mirror of
https://github.com/certd/certd.git
synced 2026-07-13 00:37:36 +08:00
chore: audit log first
This commit is contained in:
@@ -0,0 +1,32 @@
|
||||
import { BaseController, Constants } from "@certd/lib-server";
|
||||
import { ALL, Body, Controller, Inject, Post, Provide } from "@midwayjs/core";
|
||||
import { ApiTags } from "@midwayjs/swagger";
|
||||
import { AuditService } from "../../../modules/sys/enterprise/service/audit-service.js";
|
||||
import { buildAuditTypeDict, buildAuditActionDict } from "../../../modules/sys/enterprise/service/audit-constants.js";
|
||||
|
||||
@Provide()
|
||||
@ApiTags(["audit"])
|
||||
@Controller("/api/pi/audit")
|
||||
export class AuditLogController extends BaseController {
|
||||
@Inject()
|
||||
auditService: AuditService;
|
||||
|
||||
@Post("/page", { description: Constants.per.authOnly, summary: "分页查询当前用户操作日志" })
|
||||
async page(@Body(ALL) body: any) {
|
||||
const userId = this.getUserId();
|
||||
if (!body.query) {
|
||||
body.query = {};
|
||||
}
|
||||
body.query.userId = userId;
|
||||
const pageRet = await this.auditService.page(body);
|
||||
return this.ok(pageRet);
|
||||
}
|
||||
|
||||
@Post("/dict", { description: Constants.per.authOnly, summary: "获取审计类型和动作字典" })
|
||||
async getDict() {
|
||||
return this.ok({
|
||||
types: buildAuditTypeDict(),
|
||||
actions: buildAuditActionDict(),
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -7,6 +7,7 @@ import { merge } from "lodash-es";
|
||||
import { SiteIpService } from "../../../modules/monitor/service/site-ip-service.js";
|
||||
import { utils } from "@certd/basic";
|
||||
import { ApiTags } from "@midwayjs/swagger";
|
||||
import { AuditType, AuditAction } from "../../../modules/sys/enterprise/service/audit-constants.js";
|
||||
|
||||
/**
|
||||
*/
|
||||
@@ -20,7 +21,6 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
|
||||
authService: AuthService;
|
||||
@Inject()
|
||||
siteIpService: SiteIpService;
|
||||
|
||||
getService(): SiteInfoService {
|
||||
return this.service;
|
||||
}
|
||||
@@ -75,6 +75,11 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
|
||||
if (entity.disabled) {
|
||||
this.service.check(entity.id, true, 0);
|
||||
}
|
||||
this.auditLog({
|
||||
type: AuditType.monitor,
|
||||
action: AuditAction.add,
|
||||
content: `新增了站点监控「${bean.name}」(ID:${res.id}, 域名:${bean.domain})`,
|
||||
});
|
||||
return this.ok(res);
|
||||
}
|
||||
|
||||
@@ -88,6 +93,11 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
|
||||
if (entity.disabled) {
|
||||
this.service.check(entity.id, true, 0);
|
||||
}
|
||||
this.auditLog({
|
||||
type: AuditType.monitor,
|
||||
action: AuditAction.update,
|
||||
content: `修改了站点监控「${bean.name}」(ID:${bean.id})`,
|
||||
});
|
||||
return this.ok();
|
||||
}
|
||||
@Post("/info", { description: Constants.per.authOnly, summary: "查询站点监控详情" })
|
||||
@@ -99,13 +109,24 @@ export class SiteInfoController extends CrudController<SiteInfoService> {
|
||||
@Post("/delete", { description: Constants.per.authOnly, summary: "删除站点监控" })
|
||||
async delete(@Query("id") id: number) {
|
||||
await this.checkOwner(this.service, id, "write");
|
||||
return await super.delete(id);
|
||||
const res = await super.delete(id);
|
||||
this.auditLog({
|
||||
type: AuditType.monitor,
|
||||
action: AuditAction.delete,
|
||||
content: `删除了站点监控(ID:${id})`,
|
||||
});
|
||||
return res;
|
||||
}
|
||||
|
||||
@Post("/batchDelete", { description: Constants.per.authOnly, summary: "批量删除站点监控" })
|
||||
async batchDelete(@Body(ALL) body: any) {
|
||||
const { projectId, userId } = await this.getProjectUserIdWrite();
|
||||
await this.service.batchDelete(body.ids, userId, projectId);
|
||||
this.auditLog({
|
||||
type: AuditType.monitor,
|
||||
action: AuditAction.batchDelete,
|
||||
content: `批量删除了${body.ids.length}条站点监控`,
|
||||
});
|
||||
return this.ok();
|
||||
}
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@ import { Constants, CrudController } from "@certd/lib-server";
|
||||
import { AuthService } from "../../../modules/sys/authority/service/auth-service.js";
