diff options
author | Aurélien Bertron <aurelienbertron@gmail.com> | 2018-07-31 14:04:26 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-07-31 15:40:29 +0200 |
commit | 80e36cd9facb56b330be3e4f1c5ba253cc78c308 (patch) | |
tree | 807d8a642ae99ec3f05597e19ebe1ca5dc849582 /server/controllers/api/videos | |
parent | 59390818384baa0ffc0cb71af2e67350c6b39172 (diff) | |
download | PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.gz PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.zst PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.zip |
Add audit logs in various modules
- Videos
- Videos comments
- Users
- Videos channels
- Videos abuses
- Custom config
Diffstat (limited to 'server/controllers/api/videos')
-rw-r--r-- | server/controllers/api/videos/abuse.ts | 8 | ||||
-rw-r--r-- | server/controllers/api/videos/comment.ts | 10 | ||||
-rw-r--r-- | server/controllers/api/videos/index.ts | 14 |
3 files changed, 28 insertions, 4 deletions
diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts index 3413ae894..7782fc639 100644 --- a/server/controllers/api/videos/abuse.ts +++ b/server/controllers/api/videos/abuse.ts | |||
@@ -18,7 +18,9 @@ import { | |||
18 | import { AccountModel } from '../../../models/account/account' | 18 | import { AccountModel } from '../../../models/account/account' |
19 | import { VideoModel } from '../../../models/video/video' | 19 | import { VideoModel } from '../../../models/video/video' |
20 | import { VideoAbuseModel } from '../../../models/video/video-abuse' | 20 | import { VideoAbuseModel } from '../../../models/video/video-abuse' |
21 | import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger' | ||
21 | 22 | ||
23 | const auditLogger = auditLoggerFactory('abuse') | ||
22 | const abuseVideoRouter = express.Router() | 24 | const abuseVideoRouter = express.Router() |
23 | 25 | ||
24 | abuseVideoRouter.get('/abuse', | 26 | abuseVideoRouter.get('/abuse', |
@@ -64,14 +66,16 @@ async function reportVideoAbuse (req: express.Request, res: express.Response) { | |||
64 | await sequelizeTypescript.transaction(async t => { | 66 | await sequelizeTypescript.transaction(async t => { |
65 | const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) | 67 | const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) |
66 | videoAbuseInstance.Video = videoInstance | 68 | videoAbuseInstance.Video = videoInstance |
69 | videoAbuseInstance.Account = reporterAccount | ||
67 | 70 | ||
68 | // We send the video abuse to the origin server | 71 | // We send the video abuse to the origin server |
69 | if (videoInstance.isOwned() === false) { | 72 | if (videoInstance.isOwned() === false) { |
70 | await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t) | 73 | await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t) |
71 | } | 74 | } |
72 | }) | ||
73 | 75 | ||
74 | logger.info('Abuse report for video %s created.', videoInstance.name) | 76 | auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON())) |
77 | logger.info('Abuse report for video %s created.', videoInstance.name) | ||
78 | }) | ||
75 | 79 | ||
76 | return res.type('json').status(204).end() | 80 | return res.type('json').status(204).end() |
77 | } | 81 | } |
diff --git a/server/controllers/api/videos/comment.ts b/server/controllers/api/videos/comment.ts index bbeb0d557..e35247829 100644 --- a/server/controllers/api/videos/comment.ts +++ b/server/controllers/api/videos/comment.ts | |||
@@ -23,7 +23,9 @@ import { | |||
23 | } from '../../../middlewares/validators/video-comments' | 23 | } from '../../../middlewares/validators/video-comments' |
24 | import { VideoModel } from '../../../models/video/video' | 24 | import { VideoModel } from '../../../models/video/video' |
