diff --git a/src/FederationServer/Classes/Configuration.php b/src/FederationServer/Classes/Configuration.php index 40447a8..bd74d4b 100644 --- a/src/FederationServer/Classes/Configuration.php +++ b/src/FederationServer/Classes/Configuration.php @@ -32,7 +32,7 @@ self::$configuration->setDefault('server.list_evidence_max_items', 100); self::$configuration->setDefault('server.list_blacklist_max_items', 100); self::$configuration->setDefault('server.public_audit_logs', true); - self::$configuration->setDefault('server.public_audit_entries', array_map(fn($type) => $type->value, AuditLogType::cases())); + self::$configuration->setDefault('server.public_audit_entries', array_map(fn($type) => $type->value, AuditLogType::getDefaultPublic())); self::$configuration->setDefault('server.public_evidence', true); self::$configuration->setDefault('server.public_blacklist', true); self::$configuration->setDefault('server.public_entities', true); diff --git a/src/FederationServer/Classes/Enums/AuditLogType.php b/src/FederationServer/Classes/Enums/AuditLogType.php index 77763de..a39d4cd 100644 --- a/src/FederationServer/Classes/Enums/AuditLogType.php +++ b/src/FederationServer/Classes/Enums/AuditLogType.php @@ -4,22 +4,43 @@ enum AuditLogType : string { - case OTHER = 'OTHER'; case OPERATOR_CREATED = 'OPERATOR_CREATED'; case OPERATOR_DELETED = 'OPERATOR_DELETED'; case OPERATOR_DISABLED = 'OPERATOR_DISABLED'; case OPERATOR_ENABLED = 'OPERATOR_ENABLED'; + case OPERATOR_PERMISSIONS_CHANGED = 'OPERATOR_MANAGE_BLACKLIST_ENABLED'; case ATTACHMENT_UPLOADED = 'ATTACHMENT_UPLOADED'; case ATTACHMENT_DELETED = 'ATTACHMENT_DELETED'; - case EVIDENCE_CREATED = 'EVIDENCE_CREATED'; + case EVIDENCE_SUBMITTED = 'EVIDENCE_SUBMITTED'; case EVIDENCE_DELETED = 'EVIDENCE_DELETED'; - case ENTITY_DISCOVERED = 'ENTITY_DISCOVERED'; case ENTITY_DELETED = 'ENTITY_DELETED'; + case ENTITY_BLACKLISTED = 'ENTITY_BLACKLISTED'; + case ENTITY_PUSHED = 'ENTITY_PUSHED'; case BLACKLIST_RECORD_DELETED = 'BLACKLIST_DELETED'; case BLACKLIST_LIFTED = 'BLACKLIST_LIFTED'; - case ENTITY_BLACKLISTED = 'ENTITY_BLACKLISTED'; + + case OTHER = 'OTHER'; + + /** + * Returns an array of audit log types that are considered public. + * These types can be shared with clients or logged publicly. + * + * @return AuditLogType[] + */ + public static function getDefaultPublic(): array + { + return [ + self::OPERATOR_CREATED, + self::OPERATOR_DELETED, + self::ATTACHMENT_UPLOADED, + self::ATTACHMENT_DELETED, + self::EVIDENCE_SUBMITTED, + self::EVIDENCE_DELETED, + self::ENTITY_BLACKLISTED, + ]; + } } \ No newline at end of file diff --git a/src/FederationServer/Methods/Entities/PushEntity.php b/src/FederationServer/Methods/Entities/PushEntity.php index 9e9a2f6..ab3c67c 100644 --- a/src/FederationServer/Methods/Entities/PushEntity.php +++ b/src/FederationServer/Methods/Entities/PushEntity.php @@ -2,6 +2,8 @@ namespace FederationServer\Methods\Entities; + use FederationServer\Classes\Enums\AuditLogType; + use FederationServer\Classes\Managers\AuditLogManager; use FederationServer\Classes\Managers\EntitiesManager; use FederationServer\Classes\RequestHandler; use FederationServer\Exceptions\DatabaseOperationException; @@ -49,6 +51,12 @@ if(!EntitiesManager::entityExists($id, $domain)) { $entityUuid = EntitiesManager::registerEntity($id, $domain); + AuditLogManager::createEntry(AuditLogType::ENTITY_PUSHED, sprintf( + 'Entity %s registered by %s (%s)', + $id, + $authenticatedOperator->getName(), + $authenticatedOperator->getUuid() + ), $authenticatedOperator->getUuid(), $entityUuid); } else { diff --git a/src/FederationServer/Methods/Evidence/DeleteEvidence.php b/src/FederationServer/Methods/Evidence/DeleteEvidence.php index 8fb22d3..0d70d83 100644 --- a/src/FederationServer/Methods/Evidence/DeleteEvidence.php +++ b/src/FederationServer/Methods/Evidence/DeleteEvidence.php @@ -2,6 +2,8 @@ namespace FederationServer\Methods\Evidence; + use