diff options
| author | Aurélien Bertron <aurelienbertron@gmail.com> | 2018-07-31 14:04:26 +0200 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2018-07-31 15:40:29 +0200 |
| commit | 80e36cd9facb56b330be3e4f1c5ba253cc78c308 (patch) | |
| tree | 807d8a642ae99ec3f05597e19ebe1ca5dc849582 /server/controllers/api/users.ts | |
| parent | 59390818384baa0ffc0cb71af2e67350c6b39172 (diff) | |
| download | PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.gz PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.zst PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.zip | |
Add audit logs in various modules
- Videos
- Videos comments
- Users
- Videos channels
- Videos abuses
- Custom config
Diffstat (limited to 'server/controllers/api/users.ts')
| -rw-r--r-- | server/controllers/api/users.ts | 49 |
1 files changed, 39 insertions, 10 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index c80f27a23..dbe736bff 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts | |||
| @@ -39,6 +39,9 @@ import { createReqFiles } from '../../helpers/express-utils' | |||
| 39 | import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model' | 39 | import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model' |
| 40 | import { updateAvatarValidator } from '../../middlewares/validators/avatar' | 40 | import { updateAvatarValidator } from '../../middlewares/validators/avatar' |
| 41 | import { updateActorAvatarFile } from '../../lib/avatar' | 41 | import { updateActorAvatarFile } from '../../lib/avatar' |
| 42 | import { auditLoggerFactory, UserAuditView } from '../../helpers/audit-logger' | ||
| 43 | |||
| 44 | const auditLogger = auditLoggerFactory('users') | ||
| 42 | 45 | ||
| 43 | const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR }) | 46 | const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR }) |
| 44 | const loginRateLimiter = new RateLimit({ | 47 | const loginRateLimiter = new RateLimit({ |
| @@ -189,6 +192,7 @@ async function createUser (req: express.Request, res: express.Response) { | |||
| 189 | 192 | ||
| 190 | const { user, account } = await createUserAccountAndChannel(userToCreate) | 193 | const { user, account } = await createUserAccountAndChannel(userToCreate) |
| 191 | 194 | ||
| 195 | auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON())) | ||
| 192 | logger.info('User %s with its channel and account created.', body.username) | 196 | logger.info('User %s with its channel and account created.', body.username) |
| 193 | 197 | ||
| 194 | return res.json({ | 198 | return res.json({ |
| @@ -205,7 +209,7 @@ async function createUser (req: express.Request, res: express.Response) { | |||
| 205 | async function registerUser (req: express.Request, res: express.Response) { | 209 | async function registerUser (req: express.Request, res: express.Response) { |
| 206 | const body: UserCreate = req.body | 210 | const body: UserCreate = req.body |
| 207 | 211 | ||
| 208 | const user = new UserModel({ | 212 | const userToCreate = new UserModel({ |
| 209 | username: body.username, | 213 | username: body.username, |
| 210 | password: body.password, | 214 | password: body.password, |
| 211 | email: body.email, | 215 | email: body.email, |
| @@ -215,8 +219,9 @@ async function registerUser (req: express.Request, res: express.Response) { | |||
| 215 | videoQuota: CONFIG.USER.VIDEO_QUOTA | 219 | videoQuota: CONFIG.USER.VIDEO_QUOTA |
| 216 | }) | 220 | }) |
| 217 | 221 | ||
| 218 | await createUserAccountAndChannel(user) | 222 | const { user } = await createUserAccountAndChannel(userToCreate) |
| 219 | 223 | ||
| 224 | auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON())) | ||
| 220 | logger.info('User %s with its channel and account registered.', body.username) | 225 | logger.info('User %s with its channel and account registered.', body.username) |
| 221 | 226 | ||
| 222 | return res.type('json').status(204).end() | 227 | return res.type('json').status(204).end() |
| @@ -269,6 +274,8 @@ async function removeUser (req: express.Request, res: express.Response, next: ex | |||
| 269 | 274 | ||
| 270 | await user.destroy() | 275 | await user.destroy() |
| 271 | 276 | ||
| 277 | auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON())) | ||
| 278 | |||
| 272 | return res.sendStatus(204) | 279 | return res.sendStatus(204) |
| 273 | } | 280 | } |
| 274 | 281 | ||
| @@ -276,6 +283,7 @@ async function updateMe (req: express.Request, res: express.Response, next: expr | |||
