From 80e36cd9facb56b330be3e4f1c5ba253cc78c308 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bertron?= <aurelienbertron@gmail.com>
Date: Tue, 31 Jul 2018 14:04:26 +0200
Subject: Add audit logs in various modules

- Videos
- Videos comments
- Users
- Videos channels
- Videos abuses
- Custom config
---
 server/controllers/api/videos/abuse.ts   |  8 ++++++--
 server/controllers/api/videos/comment.ts | 10 ++++++++++
 server/controllers/api/videos/index.ts   | 14 ++++++++++++--
 3 files changed, 28 insertions(+), 4 deletions(-)

(limited to 'server/controllers/api/videos')

diff --git a/server/controllers/api/videos/abuse.ts b/server/controllers/api/videos/abuse.ts
index 3413ae894..7782fc639 100644
--- a/server/controllers/api/videos/abuse.ts
+++ b/server/controllers/api/videos/abuse.ts
@@ -18,7 +18,9 @@ import {
 import { AccountModel } from '../../../models/account/account'
 import { VideoModel } from '../../../models/video/video'
 import { VideoAbuseModel } from '../../../models/video/video-abuse'
+import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger'
 
+const auditLogger = auditLoggerFactory('abuse')
 const abuseVideoRouter = express.Router()
 
 abuseVideoRouter.get('/abuse',
@@ -64,14 +66,16 @@ async function reportVideoAbuse (req: express.Request, res: express.Response) {
   await sequelizeTypescript.transaction(async t => {
     const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t })
     videoAbuseInstance.Video = videoInstance
+    videoAbuseInstance.Account = reporterAccount
 
     // We send the video abuse to the origin server
     if (videoInstance.isOwned() === false) {
       await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t)
     }
-  })
 
-  logger.info('Abuse report for video %s created.', videoInstance.name)
+    auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON()))
+    logger.info('Abuse report for video %s created.', videoInstance.name)
+  })
 
   return res.type('json').status(204).end()
 }
diff --git a/server/controllers/api/videos/comment.ts b/server/controllers/api/videos/comment.ts
index bbeb0d557..e35247829 100644
--- a/server/controllers/api/videos/comment.ts
+++ b/server/controllers/api/videos/comment.ts
@@ -23,7 +23,9 @@ import {
 } from '../../../middlewares/validators/video-comments'
 import { VideoModel } from '../../../models/video/video'
 import { VideoCommentModel } from '../../../models/video/video-comment'
+import { auditLoggerFactory, CommentAuditView } from '../../../helpers/audit-logger'
 
+const auditLogger = auditLoggerFactory('comments')
 const videoCommentRouter = express.Router()
 
 videoCommentRouter.get('/:videoId/comment-threads',
@@ -107,6 +109,8 @@ async function addVideoCommentThread (req: express.Request, res: express.Respons
     }, t)
   })
 
+  auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new CommentAuditView(comment.toFormattedJSON()))
+
   return res.json({
     comment: comment.toFormattedJSON()
   }).end()
@@ -124,6 +128,8 @@ async function addVideoCommentReply (req: express.Request, res: express.Response
     }, t)
   })
 
+  auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new CommentAuditView(comment.toFormattedJSON()))
+
   return res.json({
     comment: comment.toFormattedJSON()
   }).end()
@@ -136,6 +142,10 @@ async function removeVideoComment (req: express.Request, res: express.Response)
     await videoCommentInstance.destroy({ transaction: t })
   })
 
+  auditLogger.delete(
+    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
+    new CommentAuditView(videoCommentInstance.toFormattedJSON())
+  )
   logger.info('Video comment %d deleted.', videoCommentInstance.id)
 
   return res.type('json').status(204).end()
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts
index 101183eab..e396ee6be 100644
--- a/server/controllers/api/videos/index.ts
+++ b/server/controllers/api/videos/index.ts
@@ -5,6 +5,7 @@ import { renamePromise } from '../../../helpers/core-utils'
 import { getVideoFileFPS, getVideoFileResolution } from '../../../helpers/ffmpeg-utils'
 import { processImage } from '../../../helpers/image-utils'
 import { logger } from '../../../helpers/logger'
+import { auditLoggerFactory, VideoAuditView } from '../../../helpers/audit-logger'
 import { getFormattedObjects, getServerActor, resetSequelizeInstance } from '../../../helpers/utils'
 import {
   CONFIG,
@@ -54,6 +55,7 @@ import { createReqFiles, buildNSFWFilter } from '../../../helpers/express-utils'
 import { ScheduleVideoUpdateModel } from '../../../models/video/schedule-video-update'
 import { videoCaptionsRouter } from './captions'
 
+const auditLogger = auditLoggerFactory('videos')
 const videosRouter = express.Router()
 
 const reqVideoFileAdd = createReqFiles(
@@ -247,6 +249,7 @@ async function addVideo (req: express.Request, res: express.Response) {
 
     await federateVideoIfNeeded(video, true, t)
 
+    auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new VideoAuditView(videoCreated.toFormattedDetailsJSON()))
     logger.info('Video with name %s and uuid %s created.', videoInfo.name, videoCreated.uuid)
 
     return videoCreated
@@ -273,6 +276,7 @@ async function addVideo (req: express.Request, res: express.Response) {
 async function updateVideo (req: express.Request, res: express.Response) {
   const videoInstance: VideoModel = res.locals.video
   const videoFieldsSave = videoInstance.toJSON()
+  const oldVideoAuditView = new VideoAuditView(videoInstance.toFormattedDetailsJSON())
   const videoInfoToUpdate: VideoUpdate = req.body
   const wasPrivateVideo = videoInstance.privacy === VideoPrivacy.PRIVATE
 
@@ -344,9 +348,14 @@ async function updateVideo (req: express.Request, res: express.Response) {
 
       const isNewVideo = wasPrivateVideo && videoInstanceUpdated.privacy !== VideoPrivacy.PRIVATE
       await federateVideoIfNeeded(videoInstanceUpdated, isNewVideo, t)
-    })
 
-    logger.info('Video with name %s and uuid %s updated.', videoInstance.name, videoInstance.uuid)
+      auditLogger.update(
+        res.locals.oauth.token.User.Account.Actor.getIdentifier(),
+        new VideoAuditView(videoInstanceUpdated.toFormattedDetailsJSON()),
+        oldVideoAuditView
+      )
+      logger.info('Video with name %s and uuid %s updated.', videoInstance.name, videoInstance.uuid)
+    })
   } catch (err) {
     // Force fields we want to update
     // If the transaction is retried, sequelize will think the object has not changed
@@ -423,6 +432,7 @@ async function removeVideo (req: express.Request, res: express.Response) {
     await videoInstance.destroy({ transaction: t })
   })
 
+  auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new VideoAuditView(videoInstance.toFormattedDetailsJSON()))
   logger.info('Video with name %s and uuid %s deleted.', videoInstance.name, videoInstance.uuid)
 
   return res.type('json').status(204).end()
-- 
cgit v1.2.3