Add basic auditing for filesystem actions
Specifically skipping read actions since there isn't much to say there, and it generally wouldn't be very helpful (plus, likely to generate lots of logs).
This commit is contained in:
Dane Everitt
parent
b15679d3bb
commit
ccecaa6694
5 changed files with 164 additions and 64 deletions
|
|
@ -28,6 +28,18 @@ class AuditLog extends Model
|
|||
const ACTION_USER_AUTH_FAILED = 'user:auth.failed';
|
||||
const ACTION_USER_AUTH_PASSWORD_CHANGED = 'user:auth.password-changed';
|
||||
|
||||
const ACTION_SERVER_FILESYSTEM_DOWNLOAD = 'server:filesystem.download';
|
||||
const ACTION_SERVER_FILESYSTEM_WRITE = 'server:filesystem.write';
|
||||
const ACTION_SERVER_FILESYSTEM_DELETE = 'server:filesystem.delete';
|
||||
const ACTION_SERVER_FILESYSTEM_RENAME = 'server:filesystem.rename';
|
||||
const ACTION_SERVER_FILESYSTEM_COMPRESS = 'server:filesystem.compress';
|
||||
const ACTION_SERVER_FILESYSTEM_DECOMPRESS = 'server:filesystem.decompress';
|
||||
const ACTION_SERVER_FILESYSTEM_PULL = 'server:filesystem.pull';
|
||||
|
||||
const ACTION_SERVER_BACKUP_STARTED = 'server:backup.started';
|
||||
const ACTION_SERVER_BACKUP_FAILED = 'server:backup.failed';
|
||||
const ACTION_SERVER_BACKUP_COMPELTED = 'server:backup.completed';
|
||||
const ACTION_SERVER_BACKUP_DELETED = 'server:backup.deleted';
|
||||
const ACTION_SERVER_BACKUP_RESTORE_STARTED = 'server:backup.restore.started';
|
||||
const ACTION_SERVER_BACKUP_RESTORE_COMPLETED = 'server:backup.restore.completed';
|
||||
const ACTION_SERVER_BACKUP_RESTORE_FAILED = 'server:backup.restore.failed';
|
||||
|
|
@ -38,7 +50,7 @@ class AuditLog extends Model
|
|||
public static $validationRules = [
|
||||
'uuid' => 'required|uuid',
|
||||
'action' => 'required|string',
|
||||
'device' => 'required|array',
|
||||
'device' => 'array',
|
||||
'device.ip_address' => 'ip',
|
||||
'device.user_agent' => 'string',
|
||||
'metadata' => 'array',
|
||||
|
|
@ -100,14 +112,14 @@ class AuditLog extends Model
|
|||
{
|
||||
/** @var \Illuminate\Http\Request $request */
|
||||
$request = Container::getInstance()->make('request');
|
||||
if (! $isSystem || ! $request instanceof Request) {
|
||||
if ($isSystem || ! $request instanceof Request) {
|
||||
$request = null;
|
||||
}
|
||||
|
||||
return (new self())->fill([
|
||||
'uuid' => Uuid::uuid4()->toString(),
|
||||
'is_system' => $isSystem,
|
||||
'user_id' => $request->user() ? $request->user()->id : null,
|
||||
'user_id' => ($request && $request->user()) ? $request->user()->id : null,
|
||||
'server_id' => null,
|
||||
'action' => $action,
|
||||
'device' => $request ? [
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Pterodactyl\Models;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Notifications\Notifiable;
|
||||
use Illuminate\Database\Query\JoinClause;
|
||||
use Znck\Eloquent\Traits\BelongsToThrough;
|
||||
|
|
@ -335,7 +336,7 @@ class Server extends Model
|
|||
* @param array $metadata
|
||||
* @return \Pterodactyl\Models\AuditLog
|
||||
*/
|
||||
public function audit(string $action, array $metadata): AuditLog
|
||||
public function newAuditEvent(string $action, array $metadata): AuditLog
|
||||
{
|
||||
$model = AuditLog::factory($action, $metadata)->fill([
|
||||
'server_id' => $this->id,
|
||||
|
|
@ -345,6 +346,32 @@ class Server extends Model
|
|||
return $model;
|
||||
}
|
||||
|
||||
/**
|
||||
* Stores a new audit event for a server by using a transaction. If the transaction
|
||||
* fails for any reason everything executed within will be rolled back. The callback
|
||||
* passed in will receive the AuditLog model before it is saved and the second argument
|
||||
* will be the current server instance. The callback should modify the audit entry as
|
||||
* needed before finishing, any changes will be persisted.
|
||||
*
|
||||
* The response from the callback is returned to the caller.
|
||||
*
|
||||
* @param string $action
|
||||
* @param \Closure $callback
|
||||
* @return mixed
|
||||
* @throws \Throwable
|
||||
*/
|
||||
public function audit(string $action, Closure $callback)
|
||||
{
|
||||
$model = $this->newAuditEvent($action, []);
|
||||
|
||||
return $this->getConnection()->transaction(function () use ($callback, &$model) {
|
||||
$response = $callback($model, $this);
|
||||
$model->save();
|
||||
|
||||
return $response;
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @return \Illuminate\Database\Eloquent\Relations\HasMany
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue