diff options
| author | Aurélien Bertron <aurelienbertron@gmail.com> | 2018-07-31 14:04:26 +0200 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2018-07-31 15:40:29 +0200 |
| commit | 80e36cd9facb56b330be3e4f1c5ba253cc78c308 (patch) | |
| tree | 807d8a642ae99ec3f05597e19ebe1ca5dc849582 /server/controllers/api/videos | |
| parent | 59390818384baa0ffc0cb71af2e67350c6b39172 (diff) | |
| download | PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.gz PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.zst PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.zip | |
Add audit logs in various modules
- Videos
- Videos comments
- Users
- Videos channels
- Videos abuses
- Custom config
Diffstat (limited to 'server/controllers/api/videos')
| -rw-r--r-- | server/controllers/api/videos/abuse.ts | 8 | ||||
| -rw-r--r-- | server/controllers/api/videos/comment.ts | 10 | ||||
| -rw-r--r-- | server/controllers/api/videos/index.ts | 14 |
3 files changed, 28 insertions, 4 deletions
diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts index 3413ae894..7782fc639 100644 --- a/server/controllers/api/videos/abuse.ts +++ b/server/controllers/api/videos/abuse.ts | |||
| @@ -18,7 +18,9 @@ import { | |||
| 18 | import { AccountModel } from '../../../models/account/account' | 18 | import { AccountModel } from '../../../models/account/account' |
| 19 | import { VideoModel } from '../../../models/video/video' | 19 | import { VideoModel } from '../../../models/video/video' |
| 20 | import { VideoAbuseModel } from '../../../models/video/video-abuse' | 20 | import { VideoAbuseModel } from '../../../models/video/video-abuse' |
| 21 | import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger' | ||
| 21 | 22 | ||
| 23 | const auditLogger = auditLoggerFactory('abuse') | ||
| 22 | const abuseVideoRouter = express.Router() | 24 | const abuseVideoRouter = express.Router() |
| 23 | 25 | ||
| 24 | abuseVideoRouter.get('/abuse', | 26 | abuseVideoRouter.get('/abuse', |
| @@ -64,14 +66,16 @@ async function reportVideoAbuse (req: express.Request, res: express.Response) { | |||
| 64 | await sequelizeTypescript.transaction(async t => { | 66 | await sequelizeTypescript.transaction(async t => { |
| 65 | const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) | 67 | const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) |
| 66 | videoAbuseInstance.Video = videoInstance | 68 | videoAbuseInstance.Video = videoInstance |
| 69 | videoAbuseInstance.Account = reporterAccount | ||
| 67 | 70 | ||
| 68 | // We send the video abuse to the origin server | 71 | // We send the video abuse to the origin server |
| 69 | if (videoInstance.isOwned() === false) { | 72 | if (videoInstance.isOwned() === false) { |
| 70 | await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t) | 73 | await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t) |
| 71 | } | 74 | } |
| 72 | }) | ||
| 73 | 75 | ||
| 74 | logger.info('Abuse report for video %s created.', videoInstance.name) | 76 | auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON())) |
| 77 | logger.info('Abuse report for video %s created.', videoInstance.name) | ||
| 78 | }) | ||
| 75 | 79 | ||
| 76 | return res.type('json').status(204).end() | 80 | return res.type('json').status(204).end() |
| 77 | } | 81 | } |
diff --git a/server/controllers/api/videos/comment.ts b/server/controllers/api/videos/comment.ts index bbeb0d557..e35247829 100644 --- a/server/controllers/api/videos/comment.ts +++ b/server/controllers/api/videos/comment.ts | |||
| @@ -23,7 +23,9 @@ import { | |||
| 23 | } from '../../../middlewares/validators/video-comments' | 23 | } from '../../../middlewares/validators/video-comments' |
| 24 | import { VideoModel } from '../../../models/video/video' | 24 | import { VideoModel } from '../../../models/video/video' |
