Merge pull request #69 from sheldor1510/audit-log

Implemented audit logs in mysql

Author: hakasapl

resources/lib/UnitySQL.php

@@ -11,6 +11,7 @@ class UnitySQL
     private const TABLE_SSOLOG = "sso_log";
     private const TABLE_PAGES = "pages";
     private const TABLE_EVENTS = "events";
+    private const TABLE_AUDIT_LOG = "audit_log";
 
     private const REQUEST_ADMIN = "admin";
 
@@ -218,4 +219,19 @@ public function addEvent($operator, $action, $entity)
 
         $stmt->execute();
     }
+
+    // audit log table methods
+    public function addLog($operator, $operator_ip, $action_type, $recipient)
+    {
+        $stmt = $this->conn->prepare(
+            "INSERT INTO " . self::TABLE_AUDIT_LOG . " (operator, operator_ip, action_type, recipient) 
+            VALUE (:operator, :operator_ip, :action_type, :recipient)"
+        );
+        $stmt->bindParam(":operator", $operator);
+        $stmt->bindParam(":operator_ip", $operator_ip);
+        $stmt->bindParam(":action_type", $action_type);
+        $stmt->bindParam(":recipient", $recipient);
+
+        $stmt->execute();
+    }
 }

resources/lib/UnityUser.php

@@ -112,6 +112,16 @@ public function init($send_mail = true)
         // add user to cache
         $this->REDIS->appendCacheArray("sorted_users", "", $this->getUID());
 
+        //
+        // add to audit log
+        //
+        $this->SQL->addLog(
+            $this->getUID(),
+            $_SERVER['REMOTE_ADDR'],
+            "user_added",
+            $this->getUID()
+        );
+
         //
         // send email to user
         //
@@ -339,9 +349,10 @@ public function getMail($ignorecache = false)
      *
      * @param array $keys String array of openssh-style ssh public keys
      */
-    public function setSSHKeys($keys, $send_mail = true)
+    public function setSSHKeys($keys, $operator = null, $send_mail = true)
     {
         $ldapUser = $this->getLDAPUser();
+        $operator = is_null($operator) ? $this->getUID() : $operator->getUID();
         $keys_filt = array_values(array_unique($keys));
         if ($ldapUser->exists()) {
             $ldapUser->setAttribute("sshpublickey", $keys_filt);
@@ -352,6 +363,16 @@ public function setSSHKeys($keys, $send_mail = true)
 
         $this->REDIS->setCache($this->uid, "sshkeys", $keys_filt);
 
+        //
+        // add audit log
+        //
+        $this->SQL->addLog(
+            $operator,
+            $_SERVER['REMOTE_ADDR'],
+            "sshkey_modify",
+            $this->getUID()
+        );
+
         if ($send_mail) {
             $this->MAILER->sendMail(
                 $this->getMail(),

tools/docker-dev/sql/bootstrap.sql

@@ -93,6 +93,21 @@ CREATE TABLE `requests` (
 
 -- --------------------------------------------------------
 
+--
+-- Table structure for table `audit_log`
+--
+
+CREATE TABLE `audit_log` (
+  `id` int(11) NOT NULL,
+  `timestamp` timestamp NOT NULL DEFAULT current_timestamp(),
+  `operator` varchar(1000) NOT NULL,
+  `operator_ip` varchar(1000) NOT NULL,
+  `action_type` varchar(1000) NOT NULL,
+  `recipient` varchar(1000) NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+-- --------------------------------------------------------
+
 --
 -- Indexes for dumped tables
 --
@@ -127,6 +142,12 @@ ALTER TABLE `requests`
 ALTER TABLE `sso_log`
   ADD PRIMARY KEY (`id`);
 
+--
+-- Indexes for table `audit_log`
+--
+ALTER TABLE `audit_log`
+  ADD PRIMARY KEY (`id`);
+
 --
 -- AUTO_INCREMENT for dumped tables
 --
@@ -160,6 +181,12 @@ ALTER TABLE `requests`
 --
 ALTER TABLE `sso_log`
   MODIFY `id` int(10) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=8;
+
+--
+-- AUTO_INCREMENT for table `audit_log`
+--
+ALTER TABLE `audit_log`
+  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
 COMMIT;
 
 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;

webroot/panel/account.php

@@ -46,15 +46,15 @@
             if (!empty($added_keys)) {
                 $added_keys = UnitySite::removeTrailingWhitespace($added_keys);
                 $totalKeys = array_merge($USER->getSSHKeys(), $added_keys);
-                $USER->setSSHKeys($totalKeys);
+                $USER->setSSHKeys($totalKeys, $OPERATOR);
             }
             break;
         case "delKey":
             $keys = $USER->getSSHKeys();
             unset($keys[intval($_POST["delIndex"])]);  // remove key from array
             $keys = array_values($keys);
 
-            $USER->setSSHKeys($keys);  // Update user keys
+            $USER->setSSHKeys($keys, $OPERATOR);  // Update user keys
             break;
         case "loginshell":
             if ($_POST["shellSelect"] == "custom") {