aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers/api/users.ts
diff options
context:
space:
mode:
authorAurélien Bertron <aurelienbertron@gmail.com>2018-07-31 14:04:26 +0200
committerChocobozzz <me@florianbigard.com>2018-07-31 15:40:29 +0200
commit80e36cd9facb56b330be3e4f1c5ba253cc78c308 (patch)
tree807d8a642ae99ec3f05597e19ebe1ca5dc849582 /server/controllers/api/users.ts
parent59390818384baa0ffc0cb71af2e67350c6b39172 (diff)
downloadPeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.gz
PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.zst
PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.zip
Add audit logs in various modules
- Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config
Diffstat (limited to 'server/controllers/api/users.ts')
-rw-r--r--server/controllers/api/users.ts49
1 files changed, 39 insertions, 10 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index c80f27a23..dbe736bff 100644
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -39,6 +39,9 @@ import { createReqFiles } from '../../helpers/express-utils'
39import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model' 39import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model'
40import { updateAvatarValidator } from '../../middlewares/validators/avatar' 40import { updateAvatarValidator } from '../../middlewares/validators/avatar'
41import { updateActorAvatarFile } from '../../lib/avatar' 41import { updateActorAvatarFile } from '../../lib/avatar'
42import { auditLoggerFactory, UserAuditView } from '../../helpers/audit-logger'
43
44const auditLogger = auditLoggerFactory('users')
42 45
43const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR }) 46const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR })
44const loginRateLimiter = new RateLimit({ 47const loginRateLimiter = new RateLimit({
@@ -189,6 +192,7 @@ async function createUser (req: express.Request, res: express.Response) {
189 192
190 const { user, account } = await createUserAccountAndChannel(userToCreate) 193 const { user, account } = await createUserAccountAndChannel(userToCreate)
191 194
195 auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
192 logger.info('User %s with its channel and account created.', body.username) 196 logger.info('User %s with its channel and account created.', body.username)
193 197
194 return res.json({ 198 return res.json({
@@ -205,7 +209,7 @@ async function createUser (req: express.Request, res: express.Response) {
205async function registerUser (req: express.Request, res: express.Response) { 209async function registerUser (req: express.Request, res: express.Response) {
206 const body: UserCreate = req.body 210 const body: UserCreate = req.body
207 211
208 const user = new UserModel({ 212 const userToCreate = new UserModel({
209 username: body.username, 213 username: body.username,
210 password: body.password, 214 password: body.password,
211 email: body.email, 215 email: body.email,
@@ -215,8 +219,9 @@ async function registerUser (req: express.Request, res: express.Response) {
215 videoQuota: CONFIG.USER.VIDEO_QUOTA 219 videoQuota: CONFIG.USER.VIDEO_QUOTA
216 }) 220 })
217 221
218 await createUserAccountAndChannel(user) 222 const { user } = await createUserAccountAndChannel(userToCreate)
219 223
224 auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
220 logger.info('User %s with its channel and account registered.', body.username) 225 logger.info('User %s with its channel and account registered.', body.username)
221 226
222 return res.type('json').status(204).end() 227 return res.type('json').status(204).end()
@@ -269,6 +274,8 @@ async function removeUser (req: express.Request, res: express.Response, next: ex
269 274
270 await user.destroy() 275 await user.destroy()
271 276
277 auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
278
272 return res.sendStatus(204) 279 return res.sendStatus(204)
273} 280}
274 281
@@ -276,6 +283,7 @@ async function updateMe (req: express.Request, res: express.Response, next: expr
276 const body: UserUpdateMe = req.body 283 const body: UserUpdateMe = req.body
277 284
278 const user: UserModel = res.locals.oauth.token.user 285 const user: UserModel = res.locals.oauth.token.user
286 const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
279 287
280 if (body.password !== undefined) user.password = body.password 288 if (body.password !== undefined) user.password = body.password
281 if (body.email !== undefined) user.email = body.email 289 if (body.email !== undefined) user.email = body.email
@@ -290,6 +298,12 @@ async function updateMe (req: express.Request, res: express.Response, next: expr
290 await user.Account.save({ transaction: t }) 298 await user.Account.save({ transaction: t })
291 299
292 await sendUpdateActor(user.Account, t) 300 await sendUpdateActor(user.Account, t)
301
302 auditLogger.update(
303 res.locals.oauth.token.User.Account.Actor.getIdentifier(),
304 new UserAuditView(user.toFormattedJSON()),
305 oldUserAuditView
306 )
293 }) 307 })
294 308
295 return res.sendStatus(204) 309 return res.sendStatus(204)
@@ -297,10 +311,18 @@ async function updateMe (req: express.Request, res: express.Response, next: expr
297 311
298async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) { 312async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) {
299 const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ] 313 const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ]
300 const account = res.locals.oauth.token.user.Account 314 const user: UserModel = res.locals.oauth.token.user
315 const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
316 const account = user.Account
301 317
302 const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account) 318 const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account)
303 319
320 auditLogger.update(
321 res.locals.oauth.token.User.Account.Actor.getIdentifier(),
322 new UserAuditView(user.toFormattedJSON()),
323 oldUserAuditView
324 )
325
304 return res 326 return res
305 .json({ 327 .json({
306 avatar: avatar.toFormattedJSON() 328 avatar: avatar.toFormattedJSON()
@@ -310,20 +332,27 @@ async function updateMyAvatar (req: express.Request, res: express.Response, next
310 332
311async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { 333async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
312 const body: UserUpdate = req.body 334 const body: UserUpdate = req.body
313 const user = res.locals.user as UserModel 335 const userToUpdate = res.locals.user as UserModel
314 const roleChanged = body.role !== undefined && body.role !== user.role 336 const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON())
337 const roleChanged = body.role !== undefined && body.role !== userToUpdate.role
315 338
316 if (body.email !== undefined) user.email = body.email 339 if (body.email !== undefined) userToUpdate.email = body.email
317 if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota 340 if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota
318 if (body.role !== undefined) user.role = body.role 341 if (body.role !== undefined) userToUpdate.role = body.role
319 342
320 await user.save() 343 const user = await userToUpdate.save()
321 344
322 // Destroy user token to refresh rights 345 // Destroy user token to refresh rights
323 if (roleChanged) { 346 if (roleChanged) {
324 await OAuthTokenModel.deleteUserToken(user.id) 347 await OAuthTokenModel.deleteUserToken(userToUpdate.id)
325 } 348 }
326 349
350 auditLogger.update(
351 res.locals.oauth.token.User.Account.Actor.getIdentifier(),
352 new UserAuditView(user.toFormattedJSON()),
353 oldUserAuditView
354 )
355
327 // Don't need to send this update to followers, these attributes are not propagated 356 // Don't need to send this update to followers, these attributes are not propagated
328 357
329 return res.sendStatus(204) 358 return res.sendStatus(204)