| 25 | import { VideoCommentModel } from '../../../models/video/video-comment' | 25 | import { VideoCommentModel } from '../../../models/video/video-comment' |
| 26 | import { auditLoggerFactory, CommentAuditView } from '../../../helpers/audit-logger' | ||
| 26 | 27 | ||
| 28 | const auditLogger = auditLoggerFactory('comments') | ||
| 27 | const videoCommentRouter = express.Router() | 29 | const videoCommentRouter = express.Router() |
| 28 | 30 | ||
| 29 | videoCommentRouter.get('/:videoId/comment-threads', | 31 | videoCommentRouter.get('/:videoId/comment-threads', |
| @@ -107,6 +109,8 @@ async function addVideoCommentThread (req: express.Request, res: express.Respons | |||
| 107 | }, t) | 109 | }, t) |
| 108 | }) | 110 | }) |
| 109 | 111 | ||
| 112 | auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new CommentAuditView(comment.toFormattedJSON())) | ||
| 113 | |||
| 110 | return res.json({ | 114 | return res.json({ |
| 111 | comment: comment.toFormattedJSON() | 115 | comment: comment.toFormattedJSON() |
| 112 | }).end() | 116 | }).end() |
| @@ -124,6 +128,8 @@ async function addVideoCommentReply (req: express.Request, res: express.Response | |||
| 124 | }, t) | 128 | }, t) |
| 125 | }) | 129 | }) |
| 126 | 130 | ||
| 131 | auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new CommentAuditView(comment.toFormattedJSON())) | ||
| 132 | |||
| 127 | return res.json({ | 133 | return res.json({ |
| 128 | comment: comment.toFormattedJSON() | 134 | comment: comment.toFormattedJSON() |
| 129 | }).end() | 135 | }).end() |
| @@ -136,6 +142,10 @@ async function removeVideoComment (req: express.Request, res: express.Response) | |||
| 136 | await videoCommentInstance.destroy({ transaction: t }) | 142 | await videoCommentInstance.destroy({ transaction: t }) |
| 137 | }) | 143 | }) |
| 138 | 144 | ||
| 145 | auditLogger.delete( | ||
| 146 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
| 147 | new CommentAuditView(videoCommentInstance.toFormattedJSON()) | ||
| 148 | ) | ||
| 139 | logger.info('Video comment %d deleted.', videoCommentInstance.id) | 149 | logger.info('Video comment %d deleted.', videoCommentInstance.id) |
| 140 | 150 | ||
| 141 | return res.type('json').status(204).end() | 151 | return res.type('json').status(204).end() |
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts index 101183eab..e396ee6be 100644 --- a/server/controllers/api/videos/index.ts +++ b/server/controllers/api/videos/index.ts | |||
| @@ -5,6 +5,7 @@ import { renamePromise } from '../../../helpers/core-utils' | |||
| 5 | import { getVideoFileFPS, getVideoFileResolution } from '../../../helpers/ffmpeg-utils' | 5 | import { getVideoFileFPS, getVideoFileResolution } from '../../../helpers/ffmpeg-utils' |
| 6 | import { processImage } from '../../../helpers/image-utils' | 6 | import { processImage } from '../../../helpers/image-utils' |
| 7 | import { logger } from '../../../helpers/logger' | 7 | import { logger } from '../../../helpers/logger' |
| 8 | import { auditLoggerFactory, VideoAuditView } from '../../../helpers/audit-logger' | ||
| 8 | import { getFormattedObjects, getServerActor, resetSequelizeInstance } from '../../../helpers/utils' | 9 | import { getFormattedObjects, getServerActor, resetSequelizeInstance } from '../../../helpers/utils' |
| 9 | import { | 10 | import { |
| 10 | CONFIG, | 11 | CONFIG, |
| @@ -54,6 +55,7 @@ import { createReqFiles, buildNSFWFilter } from '../../../helpers/express-utils' | |||
| 54 | import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update' | 55 | import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update' |
| 55 | import { videoCaptionsRouter } from './captions' | 56 | import { videoCaptionsRouter } from './captions' |
