aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers/api/videos
diff options
context:
space:
mode:
authorAurélien Bertron <aurelienbertron@gmail.com>2018-07-31 14:04:26 +0200
committerChocobozzz <me@florianbigard.com>2018-07-31 15:40:29 +0200
commit80e36cd9facb56b330be3e4f1c5ba253cc78c308 (patch)
tree807d8a642ae99ec3f05597e19ebe1ca5dc849582 /server/controllers/api/videos
parent59390818384baa0ffc0cb71af2e67350c6b39172 (diff)
downloadPeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.gz
PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.tar.zst
PeerTube-80e36cd9facb56b330be3e4f1c5ba253cc78c308.zip
Add audit logs in various modules
- Videos - Videos comments - Users - Videos channels - Videos abuses - Custom config
Diffstat (limited to 'server/controllers/api/videos')
-rw-r--r--server/controllers/api/videos/abuse.ts8
-rw-r--r--server/controllers/api/videos/comment.ts10
-rw-r--r--server/controllers/api/videos/index.ts14
3 files changed, 28 insertions, 4 deletions
diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts
index 3413ae894..7782fc639 100644
--- a/server/controllers/api/videos/abuse.ts
+++ b/server/controllers/api/videos/abuse.ts
@@ -18,7 +18,9 @@ import {
18import { AccountModel } from '../../../models/account/account' 18import { AccountModel } from '../../../models/account/account'
19import { VideoModel } from '../../../models/video/video' 19import { VideoModel } from '../../../models/video/video'
20import { VideoAbuseModel } from '../../../models/video/video-abuse' 20import { VideoAbuseModel } from '../../../models/video/video-abuse'
21import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
21 22
23const auditLogger = auditLoggerFactory('abuse')
22const abuseVideoRouter = express.Router() 24const abuseVideoRouter = express.Router()
23 25
24abuseVideoRouter.get('/abuse', 26abuseVideoRouter.get('/abuse',
@@ -64,14 +66,16 @@ async function reportVideoAbuse (req: express.Request, res: express.Response) {
64 await sequelizeTypescript.transaction(async t => { 66 await sequelizeTypescript.transaction(async t => {
65 const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) 67 const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
66 videoAbuseInstance.Video = videoInstance 68 videoAbuseInstance.Video = videoInstance
69 videoAbuseInstance.Account = reporterAccount
67 70
68 // We send the video abuse to the origin server 71 // We send the video abuse to the origin server
69 if (videoInstance.isOwned() === false) { 72 if (videoInstance.isOwned() === false) {
70 await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t) 73 await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
71 } 74 }
72 })
73 75
74 logger.info('Abuse report for video %s created.', videoInstance.name) 76 auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
77 logger.info('Abuse report for video %s created.', videoInstance.name)
78 })
75 79
76 return res.type('json').status(204).end() 80 return res.type('json').status(204).end()
77} 81}
diff --git a/server/controllers/api/videos/comment.ts b/server/controllers/api/videos/comment.ts
index bbeb0d557..e35247829 100644
--- a/server/controllers/api/videos/comment.ts
+++ b/server/controllers/api/videos/comment.ts
@@ -23,7 +23,9 @@ import {
23} from '../../../middlewares/validators/video-comments' 23} from '../../../middlewares/validators/video-comments'
24import { VideoModel } from '../../../models/video/video' 24import { VideoModel } from '../../../models/video/video'
25import { VideoCommentModel } from '../../../models/video/video-comment' 25import { VideoCommentModel } from '../../../models/video/video-comment'
26import { auditLoggerFactory, CommentAuditView } from '../../../helpers/audit-logger'
26 27
28const auditLogger = auditLoggerFactory('comments')
27const videoCommentRouter = express.Router() 29const videoCommentRouter = express.Router()
28 30
29videoCommentRouter.get('/:videoId/comment-threads', 31videoCommentRouter.get('/:videoId/comment-threads',
@@ -107,6 +109,8 @@ async function addVideoCommentThread (req: express.Request, res: express.Respons
107 }, t) 109 }, t)
108 }) 110 })
109 111
112 auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new CommentAuditView(comment.toFormattedJSON()))
113
110 return res.json({ 114 return res.json({
111 comment: comment.toFormattedJSON() 115 comment: comment.toFormattedJSON()
112 }).end() 116 }).end()
@@ -124,6 +128,8 @@ async function addVideoCommentReply (req: express.Request, res: express.Response
124 }, t) 128 }, t)
125 }) 129 })
126 130
131 auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new CommentAuditView(comment.toFormattedJSON()))
132
127 return res.json({ 133 return res.json({
128 comment: comment.toFormattedJSON() 134 comment: comment.toFormattedJSON()
129 }).end() 135 }).end()
@@ -136,6 +142,10 @@ async function removeVideoComment (req: express.Request, res: express.Response)
136 await videoCommentInstance.destroy({ transaction: t }) 142 await videoCommentInstance.destroy({ transaction: t })
137 }) 143 })
138 144
145 auditLogger.delete(
