diff --git a/src/apps.js b/src/apps.js index 32835d2bb..ba0871452 100644 --- a/src/apps.js +++ b/src/apps.js @@ -50,6 +50,7 @@ var addons = require('./addons.js'), DatabaseError = require('./databaseerror.js'), debug = require('debug')('box:apps'), docker = require('./docker.js'), + eventlog = require('./eventlog.js'), fs = require('fs'), groups = require('./groups.js'), manifestFormat = require('cloudron-manifestformat'), @@ -353,7 +354,7 @@ function purchase(appStoreId, callback) { }); } -function install(appId, appStoreId, manifest, location, portBindings, accessRestriction, icon, cert, key, memoryLimit, altDomain, callback) { +function install(appId, appStoreId, manifest, location, portBindings, accessRestriction, icon, cert, key, memoryLimit, altDomain, auditSource, callback) { assert.strictEqual(typeof appId, 'string'); assert.strictEqual(typeof appStoreId, 'string'); assert(manifest && typeof manifest === 'object'); @@ -365,6 +366,7 @@ function install(appId, appStoreId, manifest, location, portBindings, accessRest assert(key === null || typeof key === 'string'); assert.strictEqual(typeof memoryLimit, 'number'); assert(altDomain === null || typeof altDomain === 'string'); + assert.strictEqual(typeof auditSource, 'object'); assert.strictEqual(typeof callback, 'function'); var error = manifestFormat.parse(manifest); @@ -422,12 +424,14 @@ function install(appId, appStoreId, manifest, location, portBindings, accessRest taskmanager.restartAppTask(appId); + eventlog.add(eventlog.ACTION_APP_INSTALL, auditSource, { appId: appId, location: location, appStoreId: appStoreId, version: manifest.version }); + callback(null); }); }); } -function configure(appId, location, portBindings, accessRestriction, cert, key, memoryLimit, altDomain, callback) { +function configure(appId, location, portBindings, accessRestriction, cert, key, memoryLimit, altDomain, auditSource, callback) { assert.strictEqual(typeof appId, 'string'); assert.strictEqual(typeof location, 'string'); assert.strictEqual(typeof portBindings, 'object'); @@ -436,6 +440,7 @@ function configure(appId, location, portBindings, accessRestriction, cert, key, assert(key === null || typeof key === 'string'); assert.strictEqual(typeof memoryLimit, 'number'); assert(altDomain === null || typeof altDomain === 'string'); + assert.strictEqual(typeof auditSource, 'object'); assert.strictEqual(typeof callback, 'function'); var error = validateHostname(location, config.fqdn()); @@ -493,17 +498,20 @@ function configure(appId, location, portBindings, accessRestriction, cert, key, taskmanager.restartAppTask(appId); + eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId: appId, oldLocation: app.location }); + callback(null); }); }); } -function update(appId, force, manifest, portBindings, icon, callback) { +function update(appId, force, manifest, portBindings, icon, auditSource, callback) { assert.strictEqual(typeof appId, 'string'); assert.strictEqual(typeof force, 'boolean'); assert(manifest && typeof manifest === 'object'); assert(typeof portBindings === 'object'); // can be null assert(!icon || typeof icon === 'string'); + assert.strictEqual(typeof auditSource, 'object'); assert.strictEqual(typeof callback, 'function'); debug('Will update app with id:%s', appId); @@ -564,6 +572,8 @@ function update(appId, force, manifest, portBindings, icon, callback) { taskmanager.restartAppTask(appId); + eventlog.add(eventlog.ACTION_APP_UPDATE, auditSource, { appId: appId, appStoreId: manifest.id, toVersion: manifest.version, fromVersion: app.manifest.version }); + callback(null); }); }); @@ -614,8 +624,9 @@ function getLogs(appId, lines, follow, callback) { }); } -function restore(appId, callback) { +function restore(appId, auditSource, callback) { assert.strictEqual(typeof appId, 