| author | Matthew Wild <mwild1@gmail.com> |
| Sat, 24 Sep 2022 09:25:46 +0100 | |
| changeset 5062 | 39c2824c2880 |
| parent 4938 | ae83200fb55f |
| child 5119 | 4a5837591380 |
| permissions | -rw-r--r-- |
|
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
1 |
module:set_global(); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
2 |
|
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
3 |
local time_now = os.time; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
4 |
local st = require "util.stanza"; |
|
4938
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4937
diff
changeset
|
5 |
local moduleapi = require "core.moduleapi"; |
|
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
6 |
|
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
7 |
local host_wide_user = "@"; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
8 |
|
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
9 |
local stores = {}; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
10 |
|
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
11 |
local function get_store(self, host) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
12 |
local store = rawget(self, host); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
13 |
if store then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
14 |
return store |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
15 |
end |
|
4937
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4936
diff
changeset
|
16 |
store = module:context(host):open_store("audit", "archive"); |
|
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
17 |
rawset(self, host, store); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
18 |
return store; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
19 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
20 |
|
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
21 |
setmetatable(stores, { __index = get_store }); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
22 |
|
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
23 |
|
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
24 |
local function session_extra(session) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
25 |
local attr = { |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
26 |
xmlns = "xmpp:prosody.im/audit", |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
27 |
}; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
28 |
if session.id then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
29 |
attr.id = session.id; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
30 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
31 |
if session.type then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
32 |
attr.type = session.type; |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
33 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
34 |
local stanza = st.stanza("session", attr); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
35 |
if session.ip then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
36 |
stanza:text_tag("remote-ip", session.ip); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
37 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
38 |
return stanza |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
39 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
40 |
|
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
41 |
local function audit(host, user, source, event_type, extra) |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
42 |
if not host or host == "*" then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
43 |
error("cannot log audit events for global"); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
44 |
end |
|
4937
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4936
diff
changeset
|
45 |
local user_key = user or host_wide_user; |
|
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
46 |
|
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
47 |
local attr = { |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
48 |
["source"] = source, |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
49 |
["type"] = event_type, |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
50 |
}; |
|
4937
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4936
diff
changeset
|
51 |
if user_key ~= host_wide_user then |
|
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4936
diff
changeset
|
52 |
attr.user = user_key; |
|
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
53 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
54 |
local stanza = st.stanza("audit-event", attr); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
55 |
if extra ~= nil then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
56 |
if extra.session then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
57 |
local child = session_extra(extra.session); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
58 |
if child then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
59 |
stanza:add_child(child); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
60 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
61 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
62 |
if extra.custom then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
63 |
for _, child in extra.custom do |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
64 |
if not st.is_stanza(child) then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
65 |
error("all extra.custom items must be stanzas") |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
66 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
67 |
stanza:add_child(child); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
68 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
69 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
70 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
71 |
|
|
4937
08dea42a302a
mod_audit*: fix luacheck warnings
Jonas Schäfer <jonas@wielicki.name>
parents:
4936
diff
changeset
|
72 |
local id, err = stores[host]:append(nil, nil, stanza, time_now(), user_key); |
|
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
73 |
if err then |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
74 |
module:log("error", "failed to persist audit event: %s", err); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
75 |
return |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
76 |
else |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
77 |
module:log("debug", "persisted audit event %s as %s", stanza:top_tag(), id); |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
78 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
79 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
80 |
|
|
4938
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4937
diff
changeset
|
81 |
function moduleapi.audit(module, user, event_type, extra) |
|
ae83200fb55f
mod_audit: make the extension of the module API less of a hack
Jonas Schäfer <jonas@wielicki.name>
parents:
4937
diff
changeset
|
82 |
audit(module.host, user, "mod_" .. module:get_name(), event_type, extra); |
|
4936
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
83 |
end |
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
84 |
|
|
530d116b7f68
mod_audit*: modules for audit logging in prosody
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
85 |
module:hook("audit", audit, 0); |