|
||||
import { OpenKeyService } from "../../../modules/open/service/open-key-service.js";
|
||||
import { ApiTags } from "@midwayjs/swagger";
|
||||
import { AuditType, AuditAction } from "../../../modules/sys/enterprise/service/audit-constants.js";
|
||||
|
||||
/**
|
||||
*/
|
||||
@@ -14,7 +15,6 @@ export class OpenKeyController extends CrudController<OpenKeyService> {
|
||||
service: OpenKeyService;
|
||||
@Inject()
|
||||
authService: AuthService;
|
||||
|
||||
getService(): OpenKeyService {
|
||||
return this.service;
|
||||
}
|
||||
@@ -57,6 +57,11 @@ export class OpenKeyController extends CrudController<OpenKeyService> {
|
||||
body.projectId = projectId;
|
||||
body.userId = userId;
|
||||
const res = await this.service.add(body);
|
||||
this.auditLog({
|
||||
type: AuditType.openKey,
|
||||
action: AuditAction.add,
|
||||
content: `新增了API密钥(ID:${res.id}, scope:${body.scope})`,
|
||||
});
|
||||
return this.ok(res);
|
||||
}
|
||||
|
||||
@@ -66,6 +71,11 @@ export class OpenKeyController extends CrudController<OpenKeyService> {
|
||||
delete bean.userId;
|
||||
delete bean.projectId;
|
||||
await this.service.update(bean);
|
||||
this.auditLog({
|
||||
type: AuditType.openKey,
|
||||
action: AuditAction.update,
|
||||
content: `修改了API密钥(ID:${bean.id})`,
|
||||
});
|
||||
return this.ok();
|
||||
}
|
||||
@Post("/info", { description: Constants.per.authOnly, summary: "查询开放API密钥详情" })
|
||||
@@ -90,7 +100,13 @@ export class OpenKeyController extends CrudController<OpenKeyService> {
|
||||
@Post("/delete", { description: Constants.per.authOnly, summary: "删除开放API密钥" })
|
||||
async delete(@Query("id") id: number) {
|
||||
await this.checkOwner(this.getService(), id, "write");
|
||||
return await super.delete(id);
|
||||
const res = await super.delete(id);
|
||||
this.auditLog({
|
||||
type: AuditType.openKey,
|
||||
action: AuditAction.delete,
|
||||
content: `删除了API密钥(ID:${id})`,
|
||||
});
|
||||
return res;
|
||||
}
|
||||
|
||||
@Post("/getApiToken", { description: Constants.per.authOnly, summary: "获取API测试令牌" })
|
||||
|
||||
@@ -4,6 +4,7 @@ import { AccessService } from "@certd/lib-server";
|
||||
import { AuthService } from "../../../modules/sys/authority/service/auth-service.js";
|
||||
import { AccessDefine } from "@certd/pipeline";
|
||||
import { ApiTags } from "@midwayjs/swagger";
|
||||
import { AuditType, AuditAction } from "../../../modules/sys/enterprise/service/audit-constants.js";
|
||||
|
||||
/**
|
||||
* 授权
|
||||
@@ -16,7 +17,6 @@ export class AccessController extends CrudController<AccessService> {
|
||||
service: AccessService;
|
||||
@Inject()
|
||||
authService: AuthService;
|
||||
|
||||
getService(): AccessService {
|
||||
return this.service;
|
||||
}
|
||||
@@ -58,7 +58,13 @@ export class AccessController extends CrudController<AccessService> {
|
||||
const { projectId, userId } = await this.getProjectUserIdWrite();
|
||||
bean.userId = userId;
|
||||
bean.projectId = projectId;
|
||||
return super.add(bean);
|
||||
const res = await super.add(bean);
|
||||
this.auditLog({
|
||||
type: AuditType.access,
|
||||
action: AuditAction.add,
|
||||
content: `新增了授权「${bean.name}」(ID:${res.data}, 类型:${bean.type})`,
|
||||
});
|
||||
return res;
|
||||
}
|
||||
|
||||
@Post("/update", { description: Constants.per.authOnly, summary: "更新授权配置" })
|
||||
@@ -66,7 +72,13 @@ export class AccessController extends CrudController<AccessService> {
|
||||
await this.checkOwner(this.getService(), bean.id, "write");
|
||||
delete bean.userId;
|
||||
delete bean.projectId;
|
||||
return super.update(bean);
|
||||
const res = await super.update(bean);
|
||||
this.auditLog({
|
||||
type: AuditType.access,
|
||||
action: AuditAction.update,
|
||||
content: `修改了授权「${bean.name}」(ID:${bean.id})`,
|
||||
});
|
||||
return res;
|
||||
}
|
||||
@Post("/info", { description: Constants.per.authOnly, summary: "查询授权配置详情" })
|
||||
async info(@Query("id") id: number) {
|
||||
@@ -77,7 +89,13 @@ export class AccessController extends CrudController<AccessService> {
