Add ability to disable audit logs

2023-10-12 14:56:57 +02:00 · 2023-10-12 14:56:57 +02:00 · a90b8fddbc
commit a90b8fddbc
parent 5bd42bbca7
19 changed files with 148 additions and 7 deletions
--- a/client/src/app/+admin/config/edit-custom-config/edit-advanced-configuration.component.html
+++ b/client/src/app/+admin/config/edit-custom-config/edit-advanced-configuration.component.html
@ -136,4 +136,27 @@
    </div>
  </div>
  <div class="row mt-4"> <!-- cache grid -->
    <div class="col-12 col-lg-4 col-xl-3">
      <div class="anchor" id="customizations"></div> <!-- customizations anchor -->
      <h2 i18n class="inner-form-title">LOGS</h2>
      <div i18n class="inner-form-description">
        Slight modifications to your PeerTube instance for when creating a plugin or theme is overkill.
      </div>
    </div>
    <div class="col-12 col-lg-8 col-xl-9">
      <ng-container formGroupName="instance">
        <ng-container formGroupName="logs">
          <ng-container formGroupName="auditLogs">
            <div class="form-group">
              <my-peertube-checkbox inputName="auditLogsEnabled" formControlName="enabled" i18n-labelText
                labelText="Enable audit logs"></my-peertube-checkbox>
            </div>
          </ng-container>
        </ng-container>
      </ng-container>
    </div>
  </div>
 </ng-container>
--- a/client/src/app/+admin/config/edit-custom-config/edit-custom-config.component.ts
+++ b/client/src/app/+admin/config/edit-custom-config/edit-custom-config.component.ts
@ -93,6 +93,11 @@ export class EditCustomConfigComponent extends FormReactive implements OnInit {
        customizations: {
          javascript: null,
          css: null
        },
        logs: {
          auditLogs: {
            enabled: null
          }
        }
      },
      theme: {
--- a/client/src/app/+admin/system/logs/logs.component.html
+++ b/client/src/app/+admin/system/logs/logs.component.html
@ -37,7 +37,9 @@
  <div *ngIf="loading" i18n>Loading...</div>
  <div #logsElement>
-    <div *ngIf="!loading && logs.length === 0" i18n>No log.</div>
+    <div *ngIf="isAuditLog && !isAuditLogsEnabled" i18n>Audit logs disabled.</div>
    <div *ngIf="!loading && logs.length === 0 && isAuditLogsEnabled" i18n>No log.</div>
    <div *ngFor="let log of logs" class="log-row" [ngClass]="{ error: log.level === 'error', warn: log.level === 'warn' }">
      <span class="log-level">{{ log.level }}</span>
--- a/client/src/app/+admin/system/logs/logs.component.ts
+++ b/client/src/app/+admin/system/logs/logs.component.ts
@ -1,6 +1,6 @@
 import { Component, ElementRef, OnInit, ViewChild } from '@angular/core'
-import { LocalStorageService, Notifier } from '@app/core'
+import { LocalStorageService, Notifier, ServerService } from '@app/core'
-import { ServerLogLevel } from '@peertube/peertube-models'
+import { HTMLServerConfig, ServerLogLevel } from '@peertube/peertube-models'
 import { LogRow } from './log-row.model'
 import { LogsService } from './logs.service'
@ -25,13 +25,20 @@ export class LogsComponent implements OnInit {
  logType: 'audit' | 'standard'
  tagsOneOf: string[] = []
  serverConfig: HTMLServerConfig
  isAuditLogsEnabled: boolean
  constructor (
    private logsService: LogsService,
    private notifier: Notifier,
-    private localStorage: LocalStorageService
+    private localStorage: LocalStorageService,
    private serverService: ServerService
  ) { }
  ngOnInit (): void {
    this.serverConfig = this.serverService.getHTMLConfig()
    console.log(JSON.stringify(this.serverConfig))
    this.buildTimeChoices()
    this.buildLevelChoices()
    this.buildLogTypeChoices()
@ -55,7 +62,10 @@ export class LogsComponent implements OnInit {
    const tagsOneOf = this.tagsOneOf.length !== 0
      ? this.tagsOneOf
      : undefined
-
+    if (!this.isAuditLogsEnabled) {
      this.loading = false
      return
    }
    this.logsService.getLogs({
