[github/Chocobozzz/PeerTube.git] / server / helpers / audit-logger.ts

import { diff } from 'deep-object-diff'
import express from 'express'
import flatten from 'flat'
import { chain } from 'lodash'
import { join } from 'path'
import { addColors, config, createLogger, format, transports } from 'winston'
import { AUDIT_LOG_FILENAME } from '@server/initializers/constants'
import { AdminAbuse, CustomConfig, User, VideoChannel, VideoChannelSync, VideoComment, VideoDetails, VideoImport } from '@shared/models'
import { CONFIG } from '../initializers/config'
import { jsonLoggerFormat, labelFormatter } from './logger'

function getAuditIdFromRes (res: express.Response) {
  return res.locals.oauth.token.User.username
}

enum AUDIT_TYPE {
  CREATE = 'create',
  UPDATE = 'update',
  DELETE = 'delete'
}

const colors = config.npm.colors
colors.audit = config.npm.colors.info

addColors(colors)

const auditLogger = createLogger({
  levels: { audit: 0 },
  transports: [
    new transports.File({
      filename: join(CONFIG.STORAGE.LOG_DIR, AUDIT_LOG_FILENAME),
      level: 'audit',
      maxsize: 5242880,
      maxFiles: 5,
      format: format.combine(
        format.timestamp(),
        labelFormatter(),
        format.splat(),
        jsonLoggerFormat
      )
    })
  ],
  exitOnError: true
})

function auditLoggerWrapper (domain: string, user: string, action: AUDIT_TYPE, entity: EntityAuditView, oldEntity: EntityAuditView = null) {
  let entityInfos: object
  if (action === AUDIT_TYPE.UPDATE && oldEntity) {
    const oldEntityKeys = oldEntity.toLogKeys()
    const diffObject = diff(oldEntityKeys, entity.toLogKeys())
    const diffKeys = Object.entries(diffObject).reduce((newKeys, entry) => {
      newKeys[`new-${entry[0]}`] = entry[1]
      return newKeys
    }, {})
    entityInfos = { ...oldEntityKeys, ...diffKeys }
  } else {
    entityInfos = { ...entity.toLogKeys() }
  }
  auditLogger.log('audit', JSON.stringify({
    user,
    domain,
    action,
    ...entityInfos
  }))
}

function auditLoggerFactory (domain: string) {
  return {
    create (user: string, entity: EntityAuditView) {
      auditLoggerWrapper(domain, user, AUDIT_TYPE.CREATE, entity)
    },
    update (user: string, entity: EntityAuditView, oldEntity: EntityAuditView) {
      auditLoggerWrapper(domain, user, AUDIT_TYPE.UPDATE, entity, oldEntity)
    },
    delete (user: string, entity: EntityAuditView) {
      auditLoggerWrapper(domain, user, AUDIT_TYPE.DELETE, entity)
    }
  }
}

abstract class EntityAuditView {
  constructor (private readonly keysToKeep: string[], private readonly prefix: string, private readonly entityInfos: object) { }

  toLogKeys (): object {
    return chain(flatten<object, any>(this.entityInfos, { delimiter: '-', safe: true }))
      .pick(this.keysToKeep)
      .mapKeys((_value, key) => `${this.prefix}-${key}`)
      .value()
  }
}

const videoKeysToKeep = [
  'tags',
  'uuid',
  'id',
  'uuid',
  'createdAt',
  'updatedAt',
  'publishedAt',
  'category',
  'licence',
  'language',
  'privacy',
  'description',
  'duration',
  'isLocal',
  'name',
  'thumbnailPath',
  'previewPath',
  'nsfw',
  'waitTranscoding',
  'account-id',
  'account-uuid',
  'account-name',
  'channel-id',
  'channel-uuid',
  'channel-name',
  'support',
  'commentsEnabled',
  'downloadEnabled'
]
class VideoAuditView extends EntityAuditView {
  constructor (video: VideoDetails) {
    super(videoKeysToKeep, 'video', video)
  }
}

const videoImportKeysToKeep = [
  'id',
  'targetUrl',
  'video-name'
]
class VideoImportAuditView extends EntityAuditView {
  constructor (videoImport: VideoImport) {
    super(videoImportKeysToKeep, 'video-import', videoImport)
  }
}

