Changed viewweblog to a form, reworked handling of config and weblog parameters, and added deniedyesno and bypassyesno config options.

1 files changed, 80 insertions, 100 deletions

diff --git a/weblog-model.lua b/weblog-model.lua
index a462ee8..d2f5b61 100644
--- a/weblog-model.lua
+++ b/weblog-model.lua
@@ -306,14 +306,14 @@ local generatewhereclause = function(clientuserid, starttime, endtime, clientip,
 	if clientip and clientip ~= "" then
 		where[#where+1] = "clientip = '"..escape(clientip).."'"
 	end
-	if badyesno and badyesno ~= "" then
-		where[#where+1] = "badyesno = '"..escape(badyesno).."'"
+	if badyesno then
+		where[#where+1] = "badyesno = '1'"
 	end
-	if deniedyesno and deniedyesno ~= "" then
-		where[#where+1] = "deniedyesno = '"..escape(deniedyesno).."'"
+	if deniedyesno then
+		where[#where+1] = "deniedyesno = '1'"
 	end
-	if bypassyesno and bypassyesno ~= "" then
-		where[#where+1] = "bypassyesno = '"..escape(bypassyesno).."'"
+	if bypassyesno then
+		where[#where+1] = "bypassyesno = '1'"
 	end
 	if score and score ~= "" then
 		where[#where+1] = "score >= '"..escape(score).."'"
@@ -321,7 +321,7 @@ local generatewhereclause = function(clientuserid, starttime, endtime, clientip,
 	if urisearch and urisearch ~= "" then
 	    	where[#where+1] = "lower(uri) LIKE '%"..escape(urisearch).."%'"
 	end
-	if selected and selected == "true" then
+	if selected then
 		where[#where+1] = "selected = 'true'"
 	end
 
@@ -355,10 +355,6 @@ local listlogentries = function(activelog, clientuserid, starttime, endtime, cli
 	return entries
 end
 
-local listpubweblogentries = function(...)
-	return listlogentries(...)
-end
-
 local groupflaggedlogentries = function(starttime, endtime, groupby)
 	groupby = groupby or "clientuserid"
 	local entries = {}
@@ -993,61 +989,6 @@ function getactivitylog()
 	return retval
 end
 
-local validateparameters = function(params)
-	local success = true
-	if params.clientip.value ~= "" and string.find(params.clientip.value, "[^%d%.]") then
-		params.clientip.errtxt = "Invalid IP Address"
-		success = false
-	end
-	if params.window.value ~= "" and not validator.is_integer(params.window.value) then
-		params.window.errtxt = "Must be an integer"
-		success = false
-	end
-	local res, err = pcall(function()
-		databaseconnect(DatabaseUser)
-		local s
-		if params.starttime.value ~= "" then
-			s,params.starttime.errtxt,params.starttime.value = convertdatabaseentry("TIMESTAMP", params.starttime.value)
-			success = success and s
-		end
-		if params.endtime.value ~= "" then
-			s,params.endtime.errtxt,params.endtime.value = convertdatabaseentry("TIMESTAMP", params.endtime.value)
-			success = success and s
-		end
-		if params.focus.value ~= "" then
-			s,params.focus.errtxt,params.focus.value = convertdatabaseentry("TIMESTAMP", params.focus.value)
-			success = success and s
-		end
-		databasedisconnect()
-	end)
-	if not res and err then
-		params.starttime.errtxt = err
-		params.endtime.errtxt = err
-		params.focus.errtxt = err
-		success = false
-	end
-	return success
-end
-
-local handleparameters = function(activelog, clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, sortby, selected, focus)
-	local result = {}
-	result.activelog = cfe({ value=activelog or "pubweblog", label="Active Weblog" })
-	result.clientuserid = cfe({ value=clientuserid or "", label="User ID" })
-	result.starttime = cfe({ value=starttime or "", label="Start Time" })
-	result.endtime = cfe({ value=endtime or "", label="End Time" })
-	result.clientip = cfe({ value=clientip or "", label="Client IP" })
-	result.badyesno = cfe({ value=badyesno, label="Show Dodgy Records", descr="Limit search to Dodgy records"})
-	result.deniedyesno = cfe({ value=deniedyesno, label="Show Denied Records", descr="Limit search to Denied uri"})
-	result.bypassyesno = cfe({ value=bypassyesno, label="Show Bypass Actions", descr="Limit search to Bypass attempts"})
-	result.score = cfe({ value=score, label="Minimum Score", descr="Minimum score to search on"})
-	result.urisearch = cfe({ value=urisearch or "", label="URI Contains", descr="Retrieve records where the URI contains this word"})
-	result.sortby = cfe({ value=sortby, label="Sort By field", descr="Sort by this field when displaying records"})
-	result.selected = cfe({ value=selected, label="Show Selected Records", descr="Show only records that have been selected"})
-	result.window = cfe({ value=config.window or "5", label="Time Window" })
-	result.focus = cfe({ value=focus or "", label="Focus Time" })
-	return result
-end
-
 function geteditselected()
 	local result = {}
 	result.select = cfe({ type="list", value={}, label="Entries to mark as selected" })
@@ -1089,41 +1030,76 @@ function clearselected()
 	return retval
 end
 