      isAuditLog: this.isAuditLog(),
      level: this.level,
--- a/config/default.yaml
+++ b/config/default.yaml
@ -763,6 +763,9 @@ instance:
  securitytxt: |
    Contact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md
    Expires: 2025-12-31T11:00:00.000Z'
  logs:
    audit_logs: 
      enabled: true
 services:
  # Cards configuration to format video in Twitter
--- a/packages/models/src/server/custom-config.model.ts
+++ b/packages/models/src/server/custom-config.model.ts
@ -39,6 +39,12 @@ export interface CustomConfig {
      javascript?: string
      css?: string
    }
    logs: {
      auditLogs: {
        enabled: boolean
      }
    }
  }
  theme: {
--- a/packages/models/src/server/server-config.model.ts
+++ b/packages/models/src/server/server-config.model.ts
@ -90,6 +90,11 @@ export interface ServerConfig {
      javascript: string
      css: string
    }
    logs: {
      auditLogs: {
        enabled: boolean
      }
    }
  }
  search: {
--- a/packages/server-commands/src/server/config-command.ts
+++ b/packages/server-commands/src/server/config-command.ts
@ -371,6 +371,12 @@ export class ConfigCommand extends AbstractCommand {
        customizations: {
          javascript: 'alert("coucou")',
          css: 'body { background-color: red; }'
        },
        logs: {
          auditLogs: {
            enabled: true
          }
        }
      },
      theme: {
--- a/packages/tests/src/api/check-params/config.ts
+++ b/packages/tests/src/api/check-params/config.ts
@ -42,6 +42,11 @@ describe('Test config API validators', function () {
      customizations: {
        javascript: 'alert("coucou")',
        css: 'body { background-color: red; }'
      },
      logs: {
        auditLogs: {
          enabled: true
        }
      }
    },
    theme: {
--- a/packages/tests/src/api/server/config.ts
+++ b/packages/tests/src/api/server/config.ts
@ -264,6 +264,11 @@ const newCustomConfig: CustomConfig = {
    customizations: {
      javascript: 'alert("coucou")',
      css: 'body { background-color: red; }'
    },
    logs: {
      auditLogs: {
        enabled: true
      }
    }
  },
  theme: {
--- a/packages/tests/src/api/server/logs.ts
+++ b/packages/tests/src/api/server/logs.ts
@ -193,6 +193,41 @@ describe('Test logs', function () {
      expect(logsString.includes('video 10')).to.be.true
      expect(logsString.includes('video 11')).to.be.false
    })
    it('Should refuse to create logs if disabled', async function () {
      this.timeout(60000)
      await server.config.updateCustomSubConfig({
        newConfig: {
          instance: {
            logs: {
              auditLogs:{
                enabled: false
              }
            }
          }
        }
      })
      await server.videos.upload({ attributes: { name: 'video 12' } })
      await waitJobs([ server ])
      const now1 = new Date()
      await server.videos.upload({ attributes: { name: 'video 13' } })
      await waitJobs([ server ])
      const now2 = new Date()
      await server.videos.upload({ attributes: { name: 'video 14' } })
      await waitJobs([ server ])
      await logsCommand.getAuditLogs({
        startDate: now1,
        endDate: now2,
        expectedStatus: HttpStatusCode.FORBIDDEN_403
      })
    })
  })
  describe('When creating log from the client', function () {
--- a/server/core/controllers/api/config.ts
+++ b/server/core/controllers/api/config.ts
@ -158,6 +158,12 @@ function customConfig (): CustomConfig {
      customizations: {
        css: CONFIG.INSTANCE.CUSTOMIZATIONS.CSS,
        javascript: CONFIG.INSTANCE.CUSTOMIZATIONS.JAVASCRIPT
      },
      logs: {
        auditLogs: {
          enabled: CONFIG.INSTANCE.LOGS.AUDIT_LOGS.ENABLED
        }
      }
    },
    theme: {
--- a/server/core/helpers/audit-logger.ts
+++ b/server/core/helpers/audit-logger.ts
@ -242,6 +242,7 @@ const customConfigKeysToKeep = new Set([
  'instance-defaultNSFWPolicy',
