From 14665042c6e017ad51198a66dd1a9b2860a3939d Mon Sep 17 00:00:00 2001
From: luukas <lukasdoesdev@gmail.com>
Date: Wed, 18 May 2022 01:34:31 +0300
Subject: [PATCH] Add and improve audit logging in the API

---
 app/classes/web/routes/api/roles/role/index.py | 18 ++++++++++++++++--
 .../web/routes/api/servers/server/index.py     | 16 ++++++++++------
 app/classes/web/routes/api/users/index.py      |  8 +-------
 app/classes/web/routes/api/users/user/index.py | 10 +++++++++-
 4 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/app/classes/web/routes/api/roles/role/index.py b/app/classes/web/routes/api/roles/role/index.py
index 197c4f13..84d1124c 100644
--- a/app/classes/web/routes/api/roles/role/index.py
+++ b/app/classes/web/routes/api/roles/role/index.py
@@ -65,7 +65,7 @@ class ApiRolesRoleIndexHandler(BaseApiHandler):
             _,
             _,
             superuser,
-            _,
+            user,
         ) = auth_data
 
         if not superuser:
@@ -78,6 +78,13 @@ class ApiRolesRoleIndexHandler(BaseApiHandler):
             {"status": "ok", "data": role_id},
         )
 
+        self.controller.management.add_to_audit_log(
+            user["user_id"],
+            f"deleted role with ID {role_id}",
+            server_id=0,
+            source_ip=self.get_remote_ip(),
+        )
+
     def patch(self, role_id: str):
         auth_data = self.authenticate_user()
         if not auth_data:
@@ -87,7 +94,7 @@ class ApiRolesRoleIndexHandler(BaseApiHandler):
             _,
             _,
             superuser,
-            _,
+            user,
         ) = auth_data
 
         if not superuser:
@@ -116,6 +123,13 @@ class ApiRolesRoleIndexHandler(BaseApiHandler):
             role_id, data.get("role_name", None), data.get("servers", None)
         )
 
+        self.controller.management.add_to_audit_log(
+            user["user_id"],
+            f"modified role with ID {role_id}",
+            server_id=0,
+            source_ip=self.get_remote_ip(),
+        )
+
         self.finish_json(
             200,
             {"status": "ok", "data": self.controller.roles.get_role(role_id)},
diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py
index 658d1c43..da838fa8 100644
--- a/app/classes/web/routes/api/servers/server/index.py
+++ b/app/classes/web/routes/api/servers/server/index.py
@@ -112,6 +112,13 @@ class ApiServersServerIndexHandler(BaseApiHandler):
             setattr(self, key, data[key])
         self.controller.servers.update_server(server_obj)
 
+        self.controller.management.add_to_audit_log(
+            auth_data[4]["user_id"],
+            f"modified the server with ID {server_id}",
+            server_id,
+            self.get_remote_ip(),
+        )
+
         return self.finish_json(200, {"status": "ok"})
 
     def delete(self, server_id: str):
@@ -144,19 +151,16 @@ class ApiServersServerIndexHandler(BaseApiHandler):
             + self.controller.servers.get_server_friendly_name(server_id)
         )
 
-        server_data = self.controller.get_server_data(server_id)
-        server_name = server_data["server_name"]
+        self.tasks_manager.remove_all_server_tasks(server_id)
+        self.controller.remove_server(server_id, remove_files)
 
         self.controller.management.add_to_audit_log(
             auth_data[4]["user_id"],
-            f"deleted server {server_id} named {server_name}",
+            f"deleted the server {server_id}",
             server_id,
             self.get_remote_ip(),
         )
 
-        self.tasks_manager.remove_all_server_tasks(server_id)
-        self.controller.remove_server(server_id, remove_files)
-
         self.finish_json(
             200,
             {"status": "ok"},
diff --git a/app/classes/web/routes/api/users/index.py b/app/classes/web/routes/api/users/index.py
index 065ef117..cca0246f 100644
--- a/app/classes/web/routes/api/users/index.py
+++ b/app/classes/web/routes/api/users/index.py
@@ -152,13 +152,7 @@ class ApiUsersIndexHandler(BaseApiHandler):
 
         self.controller.management.add_to_audit_log(
             user["user_id"],
-            f"added user {username} (UID:{user_id})",
-            server_id=0,
-            source_ip=self.get_remote_ip(),
-        )
-        self.controller.management.add_to_audit_log(
-            user["user_id"],
-            f"edited user {username} (UID:{user_id}) with roles {roles}",
+            f"added user {username} (UID:{user_id}) with roles {roles}",
             server_id=0,
             source_ip=self.get_remote_ip(),
         )
diff --git a/app/classes/web/routes/api/users/user/index.py b/app/classes/web/routes/api/users/user/index.py
index 0ed41fbc..7dbcbff3 100644
--- a/app/classes/web/routes/api/users/user/index.py
+++ b/app/classes/web/routes/api/users/user/index.py
@@ -75,7 +75,8 @@ class ApiUsersUserIndexHandler(BaseApiHandler):
         if (user_id in ["@me", user["user_id"]]) and self.helper.get_setting(
             "allow_self_delete", False
         ):
-            self.controller.users.remove_user(user["user_id"])
+            user_id = user["user_id"]
+            self.controller.users.remove_user(user_id)
         elif EnumPermissionsCrafty.USER_CONFIG not in exec_user_crafty_permissions:
             return self.finish_json(
                 400,
@@ -88,6 +89,13 @@ class ApiUsersUserIndexHandler(BaseApiHandler):
             # has User_Config permission
             self.controller.users.remove_user(user_id)
 
+        self.controller.management.add_to_audit_log(
+            user["user_id"],
+            f"deleted the user {user_id}",
+            server_id=0,
+            source_ip=self.get_remote_ip(),
+        )
+
         self.finish_json(
             200,
             {"status": "ok"},