25 | import { VideoCommentModel } from '../../../models/video/video-comment' | 25 | import { VideoCommentModel } from '../../../models/video/video-comment' |
26 | import { auditLoggerFactory, CommentAuditView } from '../../../helpers/audit-logger' | ||
26 | 27 | ||
28 | const auditLogger = auditLoggerFactory('comments') | ||
27 | const videoCommentRouter = express.Router() | 29 | const videoCommentRouter = express.Router() |
28 | 30 | ||
29 | videoCommentRouter.get('/:videoId/comment-threads', | 31 | videoCommentRouter.get('/:videoId/comment-threads', |
@@ -107,6 +109,8 @@ async function addVideoCommentThread (req: express.Request, res: express.Respons | |||
107 | }, t) | 109 | }, t) |
108 | }) | 110 | }) |
109 | 111 | ||
112 | auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new CommentAuditView(comment.toFormattedJSON())) | ||
113 | |||
110 | return res.json({ | 114 | return res.json({ |
111 | comment: comment.toFormattedJSON() | 115 | comment: comment.toFormattedJSON() |
112 | }).end() | 116 | }).end() |
@@ -124,6 +128,8 @@ async function addVideoCommentReply (req: express.Request, res: express.Response | |||
124 | }, t) | 128 | }, t) |
125 | }) | 129 | }) |
126 | 130 | ||
131 | auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new CommentAuditView(comment.toFormattedJSON())) | ||
132 | |||
127 | return res.json({ | 133 | return res.json({ |
128 | comment: comment.toFormattedJSON() | 134 | comment: comment.toFormattedJSON() |
129 | }).end() | 135 | }).end() |
@@ -136,6 +142,10 @@ async function removeVideoComment (req: express.Request, res: express.Response) | |||
136 | await videoCommentInstance.destroy({ transaction: t }) | 142 | await videoCommentInstance.destroy({ transaction: t }) |
137 | }) | 143 | }) |
138 | 144 | ||
145 | auditLogger.delete( | ||
146 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
147 | new CommentAuditView(videoCommentInstance.toFormattedJSON()) | ||
148 | ) | ||
139 | logger.info('Video comment %d deleted.', videoCommentInstance.id) | 149 | logger.info('Video comment %d deleted.', videoCommentInstance.id) |
140 | 150 | ||
141 | return res.type('json').status(204).end() | 151 | return res.type('json').status(204).end() |
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts index 101183eab..e396ee6be 100644 --- a/server/controllers/api/videos/index.ts +++ b/server/controllers/api/videos/index.ts | |||
@@ -5,6 +5,7 @@ import { renamePromise } from '../../../helpers/core-utils' | |||
5 | import { getVideoFileFPS, getVideoFileResolution } from '../../../helpers/ffmpeg-utils' | 5 | import { getVideoFileFPS, getVideoFileResolution } from '../../../helpers/ffmpeg-utils' |
6 | import { processImage } from '../../../helpers/image-utils' | 6 | import { processImage } from '../../../helpers/image-utils' |
7 | import { logger } from '../../../helpers/logger' | 7 | import { logger } from '../../../helpers/logger' |
8 | import { auditLoggerFactory, VideoAuditView } from '../../../helpers/audit-logger' | ||
8 | import { getFormattedObjects, getServerActor, resetSequelizeInstance } from '../../../helpers/utils' | 9 | import { getFormattedObjects, getServerActor, resetSequelizeInstance } from '../../../helpers/utils' |
9 | import { | 10 | import { |
10 | CONFIG, | 11 | CONFIG, |
@@ -54,6 +55,7 @@ import { createReqFiles, buildNSFWFilter } from '../../../helpers/express-utils' | |||
54 | import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update' | 55 | import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update' |
55 | import { videoCaptionsRouter } from './captions' | 56 | import { videoCaptionsRouter } from './captions' |
56 | 57 | ||