  'instance-customizations-javascript',
  'instance-customizations-css',
  'instance-logs-auditLogs-enabled',
  'services-twitter-username',
  'services-twitter-whitelisted',
  'cache-previews-size',
--- a/server/core/initializers/checker-before-init.ts
+++ b/server/core/initializers/checker-before-init.ts
@ -48,7 +48,7 @@ function checkMissedConfig () {
    'client.videos.miniature.prefer_author_display_name', 'client.menu.login.redirect_on_single_external_auth',
    'defaults.publish.download_enabled', 'defaults.publish.comments_enabled', 'defaults.publish.privacy', 'defaults.publish.licence',
    'instance.name', 'instance.short_description', 'instance.description', 'instance.terms', 'instance.default_client_route',
-    'instance.is_nsfw', 'instance.default_nsfw_policy', 'instance.robots', 'instance.securitytxt',
+    'instance.is_nsfw', 'instance.default_nsfw_policy', 'instance.robots', 'instance.securitytxt', 'instance.logs.audit_logs.enabled',
    'services.twitter.username', 'services.twitter.whitelisted',
    'followers.instance.enabled', 'followers.instance.manual_approval',
    'tracker.enabled', 'tracker.private', 'tracker.reject_too_many_announces',
--- a/server/core/initializers/config.ts
+++ b/server/core/initializers/config.ts
@ -546,7 +546,12 @@ const CONFIG = {
      get CSS () { return config.get<string>('instance.customizations.css') }
    },
    get ROBOTS () { return config.get<string>('instance.robots') },
-    get SECURITYTXT () { return config.get<string>('instance.securitytxt') }
+    get SECURITYTXT () { return config.get<string>('instance.securitytxt') },
    LOGS: {
      AUDIT_LOGS:{
        get ENABLED () { return config.get<boolean>('instance.logs.audit_logs.enabled') }
      }
    }
  },
  SERVICES: {
    TWITTER: {
--- a/server/core/lib/server-config-manager.ts
+++ b/server/core/lib/server-config-manager.ts
@ -100,6 +100,11 @@ class ServerConfigManager {
        customizations: {
          javascript: CONFIG.INSTANCE.CUSTOMIZATIONS.JAVASCRIPT,
          css: CONFIG.INSTANCE.CUSTOMIZATIONS.CSS
        },
        logs: {
          auditLogs: {
            enabled: CONFIG.INSTANCE.LOGS.AUDIT_LOGS.ENABLED
          }
        }
      },
      search: {
--- a/server/core/middlewares/validators/config.ts
+++ b/server/core/middlewares/validators/config.ts
@ -17,6 +17,7 @@ const customConfigUpdateValidator = [
  body('instance.defaultClientRoute').exists(),
  body('instance.customizations.css').exists(),
  body('instance.customizations.javascript').exists(),
  body('instance.logs.auditLogs.enabled').exists(),
  body('services.twitter.username').exists(),
  body('services.twitter.whitelisted').isBoolean(),
--- a/server/core/middlewares/validators/logs.ts
+++ b/server/core/middlewares/validators/logs.ts
@ -80,6 +80,8 @@ const getAuditLogsValidator = [
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
    if (areValidationErrors(req, res)) return
    if (!CONFIG.INSTANCE.LOGS.AUDIT_LOGS.ENABLED) return res.sendStatus(HttpStatusCode.FORBIDDEN_403)
    return next()
  }
 ]
--- a/support/doc/api/openapi.yaml
+++ b/support/doc/api/openapi.yaml
@ -7935,6 +7935,14 @@ components:
                  type: string
                css:
                  type: string
            logs:
              type: object
              properties:
                auditLogs:
                  type: object
                  properties:
                    enabled:
                      type: boolean
        search:
          type: object
          properties:
@ -8252,6 +8260,14 @@ components:
                  type: string
                css:
                  type: string
            logs:
              type: object
              properties:
                auditLogs:
                  type: object
                  properties:
                    enabled:
                      type: boolean
        theme:
          type: object
          properties: