From 05d01cb356542c09090ce689b6aaa640b7416ea0 Mon Sep 17 00:00:00 2001 From: lian Date: Tue, 12 Apr 2016 17:37:16 +0800 Subject: [PATCH] add admin log api --- seahub/api2/endpoints/admin/__init__.py | 0 seahub/api2/endpoints/admin/file_audit.py | 59 ++++++++++++++++++++++ seahub/api2/endpoints/admin/file_update.py | 57 +++++++++++++++++++++ seahub/api2/endpoints/admin/login.py | 49 ++++++++++++++++++ seahub/api2/endpoints/admin/perm_audit.py | 58 +++++++++++++++++++++ seahub/api2/endpoints/admin/utils.py | 28 ++++++++++ seahub/urls.py | 11 ++++ 7 files changed, 262 insertions(+) create mode 100644 seahub/api2/endpoints/admin/__init__.py create mode 100644 seahub/api2/endpoints/admin/file_audit.py create mode 100644 seahub/api2/endpoints/admin/file_update.py create mode 100644 seahub/api2/endpoints/admin/login.py create mode 100644 seahub/api2/endpoints/admin/perm_audit.py create mode 100644 seahub/api2/endpoints/admin/utils.py diff --git a/seahub/api2/endpoints/admin/__init__.py b/seahub/api2/endpoints/admin/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/seahub/api2/endpoints/admin/file_audit.py b/seahub/api2/endpoints/admin/file_audit.py new file mode 100644 index 0000000000..07e9031f2d --- /dev/null +++ b/seahub/api2/endpoints/admin/file_audit.py @@ -0,0 +1,59 @@ +from rest_framework.authentication import SessionAuthentication +from rest_framework.permissions import IsAdminUser +from rest_framework.response import Response +from rest_framework.views import APIView +from rest_framework import status + +from seaserv import seafile_api + +from .utils import check_time_period_valid, \ + get_log_events_by_type_and_time + +from seahub.api2.authentication import TokenAuthentication +from seahub.api2.throttling import UserRateThrottle +from seahub.api2.utils import api_error + +from seahub.base.templatetags.seahub_tags import email2nickname +from seahub.utils.timeutils import datetime_to_isoformat_timestr +from seahub.utils import EVENTS_ENABLED + +class FileAudit(APIView): + + authentication_classes = (TokenAuthentication, SessionAuthentication ) + permission_classes = (IsAdminUser,) + throttle_classes = (UserRateThrottle,) + + def get(self, request): + + if not EVENTS_ENABLED: + error_msg = 'Feature disabled.' + return api_error(status.HTTP_403_FORBIDDEN, error_msg) + + # check the date format, should be like '2015-10-10' + start = request.GET.get('start', None) + end = request.GET.get('end', None) + + if not check_time_period_valid(start, end): + error_msg = 'start or end date invalid.' + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + result = [] + events = get_log_events_by_type_and_time('file_audit', start, end) + if events: + for ev in events: + tmp_repo = seafile_api.get_repo(ev.repo_id) + tmp_repo_name = tmp_repo.name if tmp_repo else '' + + result.append({ + 'repo_id': ev.repo_id, + 'repo_name': tmp_repo_name, + 'time': datetime_to_isoformat_timestr(ev.timestamp), + 'etype': ev.etype, + 'ip': ev.ip, + 'file_path': ev.file_path, + 'etype': ev.etype, + 'user_name': email2nickname(ev.user), + 'user_email': ev.user + }) + + return Response(result) diff --git a/seahub/api2/endpoints/admin/file_update.py b/seahub/api2/endpoints/admin/file_update.py new file mode 100644 index 0000000000..af94565f69 --- /dev/null +++ b/seahub/api2/endpoints/admin/file_update.py @@ -0,0 +1,57 @@ +from rest_framework.authentication import SessionAuthentication +from rest_framework.permissions import IsAdminUser +from rest_framework.response import Response +from rest_framework.views import APIView +from rest_framework import status + +from seaserv import seafile_api + +from .utils import check_time_period_valid, \ + get_log_events_by_type_and_time + +from seahub.api2.authentication import TokenAuthentication +from seahub.api2.throttling import UserRateThrottle +from seahub.api2.utils import api_error + +from seahub.base.templatetags.seahub_tags import email2nickname +from seahub.utils.timeutils import datetime_to_isoformat_timestr +from seahub.utils import EVENTS_ENABLED + +class FileUpdate(APIView): + + authentication_classes = (TokenAuthentication, SessionAuthentication ) + permission_classes = (IsAdminUser,) + throttle_classes = (UserRateThrottle,) + + def get(self, request): + + if not EVENTS_ENABLED: + error_msg = 'Feature disabled.' + return api_error(status.HTTP_403_FORBIDDEN, error_msg) + + # check the date format, should be like '2015-10-10' + start = request.GET.get('start', None) + end = request.GET.get('end', None) + + if not check_time_period_valid(start, end): + error_msg = 'start or end date invalid.' + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + result = [] + events = get_log_events_by_type_and_time('file_update', start, end) + if events: + for ev in events: + tmp_repo = seafile_api.get_repo(ev.repo_id) + tmp_repo_name = tmp_repo.name if tmp_repo else '' + + result.append({ + 'commit_id': ev.commit_id, + 'repo_id': ev.repo_id, + 'repo_name': tmp_repo_name, + 'time': datetime_to_isoformat_timestr(ev.timestamp), + 'file_operation': ev.file_oper, + 'user_name': email2nickname(ev.user), + 'user_email': ev.user + }) + + return Response(result) diff --git a/seahub/api2/endpoints/admin/login.py b/seahub/api2/endpoints/admin/login.py new file mode 100644 index 0000000000..e511bb8dd2 --- /dev/null +++ b/seahub/api2/endpoints/admin/login.py @@ -0,0 +1,49 @@ +import logging + +from rest_framework.authentication import SessionAuthentication +from rest_framework.permissions import IsAdminUser +from rest_framework.response import Response +from rest_framework.views import APIView +from rest_framework import status + +from .utils import check_time_period_valid +from seahub.base.templatetags.seahub_tags import email2nickname +from seahub_extra.sysadmin_extra.models import UserLoginLog +from seahub.utils.timeutils import datetime_to_isoformat_timestr +from seahub.api2.authentication import TokenAuthentication +from seahub.api2.throttling import UserRateThrottle +from seahub.api2.utils import api_error + +logger = logging.getLogger(__name__) + +class Login(APIView): + + authentication_classes = (TokenAuthentication, SessionAuthentication ) + permission_classes = (IsAdminUser,) + throttle_classes = (UserRateThrottle,) + + def get(self, request): + + # check the date format, should be like '2015-10-10' + start = request.GET.get('start', None) + end = request.GET.get('end', None) + + if not check_time_period_valid(start, end): + error_msg = 'start or end date invalid.' + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + # Filtering a DateTimeField with dates won't include items on the last day, + # because the bounds are interpreted as '0am on the given date'. + end = end + ' 23:59:59' + + result = [] + logs = UserLoginLog.objects.filter(login_date__range=(start, end)) + for log in logs: + result.append({ + 'login_time': datetime_to_isoformat_timestr(log.login_date), + 'login_ip': log.login_ip, + 'name': email2nickname(log.username), + 'email':log.username + }) + + return Response(result) diff --git a/seahub/api2/endpoints/admin/perm_audit.py b/seahub/api2/endpoints/admin/perm_audit.py new file mode 100644 index 0000000000..76872d02af --- /dev/null +++ b/seahub/api2/endpoints/admin/perm_audit.py @@ -0,0 +1,58 @@ +from rest_framework.authentication import SessionAuthentication +from rest_framework.permissions import IsAdminUser +from rest_framework.response import Response +from rest_framework.views import APIView +from rest_framework import status + +from seaserv import seafile_api + +from .utils import check_time_period_valid, \ + get_log_events_by_type_and_time + +from seahub.api2.authentication import TokenAuthentication +from seahub.api2.throttling import UserRateThrottle +from seahub.api2.utils import api_error + +from seahub.base.templatetags.seahub_tags import email2nickname +from seahub.utils.timeutils import datetime_to_isoformat_timestr +from seahub.utils import EVENTS_ENABLED + +class PermAudit(APIView): + + authentication_classes = (TokenAuthentication, SessionAuthentication ) + permission_classes = (IsAdminUser,) + throttle_classes = (UserRateThrottle,) + + def get(self, request): + + if not EVENTS_ENABLED: + error_msg = 'Feature