58 | const auditLogger = auditLoggerFactory('videos') | ||
57 | const videosRouter = express.Router() | 59 | const videosRouter = express.Router() |
58 | 60 | ||
59 | const reqVideoFileAdd = createReqFiles( | 61 | const reqVideoFileAdd = createReqFiles( |
@@ -247,6 +249,7 @@ async function addVideo (req: express.Request, res: express.Response) { | |||
247 | 249 | ||
248 | await federateVideoIfNeeded(video, true, t) | 250 | await federateVideoIfNeeded(video, true, t) |
249 | 251 | ||
252 | auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new VideoAuditView(videoCreated.toFormattedDetailsJSON())) | ||
250 | logger.info('Video with name %s and uuid %s created.', videoInfo.name, videoCreated.uuid) | 253 | logger.info('Video with name %s and uuid %s created.', videoInfo.name, videoCreated.uuid) |
251 | 254 | ||
252 | return videoCreated | 255 | return videoCreated |
@@ -273,6 +276,7 @@ async function addVideo (req: express.Request, res: express.Response) { | |||
273 | async function updateVideo (req: express.Request, res: express.Response) { | 276 | async function updateVideo (req: express.Request, res: express.Response) { |
274 | const videoInstance: VideoModel = res.locals.video | 277 | const videoInstance: VideoModel = res.locals.video |
275 | const videoFieldsSave = videoInstance.toJSON() | 278 | const videoFieldsSave = videoInstance.toJSON() |
279 | const oldVideoAuditView = new VideoAuditView(videoInstance.toFormattedDetailsJSON()) | ||
276 | const videoInfoToUpdate: VideoUpdate = req.body | 280 | const videoInfoToUpdate: VideoUpdate = req.body |
277 | const wasPrivateVideo = videoInstance.privacy === VideoPrivacy.PRIVATE | 281 | const wasPrivateVideo = videoInstance.privacy === VideoPrivacy.PRIVATE |
278 | 282 | ||
@@ -344,9 +348,14 @@ async function updateVideo (req: express.Request, res: express.Response) { | |||
344 | 348 | ||
345 | const isNewVideo = wasPrivateVideo && videoInstanceUpdated.privacy !== VideoPrivacy.PRIVATE | 349 | const isNewVideo = wasPrivateVideo && videoInstanceUpdated.privacy !== VideoPrivacy.PRIVATE |
346 | await federateVideoIfNeeded(videoInstanceUpdated, isNewVideo, t) | 350 | await federateVideoIfNeeded(videoInstanceUpdated, isNewVideo, t) |
347 | }) | ||
348 | 351 | ||
349 | logger.info('Video with name %s and uuid %s updated.', videoInstance.name, videoInstance.uuid) | 352 | auditLogger.update( |
353 | res.locals.oauth.token.User.Account.Actor.getIdentifier(), | ||
354 | new VideoAuditView(videoInstanceUpdated.toFormattedDetailsJSON()), | ||
355 | oldVideoAuditView | ||
356 | ) | ||
357 | logger.info('Video with name %s and uuid %s updated.', videoInstance.name, videoInstance.uuid) | ||
358 | }) | ||
350 | } catch (err) { | 359 | } catch (err) { |
351 | // Force fields we want to update | 360 | // Force fields we want to update |
352 | // If the transaction is retried, sequelize will think the object has not changed | 361 | // If the transaction is retried, sequelize will think the object has not changed |
@@ -423,6 +432,7 @@ async function removeVideo (req: express.Request, res: express.Response) { | |||
423 | await videoInstance.destroy({ transaction: t }) | 432 | await videoInstance.destroy({ transaction: t }) |
424 | }) | 433 | }) |
425 | 434 | ||
435 | auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new VideoAuditView(videoInstance.toFormattedDetailsJSON())) | ||
426 | logger.info('Video with name %s and uuid %s deleted.', videoInstance.name, videoInstance.uuid) | 436 | logger.info('Video with name %s and uuid %s deleted.', videoInstance.name, videoInstance.uuid) |
427 | 437 | ||
428 | return res.type('json').status(204).end() | 438 | return res.type('json').status(204).end() |