honeymoose/sp-dev-fx-webparts
1
0
Fork 0
mirror of https://github.com/pnp/sp-dev-fx-webparts.git synced 2025-02-13 00:15:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

changed readme

Browse Source
This commit is contained in:
Hugo Bernier 2024-08-31 19:44:44 -04:00
parent 3a1bc1d9fd
commit bdba2bebc3
1 changed files with 85 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
samples/js-applicationinsights-api-calls-tracking/README.md
View File

@ -17,7 +17,7 @@ Unfortunately, **it is impossible to fully review the code of SPFx solutions** t
Given these risks, the best (if not only) way to **ensure that sensitive data is not stolen is to monitor the traffic generated by these solutions**. This can be achieved using a SPFx Application Customizer deployed tenant-wide to all sites, that tracks all API requests and sends them to Application Insights.
To optimize data gathering,** known endpoints may be whitelisted, reducing the amount of data logged**. Additionally, this solution allows for **temporarily disabling** logging to facilitate randomized "hunting" without continuously generating large volumes of data.
To optimize data gathering, **known endpoints may be whitelisted, reducing the amount of data logged**. Additionally, this solution allows for **temporarily disabling** logging to facilitate randomized "hunting" without continuously generating large volumes of data.
The logs collected include the called endpoints, methods (GET/POST), the originating page, and the user's geographic location based on the Client IP. neither user ID, not user's IP are captured.
@ -31,28 +31,40 @@ This mechanism allows you to get informed whenever an unfamiliar API request occ
This proactive approach ensures that potential threats or unauthorized activities are quickly identified, allowing for prompt investigation and response before any damage can occur.
## Used SharePoint Framework Version
## Compatibility
![version](https://img.shields.io/badge/version-1.19.0-green.svg)
| :warning: Important |
|:---------------------------|
| Every SPFx version is optimally compatible with specific versions of Node.js. In order to be able to build this sample, you need to ensure that the version of Node on your workstation matches one of the versions listed in this section. This sample will not work on a different version of Node.|
|Refer to <https://aka.ms/spfx-matrix> for more information on SPFx compatibility. |
This sample is optimally compatible with the following environment configuration:
![SPFx 1.19.0](https://img.shields.io/badge/SPFx-1.19.0-green.svg)
![Node.js v18](https://img.shields.io/badge/Node.js-v18-green.svg)
![Compatible with SharePoint Online](https://img.shields.io/badge/SharePoint%20Online-Compatible-green.svg)
![Does not work with SharePoint 2019](https://img.shields.io/badge/SharePoint%20Server%202019-Incompatible-red.svg "SharePoint Server 2019 requires SPFx 1.4.1 or lower")
![Does not work with SharePoint 2016 (Feature Pack 2)](https://img.shields.io/badge/SharePoint%20Server%202016%20(Feature%20Pack%202)-Incompatible-red.svg "SharePoint Server 2016 Feature Pack 2 requires SPFx 1.1")
![Local Workbench Unsupported](https://img.shields.io/badge/Local%20Workbench-Unsupported-red.svg "Local workbench is no longer available as of SPFx 1.13 and above")
![Hosted Workbench Compatible](https://img.shields.io/badge/Hosted%20Workbench-Compatible-green.svg)
![Compatible with Remote Containers](https://img.shields.io/badge/Remote%20Containers-Compatible-green.svg)
## Applies to
- [SharePoint Framework](https://aka.ms/spfx)
- [Microsoft 365 tenant](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/set-up-your-developer-tenant)
- [SharePoint Framework](https://aka.ms/spfx)
- [Microsoft 365 tenant](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/set-up-your-developer-tenant)
> Get your own free development tenant by subscribing to [Microsoft 365 developer program](http://aka.ms/o365devprogram)
## Prerequisites
- Azure tenant
- [Application Insights](https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview)
- SharePoint Administrator or Global Administrator to install the solution
- Azure tenant
- [Application Insights](https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview)
- SharePoint Administrator or Global Administrator to install the solution
## Solution
## Contributors
| Solution | Author(s) |
| ------------------------------------------------- | ------------------------------------------ |
| js-applicationinsights-api-calls-trackingpnpm run | [Kinga Kazala](https://github.com/kkazala) |
- [Kinga Kazala](https://github.com/kkazala)
## Version history
@ -60,69 +72,88 @@ This proactive approach ensures that potential threats or unauthorized activitie
| ------- | --------------- | --------------- |
| 1.0 | August 10, 2024 | Initial release |
## Disclaimer
**THIS CODE IS PROVIDED _AS IS_ WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.**
---
## Minimal Path to Awesome
- Clone this repository
- Ensure that you are at the solution folder
- in the command-line run:
- **pnpm install**
- **gulp serve**
- Clone this repository (or [download this solution as a .ZIP file](https://pnp.github.io/download-partial/?url=https://github.com/pnp/sp-dev-fx-webparts/tree/main/samples/js-applicationinsights-api-calls-tracking) then unzip it)
- From your command line, change your current directory to the directory containing this sample (`js-applicationinsights-api-calls-tracking`, located under `samples`)
- in the command line run:
- `npm install`
- `gulp serve`
## Install and configure
> This sample can also be opened with [VS Code Remote Development](https://code.visualstudio.com/docs/remote/remote-overview). Visit <https://aka.ms/spfx-devcontainer> for further instructions.
### Install and configure
In order to deploy the solution:
- in the command-line run:
- **gulp bundle --ship**
- **gulp package-solution --ship**
- you will find your newly created \*.sppkg file in the **sharepoint/solution** folder.
- Upload or drag and drop the newly created client-side solution package to the **app catalog in your tenant**.
- By default, the **Enable this app and add it to all sites check box** is selected. Click **Enable app** to add this application customizer to all modern SPO sites in your tenant.
- in the command-line run:
- `gulp bundle --ship`
- `gulp package-solution --ship`
- you will find your newly created `\*.sppkg` file in the `sharepoint/solution`folder.
- Upload or drag and drop the newly created client-side solution package to the **app catalog in your tenant**.
- By default, the **Enable this app and add it to all sites check box** is selected. Click **Enable app** to add this application customizer to all modern SPO sites in your tenant.
After deploying the solution, configure its properties:
- Navigate to the **app catalog in your tenant** and open the **Tenant Wide Extensions** list. You will find it under the **https://{yourorg}.sharepoint.com/sites/appcatalog/Lists/TenantWideExtensions/** URL
- Select the \*\*Application Insights" item and click edit.
- Update the **connectionString** parameter with the [connection string](https://learn.microsoft.com/en-us/azure/azure-monitor/app/sdk-connection-string?tabs=dotnet5#find-your-connection-string) to the Application Insights instance you want to use
- Update the **whitelist** parameter to exclude any additional endpoints you want to ignore. This list is semicolon-delimited: `url1;url2`
- If you want to temporarily disable tracking, set **enabled** to `false`
- Navigate to the **app catalog in your tenant** and open the **Tenant Wide Extensions** list. You will find it under the **https://{yourorg}.sharepoint.com/sites/appcatalog/Lists/TenantWideExtensions/** URL
- Select the \*\*Application Insights" item and click edit.
- Update the **connectionString** parameter with the [connection string](https://learn.microsoft.com/en-us/azure/azure-monitor/app/sdk-connection-string?tabs=dotnet5#find-your-connection-string) to the Application Insights instance you want to use
- Update the **whitelist** parameter to exclude any additional endpoints you want to ignore. This list is semicolon-delimited: `url1;url2`
- If you want to temporarily disable tracking, set **enabled** to `false`
### Example Component Properties
```json
{
"connectionString": "InstrumentationKey=xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx;IngestionEndpoint=https://switzerlandnorth-0.in.applicationinsights.azure.com/;LiveEndpoint=https://switzerlandnorth.livediagnostics.monitor.azure.com/;ApplicationId=xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"whitelist": "",
"enabled": true
"connectionString": "InstrumentationKey=xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx;IngestionEndpoint=https://switzerlandnorth-0.in.applicationinsights.azure.com/;LiveEndpoint=https://switzerlandnorth.livediagnostics.monitor.azure.com/;ApplicationId=xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"whitelist": "",
"enabled": true
}
```
The **following endpoints are ignored** by default:
- "browser.pipe.aria.microsoft.com",
- "business.bing.com",
- "measure.office.com",
- "officeapps.live.com",
- "outlook.office365.com",
- "outlook.office.com",
- "nleditor.osi.office.net",
- "js.monitor.azure.com",
- "thor.aesir.office.com",
- "browser.pipe.aria.microsoft.com",
- "business.bing.com",
- "measure.office.com",
- "officeapps.live.com",
- "outlook.office365.com",
- "outlook.office.com",
- "nleditor.osi.office.net",
- "js.monitor.azure.com",
- "thor.aesir.office.com",
## References
- [Application Insights overview](https://learn.microsoft.com//azure/azure-monitor/app/app-insights-overview)
- [Application Insights API for custom events and metrics](https://learn.microsoft.com/en-us/azure/azure-monitor/app/api-custom-events-metrics)
- [Dynamic instrumentation key](https://learn.microsoft.com/en-us/azure/azure-monitor/app/api-custom-events-metrics)
- [Application Insights overview](https://learn.microsoft.com//azure/azure-monitor/app/app-insights-overview)
- [Application Insights API for custom events and metrics](https://learn.microsoft.com/en-us/azure/azure-monitor/app/api-custom-events-metrics)
- [Dynamic instrumentation key](https://learn.microsoft.com/en-us/azure/azure-monitor/app/api-custom-events-metrics)
- [Getting started with SharePoint Framework](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/set-up-your-developer-tenant)
- [Building for Microsoft teams](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/build-for-teams-overview)
- [Use Microsoft Graph in your solution](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/get-started/using-microsoft-graph-apis)
- [Publish SharePoint Framework applications to the Marketplace](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/publish-to-marketplace-overview)
- [Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp) - Guidance, tooling, samples and open-source controls for your Microsoft 365 development
- [Getting started with SharePoint Framework](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/set-up-your-developer-tenant)
- [Building for Microsoft teams](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/build-for-teams-overview)
- [Use Microsoft Graph in your solution](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/get-started/using-microsoft-graph-apis)
- [Publish SharePoint Framework applications to the Marketplace](https://docs.microsoft.com/en-us/sharepoint/dev/spfx/publish-to-marketplace-overview)
- [Microsoft 365 Patterns and Practices](https://aka.ms/m365pnp) - Guidance, tooling, samples and open-source controls for your Microsoft 365 development
## Help
We do not support samples, but this community is always willing to help, and we want to improve these samples. We use GitHub to track issues, which makes it easy for community members to volunteer their time and help resolve issues.
If you're having issues building the solution, please run [spfx doctor](https://pnp.github.io/cli-microsoft365/cmd/spfx/spfx-doctor/) from within the solution folder to diagnose incompatibility issues with your environment.
You can try looking at [issues related to this sample](https://github.com/pnp/sp-dev-fx-webparts/issues?q=label%3A%22sample%3A%20js-applicationinsights-api-calls-tracking%22) to see if anybody else is having the same issues.
You can also try looking at [discussions related to this sample](https://github.com/pnp/sp-dev-fx-webparts/discussions?discussions_q=js-applicationinsights-api-calls-tracking) and see what the community is saying.
If you encounter any issues using this sample, [create a new issue](https://github.com/pnp/sp-dev-fx-webparts/issues/new?assignees=&labels=Needs%3A+Triage+%3Amag%3A%2Ctype%3Abug-suspected%2Csample%3A%20js-applicationinsights-api-calls-tracking&template=bug-report.yml&sample=js-applicationinsights-api-calls-tracking&authors=@kkazala&title=js-applicationinsights-api-calls-tracking%20-%20).
For questions regarding this sample, [create a new question](https://github.com/pnp/sp-dev-fx-webparts/issues/new?assignees=&labels=Needs%3A+Triage+%3Amag%3A%2Ctype%3Aquestion%2Csample%3A%20js-applicationinsights-api-calls-tracking&template=question.yml&sample=js-applicationinsights-api-calls-tracking&authors=@kkazala&title=js-applicationinsights-api-calls-tracking%20-%20).
Finally, if you have an idea for improvement, [make a suggestion](https://github.com/pnp/sp-dev-fx-webparts/issues/new?assignees=&labels=Needs%3A+Triage+%3Amag%3A%2Ctype%3Aenhancement%2Csample%3A%20js-applicationinsights-api-calls-tracking&template=suggestion.yml&sample=js-applicationinsights-api-calls-tracking&authors=@kkazala&title=js-applicationinsights-api-calls-tracking%20-%20).
## Disclaimer
**THIS CODE IS PROVIDED *AS IS* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.**
<img src="https://m365-visitor-stats.azurewebsites.net/sp-dev-fx-webparts/samples/js-applicationinsights-api-calls-tracking" />