1 files changed, 265 insertions, 0 deletions
diff --git a/server/helpers/audit-logger.ts b/server/helpers/audit-logger.ts
new file mode 100644
index 000000000..db20df20f
--- /dev/null
+++ b/server/helpers/audit-logger.ts
@@ -0,0 +1,265 @@
+import * as path from 'path'
+import { diff } from 'deep-object-diff'
+import { chain } from 'lodash'
+import * as flatten from 'flat'
+import * as winston from 'winston'
+import { CONFIG } from '../initializers'
+import { jsonLoggerFormat, labelFormatter } from './logger'
+import { VideoDetails, User, VideoChannel, VideoAbuse, VideoImport } from '../../shared'
+import { VideoComment } from '../../shared/models/videos/video-comment.model'
+import { CustomConfig } from '../../shared/models/server/custom-config.model'
+enum AUDIT_TYPE {
+  CREATE = 'create',
+  UPDATE = 'update',
+  DELETE = 'delete'
+}
+const colors = winston.config.npm.colors
+colors.audit = winston.config.npm.colors.info
+winston.addColors(colors)
+const auditLogger = winston.createLogger({
+  levels: { audit: 0 },
+  transports: [
+    new winston.transports.File({
+      filename: path.join(CONFIG.STORAGE.LOG_DIR, 'peertube-audit.log'),
+      level: 'audit',
+      maxsize: 5242880,
+      maxFiles: 5,
+      format: winston.format.combine(
+        winston.format.timestamp(),
+        labelFormatter,
+        winston.format.splat(),
+        jsonLoggerFormat
+      )
+    })
+  ],
+  exitOnError: true
+})
+function auditLoggerWrapper (domain: string, user: string, action: AUDIT_TYPE, entity: EntityAuditView, oldEntity: EntityAuditView = null) {
+  let entityInfos: object
+  if (action === AUDIT_TYPE.UPDATE && oldEntity) {
+    const oldEntityKeys = oldEntity.toLogKeys()
+    const diffObject = diff(oldEntityKeys, entity.toLogKeys())
+    const diffKeys = Object.entries(diffObject).reduce((newKeys, entry) => {
+      newKeys[`new-${entry[0]}`] = entry[1]
+      return newKeys
+    }, {})
+    entityInfos = { ...oldEntityKeys, ...diffKeys }
+  } else {
+    entityInfos = { ...entity.toLogKeys() }
+  }
+  auditLogger.log('audit', JSON.stringify({
+    user,
+    domain,
+    action,
+    ...entityInfos
+  }))
+}
+function auditLoggerFactory (domain: string) {
+  return {
+    create (user: string, entity: EntityAuditView) {
+      auditLoggerWrapper(domain, user, AUDIT_TYPE.CREATE, entity)
+    },
+    update (user: string, entity: EntityAuditView, oldEntity: EntityAuditView) {
+      auditLoggerWrapper(domain, user, AUDIT_TYPE.UPDATE, entity, oldEntity)
+    },
+    delete (user: string, entity: EntityAuditView) {
+      auditLoggerWrapper(domain, user, AUDIT_TYPE.DELETE, entity)
+    }
+  }
+}
+abstract class EntityAuditView {
+  constructor (private keysToKeep: Array<string>, private prefix: string, private entityInfos: object) { }
+  toLogKeys (): object {
+    return chain(flatten(this.entityInfos, { delimiter: '-', safe: true }))
+      .pick(this.keysToKeep)
+      .mapKeys((value, key) => `${this.prefix}-${key}`)
+      .value()
+  }
+}
+const videoKeysToKeep = [
+  'tags',
+  'uuid',
+  'id',
+  'uuid',
+  'createdAt',
+  'updatedAt',
+  'publishedAt',
+  'category',
+  'licence',
+  'language',
+  'privacy',
+  'description',
+  'duration',
+  'isLocal',
+  'name',
+  'thumbnailPath',
+  'previewPath',
+  'nsfw',
+  'waitTranscoding',
+  'account-id',
+  'account-uuid',
+  'account-name',
+  'channel-id',
+  'channel-uuid',
+  'channel-name',
+  'support',
+  'commentsEnabled'
+]
+class VideoAuditView extends EntityAuditView {
+  constructor (private video: VideoDetails) {