'string'); + assert.strictEqual(typeof auditSource, 'object'); assert.strictEqual(typeof callback, 'function'); debug('Will restore app with id:%s', appId); @@ -658,13 +669,16 @@ function restore(appId, callback) { taskmanager.restartAppTask(appId); + eventlog.add(eventlog.ACTION_APP_RESTORE, auditSource, { appId: appId }); + callback(null); }); }); } -function uninstall(appId, callback) { +function uninstall(appId, auditSource, callback) { assert.strictEqual(typeof appId, 'string'); + assert.strictEqual(typeof auditSource, 'object'); assert.strictEqual(typeof callback, 'function'); debug('Will uninstall app with id:%s', appId); @@ -674,6 +688,8 @@ function uninstall(appId, callback) { if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app')); if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error)); + eventlog.add(eventlog.ACTION_APP_UNINSTALL, auditSource, { appId: appId }); + taskmanager.startAppTask(appId, callback); }); }); diff --git a/src/cloudron.js b/src/cloudron.js index f0ac56764..27f527e10 100644 --- a/src/cloudron.js +++ b/src/cloudron.js @@ -648,7 +648,7 @@ function installAppBundle(callback) { apps.install(uuid.v4(), appstoreId, result.body.manifest, appInfo.location, appInfo.portBindings || null, appInfo.accessRestriction || null, null /* icon */, null /* cert */, null /* key */, 0 /* default mem limit */, - null /* altDomain */, iteratorCallback); + null /* altDomain */, { userId: null, username: 'autoinstaller' }, iteratorCallback); }); }, function (error) { if (error) debug('autoInstallApps: ', error); diff --git a/src/routes/apps.js b/src/routes/apps.js index bea11d970..60a845aa5 100644 --- a/src/routes/apps.js +++ b/src/routes/apps.js @@ -24,7 +24,6 @@ var apps = require('../apps.js'), AppsError = apps.AppsError, assert = require('assert'), debug = require('debug')('box:routes/apps'), - eventlog = require('../eventlog.js'), fs = require('fs'), HttpError = require('connect-lastmile').HttpError, HttpSuccess = require('connect-lastmile').HttpSuccess, @@ -33,6 +32,11 @@ var apps = require('../apps.js'), util = require('util'), uuid = require('node-uuid'); +function auditSource(req) { + var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null; + return { ip: ip, username: req.user ? req.user.username : null, userId: req.user ? req.user.id : null }; +} + function removeInternalAppFields(app) { return { id: app.id, @@ -132,7 +136,7 @@ function installApp(req, res, next) { debug('Installing app id:%s storeid:%s loc:%s port:%j accessRestriction:%j memoryLimit:%s manifest:%j', appId, data.appStoreId, data.location, data.portBindings, data.accessRestriction, data.memoryLimit, data.manifest); - apps.install(appId, data.appStoreId, data.manifest, data.location, data.portBindings || null, data.accessRestriction, data.icon || null, data.cert || null, data.key || null, data.memoryLimit || 0, data.altDomain || null, function (error) { + apps.install(appId, data.appStoreId, data.manifest, data.location, data.portBindings || null, data.accessRestriction, data.icon || null, data.cert || null, data.key || null, data.memoryLimit || 0, data.altDomain || null, auditSource(req), function (error) { if (error && error.reason === AppsError.ALREADY_EXISTS) return next(new HttpError(409, error.message)); if (error && error.reason === AppsError.PORT_RESERVED) return next(new HttpError(409, 'Port ' + error.message + ' is reserved.')); if (error && error.reason === AppsError.PORT_CONFLICT) return next(new HttpError(409, 'Port ' + error.message + ' is already in use.')); @@ -143,8 +147,6 @@ function installApp(req, res, next) { if (error && error.reason === AppsError.USER_REQUIRED) return next(new HttpError(400, 'accessRestriction must specify one user')); if (error) return next(new