diff options
author | Aurélien Bertron <aurelienbertron@gmail.com> | 2018-07-31 14:04:26 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-07-31 15:40:29 +0200 |
commit | 80e36cd9facb56b330be3e4f1c5ba253cc78c308 (patch) | |
tree | 807d8a642ae99ec3f05597e19ebe1ca5dc849582 /server/controllers/api/users.ts | |
parent | 59390818384baa0ffc0cb71af2e67350c6b39172 (diff) | |
download | PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.gz PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.zst PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.zip |
Add audit logs in various modules
- Videos
- Videos comments
- Users
- Videos channels
- Videos abuses
- Custom config
Diffstat (limited to 'server/controllers/api/users.ts')
-rw-r--r-- | server/controllers/api/users.ts | 49 |
1 files changed, 39 insertions, 10 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index c80f27a23..dbe736bff 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts | |||
@@ -39,6 +39,9 @@ import { createReqFiles } from '../../helpers/express-utils' | |||
39 | import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model' | 39 | import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model' |
40 | import { updateAvatarValidator } from '../../middlewares/validators/avatar' | 40 | import { updateAvatarValidator } from '../../middlewares/validators/avatar' |
41 | import { updateActorAvatarFile } from '../../lib/avatar' | 41 | import { updateActorAvatarFile } from '../../lib/avatar' |
42 | import { auditLoggerFactory, UserAuditView } from '../../helpers/audit-logger' | ||
43 | |||
44 | const auditLogger = auditLoggerFactory('users') | ||
42 | 45 | ||
43 | const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR }) | 46 | const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR }) |
44 | const loginRateLimiter = new RateLimit({ | 47 | const loginRateLimiter = new RateLimit({ |
@@ -189,6 +192,7 @@ async function createUser (req: express.Request, res: express.Response) { | |||
189 | 192 | ||
190 | const { user, account } = await createUserAccountAndChannel(userToCreate) | 193 | const { user, account } = await createUserAccountAndChannel(userToCreate) |
191 | 194 | ||
195 | auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON())) | ||
192 | logger.info('User %s with its channel and account created.', body.username) | 196 | logger.info('User %s with its channel and account created.', body.username) |
193 | 197 | ||
194 | return res.json({ | 198 | return res.json({ |
@@ -205,7 +209,7 @@ async function createUser (req: express.Request, res: express.Response) { | |||
205 | async function registerUser (req: express.Request, res: express.Response) { | 209 | async function registerUser (req: express.Request, res: express.Response) { |
206 | const body: UserCreate = req.body | 210 | const body: UserCreate = req.body |
207 | 211 | ||
208 | const user = new UserModel({ | 212 | const userToCreate = new UserModel({ |
209 | username: body.username, | 213 | username: body.username, |
210 | password: body.password, | 214 | password: body.password, |
211 | email: body.email, | 215 | email: body.email, |
@@ -215,8 +219,9 @@ async function registerUser (req: express.Request, res: express.Response) { | |||
215 | videoQuota: CONFIG.USER.VIDEO_QUOTA | 219 | videoQuota: CONFIG.USER.VIDEO_QUOTA |
216 | }) | 220 | }) |
217 | 221 | ||
218 | await createUserAccountAndChannel(user) | 222 | const { user } = await createUserAccountAndChannel(userToCreate) |
219 | 223 | ||
224 | auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON())) | ||
220 | logger.info('User %s with its channel and account registered.', body.username) | 225 | logger.info('User %s with its channel and account registered.', body.username) |
221 | 226 | ||
222 | return res.type('json').status(204).end() | 227 | return res.type('json').status(204).end() |
@@ -269,6 +274,8 @@ async function removeUser (req: express.Request, res: express.Response, next: ex | |||
269 | 274 | ||
270 | await user.destroy() | 275 | await user.destroy() |
271 | 276 | ||
277 | auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON())) | ||
278 | |||
272 | return res.sendStatus(204) | 279 | return res.sendStatus(204) |
273 | } | 280 | } |
274 | 281 | ||
@@ -276,6 +283,7 @@ async function updateMe (req: express.Request, res: express.Response, next: expr | |||
