feat: audit/change log — owner-visible record of who changed what
Unit Tests / test (push) Successful in 12m47s
Unit Tests / test (push) Successful in 12m47s
Add AuditManager (api/audit_manager.py): JSONL append-only log at data/api/audit/audit.log with SHA-256 hash chain for tamper detection, verify endpoint, size-based rotation, and automatic redaction of secret fields before any entry is written. Supports structured query (actor, action, date range) and CSV export. Wire an @app.after_request hook in app.py that fires on every mutating /api/* request: captures actor, role, remote IP, and maps the route + method to a human-readable action via ROUTE_ACTION_MAP. Explicit audit entries for password_change and password_reset are added in auth_routes.py so those events record the actor without logging secret values. Expose an admin-only blueprint (api/routes/audit.py): GET /api/audit — paginated query GET /api/audit/export — CSV download GET /api/audit/verify — hash-chain integrity check Register AuditManager in managers.py and add api/audit to config_manager.py critical_data_paths so it is included in backups and restored with other persistent state. Add Activity page (webui/src/pages/Activity.jsx, admin-only) reachable from the nav in App.jsx. New auditAPI helper in api.js covers all three endpoints. Tests: test_audit_manager.py (unit: hash chain, redaction, rotation, query, csv, verify) and test_audit_hook_routes.py (integration: hook fires on mutating routes, skips safe methods, records actor/ip/action, backup-inclusion assertion). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -20,6 +20,30 @@ auth_manager = None # type: ignore
|
||||
auth_bp = Blueprint('auth', __name__, url_prefix='/api/auth')
|
||||
|
||||
|
||||
def _audit(action, target_type, target_id, summary, result, status):
|
||||
"""Record an explicit audit entry for auth actions the generic hook skips.
|
||||
|
||||
Never raises and never includes any password value.
|
||||
"""
|
||||
try:
|
||||
from app import audit_manager
|
||||
ip = request.remote_addr or ''
|
||||
xff = request.headers.get('X-Forwarded-For', '')
|
||||
if xff:
|
||||
last = xff.split(',')[-1].strip()
|
||||
if last:
|
||||
ip = last
|
||||
audit_manager.record(
|
||||
actor=session.get('username', 'anonymous'),
|
||||
role=session.get('role', 'system'),
|
||||
ip=ip, action=action, target_type=target_type, target_id=target_id,
|
||||
summary=summary, result=result, status=status,
|
||||
method=request.method, path=request.path,
|
||||
)
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
|
||||
def require_auth(role=None):
|
||||
"""Decorator that enforces session authentication and an optional role."""
|
||||
def deco(fn):
|
||||
@@ -124,7 +148,11 @@ def change_password():
|
||||
username = session.get('username')
|
||||
ok = auth_manager.change_password(username, old_pw, new_pw)
|
||||
if not ok:
|
||||
_audit('user.password_change', 'user', username or '',
|
||||
'password changed', 'failure', 400)
|
||||
return jsonify({'error': 'Password change failed'}), 400
|
||||
_audit('user.password_change', 'user', username or '',
|
||||
'password changed', 'success', 200)
|
||||
return jsonify({'ok': True})
|
||||
|
||||
|
||||
@@ -142,7 +170,11 @@ def admin_reset_password():
|
||||
return jsonify({'error': 'new_password must be at least 10 characters'}), 400
|
||||
ok = auth_manager.set_password_admin(username, new_pw)
|
||||
if not ok:
|
||||
_audit('user.password_reset', 'user', username,
|
||||
f'admin reset password for peer {username}', 'failure', 400)
|
||||
return jsonify({'error': 'Reset failed (user not found?)'}), 400
|
||||
_audit('user.password_reset', 'user', username,
|
||||
f'admin reset password for peer {username}', 'success', 200)
|
||||
return jsonify({'ok': True})
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user