.Operation;
 import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
@@ -58,6 +60,8 @@ public class UsersResource {
 	WotEntry.Repository wotRepo;
 	@Inject
 	EffectiveWot.Repository effectiveWotRepo;
+	@Inject
+	AuditEvent.Repository auditEventRepo;
 
 	@Inject
 	JsonWebToken jwt;
@@ -156,10 +160,23 @@ public Response updateMyAccessTokens(@NotNull Map<UUID, String> tokens) {
 	@Operation(summary = "get the logged-in user")
 	@APIResponse(responseCode = "200", description = "returns the current user")
 	@APIResponse(responseCode = "404", description = "no user matching the subject of the JWT passed as Bearer Token")
-	public UserDto getMe(@QueryParam("withDevices") boolean withDevices) {
+	public UserDto getMe(@QueryParam("withDevices") boolean withDevices, @QueryParam("withLastAccess") boolean withLastAccess) {
 		User user = userRepo.findById(jwt.getSubject());
-		Function<Device, DeviceResource.DeviceDto> mapDevices = d -> new DeviceResource.DeviceDto(d.getId(), d.getName(), d.getType(), d.getPublickey(), d.getUserPrivateKeys(), d.getOwner().getId(), d.getCreationTime().truncatedTo(ChronoUnit.MILLIS));
-		var devices = withDevices ? user.devices.stream().map(mapDevices).collect(Collectors.toSet()) : Set.<DeviceResource.DeviceDto>of();
+		Set<DeviceResource.DeviceDto> devices;
+		if (withLastAccess) {
+			var deviceEntities = user.devices.stream().toList();
+			var deviceIds = deviceEntities.stream().map(Device::getId).toList();
+			var events = auditEventRepo.findLastVaultKeyRetrieve(deviceIds).collect(Collectors.toMap(VaultKeyRetrievedEvent::getDeviceId, Function.identity()));
+			devices = deviceEntities.stream().map(d -> {
+				var event = events.get(d.getId());
+				var lastIpAddress = (event != null) ? event.getIpAddress() : null;
+				var lastAccessTime = (event != null) ? event.getTimestamp() : null;
+				return new DeviceResource.DeviceDto(d.getId(), d.getName(), d.getType(), d.getPublickey(), d.getUserPrivateKeys(), d.getOwner().getId(), d.getCreationTime().truncatedTo(ChronoUnit.MILLIS), lastIpAddress, lastAccessTime);
+			}).collect(Collectors.toSet());
+		} else {
+			Function<Device, DeviceResource.DeviceDto> mapDevices = d -> new DeviceResource.DeviceDto(d.getId(), d.getName(), d.getType(), d.getPublickey(), d.getUserPrivateKeys(), d.getOwner().getId(), d.getCreationTime().truncatedTo(ChronoUnit.MILLIS), null, null);
+			devices = withDevices ? user.devices.stream().map(mapDevices).collect(Collectors.toSet()) : Set.of();
+		}
 		return new UserDto(user.getId(), user.getName(), user.getPictureUrl(), user.getEmail(), user.getLanguage(), devices, user.getEcdhPublicKey(), user.getEcdsaPublicKey(), user.getPrivateKeys(), user.getSetupCode());
 	}
 

frontend/src/common/auditlog.ts

@@ -189,16 +189,6 @@ class AuditLogService {
       }))
       .catch((error) => rethrowAndConvertIfExpected(error, 402));
   }
-
-  public async lastVaultKeyRetrieveEvents(deviceIds: string[]): Promise<AuditEventVaultKeyRetrieveDto[]> {
-    const query = `deviceIds=${deviceIds.join('&deviceIds=')}`;
-    return axiosAuth.get<AuditEventVaultKeyRetrieveDto[]>(`/auditlog/last-vault-key-retrieve?${query}`)
-      .then(response => response.data.map(dto => {
-        dto.timestamp = new Date(dto.timestamp);
-        return dto;
-      }))
-      .catch((error) => rethrowAndConvertIfExpected(error, 402));
-  }
 }
 
 /* Export */

frontend/src/common/backend.ts

@@ -55,6 +55,8 @@ export type DeviceDto = {
   publicKey: string;
   userPrivateKey: string;
   creationTime: Date;
+  lastIpAddress?: string;
+  lastAccessTime?: Date;
 };
 
 export type VaultRole = 'MEMBER' | 'OWNER';
@@ -248,8 +250,8 @@ class UserService {
     return axiosAuth.put('/users/me', dto);
   }
 
