Can log actions in JSON format

2025-10-28 11:43:07 +01:00
parent a128e4a597
commit 2a729d4153
12 changed files with 261 additions and 117 deletions
--- a/src/data/action_logger.rs
+++ b/src/data/action_logger.rs
@@ -11,21 +11,113 @@ use actix_web::{Error, FromRequest, HttpRequest, web};
 use crate::actors::providers_states_actor::ProviderLoginState;
 use crate::actors::users_actor;
 use crate::actors::users_actor::{AuthorizedAuthenticationSources, UsersActor};
-use crate::data::client::Client;
+use crate::data::app_config::{ActionLoggerFormat, AppConfig};
+use crate::data::client::ClientID;
 use crate::data::provider::{Provider, ProviderID};

 use crate::data::session_identity::SessionIdentity;
-use crate::data::user::{FactorID, GrantedClients, TwoFactor, User, UserID};
+use crate::data::user::{FactorID, GrantedClients, TwoFactor, TwoFactorType, User, UserID};
+use crate::utils::time::time;

+#[derive(serde::Serialize)]
+pub struct LoggableUser {
+    pub uid: UserID,
+    pub username: String,
+    pub email: String,
+    pub admin: bool,
+}
+
+impl LoggableUser {
+    pub fn quick_identity(&self) -> String {
+        format!(
+            "{} {} {} ({:?})",
+            match self.admin {
+                true => "admin",
+                false => "user",
+            },
+            self.username,
+            self.email,
+            self.uid
+        )
+    }
+}
+
+impl User {
+    pub fn loggable(&self) -> LoggableUser {
+        LoggableUser {
+            uid: self.uid.clone(),
+            username: self.username.clone(),
+            email: self.email.clone(),
+            admin: self.admin,
+        }
+    }
+}
+
+#[derive(Debug, serde::Serialize)]
+pub enum LoggableFactorType {
+    TOTP,
+    WEBAUTHN,
+}
+
+#[derive(serde::Serialize)]
+pub struct LoggableFactor {
+    pub id: FactorID,
+    pub name: String,
+    pub kind: LoggableFactorType,
+}
+
+impl LoggableFactor {
+    pub fn quick_description(&self) -> String {
+        format!(
+            "#{} of type {:?} and name '{}'",
+            self.id.0, self.kind, self.name
+        )
+    }
+}
+
+impl TwoFactor {
+    pub fn loggable(&self) -> LoggableFactor {
+        LoggableFactor {
+            id: self.id.clone(),
+            name: self.name.to_string(),
+            kind: match self.kind {
+                TwoFactorType::TOTP(_) => LoggableFactorType::TOTP,
+                TwoFactorType::WEBAUTHN(_) => LoggableFactorType::WEBAUTHN,
+            },
+        }
+    }
+}
+
+#[derive(serde::Serialize)]
+#[serde(tag = "type")]
 pub enum Action<'a> {
-    AdminCreateUser(&'a User),
-    AdminUpdateUser(&'a User),
-    AdminDeleteUser(&'a User),
-    AdminResetUserPassword(&'a User),
-    AdminRemoveUserFactor(&'a User, &'a TwoFactor),
-    AdminSetAuthorizedAuthenticationSources(&'a User, &'a AuthorizedAuthenticationSources),
-    AdminSetNewGrantedClientsList(&'a User, &'a GrantedClients),
-    AdminClear2FAHistory(&'a User),
+    AdminCreateUser {
+        user: LoggableUser,
+    },
+    AdminUpdateUser {
+        user: LoggableUser,
+    },
+    AdminDeleteUser {
+        user: LoggableUser,
+    },
+    AdminResetUserPassword {
+        user: LoggableUser,
+    },
+    AdminRemoveUserFactor {
+        user: LoggableUser,
+        factor: LoggableFactor,
+    },
+    AdminSetAuthorizedAuthenticationSources {
+        user: LoggableUser,
+        sources: &'a AuthorizedAuthenticationSources,
+    },
+    AdminSetNewGrantedClientsList {
+        user: LoggableUser,
+        clients: &'a GrantedClients,
+    },
+    AdminClear2FAHistory {
+        user: LoggableUser,
+    },
    LoginWebauthnAttempt {
        success: bool,
        user_id: UserID,
@@ -73,29 +165,45 @@ pub enum Action<'a> {
    },
    ProviderLoginSuccessful {
        provider: &'a Provider,
-        user: &'a User,
+        user: LoggableUser,
+    },
+    SignOut,
+    UserNeed2FAOnLogin {
+        user: LoggableUser,
+    },
+    UserSuccessfullyAuthenticated {
+        user: LoggableUser,
+    },
+    UserNeedNewPasswordOnLogin {
+        user: LoggableUser,
+    },
+    TryLoginWithDisabledAccount {
+        login: &'a str,
+    },
+    TryLocalLoginFromUnauthorizedAccount {
+        login: &'a str,
+    },
+    FailedLoginWithBadCredentials {
+        login: &'a str,
+    },
+    UserChangedPasswordOnLogin {
+        user_id: &'a UserID,
    },
-    Signout,
-    UserNeed2FAOnLogin(&'a User),
-    UserSuccessfullyAuthenticated(&'a User),
-    UserNeedNewPasswordOnLogin(&'a User),
-    TryLoginWithDisabledAccount(&'a str),
-    TryLocalLoginFromUnauthorizedAccount(&'a str),
-    FailedLoginWithBadCredentials(&'a str),
-    UserChangedPasswordOnLogin(&'a UserID),
    OTPLoginAttempt {
-        user: &'a User,
+        user: LoggableUser,
        success: bool,
    },
    NewOpenIDSession {
-        client: &'a Client,
+        client: &'a ClientID,
    },
    NewOpenIDSuccessfulImplicitAuth {
-        client: &'a Client,
+        client: &'a ClientID,
    },
    ChangedHisPassword,
    ClearedHisLoginHistory,
-    AddNewFactor(&'a TwoFactor),
+    AddNewFactor {
+        factor: LoggableFactor,
+    },
    Removed2FAFactor {
