Add audit logs module

author Aurélien Bertron <aurelienbertron@gmail.com>

Tue, 31 Jul 2018 12:02:47 +0000 (14:02 +0200)

committer Chocobozzz <me@florianbigard.com>

Tue, 31 Jul 2018 13:40:29 +0000 (15:40 +0200)
author Aurélien Bertron <aurelienbertron@gmail.com>
Tue, 31 Jul 2018 12:02:47 +0000 (14:02 +0200)
committer Chocobozzz <me@florianbigard.com>
Tue, 31 Jul 2018 13:40:29 +0000 (15:40 +0200)
diff --git a/package.json b/package.json

index 2952bfbfc6b3121c59ce7739bb3718ec5225a597..cd0a3c5b81c8b6d210b11d8676536d3cac41b8d3 100644 (file)
--- a/package.json
+++ b/package.json
@@ -91,10 +91,12 @@
      "cookie-parser": "^1.4.3",
      "cors": "^2.8.1",
      "create-torrent": "^3.24.5",
+    "deep-object-diff": "^1.1.0",
      "express": "^4.12.4",
      "express-oauth-server": "^2.0.0",
      "express-rate-limit": "^2.11.0",
      "express-validator": "^5.0.0",
+    "flat": "^4.1.0",
      "fluent-ffmpeg": "^2.1.0",
      "helmet": "^3.12.1",
      "ipaddr.js": "https://github.com/whitequark/ipaddr.js.git#8e69afeb4053ee32447a101845f860848280eca5",
diff --git a/server/helpers/audit-logger.ts b/server/helpers/audit-logger.ts

new file mode 100644 (file)

index 0000000..4b23731
--- /dev/null
+++ b/server/helpers/audit-logger.ts
@@ -0,0 +1,123 @@
+import * as path from 'path'
+import { diff } from 'deep-object-diff'
+import { chain } from 'lodash'
+import * as flatten from 'flat'
+import * as winston from 'winston'
+import { CONFIG } from '../initializers'
+import { jsonLoggerFormat, labelFormatter } from './logger'
+import { VideoDetails } from '../../shared'
+
+enum AUDIT_TYPE {
+  CREATE = 'create',
+  UPDATE = 'update',
+  DELETE = 'delete'
+}
+
+const colors = winston.config.npm.colors
+colors.audit = winston.config.npm.colors.info
+
+winston.addColors(colors)
+
+const auditLogger = winston.createLogger({
+  levels: { audit: 0 },
+  transports: [
+    new winston.transports.File({
+      filename: path.join(CONFIG.STORAGE.LOG_DIR, 'peertube-audit.log'),
+      level: 'audit',
+      maxsize: 5242880,
+      maxFiles: 5,
+      format: winston.format.combine(
+        winston.format.timestamp(),
+        labelFormatter,
+        winston.format.splat(),
+        jsonLoggerFormat
+      )
+    })
+  ],
+  exitOnError: true
+})
+
+function auditLoggerWrapper (domain: string, user: string, action: AUDIT_TYPE, entity: EntityAuditView, oldEntity: EntityAuditView = null) {
+  let entityInfos: object
+  if (action === AUDIT_TYPE.UPDATE && oldEntity) {
+    const oldEntityKeys = oldEntity.toLogKeys()
+    const diffObject = diff(oldEntityKeys, entity.toLogKeys())
+    const diffKeys = Object.entries(diffObject).reduce((newKeys, entry) => {
+      newKeys[`new-${entry[0]}`] = entry[1]
+      return newKeys
+    }, {})
+    entityInfos = { ...oldEntityKeys, ...diffKeys }
+  } else {
+    entityInfos = { ...entity.toLogKeys() }
+  }
+  auditLogger.log('audit', JSON.stringify({
+    user,
+    domain,
+    action,
+    ...entityInfos
+  }))
+}
+
+function auditLoggerFactory (domain: string) {
+  return {
+    create (user: string, entity: EntityAuditView) {
+      auditLoggerWrapper(domain, user, AUDIT_TYPE.CREATE, entity)
+    },
+    update (user: string, entity: EntityAuditView, oldEntity: EntityAuditView) {
+      auditLoggerWrapper(domain, user, AUDIT_TYPE.UPDATE, entity, oldEntity)
+    },
+    delete (user: string, entity: EntityAuditView) {
+      auditLoggerWrapper(domain, user, AUDIT_TYPE.DELETE, entity)
+    }
+  }
+}
+
+abstract class EntityAuditView {
+  constructor (private keysToKeep: Array<string>, private prefix: string, private entityInfos: object) { }
+  toLogKeys (): object {
+    return chain(flatten(this.entityInfos, { delimiter: '-', safe: true }))
+      .pick(this.keysToKeep)
+      .mapKeys((value, key) => `${this.prefix}-${key}`)
+      .value()
+  }
+}
+
+const videoKeysToKeep = [
+  'tags',
+  'uuid',
+  'id',
+  'uuid',
+  'createdAt',
+  'updatedAt',
+  'publishedAt',
+  'category',
+  'licence',
+  'language',
+  'privacy',
+  'description',
+  'duration',
+  'isLocal',
+  'name',
+  'thumbnailPath',
+  'previewPath',
+  'nsfw',
+  'waitTranscoding',
+  'account-id',
+  'account-uuid',
+  'account-name',
+  'channel-id',
+  'channel-uuid',
+  'channel-name',
+  'support',
+  'commentsEnabled'
+]
+class VideoAuditView extends AuditEntity {
+  constructor (private video: VideoDetails) {
+    super(videoKeysToKeep, 'video', video)
+  }
+}
+
+export {
+  auditLoggerFactory,
+  VideoAuditView
+}
diff --git a/server/helpers/logger.ts b/server/helpers/logger.ts