const commentKeysToKeep = [
  'id',
  'text',
  'threadId',
  'inReplyToCommentId',
  'videoId',
  'createdAt',
  'updatedAt',
  'totalReplies',
  'account-id',
  'account-uuid',
  'account-name'
]
class CommentAuditView extends EntityAuditView {
  constructor (comment: VideoComment) {
    super(commentKeysToKeep, 'comment', comment)
  }
}

const userKeysToKeep = [
  'id',
  'username',
  'email',
  'nsfwPolicy',
  'autoPlayVideo',
  'role',
  'videoQuota',
  'createdAt',
  'account-id',
  'account-uuid',
  'account-name',
  'account-followingCount',
  'account-followersCount',
  'account-createdAt',
  'account-updatedAt',
  'account-avatar-path',
  'account-avatar-createdAt',
  'account-avatar-updatedAt',
  'account-displayName',
  'account-description',
  'videoChannels'
]
class UserAuditView extends EntityAuditView {
  constructor (user: User) {
    super(userKeysToKeep, 'user', user)
  }
}

const channelKeysToKeep = [
  'id',
  'uuid',
  'name',
  'followingCount',
  'followersCount',
  'createdAt',
  'updatedAt',
  'avatar-path',
  'avatar-createdAt',
  'avatar-updatedAt',
  'displayName',
  'description',
  'support',
  'isLocal',
  'ownerAccount-id',
  'ownerAccount-uuid',
  'ownerAccount-name',
  'ownerAccount-displayedName'
]
class VideoChannelAuditView extends EntityAuditView {
  constructor (channel: VideoChannel) {
    super(channelKeysToKeep, 'channel', channel)
  }
}

const abuseKeysToKeep = [
  'id',
  'reason',
  'reporterAccount',
  'createdAt'
]
class AbuseAuditView extends EntityAuditView {
  constructor (abuse: AdminAbuse) {
    super(abuseKeysToKeep, 'abuse', abuse)
  }
}

const customConfigKeysToKeep = [
  'instance-name',
  'instance-shortDescription',
  'instance-description',
  'instance-terms',
  'instance-defaultClientRoute',
  'instance-defaultNSFWPolicy',
  'instance-customizations-javascript',
  'instance-customizations-css',
  'services-twitter-username',
  'services-twitter-whitelisted',
  'cache-previews-size',
  'cache-captions-size',
  'signup-enabled',
  'signup-limit',
  'signup-requiresEmailVerification',
  'admin-email',
  'user-videoQuota',
  'transcoding-enabled',
  'transcoding-threads',
  'transcoding-resolutions'
]
class CustomConfigAuditView extends EntityAuditView {
  constructor (customConfig: CustomConfig) {
    const infos: any = customConfig
    const resolutionsDict = infos.transcoding.resolutions
    const resolutionsArray = []

    Object.entries(resolutionsDict)
          .forEach(([ resolution, isEnabled ]) => {
            if (isEnabled) resolutionsArray.push(resolution)
          })

    Object.assign({}, infos, { transcoding: { resolutions: resolutionsArray } })
    super(customConfigKeysToKeep, 'config', infos)
  }
}

const channelSyncKeysToKeep = [
  'id',
  'externalChannelUrl',
  'channel-id',
  'channel-name'
]
class VideoChannelSyncAuditView extends EntityAuditView {
  constructor (channelSync: VideoChannelSync) {
    super(channelSyncKeysToKeep, 'channelSync', channelSync)
  }
}

