Add audit logs module

package.json

@@ -91,10 +91,12 @@
     "cookie-parser": "^1.4.3",
     "cors": "^2.8.1",
     "create-torrent": "^3.24.5",
+    "deep-object-diff": "^1.1.0",
     "express": "^4.12.4",
     "express-oauth-server": "^2.0.0",
     "express-rate-limit": "^2.11.0",
     "express-validator": "^5.0.0",
+    "flat": "^4.1.0",
     "fluent-ffmpeg": "^2.1.0",
     "helmet": "^3.12.1",
     "ipaddr.js": "https://github.com/whitequark/ipaddr.js.git#8e69afeb4053ee32447a101845f860848280eca5",

server/helpers/audit-logger.ts

@@ -0,0 +1,123 @@
+import * as path from 'path'
+import { diff } from 'deep-object-diff'
+import { chain } from 'lodash'
+import * as flatten from 'flat'
+import * as winston from 'winston'
+import { CONFIG } from '../initializers'
+import { jsonLoggerFormat, labelFormatter } from './logger'
+import { VideoDetails } from '../../shared'
+
+enum AUDIT_TYPE {
+  CREATE = 'create',
+  UPDATE = 'update',
+  DELETE = 'delete'
+}
+
+const colors = winston.config.npm.colors
+colors.audit = winston.config.npm.colors.info
+
+winston.addColors(colors)
+
+const auditLogger = winston.createLogger({
+  levels: { audit: 0 },
+  transports: [
+    new winston.transports.File({
+      filename: path.join(CONFIG.STORAGE.LOG_DIR, 'peertube-audit.log'),
+      level: 'audit',
+      maxsize: 5242880,
+      maxFiles: 5,
+      format: winston.format.combine(
+        winston.format.timestamp(),
+        labelFormatter,
+        winston.format.splat(),
+        jsonLoggerFormat
+      )
+    })
+  ],
+  exitOnError: true
+})
+
+function auditLoggerWrapper (domain: string, user: string, action: AUDIT_TYPE, entity: EntityAuditView, oldEntity: EntityAuditView = null) {
+  let entityInfos: object
+  if (action === AUDIT_TYPE.UPDATE && oldEntity) {
+    const oldEntityKeys = oldEntity.toLogKeys()
+    const diffObject = diff(oldEntityKeys, entity.toLogKeys())
+    const diffKeys = Object.entries(diffObject).reduce((newKeys, entry) => {
+      newKeys[`new-${entry[0]}`] = entry[1]
+      return newKeys
+    }, {})
+    entityInfos = { ...oldEntityKeys, ...diffKeys }
+  } else {
+    entityInfos = { ...entity.toLogKeys() }
+  }
+  auditLogger.log('audit', JSON.stringify({
+    user,
+    domain,
+    action,
+    ...entityInfos
+  }))
+}
+
+function auditLoggerFactory (domain: string) {
+  return {
+    create (user: string, entity: EntityAuditView) {
+      auditLoggerWrapper(domain, user, AUDIT_TYPE.CREATE, entity)
+    },
+    update (user: string, entity: EntityAuditView, oldEntity: EntityAuditView) {
+      auditLoggerWrapper(domain, user, AUDIT_TYPE.UPDATE, entity, oldEntity)
+    },
+    delete (user: string, entity: EntityAuditView) {
+      auditLoggerWrapper(domain, user, AUDIT_TYPE.DELETE, entity)
+    }
+  }
+}
+
+abstract class EntityAuditView {
+  constructor (private keysToKeep: Array<string>, private prefix: string, private entityInfos: object) { }
+  toLogKeys (): object {
+    return chain(flatten(this.entityInfos, { delimiter: '-', safe: true }))
+      .pick(this.keysToKeep)
+      .mapKeys((value, key) => `${this.prefix}-${key}`)
+      .value()
+  }
+}
+
+const videoKeysToKeep = [
+  'tags',
+  'uuid',
+  'id',
+  'uuid',
+  'createdAt',
+  'updatedAt',
+  'publishedAt',
+  'category',
+  'licence',
+  'language',
+  'privacy',
+  'description',
+  'duration',
+  'isLocal',
+  'name',
+  'thumbnailPath',
+  'previewPath',
+  'nsfw',
+  'waitTranscoding',
+  'account-id',
+  'account-uuid',
+  'account-name',
+  'channel-id',
+  'channel-uuid',
+  'channel-name',
+  'support',
+  'commentsEnabled'
+]
+class VideoAuditView extends AuditEntity {
+  constructor (private video: VideoDetails) {
+    super(videoKeysToKeep, 'video', video)
+  }
+}
+
+export {
+  auditLoggerFactory,
+  VideoAuditView
+}

server/helpers/logger.ts

@@ -96,13 +96,13 @@ const bunyanLogger = {
   error: bunyanLogFactory('error'),
   fatal: bunyanLogFactory('error')
 }
-
 // ---------------------------------------------------------------------------
 
 export {
   timestampFormatter,
   labelFormatter,
   consoleLoggerFormat,
+  jsonLoggerFormat,
   logger,
   bunyanLogger
 }

yarn.lock

@@ -1773,6 +1773,10 @@ deep-is@~0.1.3:
   version "0.1.3"
   resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.3.tgz#b369d6fb5dbc13eecf524f91b070feedc357cf34"
 
+deep-object-diff@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/deep-object-diff/-/deep-object-diff-1.1.0.tgz#d6fabf476c2ed1751fc94d5ca693d2ed8c18bc5a"
+
 defaults@^1.0.3:
   version "1.0.3"
   resolved "https://registry.yarnpkg.com/defaults/-/defaults-1.0.3.tgz#c656051e9817d9ff08ed881477f3fe4019f3ef7d"
@@ -2573,6 +2577,12 @@ flat-cache@^1.2.1:
     graceful-fs "^4.1.2"
     write "^0.2.1"
 
+flat@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/flat/-/flat-4.1.0.tgz#090bec8b05e39cba309747f1d588f04dbaf98db2"
+  dependencies:
+    is-buffer "~2.0.3"
+
 flatten@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/flatten/-/flatten-1.0.2.tgz#dae46a9d78fbe25292258cc1e780a41d95c03782"
@@ -3593,6 +3603,10 @@ is-buffer@^1.1.5, is-buffer@~1.1.1:
   version "1.1.6"
   resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be"
 
+is-buffer@~2.0.3:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-2.0.3.tgz#4ecf3fcf749cbd1e472689e109ac66261a25e725"
+
 is-builtin-module@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/is-builtin-module/-/is-builtin-module-1.0.0.tgz#540572d34f7ac3119f8f76c30cbc1b1e037affbe"