276 | const body: UserUpdateMe = req.body | 283 | const body: UserUpdateMe = req.body |
277 | 284 | ||
278 | const user: UserModel = res.locals.oauth.token.user | 285 | const user: UserModel = res.locals.oauth.token.user |
286 | const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) | ||
279 | 287 | ||
280 | if (body.password !== undefined) user.password = body.password | 288 | if (body.password !== undefined) user.password = body.password |
281 | if (body.email !== undefined) user.email = body.email | 289 | if (body.email !== undefined) user.email = body.email |
@@ -290,6 +298,12 @@ async function updateMe (req: express.Request, res: express.Response, next: expr | |||
290 | await user.Account.save({ transaction: t }) | 298 | await user.Account.save({ transaction: t }) |
291 | 299 | ||
292 | await sendUpdateActor(user.Account, t) | 300 | await sendUpdateActor(user.Account, t) |
301 | |||
302 | auditLogger.update( | ||
303 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
304 | new UserAuditView(user.toFormattedJSON()), | ||
305 | oldUserAuditView | ||
306 | ) | ||
293 | }) | 307 | }) |
294 | 308 | ||
295 | return res.sendStatus(204) | 309 | return res.sendStatus(204) |
@@ -297,10 +311,18 @@ async function updateMe (req: express.Request, res: express.Response, next: expr | |||
297 | 311 | ||
298 | async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) { | 312 | async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) { |
299 | const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ] | 313 | const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ] |
300 | const account = res.locals.oauth.token.user.Account | 314 | const user: UserModel = res.locals.oauth.token.user |
315 | const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) | ||
316 | const account = user.Account | ||
301 | 317 | ||
302 | const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account) | 318 | const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account) |
303 | 319 | ||
320 | auditLogger.update( | ||
321 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
322 | new UserAuditView(user.toFormattedJSON()), | ||
323 | oldUserAuditView | ||
324 | ) | ||
325 | |||
304 | return res | 326 | return res |
305 | .json({ | 327 | .json({ |
306 | avatar: avatar.toFormattedJSON() | 328 | avatar: avatar.toFormattedJSON() |
@@ -310,20 +332,27 @@ async function updateMyAvatar (req: express.Request, res: express.Response, next | |||
310 | 332 | ||
311 | async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { | 333 | async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { |
312 | const body: UserUpdate = req.body | 334 | const body: UserUpdate = req.body |
313 | const user = res.locals.user as UserModel | 335 | const userToUpdate = res.locals.user as UserModel |
314 | const roleChanged = body.role !== undefined && body.role !== user.role | 336 | const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON()) |
337 | const roleChanged = body.role !== undefined && body.role !== userToUpdate.role | ||
315 | 338 | ||
316 | if (body.email !== undefined) user.email = body.email | 339 | if (body.email !== undefined) userToUpdate.email = body.email |
317 | if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota | 340 | if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota |
318 | if (body.role !== undefined) user.role = body.role | 341 | if (body.role !== undefined) userToUpdate.role = body.role |
319 | 342 | ||
320 | await user.save() | 343 | const user = await userToUpdate.save() |
321 | 344 | ||
322 | // Destroy user token to refresh rights | 345 | // Destroy user token to refresh rights |
323 | if (roleChanged) { | 346 | if (roleChanged) { |
324 | await OAuthTokenModel.deleteUserToken(user.id) | 347 | await OAuthTokenModel.deleteUserToken(userToUpdate.id) |
325 | } | 348 | } |
326 | 349 | ||
350 | auditLogger.update( | ||
351 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
352 | new UserAuditView(user.toFormattedJSON()), | ||
353 | oldUserAuditView | ||
354 | ) | ||
355 | |||
327 | // Don't need to send this update to followers, these attributes are not propagated | 356 | // Don't need to send this update to followers, these attributes are not propagated |
328 | 357 | ||
329 | return res.sendStatus(204) | 358 | return res.sendStatus(204) |