index 6d369a8fbd421b432ebb938afe2a1ae02df70af8..04a19a9c61adb537cb42249176f67d6f99adf028 100644 (file)
--- a/server/helpers/logger.ts
+++ b/server/helpers/logger.ts
@@ -96,13 +96,13 @@ const bunyanLogger = {
    error: bunyanLogFactory('error'),
    fatal: bunyanLogFactory('error')
  }
-
  // ---------------------------------------------------------------------------
  
  export {
    timestampFormatter,
    labelFormatter,
    consoleLoggerFormat,
+  jsonLoggerFormat,
    logger,
    bunyanLogger
  }
diff --git a/yarn.lock b/yarn.lock

index 5124992db813e06327caeae6bfbda7eae7643b70..ec261e025103d0ca49f39829b0ac1309a6b996e6 100644 (file)
--- a/yarn.lock
+++ b/yarn.lock
@@ -1773,6 +1773,10 @@ deep-is@~0.1.3:
    version "0.1.3"
    resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.3.tgz#b369d6fb5dbc13eecf524f91b070feedc357cf34"
  
+deep-object-diff@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/deep-object-diff/-/deep-object-diff-1.1.0.tgz#d6fabf476c2ed1751fc94d5ca693d2ed8c18bc5a"
+
  defaults@^1.0.3:
    version "1.0.3"
    resolved "https://registry.yarnpkg.com/defaults/-/defaults-1.0.3.tgz#c656051e9817d9ff08ed881477f3fe4019f3ef7d"
@@ -2573,6 +2577,12 @@ flat-cache@^1.2.1:
      graceful-fs "^4.1.2"
      write "^0.2.1"
  
+flat@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/flat/-/flat-4.1.0.tgz#090bec8b05e39cba309747f1d588f04dbaf98db2"
+  dependencies:
+    is-buffer "~2.0.3"
+
  flatten@^1.0.2:
    version "1.0.2"
    resolved "https://registry.yarnpkg.com/flatten/-/flatten-1.0.2.tgz#dae46a9d78fbe25292258cc1e780a41d95c03782"
@@ -3593,6 +3603,10 @@ is-buffer@^1.1.5, is-buffer@~1.1.1:
    version "1.1.6"
    resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-1.1.6.tgz#efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be"
  
+is-buffer@~2.0.3:
+  version "2.0.3"
+  resolved "https://registry.yarnpkg.com/is-buffer/-/is-buffer-2.0.3.tgz#4ecf3fcf749cbd1e472689e109ac66261a25e725"
+
  is-builtin-module@^1.0.0:
    version "1.0.0"
    resolved "https://registry.yarnpkg.com/is-builtin-module/-/is-builtin-module-1.0.0.tgz#540572d34f7ac3119f8f76c30cbc1b1e037affbe"
author	Aurélien Bertron <aurelienbertron@gmail.com>
	Tue, 31 Jul 2018 12:02:47 +0000 (14:02 +0200)
committer	Chocobozzz <me@florianbigard.com>
	Tue, 31 Jul 2018 13:40:29 +0000 (15:40 +0200)
package.json		patch \| blob \| blame \| history
server/helpers/audit-logger.ts	[new file with mode: 0644]	patch \| blob
server/helpers/logger.ts		patch \| blob \| blame \| history
yarn.lock		patch \| blob \| blame \| history