export {
  getAuditIdFromRes,

  auditLoggerFactory,
  VideoImportAuditView,
  VideoChannelAuditView,
  CommentAuditView,
  UserAuditView,
  VideoAuditView,
  AbuseAuditView,
  CustomConfigAuditView,
  VideoChannelSyncAuditView
}
Commit	Line	Data
	1	import { diff } from 'deep-object-diff'
	2	import express from 'express'
	3	import flatten from 'flat'
	4	import { chain } from 'lodash'
	5	import { join } from 'path'
	6	import { addColors, config, createLogger, format, transports } from 'winston'
	7	import { AUDIT_LOG_FILENAME } from '@server/initializers/constants'
	8	import { AdminAbuse, CustomConfig, User, VideoChannel, VideoChannelSync, VideoComment, VideoDetails, VideoImport } from '@shared/models'
	9	import { CONFIG } from '../initializers/config'
	10	import { jsonLoggerFormat, labelFormatter } from './logger'
	11
	12	function getAuditIdFromRes (res: express.Response) {
	13	return res.locals.oauth.token.User.username
	14	}
	15
	16	enum AUDIT_TYPE {
	17	CREATE = 'create',
	18	UPDATE = 'update',
	19	DELETE = 'delete'
	20	}
	21
	22	const colors = config.npm.colors
	23	colors.audit = config.npm.colors.info
	24
	25	addColors(colors)
	26
	27	const auditLogger = createLogger({
	28	levels: { audit: 0 },
	29	transports: [
	30	new transports.File({
	31	filename: join(CONFIG.STORAGE.LOG_DIR, AUDIT_LOG_FILENAME),
	32	level: 'audit',
	33	maxsize: 5242880,
	34	maxFiles: 5,
	35	format: format.combine(
	36	format.timestamp(),
	37	labelFormatter(),
	38	format.splat(),
	39	jsonLoggerFormat
	40	)
	41	})
	42	],
	43	exitOnError: true
	44	})
	45
	46	function auditLoggerWrapper (domain: string, user: string, action: AUDIT_TYPE, entity: EntityAuditView, oldEntity: EntityAuditView = null) {
	47	let entityInfos: object
	48	if (action === AUDIT_TYPE.UPDATE && oldEntity) {
	49	const oldEntityKeys = oldEntity.toLogKeys()
	50	const diffObject = diff(oldEntityKeys, entity.toLogKeys())
	51	const diffKeys = Object.entries(diffObject).reduce((newKeys, entry) => {
	52	newKeys[`new-${entry[0]}`] = entry[1]
	53	return newKeys
	54	}, {})
	55	entityInfos = { ...oldEntityKeys, ...diffKeys }
	56	} else {
	57	entityInfos = { ...entity.toLogKeys() }
	58	}
	59	auditLogger.log('audit', JSON.stringify({
	60	user,
	61	domain,
	62	action,
	63	...entityInfos
	64	}))
	65	}
	66
	67	function auditLoggerFactory (domain: string) {
	68	return {
	69	create (user: string, entity: EntityAuditView) {
	70	auditLoggerWrapper(domain, user, AUDIT_TYPE.CREATE, entity)
	71	},
	72	update (user: string, entity: EntityAuditView, oldEntity: EntityAuditView) {
	73	auditLoggerWrapper(domain, user, AUDIT_TYPE.UPDATE, entity, oldEntity)
	74	},
	75	delete (user: string, entity: EntityAuditView) {
	76	auditLoggerWrapper(domain, user, AUDIT_TYPE.DELETE, entity)
	77	}
	78	}
	79	}
	80
	81	abstract class EntityAuditView {
	82	constructor (private readonly keysToKeep: string[], private readonly prefix: string, private readonly entityInfos: object) { }
	83
	84	toLogKeys (): object {
	85	return chain(flatten<object, any>(this.entityInfos, { delimiter: '-', safe: true }))
	86	.pick(this.keysToKeep)
	87	.mapKeys((_value, key) => `${this.prefix}-${key}`)
	88	.value()
	89	}
	90	}
	91
	92	const videoKeysToKeep = [
	93	'tags',
	94	'uuid',
	95	'id',
	96	'uuid',
	97	'createdAt',
	98	'updatedAt',
	99	'publishedAt',
	100	'category',
	101	'licence',
	102	'language',
	103	'privacy',
	104	'description',
	105	'duration',
	106	'isLocal',
	107	'name',
	108	'thumbnailPath',
	109	'previewPath',
	110	'nsfw',
	111	'waitTranscoding',
	112	'account-id',
	113	'account-uuid',
	114	'account-name',
	115	'channel-id',
	116	'channel-uuid',
	117	'channel-name',
	118	'support',
	119	'commentsEnabled',
	120	'downloadEnabled'
	121	]
	122	class VideoAuditView extends EntityAuditView {
	123	constructor (video: VideoDetails) {
	124	super(videoKeysToKeep, 'video', video)
	125	}
	126	}
	127
	128	const videoImportKeysToKeep = [
	129	'id',
	130	'targetUrl',