FederationServer\Classes\Enums\AuditLogType; + use FederationServer\Classes\Managers\AuditLogManager; use FederationServer\Classes\Managers\EvidenceManager; use FederationServer\Classes\RequestHandler; use FederationServer\Classes\Validate; @@ -41,6 +43,12 @@ } EvidenceManager::deleteEvidence($evidenceUuid); + AuditLogManager::createEntry(AuditLogType::EVIDENCE_DELETED, sprintf( + 'Evidence %s deleted by %s (%s)', + $evidenceUuid, + $authenticatedOperator->getName(), + $authenticatedOperator->getUuid() + ), $authenticatedOperator->getUuid(), $evidenceUuid); } catch(DatabaseOperationException $e) { diff --git a/src/FederationServer/Methods/Evidence/GetEvidenceRecord.php b/src/FederationServer/Methods/Evidence/GetEvidenceRecord.php index b980213..5b3bbe8 100644 --- a/src/FederationServer/Methods/Evidence/GetEvidenceRecord.php +++ b/src/FederationServer/Methods/Evidence/GetEvidenceRecord.php @@ -46,6 +46,8 @@ { throw new RequestException('Confidential evidence access is restricted', 403); } + + self::successResponse($evidenceRecord->toArray()); } catch(DatabaseOperationException $e) { diff --git a/src/FederationServer/Methods/Evidence/SubmitEvidence.php b/src/FederationServer/Methods/Evidence/SubmitEvidence.php index eefee45..2985a58 100644 --- a/src/FederationServer/Methods/Evidence/SubmitEvidence.php +++ b/src/FederationServer/Methods/Evidence/SubmitEvidence.php @@ -2,6 +2,8 @@ namespace FederationServer\Methods\Evidence; + use FederationServer\Classes\Enums\AuditLogType; + use FederationServer\Classes\Managers\AuditLogManager; use FederationServer\Classes\Managers\EntitiesManager; use FederationServer\Classes\Managers\EvidenceManager; use FederationServer\Classes\RequestHandler; @@ -54,12 +56,21 @@ throw new RequestException('Entity does not exist', 404); } - self::successResponse(EvidenceManager::addEvidence($entityUuid, $authenticatedOperator->getUuid(), $textContent, $note, $confidential)); + $evidenceUuid = EvidenceManager::addEvidence($entityUuid, $authenticatedOperator->getUuid(), $textContent, $note, $confidential); + AuditLogManager::createEntry(AuditLogType::EVIDENCE_SUBMITTED, sprintf( + 'Evidence %s created for entity %s by %s (%s)', + $evidenceUuid, + $entityUuid, + $authenticatedOperator->getName(), + $authenticatedOperator->getUuid() + ), $authenticatedOperator->getUuid(), $evidenceUuid); } catch (DatabaseOperationException $e) { throw new RequestException('Failed to create evidence', 500, $e); } + + self::successResponse($evidenceUuid); } } diff --git a/src/FederationServer/Methods/Operators/ManageBlacklistPermission.php b/src/FederationServer/Methods/Operators/ManageBlacklistPermission.php index 1ff1075..2307be5 100644 --- a/src/FederationServer/Methods/Operators/ManageBlacklistPermission.php +++ b/src/FederationServer/Methods/Operators/ManageBlacklistPermission.php @@ -2,7 +2,9 @@ namespace FederationServer\Methods\Operators; + use FederationServer\Classes\Enums\AuditLogType; use FederationServer\Classes\Logger; + use FederationServer\Classes\Managers\AuditLogManager; use FederationServer\Classes\Managers\OperatorManager; use FederationServer\Classes\RequestHandler; use FederationServer\Classes\Validate; @@ -38,7 +40,21 @@ try { + $targetOperator = OperatorManager::getOperator($operatorUuid); + if($targetOperator === null) + { + throw new RequestException('Operator Not Found', 404); + } + OperatorManager::setManageBlacklist($operatorUuid, $enabled); + AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf( + 'Operator %s (%s) %s blacklist management permissions by %s (%s)', + $targetOperator->getName(), + $targetOperator->getUuid(), + $enabled ? 