        factor_id: &'a FactorID,
    },
@@ -104,35 +212,35 @@ pub enum Action<'a> {
 impl Action<'_> {
    pub fn as_string(&self) -> String {
        match self {
-            Action::AdminDeleteUser(user) => {
+            Action::AdminDeleteUser { user } => {
                format!("deleted account of {}", user.quick_identity())
            }
-            Action::AdminCreateUser(user) => {
+            Action::AdminCreateUser { user } => {
                format!("created account of {}", user.quick_identity())
            }
-            Action::AdminUpdateUser(user) => {
+            Action::AdminUpdateUser { user } => {
                format!("updated account of {}", user.quick_identity())
            }
-            Action::AdminResetUserPassword(user) => {
+            Action::AdminResetUserPassword { user } => {
                format!(
                    "set a temporary password for the account of {}",
                    user.quick_identity()
                )
            }
-            Action::AdminRemoveUserFactor(user, factor) => format!(
+            Action::AdminRemoveUserFactor { user, factor } => format!(
                "removed 2 factor ({}) of user ({})",
                factor.quick_description(),
                user.quick_identity()
            ),
-            Action::AdminClear2FAHistory(user) => {
+            Action::AdminClear2FAHistory { user } => {
                format!("cleared 2FA history of {}", user.quick_identity())
            }
-            Action::AdminSetAuthorizedAuthenticationSources(user, sources) => format!(
+            Action::AdminSetAuthorizedAuthenticationSources { user, sources } => format!(
                "update authorized authentication sources ({:?}) for user ({})",
                sources,
                user.quick_identity()
            ),
-            Action::AdminSetNewGrantedClientsList(user, clients) => format!(
+            Action::AdminSetNewGrantedClientsList { user, clients } => format!(
                "set new granted clients list ({:?}) for user ({})",
                clients,
                user.quick_identity()
@@ -191,32 +299,32 @@ impl Action<'_> {
                provider.id.0,
                user.quick_identity()
            ),
-            Action::Signout => "signed out".to_string(),
-            Action::UserNeed2FAOnLogin(user) => {
+            Action::SignOut => "signed out".to_string(),
+            Action::UserNeed2FAOnLogin { user } => {
                format!(
                    "successfully authenticated as user {:?} but need to do 2FA authentication",
                    user.quick_identity()
                )
            }
-            Action::UserSuccessfullyAuthenticated(user) => {
+            Action::UserSuccessfullyAuthenticated { user } => {
                format!("successfully authenticated as {}", user.quick_identity())
            }
-            Action::UserNeedNewPasswordOnLogin(user) => format!(
+            Action::UserNeedNewPasswordOnLogin { user } => format!(
                "successfully authenticated as {}, but need to set a new password",
                user.quick_identity()
            ),
-            Action::TryLoginWithDisabledAccount(login) => {
+            Action::TryLoginWithDisabledAccount { login } => {
                format!("successfully authenticated as {login}, but this is a DISABLED ACCOUNT")
            }
-            Action::TryLocalLoginFromUnauthorizedAccount(login) => {
+            Action::TryLocalLoginFromUnauthorizedAccount { login } => {
                format!(
                    "successfully locally authenticated as {login}, but this is a FORBIDDEN for this account!"
                )
            }
-            Action::FailedLoginWithBadCredentials(login) => {
+            Action::FailedLoginWithBadCredentials { login } => {
                format!("attempted to authenticate as {login} but with a WRONG PASSWORD")
            }
-            Action::UserChangedPasswordOnLogin(user_id) => {
+            Action::UserChangedPasswordOnLogin { user_id } => {
                format!("set a new password at login as user {user_id:?}")
            }
            Action::OTPLoginAttempt { user, success } => match success {
@@ -230,15 +338,15 @@ impl Action<'_> {
                ),
            },
            Action::NewOpenIDSession { client } => {
-                format!("opened a new OpenID session with {:?}", client.id)
+                format!("opened a new OpenID session with {:?}", client)
            }
            Action::NewOpenIDSuccessfulImplicitAuth { client } => format!(
                "finished an implicit flow connection for client {:?}",
-                client.id
+                client
            ),
            Action::ChangedHisPassword => "changed his password".to_string(),
            Action::ClearedHisLoginHistory => "cleared his login history".to_string(),
-            Action::AddNewFactor(factor) => format!(
+            Action::AddNewFactor { factor } => format!(
                "added a new factor to his account : {}",
                factor.quick_description(),
            ),
@@ -247,6 +355,15 @@ impl Action<'_> {
    }
 }

