add client IP to audit logs
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -80,9 +80,10 @@ func DeleteUser(c *gin.Context) {
|
||||
// Create audit record
|
||||
a := models.Audit{
|
||||
UserId: RequestingUserId,
|
||||
IpAddress: c.ClientIP(),
|
||||
EventText: fmt.Sprintf("Deleted User Id %d", testUser.UserId),
|
||||
}
|
||||
a.AutidLogAdd()
|
||||
a.AuditLogAdd()
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{"message": "user deletion success"})
|
||||
}
|
||||
@@ -181,9 +182,10 @@ func AddUser(c *gin.Context) {
|
||||
// Create audit record
|
||||
a := models.Audit{
|
||||
UserId: RequestingUserId,
|
||||
IpAddress: c.ClientIP(),
|
||||
EventText: fmt.Sprintf("Created User Id %d", u.UserId),
|
||||
}
|
||||
a.AutidLogAdd()
|
||||
a.AuditLogAdd()
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{"message": "user registration success", "data": u})
|
||||
}
|
||||
|
||||
@@ -163,9 +163,10 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
|
||||
a := models.Audit{
|
||||
UserId: UserId,
|
||||
SecretId: results[0].SecretId,
|
||||
IpAddress: c.ClientIP(),
|
||||
EventText: fmt.Sprintf("Retrieved Secret Id %d", results[0].SecretId),
|
||||
}
|
||||
a.AutidLogAdd()
|
||||
a.AuditLogAdd()
|
||||
|
||||
// output results as json
|
||||
c.JSON(http.StatusOK, gin.H{"message": "success", "data": results})
|
||||
@@ -209,9 +210,10 @@ func ListSecrets(c *gin.Context) {
|
||||
// Create audit record
|
||||
a := models.Audit{
|
||||
UserId: UserId,
|
||||
IpAddress: c.ClientIP(),
|
||||
EventText: fmt.Sprintf("Listed %d secrets accessible to user", len(output)),
|
||||
}
|
||||
a.AutidLogAdd()
|
||||
a.AuditLogAdd()
|
||||
|
||||
// output results as json
|
||||
c.JSON(http.StatusOK, gin.H{"message": "success", "data": output})
|
||||
|
||||
@@ -148,9 +148,10 @@ func StoreSecret(c *gin.Context) {
|
||||
a := models.Audit{
|
||||
UserId: UserId,
|
||||
SecretId: s.SecretId,
|
||||
IpAddress: c.ClientIP(),
|
||||
EventText: fmt.Sprintf("Created Secret Id %d", s.SecretId),
|
||||
}
|
||||
a.AutidLogAdd()
|
||||
a.AuditLogAdd()
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{"message": "secret stored successfully", "data": models.SecretRestricted(s)})
|
||||
}
|
||||
@@ -360,9 +361,10 @@ func UpdateSecret(c *gin.Context) {
|
||||
a := models.Audit{
|
||||
UserId: UserId,
|
||||
SecretId: s.SecretId,
|
||||
IpAddress: c.ClientIP(),
|
||||
EventText: fmt.Sprintf("Updated Secret Id %d", s.SecretId),
|
||||
}
|
||||
a.AutidLogAdd()
|
||||
a.AuditLogAdd()
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{"message": "secret updated successfully", "data": models.SecretRestricted(s)})
|
||||
} else {
|
||||
@@ -451,9 +453,10 @@ func DeleteSecret(c *gin.Context) {
|
||||
a := models.Audit{
|
||||
UserId: UserId,
|
||||
SecretId: s.SecretId,
|
||||
IpAddress: c.ClientIP(),
|
||||
EventText: fmt.Sprintf("Deleted Secret Id %d", s.SecretId),
|
||||
}
|
||||
a.AutidLogAdd()
|
||||
a.AuditLogAdd()
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{"message": "secret deleted successfully"})
|
||||
} else {
|
||||
|
||||
@@ -12,10 +12,11 @@ type Audit struct {
|
||||
SecretId int `db:"SecretId" json:"secretId"`
|
||||
EventText string `db:"EventText" json:"eventText"`
|
||||
EventTime time.Time `db:"EventTime" json:"eventTime"`
|
||||
IpAddress string `db:"IpAddress" json:"ipAddress"`
|
||||
}
|
||||
|
||||
// AutidLogAdd adds a new audit record to the database
|
||||
func (a *Audit) AutidLogAdd() (*Audit, error) {
|
||||
// AuditLogAdd adds a new audit record to the database
|
||||
func (a *Audit) AuditLogAdd() (*Audit, error) {
|
||||
var err error
|
||||
|
||||
// Populate timestamp field if not already set
|
||||
@@ -23,16 +24,16 @@ func (a *Audit) AutidLogAdd() (*Audit, error) {
|
||||
a.EventTime = time.Now().UTC()
|
||||
}
|
||||
|
||||
result, err := db.NamedExec(("INSERT INTO audit (UserId, SecretId, EventText, EventTime) VALUES (:UserId, :SecretId, :EventText, :EventTime);"), a)
|
||||
result, err := db.NamedExec(("INSERT INTO audit (UserId, SecretId, EventText, EventTime, IpAddress) VALUES (:UserId, :SecretId, :EventText, :EventTime, :IpAddress);"), a)
|
||||
|
||||
if err != nil {
|
||||
log.Printf("AutidLogAdd error executing sql record : '%s'\n", err)
|
||||
log.Printf("AuditLogAdd error executing sql record : '%s'\n", err)
|
||||
return &Audit{}, err
|
||||
} else {
|
||||
affected, _ := result.RowsAffected()
|
||||
id, _ := result.LastInsertId()
|
||||
a.AuditId = int(id)
|
||||
log.Printf("AutidLogAdd insert returned result id '%d' affecting %d row(s).\n", id, affected)
|
||||
log.Printf("AuditLogAdd insert returned result id '%d' affecting %d row(s).\n", id, affected)
|
||||
}
|
||||
|
||||
return a, nil
|
||||
|
||||
12
models/db.go
12
models/db.go
@@ -86,6 +86,7 @@ const createAudit string = `
|
||||
UserId INTEGER DEFAULT 0,
|
||||
SecretId INTEGER DEFAULT 0,
|
||||
EventText VARCHAR,
|
||||
IpAddress VARCHAR,
|
||||
EventTime datetime
|
||||
);
|
||||
`
|
||||
@@ -394,6 +395,17 @@ func CreateTables() {
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
// Add IpAddress column to audit table
|
||||
auditIPCheck, _ := CheckColumnExists("audit", "IpAddress")
|
||||
if !auditIPCheck {
|
||||
// Add the column for LdapGroup in the roles table
|
||||
_, err := db.Exec("ALTER TABLE audit ADD COLUMN IpAddress VARCHAR;")
|
||||
if err != nil {
|
||||
log.Printf("Error altering audit table to add IpAddress column : '%s'\n", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Count the number of records in the sqlite database
|
||||
|
||||
BIN
www/database.png
BIN
www/database.png
Binary file not shown.
|
Before Width: | Height: | Size: 80 KiB After Width: | Height: | Size: 86 KiB |
Reference in New Issue
Block a user