+    super(videoKeysToKeep, 'video', video)
+  }
+}
+const videoImportKeysToKeep = [
+  'id',
+  'targetUrl',
+  'video-name'
+]
+class VideoImportAuditView extends EntityAuditView {
+  constructor (private videoImport: VideoImport) {
+    super(videoImportKeysToKeep, 'video-import', videoImport)
+  }
+}
+const commentKeysToKeep = [
+  'id',
+  'text',
+  'threadId',
+  'inReplyToCommentId',
+  'videoId',
+  'createdAt',
+  'updatedAt',
+  'totalReplies',
+  'account-id',
+  'account-uuid',
+  'account-name'
+]
+class CommentAuditView extends EntityAuditView {
+  constructor (private comment: VideoComment) {
+    super(commentKeysToKeep, 'comment', comment)
+  }
+}
+const userKeysToKeep = [
+  'id',
+  'username',
+  'email',
+  'nsfwPolicy',
+  'autoPlayVideo',
+  'role',
+  'videoQuota',
+  'createdAt',
+  'account-id',
+  'account-uuid',
+  'account-name',
+  'account-followingCount',
+  'account-followersCount',
+  'account-createdAt',
+  'account-updatedAt',
+  'account-avatar-path',
+  'account-avatar-createdAt',
+  'account-avatar-updatedAt',
+  'account-displayName',
+  'account-description',
+  'videoChannels'
+]
+class UserAuditView extends EntityAuditView {
+  constructor (private user: User) {
+    super(userKeysToKeep, 'user', user)
+  }
+}
+const channelKeysToKeep = [
+  'id',
+  'uuid',
+  'name',
+  'followingCount',
+  'followersCount',
+  'createdAt',
+  'updatedAt',
+  'avatar-path',
+  'avatar-createdAt',
+  'avatar-updatedAt',
+  'displayName',
+  'description',
+  'support',
+  'isLocal',
+  'ownerAccount-id',
+  'ownerAccount-uuid',
+  'ownerAccount-name',
+  'ownerAccount-displayedName'
+]
+class VideoChannelAuditView extends EntityAuditView {
+  constructor (private channel: VideoChannel) {
+    super(channelKeysToKeep, 'channel', channel)
+  }
+}
+const videoAbuseKeysToKeep = [
+  'id',
+  'reason',
+  'reporterAccount',
+  'video-id',
+  'video-name',
+  'video-uuid',
+  'createdAt'
+]
+class VideoAbuseAuditView extends EntityAuditView {
+  constructor (private videoAbuse: VideoAbuse) {
+    super(videoAbuseKeysToKeep, 'abuse', videoAbuse)
+  }
+}
+const customConfigKeysToKeep = [
+  'instance-name',
+  'instance-shortDescription',
+  'instance-description',
+  'instance-terms',
+  'instance-defaultClientRoute',
+  'instance-defaultNSFWPolicy',
+  'instance-customizations-javascript',
+  'instance-customizations-css',
+  'services-twitter-username',
+  'services-twitter-whitelisted',
+  'cache-previews-size',
+  'cache-captions-size',
+  'signup-enabled',
+  'signup-limit',
+  'admin-email',
+  'user-videoQuota',
+  'transcoding-enabled',
+  'transcoding-threads',
+  'transcoding-resolutions'
+]
+class CustomConfigAuditView extends EntityAuditView {
+  constructor (customConfig: CustomConfig) {
+    const infos: any = customConfig
+    const resolutionsDict = infos.transcoding.resolutions
+    const resolutionsArray = []
+    Object.entries(resolutionsDict).forEach(([resolution, isEnabled]) => {
+      if (isEnabled) resolutionsArray.push(resolution)
+    })
+    Object.assign({}, infos, { transcoding: { resolutions: resolutionsArray } })
+    super(customConfigKeysToKeep, 'config', infos)
+  }
+}
+export {
+  auditLoggerFactory,
+  VideoImportAuditView,
+  VideoChannelAuditView,
+  CommentAuditView,
+  UserAuditView,
+  VideoAuditView,
+  VideoAbuseAuditView,
+  CustomConfigAuditView
+}

diff --git a/server/helpers/audit-logger.ts b/server/helpers/audit-logger.ts new file mode 100644 index 000000000..db20df20f --- /dev/null +++ b/server/helpers/audit-logger.ts
@@ -0,0 +1,265 @@
