server/helpers/audit-logger.ts

   1 import * as path from 'path'
   2 import * as express from 'express'
   3 import { diff } from 'deep-object-diff'
   4 import { chain } from 'lodash'
   5 import * as flatten from 'flat'
   6 import * as winston from 'winston'
   7 import { CONFIG } from '../initializers'
   8 import { jsonLoggerFormat, labelFormatter } from './logger'
   9 import { VideoDetails, User, VideoChannel, VideoAbuse, VideoImport } from '../../shared'
  10 import { VideoComment } from '../../shared/models/videos/video-comment.model'
  11 import { CustomConfig } from '../../shared/models/server/custom-config.model'
  12 import { UserModel } from '../models/account/user'
  13
  14 function getAuditIdFromRes (res: express.Response) {
  15   return (res.locals.oauth.token.User as UserModel).username
  16 }
  17
  18 enum AUDIT_TYPE {
  19   CREATE = 'create',
  20   UPDATE = 'update',
  21   DELETE = 'delete'
  22 }
  23
  24 const colors = winston.config.npm.colors
  25 colors.audit = winston.config.npm.colors.info
  26
  27 winston.addColors(colors)
  28
  29 const auditLogger = winston.createLogger({
  30   levels: { audit: 0 },
  31   transports: [
  32     new winston.transports.File({
  33       filename: path.join(CONFIG.STORAGE.LOG_DIR, 'peertube-audit.log'),
  34       level: 'audit',
  35       maxsize: 5242880,
  36       maxFiles: 5,
  37       format: winston.format.combine(
  38         winston.format.timestamp(),
  39         labelFormatter,
  40         winston.format.splat(),
  41         jsonLoggerFormat
  42       )
  43     })
  44   ],
  45   exitOnError: true
  46 })
  47
  48 function auditLoggerWrapper (domain: string, user: string, action: AUDIT_TYPE, entity: EntityAuditView, oldEntity: EntityAuditView = null) {
  49   let entityInfos: object
  50   if (action === AUDIT_TYPE.UPDATE && oldEntity) {
  51     const oldEntityKeys = oldEntity.toLogKeys()
  52     const diffObject = diff(oldEntityKeys, entity.toLogKeys())
  53     const diffKeys = Object.entries(diffObject).reduce((newKeys, entry) => {
  54       newKeys[`new-${entry[0]}`] = entry[1]
  55       return newKeys
  56     }, {})
  57     entityInfos = { ...oldEntityKeys, ...diffKeys }
  58   } else {
  59     entityInfos = { ...entity.toLogKeys() }
  60   }
  61   auditLogger.log('audit', JSON.stringify({
  62     user,
  63     domain,
  64     action,
  65     ...entityInfos
  66   }))
  67 }
  68
  69 function auditLoggerFactory (domain: string) {
  70   return {
  71     create (user: string, entity: EntityAuditView) {
  72       auditLoggerWrapper(domain, user, AUDIT_TYPE.CREATE, entity)
  73     },
  74     update (user: string, entity: EntityAuditView, oldEntity: EntityAuditView) {
  75       auditLoggerWrapper(domain, user, AUDIT_TYPE.UPDATE, entity, oldEntity)
  76     },
  77     delete (user: string, entity: EntityAuditView) {
  78       auditLoggerWrapper(domain, user, AUDIT_TYPE.DELETE, entity)
  79     }
  80   }
  81 }
  82
  83 abstract class EntityAuditView {
  84   constructor (private keysToKeep: Array<string>, private prefix: string, private entityInfos: object) { }
  85   toLogKeys (): object {
  86     return chain(flatten(this.entityInfos, { delimiter: '-', safe: true }))
  87       .pick(this.keysToKeep)
  88       .mapKeys((value, key) => `${this.prefix}-${key}`)
  89       .value()
  90   }
  91 }
  92
  93 const videoKeysToKeep = [
  94   'tags',
  95   'uuid',
  96   'id',
  97   'uuid',
  98   'createdAt',
  99   'updatedAt',
 100   'publishedAt',
 101   'category',
 102   'licence',
 103   'language',
 104   'privacy',
 105   'description',
 106   'duration',
 107   'isLocal',
 108   'name',
 109   'thumbnailPath',
 110   'previewPath',
 111   'nsfw',
 112   'waitTranscoding',
 113   'account-id',
 114   'account-uuid',
 115   'account-name',
 116   'channel-id',
 117   'channel-uuid',
 118   'channel-name',
 119   'support',
 120   'commentsEnabled'
 121 ]
 122 class VideoAuditView extends EntityAuditView {
 123   constructor (private video: VideoDetails) {