	131	'video-name'
	132	]
	133	class VideoImportAuditView extends EntityAuditView {
	134	constructor (videoImport: VideoImport) {
	135	super(videoImportKeysToKeep, 'video-import', videoImport)
	136	}
	137	}
	138
	139	const commentKeysToKeep = [
	140	'id',
	141	'text',
	142	'threadId',
	143	'inReplyToCommentId',
	144	'videoId',
	145	'createdAt',
	146	'updatedAt',
	147	'totalReplies',
	148	'account-id',
	149	'account-uuid',
	150	'account-name'
	151	]
	152	class CommentAuditView extends EntityAuditView {
	153	constructor (comment: VideoComment) {
	154	super(commentKeysToKeep, 'comment', comment)
	155	}
	156	}
	157
	158	const userKeysToKeep = [
	159	'id',
	160	'username',
	161	'email',
	162	'nsfwPolicy',
	163	'autoPlayVideo',
	164	'role',
	165	'videoQuota',
	166	'createdAt',
	167	'account-id',
	168	'account-uuid',
	169	'account-name',
	170	'account-followingCount',
	171	'account-followersCount',
	172	'account-createdAt',
	173	'account-updatedAt',
	174	'account-avatar-path',
	175	'account-avatar-createdAt',
	176	'account-avatar-updatedAt',
	177	'account-displayName',
	178	'account-description',
	179	'videoChannels'
	180	]
	181	class UserAuditView extends EntityAuditView {
	182	constructor (user: User) {
	183	super(userKeysToKeep, 'user', user)
	184	}
	185	}
	186
	187	const channelKeysToKeep = [
	188	'id',
	189	'uuid',
	190	'name',
	191	'followingCount',
	192	'followersCount',
	193	'createdAt',
	194	'updatedAt',
	195	'avatar-path',
	196	'avatar-createdAt',
	197	'avatar-updatedAt',
	198	'displayName',
	199	'description',
	200	'support',
	201	'isLocal',
	202	'ownerAccount-id',
	203	'ownerAccount-uuid',
	204	'ownerAccount-name',
	205	'ownerAccount-displayedName'
	206	]
	207	class VideoChannelAuditView extends EntityAuditView {
	208	constructor (channel: VideoChannel) {
	209	super(channelKeysToKeep, 'channel', channel)
	210	}
	211	}
	212
	213	const abuseKeysToKeep = [
	214	'id',
	215	'reason',
	216	'reporterAccount',
	217	'createdAt'
	218	]
	219	class AbuseAuditView extends EntityAuditView {
	220	constructor (abuse: AdminAbuse) {
	221	super(abuseKeysToKeep, 'abuse', abuse)
	222	}
	223	}
	224
	225	const customConfigKeysToKeep = [
	226	'instance-name',
	227	'instance-shortDescription',
	228	'instance-description',
	229	'instance-terms',
	230	'instance-defaultClientRoute',
	231	'instance-defaultNSFWPolicy',
	232	'instance-customizations-javascript',
	233	'instance-customizations-css',
	234	'services-twitter-username',
	235	'services-twitter-whitelisted',
	236	'cache-previews-size',
	237	'cache-captions-size',
	238	'signup-enabled',
	239	'signup-limit',
	240	'signup-requiresEmailVerification',
	241	'admin-email',
	242	'user-videoQuota',
	243	'transcoding-enabled',
	244	'transcoding-threads',
	245	'transcoding-resolutions'
	246	]
	247	class CustomConfigAuditView extends EntityAuditView {
	248	constructor (customConfig: CustomConfig) {
	249	const infos: any = customConfig
	250	const resolutionsDict = infos.transcoding.resolutions
	251	const resolutionsArray = []
	252
	253	Object.entries(resolutionsDict)
	254	.forEach(([ resolution, isEnabled ]) => {
	255	if (isEnabled) resolutionsArray.push(resolution)
	256	})
	257
	258	Object.assign({}, infos, { transcoding: { resolutions: resolutionsArray } })
	259	super(customConfigKeysToKeep, 'config', infos)
	260	}
	261	}
	262
	263	const channelSyncKeysToKeep = [
	264	'id',
	265	'externalChannelUrl',
	266	'channel-id',
	267	'channel-name'
	268	]
	269	class VideoChannelSyncAuditView extends EntityAuditView {
	270	constructor (channelSync: VideoChannelSync) {
	271	super(channelSyncKeysToKeep, 'channelSync', channelSync)
	272	}
	273	}
	274
	275	export {
	276	getAuditIdFromRes,
	277
	278	auditLoggerFactory,
	279	VideoImportAuditView,
	280	VideoChannelAuditView,
	281	CommentAuditView,
	282	UserAuditView,
	283	VideoAuditView,
	284	AbuseAuditView,
	285	CustomConfigAuditView,
	286	VideoChannelSyncAuditView
	287	}