	1	import * as path from 'path'
	2	import { diff } from 'deep-object-diff'
	3	import { chain } from 'lodash'
	4	import * as flatten from 'flat'
	5	import * as winston from 'winston'
	6	import { CONFIG } from '../initializers'
	7	import { jsonLoggerFormat, labelFormatter } from './logger'
	8	import { VideoDetails, User, VideoChannel, VideoAbuse, VideoImport } from '../../shared'
	9	import { VideoComment } from '../../shared/models/videos/video-comment.model'
	10	import { CustomConfig } from '../../shared/models/server/custom-config.model'
	11
	12	enum AUDIT_TYPE {
	13	CREATE = 'create',
	14	UPDATE = 'update',
	15	DELETE = 'delete'
	16	}
	17
	18	const colors = winston.config.npm.colors
	19	colors.audit = winston.config.npm.colors.info
	20
	21	winston.addColors(colors)
	22
	23	const auditLogger = winston.createLogger({
	24	levels: { audit: 0 },
	25	transports: [
	26	new winston.transports.File({
	27	filename: path.join(CONFIG.STORAGE.LOG_DIR, 'peertube-audit.log'),
	28	level: 'audit',
	29	maxsize: 5242880,
	30	maxFiles: 5,
	31	format: winston.format.combine(
	32	winston.format.timestamp(),
	33	labelFormatter,
	34	winston.format.splat(),
	35	jsonLoggerFormat
	36	)
	37	})
	38	],
	39	exitOnError: true
	40	})
	41
	42	function auditLoggerWrapper (domain: string, user: string, action: AUDIT_TYPE, entity: EntityAuditView, oldEntity: EntityAuditView = null) {
	43	let entityInfos: object
	44	if (action === AUDIT_TYPE.UPDATE && oldEntity) {
	45	const oldEntityKeys = oldEntity.toLogKeys()
	46	const diffObject = diff(oldEntityKeys, entity.toLogKeys())
	47	const diffKeys = Object.entries(diffObject).reduce((newKeys, entry) => {
	48	newKeys[`new-${entry[0]}`] = entry[1]
	49	return newKeys
	50	}, {})
	51	entityInfos = { ...oldEntityKeys, ...diffKeys }
	52	} else {
	53	entityInfos = { ...entity.toLogKeys() }
	54	}
	55	auditLogger.log('audit', JSON.stringify({
	56	user,
	57	domain,
	58	action,
	59	...entityInfos
	60	}))
	61	}
	62
	63	function auditLoggerFactory (domain: string) {
	64	return {
	65	create (user: string, entity: EntityAuditView) {
	66	auditLoggerWrapper(domain, user, AUDIT_TYPE.CREATE, entity)
	67	},
	68	update (user: string, entity: EntityAuditView, oldEntity: EntityAuditView) {
	69	auditLoggerWrapper(domain, user, AUDIT_TYPE.UPDATE, entity, oldEntity)
	70	},
	71	delete (user: string, entity: EntityAuditView) {
	72	auditLoggerWrapper(domain, user, AUDIT_TYPE.DELETE, entity)
	73	}
	74	}
	75	}
	76
	77	abstract class EntityAuditView {
	78	constructor (private keysToKeep: Array<string>, private prefix: string, private entityInfos: object) { }
	79	toLogKeys (): object {
	80	return chain(flatten(this.entityInfos, { delimiter: '-', safe: true }))
	81	.pick(this.keysToKeep)
	82	.mapKeys((value, key) => `${this.prefix}-${key}`)
	83	.value()
	84	}
	85	}
	86
	87	const videoKeysToKeep = [
	88	'tags',
	89	'uuid',
	90	'id',
	91	'uuid',
	92	'createdAt',
	93	'updatedAt',
	94	'publishedAt',
	95	'category',
	96	'licence',
	97	'language',
	98	'privacy',
	99	'description',
	100	'duration',
	101	'isLocal',
	102	'name',
	103	'thumbnailPath',
	104	'previewPath',
	105	'nsfw',
	106	'waitTranscoding',
	107	'account-id',
	108	'account-uuid',
	109	'account-name',
	110	'channel-id',
	111	'channel-uuid',
	112	'channel-name',
	113	'support',
	114	'commentsEnabled'
	115	]
	116	class VideoAuditView extends EntityAuditView {
	117	constructor (private video: VideoDetails) {
	118	super(videoKeysToKeep, 'video', video)
	119	}
	120	}
	121
	122	const videoImportKeysToKeep = [
	123	'id',
	124	'targetUrl',
	125	'video-name'
	126	]
