add defaults

Author: dblythy

GDPR_COMPLIANCE_GUIDE.md

@@ -36,18 +36,125 @@ Parse Server includes a comprehensive audit logging system that tracks:
 - Provides evidence that can support Article 32 (Security of Processing)
 
 **Configuration:**
+
+**Basic Configuration (File-based logging):**
+```javascript
+new ParseServer({
+  // ... other options
+  auditLog: {
+    adapter: 'winston-file', // Optional - default is 'winston-file'
+    adapterOptions: {
+      auditLogFolder: './audit-logs',  // Required to enable
+      datePattern: 'YYYY-MM-DD',        // Optional (default: daily rotation)
+      maxSize: '20m',                   // Optional (default: 20MB per file)
+      maxFiles: '14d',                  // Optional (default: 14 days retention)
+    }
+  }
+});
+```
+
+**Advanced Configuration (with filtering):**
+```javascript
+new ParseServer({
+  // ... other options
+  auditLog: {
+    adapter: 'winston-file',
+    adapterOptions: {
+      auditLogFolder: './audit-logs',
+      datePattern: 'YYYY-MM-DD',
+      maxSize: '20m',
+      maxFiles: '14d',
+    },
+    logFilter: {
+      // Log only specific event types
+      events: ['USER_LOGIN', 'DATA_DELETE', 'SCHEMA_MODIFY'],
+
+      // Log only specific Parse classes
+      includeClasses: ['_User', 'Order', 'Payment'],
+
+      // Exclude certain classes from logging
+      excludeClasses: ['_Session', 'TempData'],
+
+      // Exclude master key operations (optional)
+      excludeMasterKey: false,
+
+      // Filter by user roles
+      includeRoles: ['admin', 'moderator'],
+
+      // Custom filter function for advanced logic
+      filter: (event) => {
+        // Example: Don't log system user operations
+        return event.userId !== 'system';
+      }
+    }
+  }
+});
+```
+
+**Custom Adapter (e.g., S3 storage):**
 ```javascript
+import { MyS3AuditLogAdapter } from './adapters/MyS3AuditLogAdapter';
+
 new ParseServer({
   // ... other options
   auditLog: {
-    auditLogFolder: './audit-logs',  // Required to enable
-    datePattern: 'YYYY-MM-DD',        // Optional (default: daily rotation)
-    maxSize: '20m',                   // Optional (default: 20MB per file)
-    maxFiles: '14d',                  // Optional (default: 14 days retention)
+    adapter: MyS3AuditLogAdapter, // Custom adapter instance
+    adapterOptions: {
+      bucket: 'my-audit-logs',
+      region: 'eu-west-1',
+      encryption: 'AES256',
+    },
+    logFilter: {
+      events: ['USER_LOGIN', 'DATA_DELETE'],
+    }
   }
 });
 ```
 
+**Pluggable Adapter Architecture:**
+
+Parse Server's audit logging now uses a pluggable adapter pattern (similar to CacheAdapter, LoggerAdapter, etc.), allowing you to:
+
+- **File-based storage** (default): Winston with daily rotation
+- **S3 storage**: Immutable logs via S3 bucket settings
+- **Database storage**: Store in MongoDB/PostgreSQL for easy querying
+- **External SIEM**: Forward to CloudWatch, Datadog, Splunk, etc.
+- **Custom implementation**: Implement `AuditLogAdapterInterface` for your needs
+
+**Creating a Custom Adapter:**
+
+```javascript
+// src/adapters/MyCustomAuditLogAdapter.js
+import { AuditLogAdapterInterface } from 'parse-server/lib/Adapters/AuditLog/AuditLogAdapterInterface';
+
+export class MyCustomAuditLogAdapter extends AuditLogAdapterInterface {
+  constructor(options) {
+    super();
+    this.options = options;
+    // Initialize your storage backend
+  }
+
+  isEnabled() {
+    return true;
+  }
+
+  async logUserLogin(event) {
+    // Store login event to your backend
+    await this.store(event);
+  }
+
+  async logDataView(event) {
+    await this.store(event);
+  }
+
+  // ... implement other methods (logDataCreate, logDataUpdate, etc.)
+
+  async store(event) {
+    // Your custom storage logic (S3, database, external service, etc.)
+  }
+}
+```
+
 ### That's It
 
 Parse Server provides **only** audit logging because:

resources/buildConfigDefinitions.js

@@ -13,6 +13,8 @@ const parsers = require('../src/Options/parsers');
 
 /** The types of nested options. */
 const nestedOptionTypes = [
+  'AuditLogFilterOptions',
+  'AuditLogOptions',
   'CustomPagesOptions',
   'DatabaseOptions',
   'FileUploadOptions',
@@ -25,11 +27,14 @@ const nestedOptionTypes = [
   'SecurityOptions',
   'SchemaOptions',
   'LogLevels',
+  'WinstonFileAuditLogAdapterOptions',
 ];
 
 /** The prefix of environment variables for nested options. */
 const nestedOptionEnvPrefix = {
   AccountLockoutOptions: 'PARSE_SERVER_ACCOUNT_LOCKOUT_',
+  AuditLogOptions: 'PARSE_SERVER_AUDIT_LOG_',
+  AuditLogFilterOptions: 'PARSE_SERVER_AUDIT_LOG_FILTER_',
   CustomPagesOptions: 'PARSE_SERVER_CUSTOM_PAGES_',
   DatabaseOptions: 'PARSE_SERVER_DATABASE_',
   FileUploadOptions: 'PARSE_SERVER_FILE_UPLOAD_',
@@ -45,6 +50,7 @@ const nestedOptionEnvPrefix = {
   SchemaOptions: 'PARSE_SERVER_SCHEMA_',
   LogLevels: 'PARSE_SERVER_LOG_LEVELS_',
   RateLimitOptions: 'PARSE_SERVER_RATE_LIMIT_',
+  WinstonFileAuditLogAdapterOptions: 'PARSE_SERVER_AUDIT_LOG_',
 };
 
 function last(array) {
@@ -280,11 +286,13 @@ function inject(t, list) {
       if (elt.defaultValue) {
         let parsedValue = parseDefaultValue(elt, elt.defaultValue, t);
         if (!parsedValue) {
-          for (const type of elt.typeAnnotation.types) {
-            elt.type = type.type;
-            parsedValue = parseDefaultValue(elt, elt.defaultValue, t);
-            if (parsedValue) {
-              break;
+          if (elt.typeAnnotation && elt.typeAnnotation.types && Array.isArray(elt.typeAnnotation.types)) {
+            for (const type of elt.typeAnnotation.types) {
+              elt.type = type.type;
+              parsedValue = parseDefaultValue(elt, elt.defaultValue, t);
+              if (parsedValue) {
+                break;
+              }
             }
           }
         }