-  public async me(withDevices: boolean = false): Promise<UserDto> {
-    return axiosAuth.get<UserDto>(`/users/me?withDevices=${withDevices}`).then(response => AuthorityService.fillInMissingPicture(response.data));
+  public async me(withDevices: boolean = false, withLastAccess: boolean = false): Promise<UserDto> {
+    return axiosAuth.get<UserDto>(`/users/me?withDevices=${withDevices}&withLastAccess=${withLastAccess}`).then(response => AuthorityService.fillInMissingPicture(response.data));
   }
 
   public async resetMe(): Promise<void> {

frontend/src/common/userdata.ts

@@ -5,6 +5,7 @@ import { JWEParser } from './jwe';
 
 class UserData {
   #me?: Promise<UserDto>;
+  #meWithLastAccess?: Promise<UserDto>;
   #browserKeys?: Promise<BrowserKeys | undefined>;
 
   /**
@@ -17,6 +18,14 @@ class UserData {
     return this.#me;
   }
 
+  public get meWithLastAccess(): Promise<UserDto> {
+    if (!this.#meWithLastAccess) {
+      this.#meWithLastAccess = backend.users.me(true, true);
+      this.#me = this.#meWithLastAccess;
+    }
+    return this.#meWithLastAccess;
+  }
+
   /**
    * Gets the device key pair stored for this user in the currently used browser.
    */

frontend/src/components/DeviceList.vue

@@ -77,10 +77,10 @@
                       {{ d(device.creationTime, 'short') }}
                     </td>
                     <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
-                      <div v-if="lastVaultKeyRetrieveEvents.has(device.id)">{{ d(lastVaultKeyRetrieveEvents.get(device.id)!.timestamp, 'short') }}</div>
+                      <div v-if="device.lastAccessTime">{{ d(device.lastAccessTime, 'short') }}</div>
                     </td>
                     <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
-                      <div v-if="lastVaultKeyRetrieveEvents.has(device.id) && lastVaultKeyRetrieveEvents.get(device.id)?.ipAddress">{{ lastVaultKeyRetrieveEvents.get(device.id)!.ipAddress! }}</div>
+                      <div v-if="device.lastIpAddress">{{ device.lastIpAddress }}</div>
                     </td>
                     <td class="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
                       <a v-if="device.id != myDevice?.id" tabindex="0" class="text-red-600 hover:text-red-900" @click="removeDevice(device)">{{ t('common.remove') }}</a>
@@ -106,7 +106,6 @@
 import { ComputerDesktopIcon, DevicePhoneMobileIcon, QuestionMarkCircleIcon, WindowIcon } from '@heroicons/vue/24/solid';
 import { onMounted, ref } from 'vue';
 import { useI18n } from 'vue-i18n';
-import auditlog, { AuditEventVaultKeyRetrieveDto } from '../common/auditlog';
 import backend, { DeviceDto, NotFoundError, UserDto } from '../common/backend';
 import userdata from '../common/userdata';
 import FetchError from './FetchError.vue';
@@ -118,24 +117,15 @@ const myDevice = ref<DeviceDto>();
 const onFetchError = ref<Error | null>();
 const onRemoveDeviceError = ref< {[id: string]: Error} >({});
 
-const lastVaultKeyRetrieveEvents = ref<Map<string, AuditEventVaultKeyRetrieveDto>>(new Map());
-
 onMounted(async () => {
   await fetchData();
 });
 
 async function fetchData() {
   onFetchError.value = null;
   try {
-    me.value = await userdata.me;
+    me.value = await userdata.meWithLastAccess;
     myDevice.value = await userdata.browser;
-    const deviceIds = me.value.devices.map(d => d.id);
-    const events = await auditlog.service.lastVaultKeyRetrieveEvents(deviceIds);
-    events.forEach(e => {
-      if (e.deviceId != undefined) {
-        lastVaultKeyRetrieveEvents.value.set(e.deviceId, e);
-      }
-    });
   } catch (error) {
     console.error('Retrieving device list failed.', error);
     onFetchError.value = error instanceof Error ? error : new Error('Unknown Error');