private void Log(AuditAction auditAction, HttpStatusCode?statusCode, HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.RequestContext;
string auditEventType = fhirRequestContext.AuditEventType;
// We are retaining AuditEventType when CustomError occurs. Below check ensures that the audit log is not entered for the custom error request
httpContext.Request.RouteValues.TryGetValue("action", out object actionName);
if (!string.IsNullOrEmpty(actionName?.ToString()) && KnownRoutes.CustomError.Contains(actionName?.ToString(), StringComparison.OrdinalIgnoreCase))
{
return;
}
// Audit the call if an audit event type is associated with the action.
// Since AuditEventType holds value for both AuditEventType and FhirAnonymousOperationType ensure that we only log the AuditEventType
if (!string.IsNullOrEmpty(auditEventType) && !FhirAnonymousOperationTypeList.Contains(auditEventType, StringComparer.OrdinalIgnoreCase))
{
_auditLogger.LogAudit(
auditAction,
operation: auditEventType,
resourceType: fhirRequestContext.ResourceType,
requestUri: fhirRequestContext.Uri,
statusCode: statusCode,
correlationId: fhirRequestContext.CorrelationId,
callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(),
callerClaims: claimsExtractor.Extract(),
customHeaders: _auditHeaderReader.Read(httpContext));
}
}
private void Log(AuditAction auditAction, HttpStatusCode?statusCode, HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
IRequestContext dicomRequestContext = _dicomRequestContextAccessor.DicomRequestContext;
string auditEventType = dicomRequestContext.AuditEventType;
// Audit the call if an audit event type is associated with the action.
if (!string.IsNullOrEmpty(auditEventType))
{
_auditLogger.LogAudit(
auditAction,
operation: auditEventType,
requestUri: dicomRequestContext.Uri,
statusCode: statusCode,
correlationId: dicomRequestContext.CorrelationId,
callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(),
callerClaims: claimsExtractor.Extract(),
customHeaders: _auditHeaderReader.Read(httpContext));
}
}
private void Log(AuditAction auditAction, string controllerName, string actionName, HttpStatusCode?statusCode, string resourceType, HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
string auditEventType = _auditEventTypeMapping.GetAuditEventType(controllerName, actionName);
// Audit the call if an audit event type is associated with the action.
if (auditEventType != null)
{
IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.FhirRequestContext;
_auditLogger.LogAudit(
auditAction,
operation: auditEventType,
resourceType: resourceType,
requestUri: fhirRequestContext.Uri,
statusCode: statusCode,
correlationId: fhirRequestContext.CorrelationId,
callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(),
callerClaims: claimsExtractor.Extract(),
customHeaders: _auditHeaderReader.Read(httpContext));
}
}
private void Log(AuditAction auditAction, string controllerName, string actionName, HttpStatusCode?statusCode, string resourceType, HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.FhirRequestContext;
// fhirRequestContext.AuditEventType will not be set in the case of an unauthorized call because the filter that sets it will not be executed
string auditEventType = string.IsNullOrWhiteSpace(fhirRequestContext.AuditEventType) ? _auditEventTypeMapping.GetAuditEventType(controllerName, actionName) : fhirRequestContext.AuditEventType;
// Audit the call if an audit event type is associated with the action.
if (auditEventType != null)
{
_auditLogger.LogAudit(
auditAction,
operation: auditEventType,
resourceType: resourceType,
requestUri: fhirRequestContext.Uri,
statusCode: statusCode,
correlationId: fhirRequestContext.CorrelationId,
callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(),
callerClaims: claimsExtractor.Extract(),
customHeaders: _auditHeaderReader.Read(httpContext));
}
}