| 276 | const body: UserUpdateMe = req.body | 283 | const body: UserUpdateMe = req.body |
| 277 | 284 | ||
| 278 | const user: UserModel = res.locals.oauth.token.user | 285 | const user: UserModel = res.locals.oauth.token.user |
| 286 | const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) | ||
| 279 | 287 | ||
| 280 | if (body.password !== undefined) user.password = body.password | 288 | if (body.password !== undefined) user.password = body.password |
| 281 | if (body.email !== undefined) user.email = body.email | 289 | if (body.email !== undefined) user.email = body.email |
| @@ -290,6 +298,12 @@ async function updateMe (req: express.Request, res: express.Response, next: expr | |||
| 290 | await user.Account.save({ transaction: t }) | 298 | await user.Account.save({ transaction: t }) |
| 291 | 299 | ||
| 292 | await sendUpdateActor(user.Account, t) | 300 | await sendUpdateActor(user.Account, t) |
| 301 | |||
| 302 | auditLogger.update( | ||
| 303 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
| 304 | new UserAuditView(user.toFormattedJSON()), | ||
| 305 | oldUserAuditView | ||
| 306 | ) | ||
| 293 | }) | 307 | }) |
| 294 | 308 | ||
| 295 | return res.sendStatus(204) | 309 | return res.sendStatus(204) |
| @@ -297,10 +311,18 @@ async function updateMe (req: express.Request, res: express.Response, next: expr | |||
| 297 | 311 | ||
| 298 | async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) { | 312 | async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) { |
| 299 | const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ] | 313 | const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ] |
| 300 | const account = res.locals.oauth.token.user.Account | 314 | const user: UserModel = res.locals.oauth.token.user |
| 315 | const oldUserAuditView = new UserAuditView(user.toFormattedJSON()) | ||
| 316 | const account = user.Account | ||
| 301 | 317 | ||
| 302 | const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account) | 318 | const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account) |
| 303 | 319 | ||
| 320 | auditLogger.update( | ||
| 321 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
| 322 | new UserAuditView(user.toFormattedJSON()), | ||
| 323 | oldUserAuditView | ||
| 324 | ) | ||
| 325 | |||
| 304 | return res | 326 | return res |
| 305 | .json({ | 327 | .json({ |
| 306 | avatar: avatar.toFormattedJSON() | 328 | avatar: avatar.toFormattedJSON() |
| @@ -310,20 +332,27 @@ async function updateMyAvatar (req: express.Request, res: express.Response, next | |||
| 310 | 332 | ||
| 311 | async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { | 333 | async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { |
| 312 | const body: UserUpdate = req.body | 334 | const body: UserUpdate = req.body |
| 313 | const user = res.locals.user as UserModel | 335 | const userToUpdate = res.locals.user as UserModel |
| 314 | const roleChanged = body.role !== undefined && body.role !== user.role | 336 | const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON()) |
| 337 | const roleChanged = body.role !== undefined && body.role !== userToUpdate.role | ||
| 315 | 338 | ||
| 316 | if (body.email !== undefined) user.email = body.email | 339 | if (body.email !== undefined) userToUpdate.email = body.email |
| 317 | if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota | 340 | if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota |
| 318 | if (body.role !== undefined) user.role = body.role | 341 | if (body.role !== undefined) userToUpdate.role = body.role |
| 319 | 342 | ||
| 320 | await user.save() | 343 | const user = await userToUpdate.save() |
| 321 | 344 | ||
| 322 | // Destroy user token to refresh rights | 345 | // Destroy user token to refresh rights |
| 323 | if (roleChanged) { | 346 | if (roleChanged) { |
| 324 | await OAuthTokenModel.deleteUserToken(user.id) | 347 | await OAuthTokenModel.deleteUserToken(userToUpdate.id) |
| 325 | } | 348 | } |
| 326 | 349 | ||
| 350 | auditLogger.update( | ||
| 351 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
| 352 | new UserAuditView(user.toFormattedJSON()), | ||
| 353 | oldUserAuditView | ||
| 354 | ) | ||
| 355 | |||
| 327 | // Don't need to send this update to followers, these attributes are not propagated | 356 | // Don't need to send this update to followers, these attributes are not propagated |
| 328 | 357 | ||
| 329 | return res.sendStatus(204) | 358 | return res.sendStatus(204) |