Nosial/FederationServer
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Add configuration for public audit logs and entries handling

Browse source
This commit is contained in:
netkas 2025-06-04 00:33:46 -04:00
parent e7af5bf1b5
commit 7f1ac6897c
Signed by: netkas
GPG key ID: 4D8629441B76E4CC
3 changed files with 52 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/FederationServer/Classes/Configuration.php
View file

@ -6,6 +6,7 @@
use FederationServer\Classes\Configuration\RedisConfiguration; use FederationServer\Classes\Configuration\RedisConfiguration;
use FederationServer\Classes\Configuration\FileStorageConfiguration; use FederationServer\Classes\Configuration\FileStorageConfiguration;
use FederationServer\Classes\Configuration\ServerConfiguration; use FederationServer\Classes\Configuration\ServerConfiguration;
use FederationServer\Classes\Enums\AuditLogType;
class Configuration class Configuration
{ {
@ -31,6 +32,8 @@
self::$configuration->setDefault('server.list_operators_max_items', 100); self::$configuration->setDefault('server.list_operators_max_items', 100);
self::$configuration->setDefault('server.list_evidence_max_items', 100); self::$configuration->setDefault('server.list_evidence_max_items', 100);
self::$configuration->setDefault('server.list_blacklist_max_items', 100); self::$configuration->setDefault('server.list_blacklist_max_items', 100);
self::$configuration->setDefault('server.public_audit_logs', true);
self::$configuration->setDefault('server.public_audit_entries', array_map(fn($type) => $type->value, AuditLogType::cases()));
self::$configuration->setDefault('database.host', '127.0.0.1'); self::$configuration->setDefault('database.host', '127.0.0.1');
self::$configuration->setDefault('database.port', 3306); self::$configuration->setDefault('database.port', 3306);

30
src/FederationServer/Classes/Configuration/ServerConfiguration.php
View file

@ -2,6 +2,8 @@
namespace FederationServer\Classes\Configuration; namespace FederationServer\Classes\Configuration;
use FederationServer\Classes\Enums\AuditLogType;
class ServerConfiguration class ServerConfiguration
{ {
private string $baseUrl; private string $baseUrl;
@ -14,6 +16,11 @@
private int $listOperatorsMaxItems; private int $listOperatorsMaxItems;
private int $listEvidenceMaxItems; private int $listEvidenceMaxItems;
private int $listBlacklistMaxItems; private int $listBlacklistMaxItems;
private bool $publicAuditLogs;
/**
* @var AuditLogType[]
*/
private array $publicAuditEntries;
/** /**
* ServerConfiguration constructor. * ServerConfiguration constructor.
@ -32,6 +39,9 @@
$this->listOperatorsMaxItems = $config['list_operators_max_items'] ?? 100; $this->listOperatorsMaxItems = $config['list_operators_max_items'] ?? 100;
$this->listEvidenceMaxItems = $config['list_evidence_max_items'] ?? 100; $this->listEvidenceMaxItems = $config['list_evidence_max_items'] ?? 100;
$this->listBlacklistMaxItems = $config['list_blacklist_max_items'] ?? 100; $this->listBlacklistMaxItems = $config['list_blacklist_max_items'] ?? 100;
$this->publicAuditLogs = $config['public_audit_logs'] ?? true;
$publicAuditEntries = $config['public_audit_entries'] ?? [];
$this->publicAuditEntries = array_map(fn($type) => AuditLogType::from($type), $publicAuditEntries);
} }
/** /**
@ -133,4 +143,24 @@
{ {
return $this->listBlacklistMaxItems; return $this->listBlacklistMaxItems;
} }
/**
* Check if audit logs are publicly accessible.
*
* @return bool True if public audit logs are enabled, false otherwise.
*/
public function isPublicAuditLogs(): bool
{
return $this->publicAuditLogs;
}
/**
* Get the list of public audit entries.
*
* @return AuditLogType[] The list of public audit entries.
*/
public function getPublicAuditEntries(): array
{
return $this->publicAuditEntries;
}
} }

20
src/FederationServer/Methods/Audit/ListAuditLogs.php
View file

@ -19,6 +19,12 @@
*/ */
public static function handleRequest(): void public static function handleRequest(): void
{ {
$authenticatedOperator = FederationServer::getAuthenticatedOperator(false);
if(!Configuration::getServerConfiguration()->isPublicAuditLogs() && $authenticatedOperator === null)
{
throw new RequestException('Unauthorized: Public audit logs are disabled and no operator is authenticated', 403);
}
$limit = (int) (FederationServer::getParameter('limit') ?? Configuration::getServerConfiguration()->getListAuditLogsMaxItems()); $limit = (int) (FederationServer::getParameter('limit') ?? Configuration::getServerConfiguration()->getListAuditLogsMaxItems());
$page = (int) (FederationServer::getParameter('page') ?? 1); $page = (int) (FederationServer::getParameter('page') ?? 1);
@ -34,9 +40,21 @@
$results = []; $results = [];
if($authenticatedOperator === null)
{
// Public audit logs are enabled, filter by public entries
$filteredEntries = Configuration::getServerConfiguration()->getPublicAuditEntries();
}
else
{
// If an operator is authenticated, we can retrieve all entries
$filteredEntries = null;
}
try try
{ {
$auditLogs = AuditLogManager::getEntries($limit, $page); $auditLogs = AuditLogManager::getEntries($limit, $page, $filteredEntries);
foreach($auditLogs as $logRecord) foreach($auditLogs as $logRecord)
{ {
$operatorRecord = null; $operatorRecord = null;