From e8321385feea875b350b759241c8dc439edd9319 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Mon, 24 Mar 2014 22:06:00 +0200
Subject: server: audit trail

---
 server.lua | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

(limited to 'server.lua')

diff --git a/server.lua b/server.lua
index bbb7798..0cf1605 100644
--- a/server.lua
+++ b/server.lua
@@ -45,8 +45,25 @@ return function(env)
 
    local success, code, headers, res, encode = xpcall(
       function()
+	 local session
+
+	 local function log_action(txn, params, s)
+	    params.user = mnode.name((s or session).user)
+	    mnode.insert(txn:fetch('/auth/action-log'), params)
+	 end
+
+	 local function log_session_event(action, session)
+	    local txn = aconf.start_txn()
+	    log_action(txn, {action=action}, session)
+	    txn:commit()
+	 end
+
+
 	 for sid, session in pairs(sessions) do
-	    if session.expires < os.time() then sessions[sid] = nil end
+	    if session.expires < os.time() then
+	       sessions[sid] = nil
+	       log_session_event('expire', session)
+	    end
 	 end
 
 	 local method = env.REQUEST_METHOD
@@ -67,7 +84,6 @@ return function(env)
 	    end
 	 end
 
-	 local session
 	 function reset_session_expiry() session.expires = os.time() + 600 end
 
 	 local sid = tonumber(env.HTTP_X_ACONF_AUTH_TOKEN)
@@ -91,6 +107,8 @@ return function(env)
 		  session = {user=user, last_txn_id=0, txns={}}
 		  reset_session_expiry()
 		  sessions[sid] = session
+		  log_session_event('login')
+
 		  return 204, {
 		     ['X-AConf-Auth-Token']=sid,
 		     ['X-AConf-Save-Required']=save_req and 1 or 0
@@ -103,6 +121,7 @@ return function(env)
 
 	    if method == 'DELETE' then
 	       sessions[sid] = nil
+	       log_session_event('logout')
 	       return 204
 	    end
 
@@ -184,6 +203,11 @@ return function(env)
 		     return 200, nil, res
 		  end
 
+		  local jdata = json.encode(data)
+		  local function log_obj_action(action)
+		     log_action(txn, {action=action, path=path, data=jdata})
+		  end
+
 		  if method == 'POST' then
 		     local obj = txn:fetch(path)
 
@@ -194,8 +218,11 @@ return function(env)
 			   data = data.data
 			end
 			mnode.insert(obj, data, index)
+			log_obj_action('insert')
 
-		     elseif type(obj) == 'function' then res = obj(data)
+		     elseif type(obj) == 'function' then
+			res = obj(data)
+			log_obj_action('invoke')
 
 		     else return 405 end
 
@@ -203,10 +230,12 @@ return function(env)
 		     if method == 'DELETE' then
 			if parent[name] == nil then return 404 end
 			parent[name] = nil
+			log_obj_action('delete')
 
 		     elseif method == 'PUT' then
 			if isinstance(parent, mnode.Set) then return 405 end
 			parent[name] = data
+			log_obj_action('set')
 			 
 		     else return 405 end
 		  end
-- 
cgit v1.2.3