disabled.' + return api_error(status.HTTP_403_FORBIDDEN, error_msg) + # check the date format, should be like '2015-10-10' + start = request.GET.get('start', None) + end = request.GET.get('end', None) + + if not check_time_period_valid(start, end): + error_msg = 'start or end date invalid.' + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + + result = [] + events = get_log_events_by_type_and_time('perm_audit', start, end) + if events: + for ev in events: + tmp_repo = seafile_api.get_repo(ev.repo_id) + tmp_repo_name = tmp_repo.name if tmp_repo else '' + + result.append({ + 'etype': ev.etype, + 'repo_id': ev.repo_id, + 'repo_name': tmp_repo_name, + 'permission': ev.permission, + 'time': datetime_to_isoformat_timestr(ev.timestamp), + 'file_path': ev.file_path, + 'from_name': email2nickname(ev.from_user), + 'from_email': ev.from_user, + 'to': ev.to + }) + + return Response(result) diff --git a/seahub/api2/endpoints/admin/utils.py b/seahub/api2/endpoints/admin/utils.py new file mode 100644 index 0000000000..8bf342fe3d --- /dev/null +++ b/seahub/api2/endpoints/admin/utils.py @@ -0,0 +1,28 @@ +import re +import datetime +import time + +from seahub.utils import get_log_events_by_time + +def check_time_period_valid(start, end): + if not start or not end: + return False + + # check the date format, should be like '2015-10-10' + date_re = re.compile(r'^(\d{4})\-([1-9]|0[1-9]|1[012])\-([1-9]|0[1-9]|[12]\d|3[01])$') + if not date_re.match(start) or not date_re.match(end): + return False + + return True + +def get_log_events_by_type_and_time(log_type, start, end): + start_struct_time = datetime.datetime.strptime(start, "%Y-%m-%d") + start_timestamp = time.mktime(start_struct_time.timetuple()) + + end_struct_time = datetime.datetime.strptime(end, "%Y-%m-%d") + end_timestamp = time.mktime(end_struct_time.timetuple()) + end_timestamp += 24 * 60 * 60 + + events = get_log_events_by_time(log_type, start_timestamp, end_timestamp) + events = events if events else [] + return events diff --git a/seahub/urls.py b/seahub/urls.py index 7e476140b8..690e05dc73 100644 --- a/seahub/urls.py +++ b/seahub/urls.py @@ -24,6 +24,10 @@ from seahub.api2.endpoints.upload_links import UploadLinks, UploadLink from seahub.api2.endpoints.file import FileView from seahub.api2.endpoints.dir import DirView from seahub.api2.endpoints.repo_set_password import RepoSetPassword +from seahub.api2.endpoints.admin.login import Login +from seahub.api2.endpoints.admin.file_audit import FileAudit +from seahub.api2.endpoints.admin.file_update import FileUpdate +from seahub.api2.endpoints.admin.perm_audit import PermAudit # Uncomment the next two lines to enable the admin: #from django.contrib import admin @@ -302,13 +306,20 @@ if getattr(settings, 'ENABLE_SYSADMIN_EXTRA', False): sys_log_file_update_export_excel, sys_log_perm_audit_export_excel, \ sys_log_email_audit urlpatterns += patterns('', + url(r'^api/v2.1/admin/login/$', Login.as_view(), name='api-v2.1-admin-login'), url(r'^sys/loginadmin/$', sys_login_admin, name='sys_login_admin'), url(r'^sys/loginadmin/export-excel/$', sys_login_admin_export_excel, name='sys_login_admin_export_excel'), + + url(r'^api/v2.1/admin/file-audit/$', FileAudit.as_view(), name='api-v2.1-admin-file-audit'), url(r'^sys/log/fileaudit/$', sys_log_file_audit, name='sys_log_file_audit'), url(r'^sys/log/emailaudit/$', sys_log_email_audit, name='sys_log_email_audit'), url(r'^sys/log/fileaudit/export-excel/$', sys_log_file_audit_export_excel, name='sys_log_file_audit_export_excel'), + + url(r'^api/v2.1/admin/file-update/$', FileUpdate.as_view(), name='api-v2.1-admin-file-update'), url(r'^sys/log/fileupdate/$', sys_log_file_update, name='sys_log_file_update'), url(r'^sys/log/fileupdate/export-excel/$', sys_log_file_update_export_excel, name='sys_log_file_update_export_excel'), + + url(r'^api/v2.1/admin/perm-audit/$', PermAudit.as_view(), name='api-v2.1-admin-perm-audit'), url(r'^sys/log/permaudit/$', sys_log_perm_audit, name='sys_log_perm_audit'), url(r'^sys/log/permaudit/export-excel/$', sys_log_perm_audit_export_excel, name='sys_log_perm_audit_export_excel'), )