|
||||
@Post("/delete", { description: Constants.per.authOnly, summary: "删除授权配置" })
|
||||
async delete(@Query("id") id: number) {
|
||||
await this.checkOwner(this.getService(), id, "write");
|
||||
return super.delete(id);
|
||||
const res = await super.delete(id);
|
||||
this.auditLog({
|
||||
type: AuditType.access,
|
||||
action: AuditAction.delete,
|
||||
content: `删除了授权(ID:${id})`,
|
||||
});
|
||||
return res;
|
||||
}
|
||||
|
||||
@Post("/define", { description: Constants.per.authOnly, summary: "查询授权插件定义" })
|
||||
|
||||
@@ -5,6 +5,7 @@ import { AuthService } from "../../../modules/sys/authority/service/auth-service
|
||||
import { NotificationDefine } from "@certd/pipeline";
|
||||
import { checkPlus } from "@certd/plus-core";
|
||||
import { ApiTags } from "@midwayjs/swagger";
|
||||
import { AuditType, AuditAction } from "../../../modules/sys/enterprise/service/audit-constants.js";
|
||||
|
||||
/**
|
||||
* 通知
|
||||
@@ -17,7 +18,6 @@ export class NotificationController extends CrudController<NotificationService>
|
||||
service: NotificationService;
|
||||
@Inject()
|
||||
authService: AuthService;
|
||||
|
||||
getService(): NotificationService {
|
||||
return this.service;
|
||||
}
|
||||
@@ -62,7 +62,13 @@ export class NotificationController extends CrudController<NotificationService>
|
||||
if (define.needPlus) {
|
||||
checkPlus();
|
||||
}
|
||||
return super.add(bean);
|
||||
const res = await super.add(bean);
|
||||
this.auditLog({
|
||||
type: AuditType.notification,
|
||||
action: AuditAction.add,
|
||||
content: `新增了通知配置「${bean.name}」(ID:${res.data}, 类型:${bean.type})`,
|
||||
});
|
||||
return res;
|
||||
}
|
||||
|
||||
@Post("/update", { description: Constants.per.authOnly, summary: "更新通知配置" })
|
||||
@@ -84,7 +90,13 @@ export class NotificationController extends CrudController<NotificationService>
|
||||
}
|
||||
delete bean.userId;
|
||||
delete bean.projectId;
|
||||
return super.update(bean);
|
||||
const res = await super.update(bean);
|
||||
this.auditLog({
|
||||
type: AuditType.notification,
|
||||
action: AuditAction.update,
|
||||
content: `修改了通知配置「${bean.name}」(ID:${bean.id})`,
|
||||
});
|
||||
return res;
|
||||
}
|
||||
@Post("/info", { description: Constants.per.authOnly, summary: "查询通知配置详情" })
|
||||
async info(@Query("id") id: number) {
|
||||
@@ -95,7 +107,13 @@ export class NotificationController extends CrudController<NotificationService>
|
||||
@Post("/delete", { description: Constants.per.authOnly, summary: "删除通知配置" })
|
||||
async delete(@Query("id") id: number) {
|
||||
await this.checkOwner(this.getService(), id, "write");
|
||||
return super.delete(id);
|
||||
const res = await super.delete(id);
|
||||
this.auditLog({
|
||||
type: AuditType.notification,
|
||||
action: AuditAction.delete,
|
||||
content: `删除了通知配置(ID:${id})`,
|
||||
});
|
||||
return res;
|
||||
}
|
||||
|
||||
@Post("/define", { description: Constants.per.authOnly, summary: "查询通知插件定义" })
|
||||
|
||||
@@ -7,6 +7,7 @@ import { HistoryService } from "../../../modules/pipeline/service/history-servic
|
||||
import { PipelineService } from "../../../modules/pipeline/service/pipeline-service.js";
|
||||
import { AuthService } from "../../../modules/sys/authority/service/auth-service.js";
|
||||
import { PipelineEntity } from "../../../modules/pipeline/entity/pipeline.js";
|
||||
import { AuditType, AuditAction } from "../../../modules/sys/enterprise/service/audit-constants.js";
|
||||
|
||||
const pipelineExample = `
|
||||
// 流水线配置示例,实际传送时要去掉注释
|
||||
@@ -123,6 +124,7 @@ export class PipelineController extends CrudController<PipelineService> {
|
||||
@Inject()
|
||||
siteInfoService: SiteInfoService;
|
||||
|
||||
|
||||
getService() {
|
||||
return this.service;
|
||||
}
|
||||
@@ -196,7 +198,8 @@ export class PipelineController extends CrudController<PipelineService> {
|
||||
@Post("/save", { description: Constants.per.authOnly, summary: "新增/更新流水线" })
|
||||
async save(@Body() bean: PipelineSaveDTO) {
|
||||