HttpError(500, error)); - eventlog.add(eventlog.ACTION_APP_INSTALL, req, { id: appId, location: data.location, appStoreId: data.appStoreId, version: data.manifest.version }); - next(new HttpSuccess(202, { id: appId } )); }); } @@ -175,7 +177,7 @@ function configureApp(req, res, next) { debug('Configuring app id:%s location:%s bindings:%j accessRestriction:%j memoryLimit:%s', req.params.id, data.location, data.portBindings, data.accessRestriction, data.memoryLimit); - apps.configure(req.params.id, data.location, data.portBindings || null, data.accessRestriction, data.cert || null, data.key || null, data.memoryLimit || 0, data.altDomain || null, function (error) { + apps.configure(req.params.id, data.location, data.portBindings || null, data.accessRestriction, data.cert || null, data.key || null, data.memoryLimit || 0, data.altDomain || null, auditSource(req), function (error) { if (error && error.reason === AppsError.ALREADY_EXISTS) return next(new HttpError(409, error.message)); if (error && error.reason === AppsError.PORT_RESERVED) return next(new HttpError(409, 'Port ' + error.message + ' is reserved.')); if (error && error.reason === AppsError.PORT_CONFLICT) return next(new HttpError(409, 'Port ' + error.message + ' is already in use.')); @@ -185,8 +187,6 @@ function configureApp(req, res, next) { if (error && error.reason === AppsError.BAD_CERTIFICATE) return next(new HttpError(400, error.message)); if (error) return next(new HttpError(500, error)); - eventlog.add(eventlog.ACTION_APP_CONFIGURE, req, { id: req.params.id, location: data.location }); - next(new HttpSuccess(202, { })); }); } @@ -196,14 +196,12 @@ function restoreApp(req, res, next) { debug('Restore app id:%s', req.params.id); - apps.restore(req.params.id, function (error) { + apps.restore(req.params.id, auditSource(req), function (error) { if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app')); if (error && error.reason === AppsError.BAD_FIELD) return next(new HttpError(400, error.message)); if (error && error.reason === AppsError.BAD_STATE) return next(new HttpError(409, error.message)); if (error) return next(new HttpError(500, error)); - eventlog.add(eventlog.ACTION_APP_RESTORE, req, { id: req.params.id }); - next(new HttpSuccess(202, { })); }); } @@ -232,12 +230,10 @@ function uninstallApp(req, res, next) { debug('Uninstalling app id:%s', req.params.id); - apps.uninstall(req.params.id, function (error) { + apps.uninstall(req.params.id, auditSource(req), function (error) { if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app')); if (error) return next(new HttpError(500, error)); - eventlog.add(eventlog.ACTION_APP_UNINSTALL, req, { id: req.params.id }); - next(new HttpSuccess(202, { })); }); } @@ -284,15 +280,13 @@ function updateApp(req, res, next) { debug('Update app id:%s to manifest:%j with portBindings:%j', req.params.id, data.manifest, data.portBindings); - apps.update(req.params.id, data.force || false, data.manifest, data.portBindings || null, data.icon, function (error) { + apps.update(req.params.id, data.force || false, data.manifest, data.portBindings || null, data.icon, auditSource(req), function (error) { if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(404, 'No such app')); if (error && error.reason === AppsError.BAD_FIELD) return next(new HttpError(400, error.message)); if (error && error.reason === AppsError.BAD_STATE) return next(new HttpError(409, error.message)); if (error && error.reason === AppsError.PORT_CONFLICT) return next(new HttpError(409, 'Port ' + error.message + ' is already in use.')); if (error) return next(new HttpError(500, error)); - eventlog.add(eventlog.ACTION_APP_UPDATE, req, { id: req.params.id, appStoreId: data.manifest.id, toVersion: data.manifest.version }); - next(new HttpSuccess(202, { })); }); }