From 59390818384baa0ffc0cb71af2e67350c6b39172 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bertron?= Date: Tue, 31 Jul 2018 14:02:47 +0200 Subject: [PATCH] Add audit logs module --- package.json | 2 + server/helpers/audit-logger.ts | 123 +++++++++++++++++++++++++++++++++ server/helpers/logger.ts | 2 +- yarn.lock | 14 ++++ 4 files changed, 140 insertions(+), 1 deletion(-) create mode 100644 server/helpers/audit-logger.ts diff --git a/package.json b/package.json index 2952bfbfc..cd0a3c5b8 100644 --- a/package.json +++ b/package.json @@ -91,10 +91,12 @@ "cookie-parser": "^1.4.3", "cors": "^2.8.1", "create-torrent": "^3.24.5", + "deep-object-diff": "^1.1.0", "express": "^4.12.4", "express-oauth-server": "^2.0.0", "express-rate-limit": "^2.11.0", "express-validator": "^5.0.0", + "flat": "^4.1.0", "fluent-ffmpeg": "^2.1.0", "helmet": "^3.12.1", "ipaddr.js": "https://github.com/whitequark/ipaddr.js.git#8e69afeb4053ee32447a101845f860848280eca5", diff --git a/server/helpers/audit-logger.ts b/server/helpers/audit-logger.ts new file mode 100644 index 000000000..4b237316f --- /dev/null +++ b/server/helpers/audit-logger.ts @@ -0,0 +1,123 @@ +import * as path from 'path' +import { diff } from 'deep-object-diff' +import { chain } from 'lodash' +import * as flatten from 'flat' +import * as winston from 'winston' +import { CONFIG } from '../initializers' +import { jsonLoggerFormat, labelFormatter } from './logger' +import { VideoDetails } from '../../shared' + +enum AUDIT_TYPE { + CREATE = 'create', + UPDATE = 'update', + DELETE = 'delete' +} + +const colors = winston.config.npm.colors +colors.audit = winston.config.npm.colors.info + +winston.addColors(colors) + +const auditLogger = winston.createLogger({ + levels: { audit: 0 }, + transports: [ + new winston.transports.File({ + filename: path.join(CONFIG.STORAGE.LOG_DIR, 'peertube-audit.log'), + level: 'audit', + maxsize: 5242880, + maxFiles: 5, + format: winston.format.combine( + winston.format.timestamp(), + labelFormatter, + winston.format.splat(), + jsonLoggerFormat + ) + }) + ], + exitOnError: true +}) + +function auditLoggerWrapper (domain: string, user: string, action: AUDIT_TYPE, entity: EntityAuditView, oldEntity: EntityAuditView = null) { + let entityInfos: object + if (action === AUDIT_TYPE.UPDATE && oldEntity) { + const oldEntityKeys = oldEntity.toLogKeys() + const diffObject = diff(oldEntityKeys, entity.toLogKeys()) + const diffKeys = Object.entries(diffObject).reduce((newKeys, entry) => { + newKeys[`new-${entry[0]}`] = entry[1] + return newKeys + }, {}) + entityInfos = { ...oldEntityKeys, ...diffKeys } + } else { + entityInfos = { ...entity.toLogKeys() } + } + auditLogger.log('audit', JSON.stringify({ + user, + domain, + action, + ...entityInfos + })) +} + +function auditLoggerFactory (domain: string) { + return { + create (user: string, entity: EntityAuditView) { + auditLoggerWrapper(domain, user, AUDIT_TYPE.CREATE, entity) + }, + update (user: string, entity: EntityAuditView, oldEntity: EntityAuditView) { + auditLoggerWrapper(domain, user, AUDIT_TYPE.UPDATE, entity, oldEntity) + }, + delete (user: string, entity: EntityAuditView) { + auditLoggerWrapper(domain, user, AUDIT_TYPE.DELETE, entity) + } + } +} + +abstract class EntityAuditView { + constructor (private keysToKeep: Array, private prefix: string, private entityInfos: object) { } + toLogKeys (): object { + return chain(flatten(this.entityInfos, { delimiter: '-', safe: true })) + .pick(this.keysToKeep) + .mapKeys((value, key) => `${this.prefix}-${key}`) + .value() + } +} + +const videoKeysToKeep = [ + 'tags', + 'uuid', + 'id', + 'uuid', + 'createdAt', + 'updatedAt', + 'publishedAt', + 'category', + 'licence', + 'language', + 'privacy', + 'description', + 'duration', + 'isLocal', + 'name', + 'thumbnailPath', + 'previewPath', + 'nsfw', + 'waitTranscoding', + 'account-id', + 'account-uuid', + 'account-name', + 'channel-id', + 'channel-uuid', + 'channel-name', + 'support', + 'commentsEnabled' +] +class VideoAuditView extends AuditEntity { + constructor (private video: VideoDetails) { + super(videoKeysToKeep, 'video', video) + } +} + +export { + auditLoggerFactory, + VideoAuditView +} diff --git a/server/helpers/logger.ts b/server/helpers/logger.ts index 6d369a8fb..04a19a9c6 100644 --- a/server/helpers/logger.ts +++ b/server/helpers/logger.ts @@ -96,13 +96,13 @@ const bunyanLogger = { error: bunyanLogFactory('error'), fatal: bunyanLogFactory('error') } - // --------------------------------------------------------------------------- export { timestampFormatter, labelFormatter, consoleLoggerFormat, + jsonLoggerFormat, logger, bunyanLogger } diff --git a/yarn.lock b/yarn.lock index 5124992db..ec261e025 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1773,6 +1773,10 @@ deep-is@~0.1.3: version "0.1.3" resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.3.tgz#b369d6fb5dbc13eecf524f91b070feedc357cf34" +deep-object-diff@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/deep-object-diff/-/deep-object-diff-1.1.0.tgz#d6fabf476c2ed1751fc94d5ca693d2ed8c18bc5a" + defaults@^1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/defaults/-/defaults-1.0.3.tgz#c656051e9817d9ff08ed881477f3fe4019f3ef7d" @@ -2573,6 +2577,12 @@ flat-cache@^1.2.1: graceful-fs "^4.1.2" write "^0.2.1" +flat@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/flat/-/flat-4.1.0.tgz#090bec8b05e39cba309747f1d588f04dbaf98db2" + dependencies: + is-buffer "~2.0.3" + flatten@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/flatten/-/flatten-1.0.2.tgz#dae46a9d78fbe25292258cc1e780a41d95c03782" @@ -3593,6 +3603,10 @@ is-buffer@^1.1.5, is-buffer@~1.1.1: version "1.1.6" resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be" +is-buffer@~2.0.3: + version "2.0.3" + resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-2.0.3.tgz#4ecf3fcf749cbd1e472689e109ac66261a25e725" + is-builtin-module@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/is-builtin-module/-/is-builtin-module-1.0.0.tgz#540572d34f7ac3119f8f76c30cbc1b1e037affbe"