const { userId, projectId } = await this.getProjectUserIdWrite();
|
||||
if (bean.id > 0) {
|
||||
const isNew = bean.id <= 0;
|
||||
if (!isNew) {
|
||||
const { userId, projectId } = await this.checkOwner(this.getService(), bean.id, "write", true);
|
||||
bean.userId = userId;
|
||||
bean.projectId = projectId;
|
||||
@@ -206,16 +209,22 @@ export class PipelineController extends CrudController<PipelineService> {
|
||||
}
|
||||
|
||||
if (!this.isAdmin()) {
|
||||
// 非管理员用户 不允许设置流水线有效期
|
||||
delete bean.validTime;
|
||||
}
|
||||
|
||||
const { version } = await this.service.save(bean as any);
|
||||
//是否增加证书监控
|
||||
|
||||
const title = bean.title;
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: isNew ? AuditAction.add : AuditAction.update,
|
||||
content: isNew ? `创建了流水线「${title}」(ID:${bean.id})` : `修改了流水线「${title}」(ID:${bean.id})`,
|
||||
projectId,
|
||||
});
|
||||
|
||||
if (bean.addToMonitorEnabled && bean.addToMonitorDomains) {
|
||||
const sysPublicSettings = await this.sysSettingsService.getPublicSettings();
|
||||
if (isPlus() && sysPublicSettings.certDomainAddToMonitorEnabled) {
|
||||
//增加证书监控
|
||||
await this.siteInfoService.doImport({
|
||||
text: bean.addToMonitorDomains,
|
||||
userId: userId,
|
||||
@@ -230,6 +239,11 @@ export class PipelineController extends CrudController<PipelineService> {
|
||||
async delete(@Query("id") id: number) {
|
||||
await this.checkOwner(this.getService(), id, "write", true);
|
||||
await this.service.delete(id);
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: AuditAction.delete,
|
||||
content: `删除了流水线(ID:${id})`,
|
||||
});
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
@@ -253,6 +267,11 @@ export class PipelineController extends CrudController<PipelineService> {
|
||||
async trigger(@Query("id") id: number, @Query("stepId") stepId?: string) {
|
||||
await this.checkOwner(this.getService(), id, "write", true);
|
||||
await this.service.trigger(id, stepId, true);
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: AuditAction.execute,
|
||||
content: `手动执行了流水线(ID:${id})`,
|
||||
});
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
@@ -260,6 +279,11 @@ export class PipelineController extends CrudController<PipelineService> {
|
||||
async cancel(@Query("historyId") historyId: number) {
|
||||
await this.checkOwner(this.historyService, historyId, "write", true);
|
||||
await this.service.cancel(historyId);
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: AuditAction.cancel,
|
||||
content: `取消了流水线执行(historyId:${historyId})`,
|
||||
});
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
@@ -283,63 +307,53 @@ export class PipelineController extends CrudController<PipelineService> {
|
||||
|
||||
@Post("/batchDelete", { description: Constants.per.authOnly, summary: "批量删除流水线" })
|
||||
async batchDelete(@Body("ids") ids: number[]) {
|
||||
// let { projectId ,userId} = await this.getProjectUserIdWrite()
|
||||
// if(projectId){
|
||||
// await this.service.batchDelete(ids, null,projectId);
|
||||
// return this.ok({});
|
||||
// }
|
||||
// const isAdmin = await this.authService.isAdmin(this.ctx);
|
||||
// userId = isAdmin ? undefined : userId;
|
||||
// await this.service.batchDelete(ids, userId);
|
||||
// return this.ok({});
|
||||
await this.checkPermissionCall(async ({ userId, projectId }) => {
|
||||
await this.service.batchDelete(ids, userId, projectId);
|
||||
});
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: AuditAction.batchDelete,
|
||||
content: `批量删除了${ids.length}条流水线`,
|
||||
});
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
@Post("/batchUpdateGroup", { description: Constants.per.authOnly, summary: "批量更新流水线分组" })
|
||||
async batchUpdateGroup(@Body("ids") ids: number[], @Body("groupId") groupId: number) {
|
||||
// let { projectId ,userId} = await this.getProjectUserIdWrite()
|
||||
// if(projectId){
|
||||
// await this.service.batchUpdateGroup(ids, groupId, null,projectId);
|
||||
// return this.ok({});
|
||||
// }
|
||||
|
||||
// const isAdmin = await this.authService.isAdmin(this.ctx);
|