 124     super(videoKeysToKeep, 'video', video)
 125   }
 126 }
 127
 128 const videoImportKeysToKeep = [
 129   'id',
 130   'targetUrl',
 131   'video-name'
 132 ]
 133 class VideoImportAuditView extends EntityAuditView {
 134   constructor (private videoImport: VideoImport) {
 135     super(videoImportKeysToKeep, 'video-import', videoImport)
 136   }
 137 }
 138
 139 const commentKeysToKeep = [
 140   'id',
 141   'text',
 142   'threadId',
 143   'inReplyToCommentId',
 144   'videoId',
 145   'createdAt',
 146   'updatedAt',
 147   'totalReplies',
 148   'account-id',
 149   'account-uuid',
 150   'account-name'
 151 ]
 152 class CommentAuditView extends EntityAuditView {
 153   constructor (private comment: VideoComment) {
 154     super(commentKeysToKeep, 'comment', comment)
 155   }
 156 }
 157
 158 const userKeysToKeep = [
 159   'id',
 160   'username',
 161   'email',
 162   'nsfwPolicy',
 163   'autoPlayVideo',
 164   'role',
 165   'videoQuota',
 166   'createdAt',
 167   'account-id',
 168   'account-uuid',
 169   'account-name',
 170   'account-followingCount',
 171   'account-followersCount',
 172   'account-createdAt',
 173   'account-updatedAt',
 174   'account-avatar-path',
 175   'account-avatar-createdAt',
 176   'account-avatar-updatedAt',
 177   'account-displayName',
 178   'account-description',
 179   'videoChannels'
 180 ]
 181 class UserAuditView extends EntityAuditView {
 182   constructor (private user: User) {
 183     super(userKeysToKeep, 'user', user)
 184   }
 185 }
 186
 187 const channelKeysToKeep = [
 188   'id',
 189   'uuid',
 190   'name',
 191   'followingCount',
 192   'followersCount',
 193   'createdAt',
 194   'updatedAt',
 195   'avatar-path',
 196   'avatar-createdAt',
 197   'avatar-updatedAt',
 198   'displayName',
 199   'description',
 200   'support',
 201   'isLocal',
 202   'ownerAccount-id',
 203   'ownerAccount-uuid',
 204   'ownerAccount-name',
 205   'ownerAccount-displayedName'
 206 ]
 207 class VideoChannelAuditView extends EntityAuditView {
 208   constructor (private channel: VideoChannel) {
 209     super(channelKeysToKeep, 'channel', channel)
 210   }
 211 }
 212
 213 const videoAbuseKeysToKeep = [
 214   'id',
 215   'reason',
 216   'reporterAccount',
 217   'video-id',
 218   'video-name',
 219   'video-uuid',
 220   'createdAt'
 221 ]
 222 class VideoAbuseAuditView extends EntityAuditView {
 223   constructor (private videoAbuse: VideoAbuse) {
 224     super(videoAbuseKeysToKeep, 'abuse', videoAbuse)
 225   }
 226 }
 227
 228 const customConfigKeysToKeep = [
 229   'instance-name',
 230   'instance-shortDescription',
 231   'instance-description',
 232   'instance-terms',
 233   'instance-defaultClientRoute',
 234   'instance-defaultNSFWPolicy',
 235   'instance-customizations-javascript',
 236   'instance-customizations-css',
 237   'services-twitter-username',
 238   'services-twitter-whitelisted',
 239   'cache-previews-size',
 240   'cache-captions-size',
 241   'signup-enabled',
 242   'signup-limit',
 243   'signup-requiresEmailVerification',
 244   'admin-email',
 245   'user-videoQuota',
 246   'transcoding-enabled',
 247   'transcoding-threads',
 248   'transcoding-resolutions'
 249 ]
 250 class CustomConfigAuditView extends EntityAuditView {
 251   constructor (customConfig: CustomConfig) {
 252     const infos: any = customConfig
 253     const resolutionsDict = infos.transcoding.resolutions
 254     const resolutionsArray = []
 255     Object.entries(resolutionsDict).forEach(([resolution, isEnabled]) => {
 256       if (isEnabled) resolutionsArray.push(resolution)
 257     })
 258     Object.assign({}, infos, { transcoding: { resolutions: resolutionsArray } })
 259     super(customConfigKeysToKeep, 'config', infos)
 260   }
 261 }
 262
 263 export {
 264   getAuditIdFromRes,
 265
 266   auditLoggerFactory,
 267   VideoImportAuditView,
 268   VideoChannelAuditView,
 269   CommentAuditView,
 270   UserAuditView,
 271   VideoAuditView,
 272   VideoAbuseAuditView,
 273   CustomConfigAuditView
 274 }