commit fd2f5b98665c6516e9508e56370e9781430e0298
parent 3bf2a6932371c0c42001a2ddb72925405b89bad5
Author: Jan Dankert <develop@jandankert.de>
Date: Mon, 20 May 2019 22:46:23 +0200
New: Bei schreibenden Zugriffen ein Audit-Log ergänzen.
Diffstat:
1 file changed, 61 insertions(+), 0 deletions(-)
diff --git a/modules/cms-core/Dispatcher.class.php b/modules/cms-core/Dispatcher.class.php
@@ -110,6 +110,7 @@ class Dispatcher
throw $e;
}
+ $this->writeAuditLog();
$this->commitDatabaseTransaction();
if ( DEVELOPMENT )
@@ -491,4 +492,64 @@ class Dispatcher
{
header('Content-Language: ' . Conf()->subset('language')->get('language_code') );
}
+
+
+
+ private function writeAuditLog()
+ {
+ // Only write Audit Log for POST requests.
+ if ( ! $this->request->isAction )
+ return;
+
+ $auditConfig = config()->subset('audit-log');
+
+ if ( $auditConfig->is('enabled',false))
+ {
+ $dir = $auditConfig->get('directory','./audit-log' );
+
+ if ( $dir[0] != '/' )
+ $dir = __DIR__.'/../../'.$dir;
+
+ $micro_date = microtime();
+ $date = explode(" ",$micro_date);
+ $filename = $dir.'/'.$auditConfig->get('prefix','audit' ).'-'.date('c',$date[1]).'-'.$date[0].'.json';
+
+ $json = new \JSON();
+ $user = Session::getUser();
+
+ $data = array(
+ 'database' => array(
+ 'id' => db()->id ),
+ 'user' => array(
+ 'id' => $user->userid,
+ 'name' => $user->name ),
+ 'timestamp' => date('c'),
+ 'action' => $this->request->action,
+ 'method' => $this->request->method,
+ 'remote-ip' => $_SERVER['REMOTE_ADDR'],
+ 'request-time'=> $_SERVER['REQUEST_TIME'],
+ 'data' => $this->filterCredentials( $_REQUEST )
+ );
+
+ // Write the file.
+ if ( file_put_contents( $filename, $json->encode($data) ) === FALSE )
+ Logger::warn('Could not write audit log to file: '.$filename);
+ else
+ Logger::debug('Audit logfile: '.$filename);
+ }
+
+ }
+
+
+ /*
+ * Filter credentials from an array.
+ */
+ private function filterCredentials( $input )
+ {
+ foreach( array( 'login_password','password1','password2' ) as $cr )
+ if ( isset($input[$cr]))
+ $input[$cr] = '***';
+
+ return $input;
+ }
}
\ No newline at end of file