||||
// userId = isAdmin ? undefined : this.getUserId();
|
||||
// await this.service.batchUpdateGroup(ids, groupId, userId);
|
||||
await this.checkPermissionCall(async ({ userId, projectId }) => {
|
||||
await this.service.batchUpdateGroup(ids, groupId, userId, projectId);
|
||||
});
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: AuditAction.batchUpdate,
|
||||
content: `批量修改了${ids.length}条流水线分组`,
|
||||
});
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
@Post("/batchUpdateTrigger", { description: Constants.per.authOnly, summary: "批量更新流水线触发器" })
|
||||
async batchUpdateTrigger(@Body("ids") ids: number[], @Body("trigger") trigger: any) {
|
||||
// let { projectId ,userId} = await this.getProjectUserIdWrite()
|
||||
// if(projectId){
|
||||
// await this.service.batchUpdateTrigger(ids, trigger, null,projectId);
|
||||
// return this.ok({});
|
||||
// }
|
||||
|
||||
// const isAdmin = await this.authService.isAdmin(this.ctx);
|
||||
// userId = isAdmin ? undefined : this.getUserId();
|
||||
// await this.service.batchUpdateTrigger(ids, trigger, userId);
|
||||
await this.checkPermissionCall(async ({ userId, projectId }) => {
|
||||
await this.service.batchUpdateTrigger(ids, trigger, userId, projectId);
|
||||
});
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: AuditAction.batchUpdate,
|
||||
content: `批量修改了${ids.length}条流水线触发器`,
|
||||
});
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
@Post("/batchUpdateNotification", { description: Constants.per.authOnly, summary: "批量更新流水线通知" })
|
||||
async batchUpdateNotification(@Body("ids") ids: number[], @Body("notification") notification: any) {
|
||||
// const isAdmin = await this.authService.isAdmin(this.ctx);
|
||||
// const userId = isAdmin ? undefined : this.getUserId();
|
||||
// await this.service.batchUpdateNotifications(ids, notification, userId);
|
||||
await this.checkPermissionCall(async ({ userId, projectId }) => {
|
||||
await this.service.batchUpdateNotifications(ids, notification, userId, projectId);
|
||||
});
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: AuditAction.batchUpdate,
|
||||
content: `批量修改了${ids.length}条流水线通知`,
|
||||
});
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
@@ -348,6 +362,11 @@ export class PipelineController extends CrudController<PipelineService> {
|
||||
await this.checkPermissionCall(async ({ userId, projectId }) => {
|
||||
await this.service.batchUpdateCertApplyOptions(ids, options, userId, projectId);
|
||||
});
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: AuditAction.batchUpdate,
|
||||
content: `批量修改了${ids.length}条流水线证书申请配置`,
|
||||
});
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
@@ -356,6 +375,11 @@ export class PipelineController extends CrudController<PipelineService> {
|
||||
await this.checkPermissionCall(async ({ userId, projectId }) => {
|
||||
await this.service.batchRerun(ids, force, userId, projectId);
|
||||
});
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: AuditAction.execute,
|
||||
content: `批量重新执行了${ids.length}条流水线`,
|
||||
});
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
@@ -364,6 +388,11 @@ export class PipelineController extends CrudController<PipelineService> {
|
||||
await this.checkPermissionCall(async ({}) => {
|
||||
await this.service.batchTransfer(ids, toProjectId);
|
||||
});
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: AuditAction.batchUpdate,
|
||||
content: `批量迁移了${ids.length}条流水线`,
|
||||
});
|
||||
return this.ok({});
|
||||
}
|
||||
|
||||
@@ -371,6 +400,11 @@ export class PipelineController extends CrudController<PipelineService> {
|
||||
async refreshWebhookKey(@Body("id") id: number) {
|
||||
await this.checkOwner(this.getService(), id, "write", true);
|
||||
const res = await this.service.refreshWebhookKey(id);
|
||||
this.auditLog({
|
||||
type: AuditType.pipeline,
|
||||
action: AuditAction.update,
|
||||
content: `刷新了流水线(ID:${id})的Webhook密钥`,
|
||||
});
|
||||
return this.ok({
|
||||
webhookKey: res,
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user