| 56 | 57 | ||
| 58 | const auditLogger = auditLoggerFactory('videos') | ||
| 57 | const videosRouter = express.Router() | 59 | const videosRouter = express.Router() |
| 58 | 60 | ||
| 59 | const reqVideoFileAdd = createReqFiles( | 61 | const reqVideoFileAdd = createReqFiles( |
| @@ -247,6 +249,7 @@ async function addVideo (req: express.Request, res: express.Response) { | |||
| 247 | 249 | ||
| 248 | await federateVideoIfNeeded(video, true, t) | 250 | await federateVideoIfNeeded(video, true, t) |
| 249 | 251 | ||
| 252 | auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new VideoAuditView(videoCreated.toFormattedDetailsJSON())) | ||
| 250 | logger.info('Video with name %s and uuid %s created.', videoInfo.name, videoCreated.uuid) | 253 | logger.info('Video with name %s and uuid %s created.', videoInfo.name, videoCreated.uuid) |
| 251 | 254 | ||
| 252 | return videoCreated | 255 | return videoCreated |
| @@ -273,6 +276,7 @@ async function addVideo (req: express.Request, res: express.Response) { | |||
| 273 | async function updateVideo (req: express.Request, res: express.Response) { | 276 | async function updateVideo (req: express.Request, res: express.Response) { |
| 274 | const videoInstance: VideoModel = res.locals.video | 277 | const videoInstance: VideoModel = res.locals.video |
| 275 | const videoFieldsSave = videoInstance.toJSON() | 278 | const videoFieldsSave = videoInstance.toJSON() |
| 279 | const oldVideoAuditView = new VideoAuditView(videoInstance.toFormattedDetailsJSON()) | ||
| 276 | const videoInfoToUpdate: VideoUpdate = req.body | 280 | const videoInfoToUpdate: VideoUpdate = req.body |
| 277 | const wasPrivateVideo = videoInstance.privacy === VideoPrivacy.PRIVATE | 281 | const wasPrivateVideo = videoInstance.privacy === VideoPrivacy.PRIVATE |
| 278 | 282 | ||
| @@ -344,9 +348,14 @@ async function updateVideo (req: express.Request, res: express.Response) { | |||
| 344 | 348 | ||
| 345 | const isNewVideo = wasPrivateVideo && videoInstanceUpdated.privacy !== VideoPrivacy.PRIVATE | 349 | const isNewVideo = wasPrivateVideo && videoInstanceUpdated.privacy !== VideoPrivacy.PRIVATE |
| 346 | await federateVideoIfNeeded(videoInstanceUpdated, isNewVideo, t) | 350 | await federateVideoIfNeeded(videoInstanceUpdated, isNewVideo, t) |
| 347 | }) | ||
| 348 | 351 | ||
| 349 | logger.info('Video with name %s and uuid %s updated.', videoInstance.name, videoInstance.uuid) | 352 | auditLogger.update( |
| 353 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
| 354 | new VideoAuditView(videoInstanceUpdated.toFormattedDetailsJSON()), | ||
| 355 | oldVideoAuditView | ||
| 356 | ) | ||
| 357 | logger.info('Video with name %s and uuid %s updated.', videoInstance.name, videoInstance.uuid) | ||
| 358 | }) | ||
| 350 | } catch (err) { | 359 | } catch (err) { |
| 351 | // Force fields we want to update | 360 | // Force fields we want to update |
| 352 | // If the transaction is retried, sequelize will think the object has not changed | 361 | // If the transaction is retried, sequelize will think the object has not changed |
| @@ -423,6 +432,7 @@ async function removeVideo (req: express.Request, res: express.Response) { | |||
| 423 | await videoInstance.destroy({ transaction: t }) | 432 | await videoInstance.destroy({ transaction: t }) |
| 424 | }) | 433 | }) |
| 425 | 434 | ||
| 435 | auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new VideoAuditView(videoInstance.toFormattedDetailsJSON())) | ||
| 426 | logger.info('Video with name %s and uuid %s deleted.', videoInstance.name, videoInstance.uuid) | 436 | logger.info('Video with name %s and uuid %s deleted.', videoInstance.name, videoInstance.uuid) |
| 427 | 437 | ||
| 428 | return res.type('json').status(204).end() | 438 | return res.type('json').status(204).end() |