+#[derive(serde::Serialize)]
+struct JsonActionData<'a> {
+    time: u64,
+    ip: IpAddr,
+    user: Option<LoggableUser>,
+    #[serde(flatten)]
+    action: Action<'a>,
+}
+
 pub struct ActionLogger {
    ip: IpAddr,
    user: Option<User>,
@@ -254,15 +371,27 @@ pub struct ActionLogger {

 impl ActionLogger {
    pub fn log(&self, action: Action) {
-        log::info!(
-            "{} from {} has {}",
-            match &self.user {
-                None => "Anonymous user".to_string(),
-                Some(u) => u.quick_identity(),
+        match AppConfig::get().action_logger_format {
+            ActionLoggerFormat::Text => log::info!(
+                "{} from {} has {}",
+                match &self.user {
+                    None => "Anonymous user".to_string(),
+                    Some(u) => u.loggable().quick_identity(),
+                },
+                self.ip,
+                action.as_string()
+            ),
+            ActionLoggerFormat::Json => match serde_json::to_string(&JsonActionData {
+                time: time(),
+                ip: self.ip,
+                user: self.user.as_ref().map(User::loggable),
+                action,
+            }) {
+                Ok(j) => println!("{j}"),
+                Err(e) => log::error!("Failed to serialize event to JSON! {e}"),
            },
-            self.ip,
-            action.as_string()
-        )
+            ActionLoggerFormat::None => {}
+        }
    }
 }