yetangitu/Peertube
1
0
Fork 0
mirror of https://github.com/Chocobozzz/PeerTube.git synced 2025-10-04 18:29:27 +02:00
Code Issues Releases Wiki Activity

Add audit logs in various modules

Browse source 
- Videos
- Videos comments
- Users
- Videos channels
- Videos abuses
- Custom config
This commit is contained in:
Aurélien Bertron 2018-07-31 14:04:26 +02:00 committed by Chocobozzz
parent 5939081838
commit 80e36cd9fa
9 changed files with 249 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

49
server/controllers/api/users.ts
View file

@ -39,6 +39,9 @@ import { createReqFiles } from '../../helpers/express-utils'
import { UserVideoQuota } from '../../../shared/models/users/user-video-quota.model'
import { updateAvatarValidator } from '../../middlewares/validators/avatar'
import { updateActorAvatarFile } from '../../lib/avatar'
import { auditLoggerFactory, UserAuditView } from '../../helpers/audit-logger'
const auditLogger = auditLoggerFactory('users')
const reqAvatarFile = createReqFiles([ 'avatarfile' ], IMAGE_MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.AVATARS_DIR })
const loginRateLimiter = new RateLimit({
@ -189,6 +192,7 @@ async function createUser (req: express.Request, res: express.Response) {
const { user, account } = await createUserAccountAndChannel(userToCreate)
auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
logger.info('User %s with its channel and account created.', body.username)
return res.json({
@ -205,7 +209,7 @@ async function createUser (req: express.Request, res: express.Response) {
async function registerUser (req: express.Request, res: express.Response) {
const body: UserCreate = req.body
const user = new UserModel({
const userToCreate = new UserModel({
username: body.username,
password: body.password,
email: body.email,
@ -215,8 +219,9 @@ async function registerUser (req: express.Request, res: express.Response) {
videoQuota: CONFIG.USER.VIDEO_QUOTA
})
await createUserAccountAndChannel(user)
const { user } = await createUserAccountAndChannel(userToCreate)
auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
logger.info('User %s with its channel and account registered.', body.username)
return res.type('json').status(204).end()
@ -269,6 +274,8 @@ async function removeUser (req: express.Request, res: express.Response, next: ex
await user.destroy()
auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
return res.sendStatus(204)
}
@ -276,6 +283,7 @@ async function updateMe (req: express.Request, res: express.Response, next: expr
const body: UserUpdateMe = req.body
const user: UserModel = res.locals.oauth.token.user
const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
if (body.password !== undefined) user.password = body.password
if (body.email !== undefined) user.email = body.email
@ -290,6 +298,12 @@ async function updateMe (req: express.Request, res: express.Response, next: expr
await user.Account.save({ transaction: t })
await sendUpdateActor(user.Account, t)
auditLogger.update(
res.locals.oauth.token.User.Account.Actor.getIdentifier(),
new UserAuditView(user.toFormattedJSON()),
oldUserAuditView
)
})
return res.sendStatus(204)
@ -297,10 +311,18 @@ async function updateMe (req: express.Request, res: express.Response, next: expr
async function updateMyAvatar (req: express.Request, res: express.Response, next: express.NextFunction) {
const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ]
const account = res.locals.oauth.token.user.Account
const user: UserModel = res.locals.oauth.token.user
const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
const account = user.Account
const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account)
auditLogger.update(
res.locals.oauth.token.User.Account.Actor.getIdentifier(),
new UserAuditView(user.toFormattedJSON()),
oldUserAuditView
)
return res
.json({
avatar: avatar.toFormattedJSON()
@ -310,20 +332,27 @@ async function updateMyAvatar (req: express.Request, res: express.Response, next
async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) {
const body: UserUpdate = req.body
const user = res.locals.user as UserModel
const roleChanged = body.role !== undefined && body.role !== user.role
const userToUpdate = res.locals.user as UserModel
const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON())
const roleChanged = body.role !== undefined && body.role !== userToUpdate.role
if (body.email !== undefined) user.email = body.email
if (body.videoQuota !== undefined) user.videoQuota = body.videoQuota
if (body.role !== undefined) user.role = body.role
if (body.email !== undefined) userToUpdate.email = body.email
if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota
if (body.role !== undefined) userToUpdate.role = body.role
await user.save()
const user = await userToUpdate.save()
// Destroy user token to refresh rights
if (roleChanged) {
await OAuthTokenModel.deleteUserToken(user.id)
await OAuthTokenModel.deleteUserToken(userToUpdate.id)
}
auditLogger.update(
res.locals.oauth.token.User.Account.Actor.getIdentifier(),
new UserAuditView(user.toFormattedJSON()),
oldUserAuditView
)
// Don't need to send this update to followers, these attributes are not propagated
return res.sendStatus(204)