{"id":26678108,"url":"https://github.com/telexintegrations/access-watch-telex","last_synced_at":"2025-03-26T05:14:56.244Z","repository":{"id":278602957,"uuid":"935236205","full_name":"telexintegrations/access-watch-telex","owner":"telexintegrations","description":"Integration for monitoring user access attempts to sensitive data using Telex. Logs and reports unauthorized access attempts for enhanced security","archived":false,"fork":false,"pushed_at":"2025-03-23T01:19:57.000Z","size":129,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-23T01:30:53.842Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/telexintegrations.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-19T05:53:06.000Z","updated_at":"2025-03-23T01:20:00.000Z","dependencies_parsed_at":"2025-02-20T17:39:23.648Z","dependency_job_id":null,"html_url":"https://github.com/telexintegrations/access-watch-telex","commit_stats":null,"previous_names":["telexintegrations/access-watch-telex"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telexintegrations%2Faccess-watch-telex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telexintegrations%2Faccess-watch-telex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telexintegrations%2Faccess-watch-telex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telexintegrations%2Faccess-watch-telex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/telexintegrations","download_url":"https://codeload.github.com/telexintegrations/access-watch-telex/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245591534,"owners_count":20640692,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-26T05:14:55.647Z","updated_at":"2025-03-26T05:14:56.222Z","avatar_url":"https://github.com/telexintegrations.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Attempts to access sensitive data - Telex Integration\n\n## Overview\nAccess Watch is a security monitoring integration that tracks user access attempts to sensitive data. This integration works with Telex to log unauthorized access attempts and notify the team in real-time. It ensures that access control policies are enforced and potential security threats are identified promptly.\n\n## Telex Integration Setup\n1. **Sign up on Telex**: [Telex Sign-Up](https://telex.im/auth/sign-up)\n2. **Create an Organization and Channel**\n   - After signing up, create an organization and a channel where notifications will be sent.\n3. **Set Up the Integration**\n   - In Telex, create a new app integration.\n   - Use the integration JSON URL: `/integration.json` from your deployed instance.\n\n## Deployment on Render\nThis project is configured to be deployed on [Render](https://render.com) without additional setup.\n\n### 1. Create a Database on Render\n- Go to Render and create a new PostgreSQL database.\n- Copy the connection string and set it as `DATABASE_URL` in your Render environment variables.\n\n### 2. Deploy the Application\n- Create a new Web Service on Render.\n- Connect your GitHub repository: [Access Watch Repo](https://github.com/telexintegrations/access-watch-telex.git)\n- Set up environment variables (`DATABASE_URL`, `SECRET_KEY`, `WEB_CONCURRENCY=4`).\n- The `build.sh` script in the project already includes all necessary commands for database migration and cache table creation.\n- Start the service.\n\n## Testing the Integration\nAfter deploying, test the integration by triggering secured access attempts.\n\n### 1. Register and Login\nUse the provided authentication endpoints to create a user and obtain a token.\n\n### BASE URL\nhttps://access-watch-ix9w.onrender.com\n\n#### Register\n```http\nPOST /api/v1/users/\nContent-Type: application/json\n{\n    \"username\": \"testuser\",\n    \"password\": \"securepassword\"\n}\n```\n\n#### Login\n```http\nPOST /api/v1/users/login/\nContent-Type: application/json\n{\n    \"username\": \"testuser\",\n    \"password\": \"securepassword\"\n}\n```\nThis will return an access token that must be included in requests to protected endpoints.\n\n### 2. Test Role-Based Access\nOnce logged in, try accessing secured endpoints. Unauthorized attempts will be logged and sent to Telex.\n\n```http\nGET /api/v1/secured-data/\nAuthorization: Bearer YOUR_ACCESS_TOKEN\n```\n\nIf the user does not have the required permissions, the attempt will be logged in Telex.\n\n## Testing Integration on Test Telex Organization\nNotifications will be sent to the *access watch telex* channel.\n\nTo test quickly, users can make a request to a protected endpoint **without an authentication token**. The integration checks for two types of users:\n1. **Anonymous users** (no authentication token provided)\n2. **Authenticated but unauthorized users** (valid token, but no permission)\n\n### Quick Testing as an Anonymous User\nUsers can test easily as anonymous users by simply making a request to a protected endpoint without a token:\n```http\nGET [/api/v1/secured-data/](https://access-watch-ix9w.onrender.com/api/v1/secured-data)\n```\nThis will immediately trigger a notification in the *attempts-to-access-sensitive-data* channel.\n\n### Testing as an Authenticated User\nTo test as an authenticated but unauthorized user:\n1. **Sign up** following the step in the register section above.\n2. **Login** to get an access token.\n3. **Make a request** to the protected endpoint with the token.\n\nIf the user does not have the necessary permissions, the access attempt will be logged immediately in the *attempts-to-access-sensitive-data* channel.\n\n## Screenshots\nExample notification on Test Telex organization in *attempts-to-access-sensitive-data* channel\n![Telex Logs](https://github.com/user-attachments/assets/c2246be6-c88d-47cb-a68d-8b59476c815d)\n\n![Create integration app](https://github.com/user-attachments/assets/a4a9419d-f28f-4d16-b448-cdbf4640547b)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelexintegrations%2Faccess-watch-telex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftelexintegrations%2Faccess-watch-telex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelexintegrations%2Faccess-watch-telex/lists"}