-function getweblog(activelog, clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, sortby, selected, focus )
-	if (not activelog or activelog=="") then
-		activelog = "pubweblog"
-	end
-
-	if (not starttime or starttime=="") and (not endtime or endtime=="") and config.auditstart~="" and config.auditend~="" then
-		starttime = config.auditstart
-		endtime = config.auditend
-	end
-
-	if config.badyesno=="true" then
-		badyesno = '1'
-	end
-
-	if (not score or score=="") and config.minimumscore~="" then
-		score = config.minimumscore
+local validateweblogparameters = function(params)
+	local success = modelfunctions.validateselect(params.value.activelog)
+	success = modelfunctions.validateselect(params.value.sortby) and success
+	if params.value.clientip.value ~= "" and string.find(params.value.clientip.value, "[^%d%.]") then
+		params.value.clientip.errtxt = "Invalid IP Address"
+		success = false
 	end
-
-	if (not sortby or sortby=="") and config.sortby~="" then
-		sortby = config.sortby
+	local res, err = pcall(function()
+		databaseconnect(DatabaseUser)
+		local s
+		if params.value.starttime.value ~= "" then
+			s,params.value.starttime.errtxt,params.value.starttime.value = convertdatabaseentry("TIMESTAMP", params.value.starttime.value)
+			success = success and s
+		end
+		if params.value.endtime.value ~= "" then
+			s,params.value.endtime.errtxt,params.value.endtime.value = convertdatabaseentry("TIMESTAMP", params.value.endtime.value)
+			success = success and s
+		end
+		if params.value.focus.value ~= "" then
+			s,params.value.focus.errtxt,params.value.focus.value = convertdatabaseentry("TIMESTAMP", params.value.focus.value)
+			success = success and s
+		end
+		databasedisconnect()
+	end)
+	if not res and err then
+		params.value.starttime.errtxt = err
+		params.value.endtime.errtxt = err
+		params.value.focus.errtxt = err
+		success = false
 	end
+	return success
+end
 
-	local result = handleparameters(activelog, clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, sortby, selected, focus)
-	result.log = cfe({ type="list", value={}, label="Weblog Access Log" })
-	local success = validateparameters(result)
+function getweblogparameters()
+	local c = getconfig()
+	local result = {}
+	result.activelog = cfe({ type="select", value="pubweblog", option={"pubweblog", "pubweblog_history"}, label="Active Weblog", seq=1 })
+	result.starttime = cfe({ value=c.value.auditstart.value, label="Start Time", seq=2 })
+	result.endtime = cfe({ value=c.value.auditend.value, label="End Time", seq=3 })
+	result.clientuserid = cfe({ value="", label="User ID", seq=4 })
+	result.clientip = cfe({ value="", label="Client IP", seq=5 })
+	result.urisearch = cfe({ value="", label="URI Contains", descr="Retrieve records where the URI contains this word", seq=6 })
+	result.score = cfe({ value=c.value.minimumscore.value, label="Minimum Score", descr="Minimum score to search on", seq=7 })
+	result.sortby = cfe({ type="select", value=c.value.sortby.value, option=c.value.sortby.option, label="Sort By field", descr="Sort by this field when displaying records", seq=8 })
+	result.badyesno = cfe({ type="boolean", value=c.value.badyesno.value, label="Show Suspect Records", descr="Limit search to records marked as suspect", seq=9 })
+	result.deniedyesno = cfe({ type="boolean", value=c.value.deniedyesno.value, label="Show Denied Records", descr="Limit search to Denied URIs", seq=10 })
+	result.bypassyesno = cfe({ type="boolean", value=c.value.bypassyesno.value, label="Show Bypass Records", descr="Limit search to Bypass attempts", seq=11 })
+	result.selected = cfe({ type="boolean", value=false, label="Show Selected Records", descr="Limit search to records that have been selected", seq=12 })
+	result.focus = cfe({ value="", label="Focus Time", seq=13 })
+	return cfe({ type="group", value=result, label="Weblog Access Log" })
+end
+
+function getweblog(result)
+	local success = validateweblogparameters(result)
+	result.value.log = cfe({ type="list", value={}, label="Weblog Access Log" })
+	result.value.window = cfe({ value=config.window or "5", label="Time Window" })
+	local err
 	if success then
 		local res, err = pcall(function()
 			databaseconnect(DatabaseUser)
-			result.log.value = listpubweblogentries(activelog, clientuserid, starttime, endtime, clientip, badyesno, deniedyesno, bypassyesno, score, urisearch, sortby, selected ) or {}
+			result.value.log.value = listlogentries(result.value.activelog.value, result.value.clientuserid.value, result.value.starttime.value, result.value.endtime.value, result.value.clientip.value, result.value.badyesno.value, result.value.deniedyesno.value, result.value.bypassyesno.value, result.value.score.value, result.value.urisearch.value, result.value.sortby.value, result.value.selected.value ) or {}
 			databasedisconnect()
 		end)
+		if not res then
+			result.errtxt = err
+		end
 	else
-		err = "Invalid search parameters"
+		result.errtxt = "Invalid search parameters"
 	end
-	return cfe({ type="group", value=result, errtxt=err, label="Weblog Access Log" })
+	return result
 end
 