'enabled' : 'disabled', + $authenticatedOperator->getName(), + $authenticatedOperator->getUuid() + ), $authenticatedOperator->getUuid()); } catch(DatabaseOperationException $e) { diff --git a/src/FederationServer/Methods/Operators/ManageClientPermission.php b/src/FederationServer/Methods/Operators/ManageClientPermission.php index 2d1c802..2233df3 100644 --- a/src/FederationServer/Methods/Operators/ManageClientPermission.php +++ b/src/FederationServer/Methods/Operators/ManageClientPermission.php @@ -2,7 +2,8 @@ namespace FederationServer\Methods\Operators; - use FederationServer\Classes\Logger; + use FederationServer\Classes\Enums\AuditLogType; + use FederationServer\Classes\Managers\AuditLogManager; use FederationServer\Classes\Managers\OperatorManager; use FederationServer\Classes\RequestHandler; use FederationServer\Classes\Validate; @@ -37,7 +38,21 @@ try { + $targetOperator = OperatorManager::getOperator($operatorUuid); + if($targetOperator === null) + { + throw new RequestException('Operator Not Found', 404); + } + OperatorManager::setClient($operatorUuid, $enabled); + AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf( + 'Operator %s (%s) %s client permissions by %s (%s)', + $targetOperator->getName(), + $targetOperator->getUuid(), + $enabled ? 'enabled' : 'disabled', + $authenticatedOperator->getName(), + $authenticatedOperator->getUuid() + ), $authenticatedOperator->getUuid()); } catch(DatabaseOperationException $e) { diff --git a/src/FederationServer/Methods/Operators/ManageOperatorsPermission.php b/src/FederationServer/Methods/Operators/ManageOperatorsPermission.php index 56a9dcd..fcfbf17 100644 --- a/src/FederationServer/Methods/Operators/ManageOperatorsPermission.php +++ b/src/FederationServer/Methods/Operators/ManageOperatorsPermission.php @@ -2,7 +2,9 @@ namespace FederationServer\Methods\Operators; + use FederationServer\Classes\Enums\AuditLogType; use FederationServer\Classes\Logger; + use FederationServer\Classes\Managers\AuditLogManager; use FederationServer\Classes\Managers\OperatorManager; use FederationServer\Classes\RequestHandler; use FederationServer\Classes\Validate; @@ -38,7 +40,21 @@ try { + $targetOperator = OperatorManager::getOperator($operatorUuid); + if($targetOperator === null) + { + throw new RequestException('Operator Not Found', 404); + } + OperatorManager::setManageOperators($operatorUuid, $enabled); + AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf( + 'Operator %s (%s) %s operator management permissions by %s (%s)', + $targetOperator->getName(), + $targetOperator->getUuid(), + $enabled ? 'enabled' : 'disabled', + $authenticatedOperator->getName(), + $authenticatedOperator->getUuid() + ), $authenticatedOperator->getUuid()); } catch(DatabaseOperationException $e) { diff --git a/src/FederationServer/Methods/Operators/RefreshOperatorApiKey.php b/src/FederationServer/Methods/Operators/RefreshOperatorApiKey.php index dfca264..35c9c47 100644 --- a/src/FederationServer/Methods/Operators/RefreshOperatorApiKey.php +++ b/src/FederationServer/Methods/Operators/RefreshOperatorApiKey.php @@ -2,7 +2,8 @@ namespace FederationServer\Methods\Operators; - use FederationServer\Classes\Logger; + use FederationServer\Classes\Enums\AuditLogType; + use FederationServer\Classes\Managers\AuditLogManager; use FederationServer\Classes\Managers\OperatorManager; use FederationServer\Classes\RequestHandler; use FederationServer\Exceptions\DatabaseOperationException; @@ -33,7 +34,27 @@ try { + if($operatorUuid !== $authenticatedOperator->getUuid()) + { + $existingOperator = OperatorManager::getOperator($operatorUuid); + if($existingOperator === null) + { + throw new RequestException('Operator Not Found', 404); + } + } + else + { + $existingOperator = $authenticatedOperator; + } + $newApiKey = OperatorManager::refreshApiKey($operatorUuid); + AuditLogManager::createEntry(AuditLogType::OPERATOR_PERMISSIONS_CHANGED, sprintf( + 'Operator %s (%s) refreshed API key by %s (%s)', + $existingOperator->getName(), + $existingOperator->getUuid(), + $authenticatedOperator->getName(), + $authenticatedOperator->getUuid() + ), $authenticatedOperator->getUuid()); } catch(DatabaseOperationException $e) {