146 res.locals.oauth.token.User.Account.Actor.getIdentifier(),
147 new CommentAuditView(videoCommentInstance.toFormattedJSON())
148 )
139 logger.info('Video comment %d deleted.', videoCommentInstance.id) 149 logger.info('Video comment %d deleted.', videoCommentInstance.id)
140 150
141 return res.type('json').status(204).end() 151 return res.type('json').status(204).end()
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts
index 101183eab..e396ee6be 100644
--- a/server/controllers/api/videos/index.ts
+++ b/server/controllers/api/videos/index.ts
@@ -5,6 +5,7 @@ import { renamePromise } from '../../../helpers/core-utils'
5import { getVideoFileFPS, getVideoFileResolution } from '../../../helpers/ffmpeg-utils' 5import { getVideoFileFPS, getVideoFileResolution } from '../../../helpers/ffmpeg-utils'
6import { processImage } from '../../../helpers/image-utils' 6import { processImage } from '../../../helpers/image-utils'
7import { logger } from '../../../helpers/logger' 7import { logger } from '../../../helpers/logger'
8import { auditLoggerFactory, VideoAuditView } from '../../../helpers/audit-logger'
8import { getFormattedObjects, getServerActor, resetSequelizeInstance } from '../../../helpers/utils' 9import { getFormattedObjects, getServerActor, resetSequelizeInstance } from '../../../helpers/utils'
9import { 10import {
10 CONFIG, 11 CONFIG,
@@ -54,6 +55,7 @@ import { createReqFiles, buildNSFWFilter } from '../../../helpers/express-utils'
54import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update' 55import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update'
55import { videoCaptionsRouter } from './captions' 56import { videoCaptionsRouter } from './captions'
56 57
58const auditLogger = auditLoggerFactory('videos')
57const videosRouter = express.Router() 59const videosRouter = express.Router()
58 60
59const reqVideoFileAdd = createReqFiles( 61const reqVideoFileAdd = createReqFiles(
@@ -247,6 +249,7 @@ async function addVideo (req: express.Request, res: express.Response) {
247 249
248 await federateVideoIfNeeded(video, true, t) 250 await federateVideoIfNeeded(video, true, t)
249 251
252 auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new VideoAuditView(videoCreated.toFormattedDetailsJSON()))
250 logger.info('Video with name %s and uuid %s created.', videoInfo.name, videoCreated.uuid) 253 logger.info('Video with name %s and uuid %s created.', videoInfo.name, videoCreated.uuid)
251 254
252 return videoCreated 255 return videoCreated
@@ -273,6 +276,7 @@ async function addVideo (req: express.Request, res: express.Response) {
273async function updateVideo (req: express.Request, res: express.Response) { 276async function updateVideo (req: express.Request, res: express.Response) {
274 const videoInstance: VideoModel = res.locals.video 277 const videoInstance: VideoModel = res.locals.video
275 const videoFieldsSave = videoInstance.toJSON() 278 const videoFieldsSave = videoInstance.toJSON()
279 const oldVideoAuditView = new VideoAuditView(videoInstance.toFormattedDetailsJSON())
276 const videoInfoToUpdate: VideoUpdate = req.body 280 const videoInfoToUpdate: VideoUpdate = req.body
277 const wasPrivateVideo = videoInstance.privacy === VideoPrivacy.PRIVATE 281 const wasPrivateVideo = videoInstance.privacy === VideoPrivacy.PRIVATE
278 282
@@ -344,9 +348,14 @@ async function updateVideo (req: express.Request, res: express.Response) {
344 348
345 const isNewVideo = wasPrivateVideo && videoInstanceUpdated.privacy !== VideoPrivacy.PRIVATE 349 const isNewVideo = wasPrivateVideo && videoInstanceUpdated.privacy !== VideoPrivacy.PRIVATE
346 await federateVideoIfNeeded(videoInstanceUpdated, isNewVideo, t) 350 await federateVideoIfNeeded(videoInstanceUpdated, isNewVideo, t)
347 })
348 351
349 logger.info('Video with name %s and uuid %s updated.', videoInstance.name, videoInstance.uuid) 352 auditLogger.update(
353 res.locals.oauth.token.User.Account.Actor.getIdentifier(),
354 new VideoAuditView(videoInstanceUpdated.toFormattedDetailsJSON()),
355 oldVideoAuditView
356 )
357 logger.info('Video with name %s and uuid %s updated.', videoInstance.name, videoInstance.uuid)
358 })
350 } catch (err) { 359 } catch (err) {
351 // Force fields we want to update 360 // Force fields we want to update
352 // If the transaction is retried, sequelize will think the object has not changed 361 // If the transaction is retried, sequelize will think the object has not changed
@@ -423,6 +432,7 @@ async function removeVideo (req: express.Request, res: express.Response) {
423 await videoInstance.destroy({ transaction: t }) 432 await videoInstance.destroy({ transaction: t })
424 }) 433 })
425 434
435 auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new VideoAuditView(videoInstance.toFormattedDetailsJSON()))
426 logger.info('Video with name %s and uuid %s deleted.', videoInstance.name, videoInstance.uuid) 436 logger.info('Video with name %s and uuid %s deleted.', videoInstance.name, videoInstance.uuid)
427 437
428 return res.type('json').status(204).end() 438 return res.type('json').status(204).end()