 function getusagestats()
@@ -1174,15 +1150,17 @@ function getconfig()
 	local result = {}
 	result.auditstart = cfe({ value=config.auditstart or "", label="Audit Start Time", seq=1 })
 	result.auditend = cfe({ value=config.auditend or "", label="Audit End Time", seq=2 })
-	result.badyesno = cfe({ type="boolean", value=(config.badyesno == "1"), label="Display Suspect Records", descr="Show only records flagged as suspect on initial display", seq=3 })
-	result.sortby = cfe({ type="select", value=config.sortby or "logdatetime", label="Sort By field", option={"logdatetime", "logdatetime DESC", "clientuserid", "clientuserid DESC", "clientip", "clientip DESC", "bytes", "bytes DESC", "score", "score DESC", "reason"}, seq=4 })
-	result.minimumscore = cfe({ value=config.minimumscore or "0", label="Minimum Score", descr="Minimum Score to search for", seq=5 })
-	result.window = cfe({ value=config.window or "5", label="Time Window", descr="Minutes of activity to display before and after selected block", seq=6 })
-	result.purgedays = cfe({ value=config.purgedays or "30", label="Days before Purge", descr="Days to keep history, regardless of audit", seq=10 })
-	result.groupby = cfe({ type="select", value=config.groupby or "clientuserid", label="Group results by", option={"clientuserid", "clientip"}, seq=7 })
-	result.shorturi = cfe({ type="boolean", value=(config.shorturi == "true"), label="Truncate URLs", descr="You can limit the length of displayed URLs by enabling this option", seq=7 })
-	result.shortreason = cfe({ type="boolean", value=(config.shortreason == "true"), label="Short Reason", descr="Display a short reason (dansguardian only)", seq=8 })
-	result.stoponerror = cfe({ type="boolean", value=(config.stoponerror == "true"), label="Stop on Error", descr="Stop import of logs if an error is encountered", seq=11})
+	result.groupby = cfe({ type="select", value=config.groupby or "clientuserid", label="Group results by", option={"clientuserid", "clientip"}, descr="Display audit results based on user ID or IP", seq=3 })
+	result.minimumscore = cfe({ value=config.minimumscore or "0", label="Minimum Score", descr="Default minimum Score to search for", seq=4 })
+	result.sortby = cfe({ type="select", value=config.sortby or "logdatetime", label="Sort By field", option={"logdatetime", "logdatetime DESC", "clientuserid", "clientuserid DESC", "clientip", "clientip DESC", "bytes", "bytes DESC", "score", "score DESC", "reason"}, descr="Default sort order", seq=5 })
+	result.badyesno = cfe({ type="boolean", value=(config.badyesno == "true"), label="Display Suspect Records", descr="By default, only show records flagged as suspect", seq=6 })
+	result.deniedyesno = cfe({ type="boolean", value=(config.deniedyesno == "true"), label="Display Denied Records", descr="By default, only show records with denied URI", seq=7 })
+	result.bypassyesno = cfe({ type="boolean", value=(config.bypassyesno == "true"), label="Display Bypass Records", descr="By default, only show records with bypass attempts", seq=8 })
+	result.shorturi = cfe({ type="boolean", value=(config.shorturi == "true"), label="Truncate URLs", descr="You can limit the length of displayed URLs by enabling this option", seq=9 })
+	result.shortreason = cfe({ type="boolean", value=(config.shortreason == "true"), label="Short Reason", descr="Display a short reason (dansguardian only)", seq=10 })
+	result.window = cfe({ value=config.window or "5", label="Time Window", descr="Minutes of activity to display before and after selected block", seq=11 })
+	result.purgedays = cfe({ value=config.purgedays or "30", label="Days before Purge", descr="Days to keep full history, regardless of audit", seq=12 })
+	result.stoponerror = cfe({ type="boolean", value=(config.stoponerror == "true"), label="Stop on Error", descr="Stop import of logs if an error is encountered", seq=13})
 	return cfe({ type="group", value=result, label="Weblog Config" })
 end
 
@@ -1233,6 +1211,8 @@ function updateconfig(newconfig)
 		configcontent = format.update_ini_file(configcontent, "", "shortreason", tostring(newconfig.value.shortreason.value))
 		configcontent = format.update_ini_file(configcontent, "", "stoponerror", tostring(newconfig.value.stoponerror.value))
 		configcontent = format.update_ini_file(configcontent, "", "badyesno", tostring(newconfig.value.badyesno.value))
+		configcontent = format.update_ini_file(configcontent, "", "deniedyesno", tostring(newconfig.value.deniedyesno.value))
+		configcontent = format.update_ini_file(configcontent, "", "bypassyesno", tostring(newconfig.value.bypassyesno.value))
 		configcontent = format.update_ini_file(configcontent, "", "minimumscore", tostring(newconfig.value.minimumscore.value))
 		configcontent = format.update_ini_file(configcontent, "", "sortby", tostring(newconfig.value.sortby.value))