	127	class VideoImportAuditView extends EntityAuditView {
	128	constructor (private videoImport: VideoImport) {
	129	super(videoImportKeysToKeep, 'video-import', videoImport)
	130	}
	131	}
	132
	133	const commentKeysToKeep = [
	134	'id',
	135	'text',
	136	'threadId',
	137	'inReplyToCommentId',
	138	'videoId',
	139	'createdAt',
	140	'updatedAt',
	141	'totalReplies',
	142	'account-id',
	143	'account-uuid',
	144	'account-name'
	145	]
	146	class CommentAuditView extends EntityAuditView {
	147	constructor (private comment: VideoComment) {
	148	super(commentKeysToKeep, 'comment', comment)
	149	}
	150	}
	151
	152	const userKeysToKeep = [
	153	'id',
	154	'username',
	155	'email',
	156	'nsfwPolicy',
	157	'autoPlayVideo',
	158	'role',
	159	'videoQuota',
	160	'createdAt',
	161	'account-id',
	162	'account-uuid',
	163	'account-name',
	164	'account-followingCount',
	165	'account-followersCount',
	166	'account-createdAt',
	167	'account-updatedAt',
	168	'account-avatar-path',
	169	'account-avatar-createdAt',
	170	'account-avatar-updatedAt',
	171	'account-displayName',
	172	'account-description',
	173	'videoChannels'
	174	]
	175	class UserAuditView extends EntityAuditView {
	176	constructor (private user: User) {
	177	super(userKeysToKeep, 'user', user)
	178	}
	179	}
	180
	181	const channelKeysToKeep = [
	182	'id',
	183	'uuid',
	184	'name',
	185	'followingCount',
	186	'followersCount',
	187	'createdAt',
	188	'updatedAt',
	189	'avatar-path',
	190	'avatar-createdAt',
	191	'avatar-updatedAt',
	192	'displayName',
	193	'description',
	194	'support',
	195	'isLocal',
	196	'ownerAccount-id',
	197	'ownerAccount-uuid',
	198	'ownerAccount-name',
	199	'ownerAccount-displayedName'
	200	]
	201	class VideoChannelAuditView extends EntityAuditView {
	202	constructor (private channel: VideoChannel) {
	203	super(channelKeysToKeep, 'channel', channel)
	204	}
	205	}
	206
	207	const videoAbuseKeysToKeep = [
	208	'id',
	209	'reason',
	210	'reporterAccount',
	211	'video-id',
	212	'video-name',
	213	'video-uuid',
	214	'createdAt'
	215	]
	216	class VideoAbuseAuditView extends EntityAuditView {
	217	constructor (private videoAbuse: VideoAbuse) {
	218	super(videoAbuseKeysToKeep, 'abuse', videoAbuse)
	219	}
	220	}
	221
	222	const customConfigKeysToKeep = [
	223	'instance-name',
	224	'instance-shortDescription',
	225	'instance-description',
	226	'instance-terms',
	227	'instance-defaultClientRoute',
	228	'instance-defaultNSFWPolicy',
	229	'instance-customizations-javascript',
	230	'instance-customizations-css',
	231	'services-twitter-username',
	232	'services-twitter-whitelisted',
	233	'cache-previews-size',
	234	'cache-captions-size',
	235	'signup-enabled',
	236	'signup-limit',
	237	'admin-email',
	238	'user-videoQuota',
	239	'transcoding-enabled',
	240	'transcoding-threads',
	241	'transcoding-resolutions'
	242	]
	243	class CustomConfigAuditView extends EntityAuditView {
	244	constructor (customConfig: CustomConfig) {
	245	const infos: any = customConfig
	246	const resolutionsDict = infos.transcoding.resolutions
	247	const resolutionsArray = []
	248	Object.entries(resolutionsDict).forEach(([resolution, isEnabled]) => {
	249	if (isEnabled) resolutionsArray.push(resolution)
	250	})
	251	Object.assign({}, infos, { transcoding: { resolutions: resolutionsArray } })
	252	super(customConfigKeysToKeep, 'config', infos)
	253	}
	254	}
	255
	256	export {
	257	auditLoggerFactory,
	258	VideoImportAuditView,
	259	VideoChannelAuditView,
	260	CommentAuditView,
	261	UserAuditView,
	262	VideoAuditView,
	263	VideoAbuseAuditView,
	264	CustomConfigAuditView
	265	}