From 4aa163b76f6c873d66fe4da881085e7e2f55efda Mon Sep 17 00:00:00 2001
From: DaneEveritt <dane@daneeveritt.com>
Date: Mon, 27 Jun 2022 20:52:27 -0400
Subject: [PATCH] Hide IP addresses from activity logs not generated by the
 user themselves

---
 .../Api/Client/ActivityLogController.php            |  5 +----
 .../Api/Client/Servers/ActivityLogController.php    |  5 +----
 .../Api/Client/ActivityLogTransformer.php           |  8 ++++++--
 resources/scripts/api/definitions/user/models.d.ts  |  2 +-
 .../elements/activity/ActivityLogEntry.tsx          | 13 ++++++-------
 5 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/app/Http/Controllers/Api/Client/ActivityLogController.php b/app/Http/Controllers/Api/Client/ActivityLogController.php
index 3fbfa11a9..9e1fcc63d 100644
--- a/app/Http/Controllers/Api/Client/ActivityLogController.php
+++ b/app/Http/Controllers/Api/Client/ActivityLogController.php
@@ -16,10 +16,7 @@ class ActivityLogController extends ClientApiController
     {
         $activity = QueryBuilder::for($request->user()->activity())
             ->with('actor')
-            ->allowedFilters([
-                AllowedFilter::exact('ip'),
-                AllowedFilter::partial('event'),
-            ])
+            ->allowedFilters([AllowedFilter::partial('event')])
             ->allowedSorts(['timestamp'])
             ->paginate(min($request->query('per_page', 25), 100))
             ->appends($request->query());
diff --git a/app/Http/Controllers/Api/Client/Servers/ActivityLogController.php b/app/Http/Controllers/Api/Client/Servers/ActivityLogController.php
index dabd9df78..adfb3ad7e 100644
--- a/app/Http/Controllers/Api/Client/Servers/ActivityLogController.php
+++ b/app/Http/Controllers/Api/Client/Servers/ActivityLogController.php
@@ -25,10 +25,7 @@ class ActivityLogController extends ClientApiController
         $activity = QueryBuilder::for($server->activity())
             ->with('actor')
             ->allowedSorts(['timestamp'])
-            ->allowedFilters([
-                AllowedFilter::exact('ip'),
-                AllowedFilter::partial('event'),
-            ])
+            ->allowedFilters([AllowedFilter::partial('event')])
             ->when(config('activity.hide_admin_activity'), function (Builder $builder) use ($server) {
                 // We could do this with a query and a lot of joins, but that gets pretty
                 // painful so for now we'll execute a simpler query.
diff --git a/app/Transformers/Api/Client/ActivityLogTransformer.php b/app/Transformers/Api/Client/ActivityLogTransformer.php
index b64a23769..8518b59da 100644
--- a/app/Transformers/Api/Client/ActivityLogTransformer.php
+++ b/app/Transformers/Api/Client/ActivityLogTransformer.php
@@ -21,7 +21,7 @@ class ActivityLogTransformer extends BaseClientTransformer
             'batch' => $model->batch,
             'event' => $model->event,
             'is_api' => !is_null($model->api_key_id),
-            'ip' => $model->ip,
+            'ip' => optional($model->actor)->is($this->request->user()) ? $model->ip : null,
             'description' => $model->description,
             'properties' => $this->properties($model),
             'has_additional_metadata' => $this->hasAdditionalMetadata($model),
@@ -49,7 +49,11 @@ class ActivityLogTransformer extends BaseClientTransformer
         }
 
         $properties = $model->properties
-            ->mapWithKeys(function ($value, $key) {
+            ->mapWithKeys(function ($value, $key) use ($model) {
+                if ($key === 'ip' && !optional($model->actor)->is($this->request->user())) {
+                    return [$key => '[hidden]'];
+                }
+
                 if (!is_array($value)) {
                     return [$key => $value];
                 }
diff --git a/resources/scripts/api/definitions/user/models.d.ts b/resources/scripts/api/definitions/user/models.d.ts
index 944d1b81e..f42697eec 100644
--- a/resources/scripts/api/definitions/user/models.d.ts
+++ b/resources/scripts/api/definitions/user/models.d.ts
@@ -22,7 +22,7 @@ interface SSHKey extends Model {
 interface ActivityLog extends Model<'actor'> {
     batch: UUID | null;
     event: string;
-    ip: string;
+    ip: string | null;
     isApi: boolean;
     description: string | null;
     properties: Record<string, string | unknown>;
diff --git a/resources/scripts/components/elements/activity/ActivityLogEntry.tsx b/resources/scripts/components/elements/activity/ActivityLogEntry.tsx
index e724803a4..87ac64f78 100644
--- a/resources/scripts/components/elements/activity/ActivityLogEntry.tsx
+++ b/resources/scripts/components/elements/activity/ActivityLogEntry.tsx
@@ -75,13 +75,12 @@ export default ({ activity, children }: Props) => {
                         <Translate ns={'activity'} values={properties} i18nKey={activity.event.replace(':', '.')} />
                     </p>
                     <div className={'mt-1 flex items-center text-sm'}>
-                        <Link
-                            to={`#${pathTo({ ip: activity.ip })}`}
-                            className={'transition-colors duration-75 active:text-cyan-400 hover:text-cyan-400'}
-                        >
-                            {activity.ip}
-                        </Link>
-                        <span className={'text-gray-400'}>&nbsp;|&nbsp;</span>
+                        {activity.ip && (
+                            <span>
+                                {activity.ip}
+                                <span className={'text-gray-400'}>&nbsp;|&nbsp;</span>
+                            </span>
+                        )}
                         <Tooltip placement={'right'} content={format(activity.timestamp, 'MMM do, yyyy H:mm:ss')}>
                             <span>{formatDistanceToNowStrict(activity.timestamp, { addSuffix: true })}</span>
                         </Tooltip>